Showing papers on "Cipher published in 2013"

A Ciphertext-Policy Attribute-Based Proxy Re-encryption with Chosen-Ciphertext Security

Abstract: Cipher text-Policy Attribute-Based Proxy Re-Encryption (CP-ABPRE) extends the traditional Proxy Re-Encryption (PRE) by allowing a semi-trusted proxy to transform a cipher text under an access policy to the one with the same plaintext under another access policy (i.e. attribute-based re-encryption). The proxy, however, learns nothing about the underlying plaintext. CP-ABPRE has many real world applications, such as fine-grained access control in cloud storage systems and medical records sharing among different hospitals. Previous CP-ABPRE schemes leave how to be secure against Chosen-Cipher text Attacks (CCA) as an open problem. This paper, for the first time, proposes a new CP-ABPRE to tackle the problem. The new scheme supports attribute-based re-encryption with any monotonic access structures. Despite our scheme is constructed in the random oracle model, it can be proved CCA secure under the decisional q-parallel bilinear Diffie-Hellman exponent assumption.

Fault Attacks on AES with Faulty Ciphertexts Only

Abstract: Classical Fault Attacks often require the ability to encrypt twice the same plaintext, in order to get one or several pairs of correct and faulty cipher texts corresponding to the same message. This observation led some designers to think that a randomized mode of operation may be sufficient to protect block cipher encryption against this kind of threat. In this paper, we consider the case where the adversary neither chooses nor knows the input messages, and has only access to the faulty cipher texts. In this context, we are able to describe several attacks against AES-128 by using non uniform fault models. Our attacks target the last 4 rounds and allow to recover the correct key with practical time complexity, using a limited number of faulty cipher texts. This work highlights the need for dedicated fault attack countermeasures in secure embedded systems.

A projective general linear group based algorithm for the construction of substitution box for block ciphers

Abstract: The substitution boxes are used in block ciphers with the purpose to induce confusion in data The design of a substitution box determines the confusion ability of the cipher; therefore, many different types of boxes have been proposed by various authors in literature In this paper, we present a novel method to design a new substitution box and compare its characteristics with some prevailing boxes used in cryptography The algorithm proposed in this paper apply the action of projective linear group PGL(2, GF(28)) on Galois field GF(28) The new substitution box corresponds to a particular type of linear fractional transformation (35z + 15)/(9z + 5) In order to test the strength of the proposed substitution box, we apply non-linearity test, bit independence criterion, linear approximation probability method, differential approximation probability method, strict avalanche criterion, and majority logic criterion This new technique to synthesize a substitution box offers a powerful algebraic complexity while keeping the software/hardware complexity within manageable parameters

Block ciphers that are easier to mask: how far can we go?

Abstract: The design and analysis of lightweight block ciphers has been a very active research area over the last couple of years, with many innovative proposals trying to optimize different performance figures. However, since these block ciphers are dedicated to low-cost embedded devices, their implementation is also a typical target for side-channel adversaries. As preventing such attacks with countermeasures usually implies significant performance overheads, a natural open problem is to propose new algorithms for which physical security is considered as an optimization criteria, hence allowing better performances again. We tackle this problem by studying how much we can tweak standard block ciphers such as the AES Rijndael in order to allow efficient masking (that is one of the most frequently considered solutions to improve security against side-channel attacks). For this purpose, we first investigate alternative S-boxes and round structures. We show that both approaches can be used separately in order to limit the total number of non-linear operations in the block cipher, hence allowing more efficient masking. We then combine these ideas into a concrete instance of block cipher called Zorro. We further provide a detailed security analysis of this new cipher taking its design specificities into account, leading us to exploit innovative techniques borrowed from hash function cryptanalysis (that are sometimes of independent interest). Eventually, we conclude the paper by evaluating the efficiency of masked Zorro implementations in an 8-bit microcontroller, and exhibit their interesting performance figures.

