Showing papers on "Block cipher published in 2023"

Designing Pair of Nonlinear Components of a Block Cipher over Gaussian Integers

Abstract: In block ciphers, the nonlinear components, also known as substitution boxes (S-boxes), are used with the purpose of inducing confusion in cryptosystems. For the last decade, most of the work on designing S-boxes over the points of elliptic curves has been published. The main purpose of these studies is to hide data and improve the security levels of crypto algorithms. In this work, we design pair of nonlinear components of a block cipher over the residue class of Gaussian integers (GI). The fascinating features of this structure provide S-boxes pair at a time by fixing three parameters. But the prime field dependent on the Elliptic curve (EC) provides one S-box at a time by fixing three parameters and . The newly designed pair of S-boxes are assessed by various tests like nonlinearity, bit independence criterion, strict avalanche criterion, linear approximation probability, and differential approximation probability.

Optimized Implementation and Analysis of CHAM in Quantum Computing

Abstract: A quantum computer capable of running the Grover search algorithm, which reduces the complexity of brute-force attacks by a square root, has the potential to undermine the security strength of symmetric-key cryptography and hash functions. Recently, studies on quantum approaches have proposed analyzing potential quantum attacks using the Grover search algorithm in conjunction with optimized quantum circuit implementations for symmetric-key cryptography and hash functions. Analyzing quantum attacks on a cipher (i.e., quantum cryptanalysis) and estimating the necessary quantum resources are related to evaluating post-quantum security for the target cryptography algorithms. In this paper, we revisit quantum implementations of CHAM block cipher, an ultra lightweight cipher, with a focus on optimizing the linear operations in its key schedule. We optimized the linear equations of CHAM as matrices by applying novel optimized decomposition techniques. Using the improved CHAM quantum circuits, we estimate the cost of Grover’s key search and evaluate the post-quantum security strength with further reduced costs.

Cryptanalysis of Reduced Round ChaCha- New Attack and Deeper Analysis

Abstract: In this paper we present several analyses on ChaCha, a software stream cipher. First, we consider a divide-and-conquer approach on the secret key bits by partitioning them. The partitions are based on multiple input-output differentials to obtain a significantly improved attack on 6-round ChaCha256 with a complexity of 299.48. It is 240 times faster than the currently best known attack. This is the first time an attack on a round reduced ChaCha with a complexity smaller than 2k/2, where the secret key is of k bits, has been successful.Further, all the attack complexities related to ChaCha are theoretically estimated in general and there are several questions in this regard as pointed out by Dey, Garai, Sarkar and Sharma in Eurocrypt 2022. In this regard, we propose a toy version of ChaCha, with a 32-bit secret key, on which the attacks can be implemented completely to verify whether the theoretical estimates are justified. This idea is implemented for our proposed attack on 6 rounds. Finally, we show that it is possible to estimate the success probabilities of these kinds of PNB-based differential attacks more accurately. Our methodology explains how different cryptanalytic results can be evaluated with better accuracy rather than claiming that the success probability is significantly better than 50%.

Low-Data Cryptanalysis On SKINNY Block Cipher

Abstract: Abstract At CRYPTO 2021, Dong et al. proposed an automatic method of Meet-in-the-Middle (MITM) key-recovery attacks. In this paper, we further extend it to a new automatic model which can be used to find low-data complexity attacks. With the help of the automatic model, we propose MITM attacks against reduced-round versions of all the six members of the SKINNY family with extremely low-data complexity. More precisely, we present MITM attacks against 19-round SKINNY-$n$-$3n$, 15-round SKINNY-$n$-$2n$, 11-round SKINNY-$n$-$n$ with three, two, one plaintext-ciphertext pairs, separately. In addition, we can attack two more rounds and three more rounds with no more than $2^8$ and $2^{32}$ data complexity, respectively.

FaultMeter: Quantitative Fault Attack Assessment of Block Cipher Software

Abstract: Fault attacks are a potent class of physical attacks that exploit a fault njected during device operation to steal secret keys from a cryptographic device. The success of a fault attack depends intricately on (a) the cryptographic properties of the cipher, (b) the program structure, and (c) the underlying hardware architecture. While there are several tools that automate the process of fault attack evaluation, none of them consider all three influencing aspects.This paper proposes a framework called FaultMeter that builds on the state-of-art by not just identifying fault vulnerable locations in a block cipher software, but also providing a quantification for each vulnerable location. The quantification provides a probability that an injected fault can be successfully exploited. It takes into consideration the cryptographic properties of the cipher, structure of the implementation, and the underlying Instruction Set Architecture’s (ISA) susceptibility to faults. We demonstrate an application of FaultMeter to automatically insert optimal amounts of countermeasures in a program to meet the user’s security requirements while minimizing overheads. We demonstrate the versatility of the FaultMeter framework by evaluating five cipher implementations on multiple hardware platforms, namely, ARM (32 and 64 bit), RISC-V (32 and 64 bit), TI MSP-430 (16-bit) and Intel x86 (64-bit).

