Block cipher

About: Block cipher is a research topic. Over the lifetime, 7267 publications have been published within this topic receiving 163586 citations. The topic is also known as: block ciphers.

HIGHT: a new block cipher suitable for low-resource device

Abstract: In this paper, we propose a new block cipher HIGHT with 64-bit block length and 128-bit key length. It provides low-resource hardware implementation, which is proper to ubiquitous computing device such as a sensor in USN or a RFID tag. HIGHT does not only consist of simple operations to be ultra-light but also has enough security as a good encryption algorithm. Our hardware implementation of HIGHT requires 3048 gates on 0.25 μm technology.

OCB: a block-cipher mode of operation for efficient authenticated encryption

Abstract: We describe a parallelizable block-cipher mode of operation that simultaneously provides privacy and authenticity. OCB encrypts-and-authenticates a nonempty string M e {0,1}• using \lceil |M|/n\rceil + 2 block-cipher invocations, where n is the block length of the underlying block cipher. Additional overhead is small. OCB refines a scheme, IAPM, suggested by Charanjit Jutla. Desirable properties of OCB include: the ability to encrypt a bit string of arbitrary length into a ciphertext of minimal length; cheap offset calculations; cheap session setup; a single underlying cryptographic key; no extended-precision addition; a nearly optimal number of block-cipher calls; and no requirement for a random IV. We prove OCB secure, quantifying the adversary's ability to violate the mode's privacy or authenticity in terms of the quality of its block cipher as a pseudorandom permutation (PRP) or as a strong PRP, respectively.

Markov ciphers and differential cryptanalysis

Abstract: This paper considers the security of iterated block ciphers against the differential cryptanalysis introduced by Biham and Shamir. Differential cryptanalysis is a chosen-plaintext attack on secret-key block ciphers that are based on iterating a cryptographically weak function r times (e.g., the 16-round Data Encryption Standard (DES)). It is shown that the success of such attacks on an r-round cipher depends on the existence of (r-1)-round differentials that have high probabilities, where an i-round differential is defined as a couple (α, β) such that a pair of distinct plaintexts with difference α can result in a pair of i-th round outputs that have difference β, for an appropriate notion of "difference". The probabilities of such differentials can be used to determine a lower bound on the complexity of a differential cryptanalysis attack and to show when an r-round cipher is not vulnerable to such attacks. The concept of "Markov ciphers" is introduced for iterated ciphers because of its significance in differential cryptanalysis. If an iterated cipher is Markov and its round subkeys are independent, then the sequence of differences at each round output forms a Markov chain. It follows from a result of Biham and Shamir that DES is a Markov cipher. It is shown that, for the appropriate notion of "difference", the Proposed Encryption Standard (PES) of Lai and Massey, which is an 8-round iterated cipher, is a Markov cipher, as are also the mini-version of PES with block length 8, 16 and 32 bits. It is shown that PES(8) and PES(16) are immune to differential cryptanalysis after sufficiently many rounds. A detailed cryptanalysis of the full-size PES is given and shows that the very plausibly most probable 7-round differential has a probability about 2-58. A differential cryptanalysis attack of PES(64) based on this differential is shown to require all 264 possible encryptions. This cryptanalysis of PES suggested a new design principle for Markov ciphers, viz., that their transition probability matrices should not be symmetric. A minor modification of PES, consistent with all the original design principles, is proposed that satisfies this new design criterion. This modified cipher, called Improved PES (IPES), is described and shown to be highly resistant to differential cryptanalysis.

An Implementation of DES and AES, Secure against Some Attacks

Abstract: Since Power Analysis on smart cards was introduced by Paul Kocher [7], many countermeasures have been proposed to protect implementations of cryptographic algorithms In this paper we propose a new protection principle: the transformed masking method We apply this method to protect two of the most popular block ciphers: DES and the AES Rijndael To this end we introduce some transformed S-boxes for DES and a new masking method and its applications to the non-linear part of Rijndael

The Boomerang Attack

Abstract: This paper describes a new differential-style attack, which we call the boomerang attack. This attack has several interesting applications. First, we disprove the of t-repeated claim that eliminating all high-probability differentials for the whole cipher is sufficient to guarantee security against differential attacks. Second, we show how to break COCONUT98, a cipher designed using decorrelation techniques to ensure provable security against differential attacks, with an advanced differential-style attack that needs just 216 adaptively chosen texts. Also, to illustrate the power of boomerang techniques, we give new attacks on Khufu-16, FEAL-6, and 16 rounds of CAST-256.