Parallelizable and Authenticated Online Ciphers

Abstract: Online ciphers encrypt an arbitrary number of plaintext blocks and output ciphertext blocks which only depend on the preceding plaintext blocks All online ciphers proposed so far are essentially serial, which significantly limits their performance on parallel architectures such as modern general-purpose CPUs or dedicated hardwareWe propose the first parallelizable online cipher, COPE It performs two calls to the underlying block cipher per plaintext block and is fully parallelizable in both encryption and decryption COPE is proven secure against chosenplaintext attacks assuming the underlying block cipher is a strong PRP We then extend COPE to create COPA, the first parallelizable, online authenticated cipher with nonce-misuse resistance COPA only requires two extra block cipher calls to provide integrity The privacy and integrity of the scheme is proven secure assuming the underlying block cipher is a strong PRP Our implementation with Intel AES-NI on a Sandy Bridge CPU architecture shows that both COPE and COPA are about 5 times faster than their closest competition: TC1, TC3, and McOE-G This high factor of advantage emphasizes the paramount role of parallelizability on up-to-date computing platforms

Two Attacks on a White-Box AES Implementation

Abstract: White-box cryptography aims to protect the secret key of a cipher in an environment in which an adversary has full access to the implementation of the cipher and its execution environment. In 2002, Chow, Eisen, Johnson and van Oorschot proposed a white-box implementation of AES. In 2004, Billet, Gilbert and Ech-Chatbi presented an efficient attack referred to as the BGE attack on this implementation, extracts extracting its embedded AES key with a work factor of $$2^{30}$$ . In 2012, Tolhuizen presented an improvement of the most time-consuming phase of the BGE attack. The present paper includes three contributions. First we describe several improvements of the BGE attack. We show that the overall work factor of the BGE attack is reduced to $$2^{22}$$ when all improvements are implemented. This paper also presents a new attack on the initial white-box implementation of Chow et al. This attack exploits collisions occurring on internal variables of the implementation and it achieves a work factor of $$2^{22}$$ . Eventually, we address the white-box AES implementation presented by Karroumi in 2010 which aims to withstand the BGE attack. We show that the implementations of Karroumi and Chow et al. are the same, making them both vulnerable to the same attacks.

Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer

Abstract: The Megamos Crypto transponder is used in one of the most widely deployed electronic vehicle immobilizers. It is used among others in most Audi, Fiat, Honda, Volkswagen and Volvo cars. Such an immobilizer is an antitheft device which prevents the engine of the vehicle from starting when the corresponding transponder is not present. This transponder is a passive RFID tag which is embedded in the key of the vehicle. In this paper we have reverse-engineered all proprietary security mechanisms of the transponder, including the cipher and the authentication protocol which we publish here in full detail. This article reveals several weaknesses in the design of the cipher, the authentication protocol and also in their implementation. We exploit these weaknesses in three practical attacks that recover the 96bit transponder secret key. These three attacks only require wireless communication with the system. Our first attack exploits weaknesses in the cipher design and in the authentication protocol. We show that having access to only two eavesdropped authentication traces is enough to recover the 96-bit secret key with a computational complexity of 256 cipher ticks (equivalent to 2 encryptions). Our second attack exploits a weakness in the key-update mechanism of the transponder. This attack recovers the secret key after 3× 2 authentication attempts with the transponder and negligible computational complexity. We have executed this attack in practice on several vehicles. We were able to recover the key and start the engine with a transponder emulating device. Executing this attack from beginning to end takes only 30 minutes. Our third attack exploits the fact that some car manufacturers set weak cryptographic keys in their vehicles. We propose a time-memory trade-off which recovers such a weak key after a few minutes of computation on a standard laptop.