On the Fitness Functions Involved in Genetic Algorithms and the Cryptanalysis of Block Ciphers

Abstract: There are many algorithms used with different purposes in the area of cryptography. Amongst these, Genetic Algorithms have been used, particularly in the cryptanalysis of block ciphers. Interest in the use of and research on such algorithms has increased lately, with a special focus on the analysis and improvement of the properties and characteristics of these algorithms. In this way, the present work focuses on studying the fitness functions involved in Genetic Algorithms. First, a methodology was proposed to verify that the closeness to 1 of some fitness functions’ values that use decimal distance implies decimal closeness to the key. On the other hand, the foundation of a theory is developed in order to characterize such fitness functions and determine, a priori, if one method is more effective than another in the attack to block ciphers using Genetic Algorithms.

Improved (Related-Key) Differential-Based Neural Distinguishers for SIMON and SIMECK Block Ciphers

Abstract: Abstract In CRYPTO 2019, Gohr made a pioneering attempt and successfully applied deep learning to the differential cryptanalysis against NSA block cipher Speck 32/64, achieving higher accuracy than the pure differential distinguishers. By its very nature, mining effective features in data plays a crucial role in data-driven deep learning. In this paper, in addition to considering the integrity of the information from the training data of the ciphertext pair, domain knowledge about the structure of differential cryptanalysis is also considered into the training process of deep learning to improve the performance. Meanwhile, taking the performance of the differential-neural distinguisher of Simon 32/64 as an entry point, we investigate the impact of input difference on the performance of the hybrid distinguishers to choose the proper input difference. Eventually, we improve the accuracy of the neural distinguishers of Simon 32/64, Simon 64/128, Simeck 32/64 and Simeck 64/128. We also obtain related-key differential-based neural distinguishers on round-reduced versions of Simon 32/64, Simon 64/128, Simeck 32/64 and Simeck 64/128 for the first time.

Tight Multi-User Security Bound of sfDbHtS

Abstract: In CRYPTO’21, Shen et al. proved that Two-Keyed-DbHtS construction is secure up to 22n/3 queries in the multi-user setting independent of the number of users. Here the underlying double-block hash function H of the construction realized as the concatenation of two independent n-bit keyed hash functions (HKh,1,HKh,2), and the security holds under the assumption that each of the n-bit keyed hash function is universal and regular. The authors have also demonstrated the applicability of their result to the key-reduced variants of DbHtS MACs, including 2K-SUM-ECBC, 2K-PMAC_Plus and 2K-LightMAC_Plus without requiring domain separation technique and proved 2n/3-bit multi-user security of these constructions in the ideal cipher model. Recently, Guo and Wang have invalidated the security claim of Shen et al.’s result by exhibiting three constructions, which are instantiations of the Two-Keyed-DbHtS framework, such that each of their n-bit keyed hash functions are O(2−n) universal and regular, while the constructions themselves are secure only up to the birthday bound. In this work, we show a sufficient condition on the underlying Double-block Hash (DbH) function, under which we prove an improved 3n/4-bit multi-user security of the Two-Keyed-DbHtS construction in the ideal-cipher model. To be more precise, we show that if each of the n-bit keyed hash function is universal, regular, and cross-collision resistant then it achieves the desired security. As an instantiation, we show that two-keyed Polyhash-based DbHtS construction is multi-user secure up to 23n/4 queries in the ideal-cipher model. Furthermore, due to the generic attack on DbHtS constructions by Leurent et al. in CRYPTO’18, our derived bound for the construction is tight.

On security aspects of the ciphers T-310 and SKS with approved long-term keys

Abstract: The cipher T-310 was developed by the Central Cipher Authority of the German Democratic Republic in the 1970s and widely used for protection of teletype communication up to security level secret. After publication of the cipher algorithm in 2006, several articles appeared aiming at the cryptographic properties of the cipher T-310. The cryptographic strength of the cipher T-310 must be assessed as a combination of both the cipher algorithm and the approved long-term keys. This article provides a rationale of the design decisions and the selection of approved long-term keys for T-310. We demonstrate that the attacks involving fundamental equations, linear characteristics, and some of their generalizations do not work if historical approved long-term keys are used. The results are also valid for the cipher SKS and block ciphers, whose groups of round functions are the alternating groups over the blocks.

Analysis of Lightweight Cryptographic Algorithms on IoT Hardware Platform

Abstract: Highly constrained devices that are interconnected and interact to complete a task are being used in a diverse range of new fields. The Internet of Things (IoT), cyber-physical systems, distributed control systems, vehicular systems, wireless sensor networks, tele-medicine, and the smart grid are a few examples of these fields. In any of these contexts, security and privacy might be essential aspects. Research on secure communication in Internet of Things (IoT) networks is a highly contested topic. One method for ensuring secure data transmission is cryptography. Because IoT devices have limited resources, such as power, memory, and batteries, IoT networks have boosted the term “lightweight cryptography”. Algorithms for lightweight cryptography are designed to efficiently protect data while using minimal resources. In this research, we evaluated and benchmarked lightweight symmetric ciphers for resource-constrained devices. The evaluation is performed using two widely used platform: Arduino and Raspberry Pi. In the first part, we implemented 39 block ciphers on an ATMEGA328p microcontroller and analyzed them in the terms of speed, cost, and energy efficiency during encryption and decryption for different block and key sizes. In the second part, the 2nd-round NIST candidates (80 stream and block cipher algorithms) were added to the first-part ciphers in a comprehensive analysis for equivalent block and key sizes in the terms of latency and energy efficiency.

Cryptanalysis of Reduced-Round SipHash

Abstract: SipHash is a family of ARX-based MAC algorithms optimized for short inputs. So far, a lot of implementations and applications for SipHash have been proposed, whereas the cryptanalysis of SipHash still lags behind. In this paper, we study the property of truncated differential in reduced-round SipHash. By exhaustively testing all kinds of 1-bit input differences, we find out the greatest differential biases from corresponding output bits through 3 or 4 SipRounds. Making use of these results, we construct distinguishers for SipHash-2-1 and SipHash-2-2 with practical complexities of $2^{12}$ and $2^{36}$, respectively. However, one limitation of the latter is that it begins with 1-bit input differences on the most significant message bit, which means it can only work when neglecting the padding rules of SipHash. Furthermore, we reveal the relations between the value of output bias and the difference after the first modular addition step, which is directly determined by corresponding key bits. Based on these relations, we propose a key recovery method for SipHash-2-1 that can obtain a significantly nonuniform distribution of the 128-bit secret key. It is summarized that about $97\%$ of random keys can be fully recovered under this method within a complexity of $2^{83}$.

Securing NFV/SDN IoT Using Vnfs Over a Compute-Intensive Hardware Resource in NFVI

Abstract: The Network Function Virtualization (NFV) and Software-Defined Networking (SDN) are network paradigms for flexibly deploying future networks while guaranteeing security service requirements. This work designs Virtual Network Functions (VNFs) through a Compute-Intensive (CI) hardware resource in Network Function Virtualization Infrastructure (NFVI). The proposed NFVI is characterized by a multi-channel cryptosystem, which can be virtualized as a plurality of VNFs, that is, crypto engines, and each crypto engine is logically dedicated to an NFV/SDN Internet of Things (IoT) device, which does not have or has limited security capability owing to resource constraints. To enhance the performance of a cryptosystem, the accelerator circuit is often deeply pipelined and unrolled. However, to fulfill the popular feedback operation modes, the throughput of the pipelined and unrolled cryptosystem that implements a block cipher, say Advanced Encryption Standard (AES), can deteriorate even lower than that without these techniques. To solve this problem, we design a pipelined and unrolled multichannel cryptosystem, which can be integrated into NFVI edge servers, with feedback operation mode for the NFV/SDN IoT. As a result, the combinational logics of a block cipher with feedback can be shared by plenty of IoT devices to enhance the hardware efficiency as well. Moreover, in addition to briefly review several AES designs, the fastest AES design is derived by shortening its critical path to only a logic gate of multiplexer or Exculsive OR (XOR) gate.