Stream Ciphers

Abstract: In cryptography, ciphers is the technical term for encryption and decryption algorithms. They are an important sub-family that features high speed and easy implementation and are an essential part of wireless internet and mobile phones. Unlike block ciphers, stream ciphers work on single bits or single words and need to maintain an internal state to change the cipher at each step. Typically stream ciphers can reach higher speeds than block ciphers but they can be more vulnerable to attack. Here, mathematics comes into play. Number theory, algebra and statistics are the key to a better understanding of stream ciphers and essential for an informed decision on their safety. Since the theory is less developed, stream ciphers are often skipped in books on cryptography. This book fills this gap. It covers the mathematics of stream ciphers and its history, and also discusses many modern examples and their robustness against attacks. Part I covers linear feedback shift registers, non-linear combinations of LFSRs, algebraic attacks and irregular clocked shift registers. Part II studies some special ciphers including the security of mobile phones, RC4 and related ciphers, the eStream project and the blum-blum-shub generator and related ciphers. Stream Ciphers requires basic knowledge of algebra and linear algebra, combinatorics and probability theory and programming. Appendices in Part III help the reader with the more complicated subjects and provides the mathematical background needed. It covers, for example, complexity, number theory, finite fields, statistics, combinatorics. Stream Ciphers concludes with exercises and solutions and is directed towards advanced undergraduate and graduate students in mathematics and computer science.

FIDES: lightweight authenticated cipher with side-channel resistance for constrained hardware

Abstract: In this paper, we present a novel lightweight authenticated cipher optimized for hardware implementations called Fides. It is an online nonce-based authenticated encryption scheme with authenticated data whose area requirements are as low as 793 GE and 1001 GE for 80-bit and 96-bit security, respectively. This is at least two times smaller than its closest competitors Hummingbird-2 and Grain-128a. While being extremely compact, Fides is both throughput and latency efficient, even in its most serial implementations. This is attained by our novel sponge-like design approach. Moreover, cryptographically optimal 5-bit and 6-bit S-boxes are used as basic nonlinear components while paying a special attention on the simplicity of providing first order side-channel resistance with threshold implementation.

McBits: fast constant-time code-based cryptography

Abstract: This paper presents extremely fast algorithms for code-based public-key cryptography, including full protection against timing attacks. For example, at a 2128 security level, this paper achieves a reciprocal decryption throughput of just 60493 cycles (plus cipher cost etc.) on a single Ivy Bridge core. These algorithms rely on an additive FFT for fast root computation, a transposed additive FFT for fast syndrome computation, and a sorting network to avoid cache-timing attacks.

Parallelizable and Authenticated Online Ciphers.

Abstract: Online ciphers encrypt an arbitrary number of plaintext blocks and output ciphertext blocks which only depend on the preceding plaintext blocks. All online ciphers proposed so far are essentially serial, which significantly limits their performance on parallel architectures such as modern general-purpose CPUs or dedicated hardware. We propose the first parallelizable online cipher, COPE. It performs two calls to the underlying block cipher per plaintext block and is fully parallelizable in both encryption and decryption. COPE is proven secure against chosen-plaintext attacks assuming the underlying block cipher is a strong PRP. We then extend COPE to create COPA, the first parallelizable, online authenticated cipher with nonce-misuse resistance. COPA only requires two extra block cipher calls to provide integrity. The privacy and integrity of the scheme is proven secure assuming the underlying block cipher is a strong PRP. Our implementation with Intel AES-NI on a Sandy Bridge CPU architecture shows that both COPE and COPA are about 5 times faster than their closest competition: TC1, TC3, and McOE-G. This high factor of advantage emphasizes the paramount role of parallelizability on up-to-date computing platforms.

Parallel AES Encryption Engines for Many-Core Processor Arrays

Abstract: By exploring different granularities of data-level and task-level parallelism, we map 16 implementations of an Advanced Encryption Standard (AES) cipher with both online and offline key expansion on a fine-grained many-core system. The smallest design utilizes only six cores for offline key expansion and eight cores for online key expansion, while the largest requires 107 and 137 cores, respectively. In comparison with published AES cipher implementations on general purpose processors, our design has 3.5-15.6 times higher throughput per unit of chip area and 8.2-18.1 times higher energy efficiency. Moreover, the design shows 2.0 times higher throughput than the TI DSP C6201, and 3.3 times higher throughput per unit of chip area and 2.9 times higher energy efficiency than the GeForce 8800 GTX.

An efficient approach for the construction of LFT S-boxes using chaotic logistic map

Abstract: In this paper, we synthesize substitution boxes by the use of chaotic logistic maps in linear fractional transformation. In order to introduce randomness in the construction of S-boxes, the data from the chaotic system is used in linear fractional transformation to add additional unpredictable behavior. The proposed S-box is tested for its strength in encryption applications. The nonlinearity characteristic of the proposed S-box is studied, and the strength of the cipher is quantized in terms of this property. In addition, the behavior of bit changes at the output of the cipher in comparison with the input is also studied. Similarly, the input/output differential is also evaluated for different bit patterns. The results of statistical analyses show superior performance of the proposed S-boxes.

High-Performance Hardware Implementation for RC4 Stream Cipher

Abstract: RC4 is the most popular stream cipher in the domain of cryptology. In this paper, we present a systematic study of the hardware implementation of RC4, and propose the fastest known architecture for the cipher. We combine the ideas of hardware pipeline and loop unrolling to design an architecture that produces 2 RC4 keystream bytes per clock cycle. We have optimized and implemented our proposed design using VHDL description, synthesized with 130, 90, and 65 nm fabrication technologies at clock frequencies 625 MHz, 1.37 GHz, and 1.92 GHz, respectively, to obtain a final RC4 keystream throughput of 10, 21.92, and 30.72 Gbps in the respective technologies.

ITUbee: A Software Oriented Lightweight Block Cipher

Abstract: In this paper, we propose a software oriented lightweight block cipher, ITUbee. The cipher is especially suitable for resource constrained devices including an 8-bit microcontroller such as sensor nodes in wireless sensor networks. For a sensor node one of the most important constraints is the low energy consumption because of the limited battery power. Also, the memory on sensor nodes are restricted. We have simulated the performance of ITUbee in the AVR ATtiny45 microcontroller using the integrated development platform Atmel Studio 6. We have evaluated the memory usage and clock cycles needed for an encryption. The number of clock cycles gives a metric for energy consumption. The simulation results show that ITUbee is a competitive block cipher on 8-bit software platforms in terms of energy consumption. Also, less memory requirement of the cipher is remarkable. In addition, we have shown that the attacks which are effective on software oriented lightweight block ciphers can not reduce the 80-bit security level of ITUbee.

An Improved Secure Image Encryption Algorithm Based on Rubik's Cube Principle and Digital Chaotic Cipher

Abstract: A recently proposed secure image encryption scheme has drawn attention to the limited security offered by chaos-based image encryption schemes (mainly due to their relatively small key space) proposing a highly robust approach, based on Rubik's cube principle. This paper aims to study a newly designed image cryptosystem that uses the Rubik's cube principle in conjunction with a digital chaotic cipher. Thus, the original image is shuffled on Rubik's cube principle (due to its proven confusion properties), and then XOR operator is applied to rows and columns of the scrambled image using a chaos-based cipher (due to its proven diffusion properties). Finally, the experimental results and security analysis show that the newly proposed image encryption scheme not only can achieve good encryption and perfect hiding ability but also can resist any cryptanalytic attacks (e.g., exhaustive attack, differential attack, statistical attack, etc.).

A chaotic encryption scheme for real-time embedded systems: design and implementation

Abstract: Chaotic encryption schemes are believed to provide greater level of security than conventional ciphers. In this paper, a chaotic stream cipher is first constructed and then its hardware implementation details over Xilinx Virtex-6 FPGA are provided. Logistic map is the simplest chaotic system and has high potential to be used to design a stream cipher for real-time embedded systems. Its simple construct and non-linear dynamics makes it a common choice for such applications. In this paper, we present a Modified Logistic Map (MLM) which improves the performance of Logistic Map in terms of higher Lyapunov exponent and uniformity of bifurcation map. It also avoids the stable orbits of logistic map giving a more chaotic behavior to the system. A stream cipher is built using MLM and random feedback scheme. The proposed cipher gives 16 bits of encrypted data per clock cycle. The hardware implementation results over Xilinx Virtex-6 FPGA give a synthesis clock frequency of 93 MHz and a throughput of 1.5 Gbps while using 16 hardware multipliers. This makes the cipher suitable for embedded devices which have tight constraints on power consumption, hardware resources and real-time parameters.