How Not To Design An Efficient FHE-Friendly Block Cipher: Seljuk

Abstract: Abstract With the rapid increase in the practical applications of secure computation protocols, increasingly more research is focused on the efficiency of the symmetric-key primitives underlying them. Whereas traditional block ciphers have evolved to be efficient with respect to certain performance metrics, secure computation protocols call for a different efficiency metric: arithmetic complexity. Arithmetic complexity is viewed through the number and layout of nonlinear operations in the circuit implemented by the protocol. Symmetric-key algorithms that are optimized for this metric are said to be algebraic ciphers. It has been shown that recently proposed algebraic ciphers are greatly efficient in ZK and MPC protocols. However, there has not been many algebraic ciphers proposed targeting Fully Homomorphic Encryption (FHE). In this paper, we evaluate the behavior of Vision when implemented as a circuit in an FHE protocol. To this end, we present a state-of-the-art comparison of AES and Vision implemented using HElib. Counterintuitively, Vision does not deliver a better performance than AES in this setting. Then, by attempting to improve a bottleneck of the FHE implementation evaluating Vision we present a new cipher: Seljuk. Despite the improvement with respect to Vision, Seljuk does not deliver the expected performance.

Enhancement of Non-Permutation Binomial Power Functions to Construct Cryptographically Strong S-Boxes

Abstract: A Substitution box (S-box) is an important component used in symmetric key cryptosystems to satisfy Shannon’s property on confusion. As the only nonlinear operation, the S-box must be cryptographically strong to thwart any cryptanalysis tools on cryptosystems. Generally, the S-boxes can be constructed using any of the following approaches: the random search approach, heuristic/evolutionary approach or mathematical approach. However, the current S-box construction has some drawbacks, such as low cryptographic properties for the random search approach and the fact that it is hard to develop mathematical functions that can be used to construct a cryptographically strong S-box. In this paper, we explore the non-permutation function that was generated from the binomial operation of the power function to construct a cryptographically strong S-box. By adopting the method called the Redundancy Removal Algorithm, we propose some enhancement in the algorithm such that the desired result can be obtained. The analytical results of our experiment indicate that all criteria such as bijective, nonlinearity, differential uniformity, algebraic degree and linear approximation are found to hold in the obtained S-boxes. Our proposed S-box also surpassed several bijective S-boxes available in the literature in terms of cryptographic properties.

Deep Learning based Cryptanalysis of Lightweight Block Ciphers, Revisited

Abstract: With the development of artificial intelligence, deep-learning-based cryptanalysis has been actively studied. There are many cryptanalysis techniques. Among them, cryptanalysis was performed to recover the secret key used for cryptography encryption using known plaintext. In this paper, we propose a cryptanalysis method based on state-of-art deep learning technologies (e.g., residual connections and gated linear units) for lightweight block ciphers (e.g., S-DES, S-AES, and S-SPECK). The number of parameters required for training is significantly reduced by 93.16%, and the average of bit accuracy probability increased by about 5.3% compared with previous the-state-of-art work. In addition, cryptanalysis for S-AES and S-SPECK was possible with up to 12-bit and 6-bit keys, respectively. Through this experiment, we confirmed that the-state-of-art deep-learning-based key recovery techniques for modern cryptography algorithms with the full round and the full key are practically infeasible.

MGM beyond the birthday bound

Abstract: In this work we study the security of Russian authenticated encryption with associated data mode that is known as MGM. We examine the mode properties under the condition that we have $$\mathcal {O}\left( 2^{n/2} \right) $$ queries, where n is the state size of the used block cipher. Two attacks that are based on birthday paradox are proposed. One of these attacks does not reuse nonse and allows you to generate a message with the correct authentication code without knowing the secret key. It should be noted that the number of protected information on one key with MGM mode does not exceed $$2^{n/2}$$ bits.

Dynamic S-Box Generation Using Novel Chaotic Map with Nonlinearity Tweaking

Abstract: A substitution box (S-Box) is a crucial component of contemporary cryptosystems that provide data protection in block ciphers. At the moment, chaotic maps are being created and extensively used to generate these S-Boxes as a chaotic map assists in providing disorder and resistance to combat cryptanalytical attempts. In this paper, the construction of a dynamic S-Box using a cipher key is proposed using a novel chaotic map and an innovative tweaking approach. The projected chaotic map and the proposed tweak approach are presented for the first time and the use of parameters in their working makes both of these dynamic in nature. The tweak approach employs cubic polynomials while permuting the values of an initial S-Box to enhance its cryptographic fort. Values of the parameters are provided using the cipher key and a small variation in values of these parameters results in a completely different unique S-Box. Comparative analysis and exploration confirmed that the projected chaotic map exhibits a significant amount of chaotic complexity. The security assessment in terms of bijectivity, nonlinearity, bits independence, strict avalanche, linear approximation probability, and differential probability criteria are utilized to critically investigate the effectiveness of the proposed S-Box against several assaults. The proposed S-Box’s cryptographic performance is comparable to those of recently projected S-Boxes for its adaption in real-world security applications. The comparative scrutiny pacifies the genuine potential of the proposed S-Box in terms of its applicability for data security.

Redesigning the Serpent Algorithm by PA-Loop and Its Image Encryption Application

Abstract: This article presents a cryptographic encryption standard whose model is based on Serpent presented by Eli Biham, Ross Anderson, and Lars Knudsen. The modification lies in the design of the Cipher, we have used power associative (PA) loop and group of permutations. The proposed mathematical structure is superior to Galois Field (GF) in terms of complexity and has the ability to create arbitrary randomness due to a larger key space. The proposed method is simple and speedy in terms of computations, meanwhile it affirms higher security and sensitivity. In contrast to GF, PA-loop are non-isomorphic and have several Cayley table representations. This validates the resistance to cryptanalytic attacks, particularly those targeting mathematical structures. This cryptographic scheme’s full description of encryption and decryption is measured and rigorously assessed to support its multimedia applications. The observed speed of this technique, which uses a key of 256 bits and a block size of 128 bits, is comparable to three-key triple-DES.

Exploiting Non-Full Key Additions: Full-Fledged Automatic Demirci-Selcuk Meet-in-the-Middle Cryptanalysis of SKINNY

Abstract: The Demirci-Selçuk meet-in-the-middle (DS-MITM) attack is a sophisticated variant of differential attacks. Due to its sophistication, it is hard to efficiently find the best DS-MITM attacks on most ciphers except for AES. Moreover, the current automatic tools only capture the most basic version of DS-MITM attacks, and the critical techniques developed for enhancing the attacks (e.g., differential enumeration and key-dependent-sieve) still rely on manual work. In this paper, we develop a full-fledged automatic framework integrating all known techniques (differential enumeration, key-dependent-sieve, and key bridging, etc.) for the DS-MITM attack that can produce key-recovery attacks directly rather than only search for distinguishers. Moreover, we develop a new technique that is able to exploit partial key additions to generate more linear relations beneficial to the attacks. We apply the framework to the SKINNY family of block ciphers and significantly improved results are obtained. In particular, all known DS-MITM attacks on the respective versions of SKINNY are improved by at least 2 rounds, and the data, memory, or time complexities of some attacks are reduced even compared to previous best attacks penetrating less rounds.

Design of highly nonlinear confusion component based on entangled points of quantum spin states

Abstract: Cryptosystems are commonly deployed to secure data transmission over an insecure line of communication. To provide confusion in the data over insecure networks, substitution boxes are the solitary components for delivering a nonlinear mapping between inputs and outputs. A confusion component of a block cipher with high nonlinearity and low differential and linear approximation probabilities is considered secure against cryptanalysis. This study aims to design a highly nonlinear substitution-permutation network using the blotch symmetry of quantum spin states on the Galois field GF (28). To observe the efficiency of the proposed methodology, some common and advanced measures were evaluated for performance, randomness, and cryptanalytics. The outcomes of these analyses validate that the generated nonlinear confusion components are effective for block ciphers and attain better cryptographic strength with a high signal-to-noise ratio in comparison to state-of-the-art techniques.

Linear Cryptanalysis of Reduced-Round Simeck Using Super Rounds

Abstract: The Simeck family of lightweight block ciphers was proposed by Yang et al. in 2015, which combines the design features of the NSA-designed block ciphers Simon and Speck. Previously, we proposed the use of linear cryptanalysis using super-rounds to increase the efficiency of implementing Matsui’s second algorithm and achieved good results on all variants of Simon. The improved linear attacks result from the observation that, after four rounds of encryption, one bit of the left half of the state of the cipher depends on only 17 key bits (19 key bits for the larger variants of the cipher). We were able to follow a similar approach, in all variants of Simeck, with an improvement in Simeck 32 and Simeck 48 by relaxing the previous constraint of a single active bit, using multiple active bits instead. In this paper we present improved linear attacks against all variants of Simeck: attacks on 19-rounds of Simeck 32/64, 28-rounds of Simeck 48/96, and 34-rounds of Simeck 64/128, often with the direct recovery of the full master key without repeating the attack over multiple rounds. We also verified the results of linear cryptanalysis on 8, 10, and 12 rounds for Simeck 32/64.