Sieve-in-the-Middle: Improved MITM Attacks

Abstract: This paper presents a new generic technique, named sieve-in-the-middle, which improves meet-in-the-middle attacks in the sense that it provides an attack on a higher number of rounds. Instead of selecting the key candidates by searching for a collision in an intermediate state which can be computed forwards and backwards, we look for the existence of valid transitions through some middle sbox. Combining this technique with short bicliques allows to freely add one or two more rounds with the same time complexity. Moreover, when the key size of the cipher is larger than its block size, we show how to build the bicliques by an improved technique which does not require any additional data (on the contrary to previous biclique attacks). These techniques apply to PRESENT, DES, PRINCE and AES, improving the previously known results on these four ciphers. In particular, our attack on PRINCE applies to 8 rounds (out of 12), instead of 6 in the previous cryptanalyses. Some results are also given for theoretically estimating the sieving probability provided by some inputs and outputs of a given sbox.

An improved permutation-diffusion type image cipher with a chaotic orbit perturbing mechanism.

Abstract: During the past decades, chaos-based permutation-diffusion type image cipher has been widely investigated to meet the increasing demand for real-time secure image transmission over public networks. However, the existing researches almost exclusively focus on the improvements of the permutation and diffusion methods independently, without consideration of cooperation between the two processes. In this paper, an improved permutation-diffusion type image cipher with a chaotic orbit perturbing mechanism is proposed. In the permutation stage, pixels in the plain image are shuffled with a pixel-swapping mechanism, and the pseudorandom locations are generated by chaotic logistic map iteration. Furthermore, a plain pixel related chaotic orbit perturbing mechanism is introduced. As a result, a tiny change in plain image will be spread out during the confusion process, and hence an effective diffusion effect is introduced. By using a reverse direction diffusion method, the introduced diffusion effect will be further diffused to the whole cipher image within one overall encryption round. Simulation results and extensive cryptanalysis justify that the proposed scheme has a satisfactory security with a low computational complexity, which renders it a good candidate for real-time secure image storage and distribution applications.

A secure data communication system using cryptography and steganography

Abstract: The information security has become one of the most significant problems in data communication. So it becomes an inseparable part of data communication. In order to address this problem, cryptography and steganography can be combined. This paper proposes a secure communication system. It employs cryptographic algorithm together with steganography. The jointing of these techniques provides a robust and strong communication system that able to withstand against attackers. In this paper, the filter bank cipher is used to encrypt the secret text message, it provide high level of security, scalability and speed. After that, a discrete wavelet transforms (DWT) based steganography is employed to hide the encrypted message in the cover image by modifying the wavelet coefficients. The performance of the proposed system is evaluated using peak signal to noise ratio (PSNR) and histogram analysis. The simulation results show that, the proposed system provides high level of security.

The Mix-and-Cut Shuffle: Small-Domain Encryption Secure against N Queries

Abstract: We provide a new shuffling algorithm, called Mix-and-Cut, that provides a provably-secure block cipher even for adversaries that can observe the encryption of all N = 2 n domain points. Such fully secure ciphers are useful for format-preserving encryption, where small domains (e.g., n = 30) are common and databases may well include examples of almost all ciphertexts. Mix-and-Cut derives from a general framework for building fully secure pseudorandom permutations (PRPs) from fully secure pseudorandom separators (PRSs). The latter is a new primitive that we treat for the first time. Our framework was inspired by, and uses ideas from, a particular cipher due to Granboulin and Pornin. To achieve full security for Mix-and-Cut using this framework, we give a simple proof that a PRP secure for (1 − e)N queries (recently achieved efficiently by Hoang, Morris, and Rogaway’s Swap-or-Not cipher) yields a PRS secure for N queries.

Advances in Cryptology: Proceedings Of Crypto 82

Abstract: Algorithms and Theory.- Fast Computation of Discrete Logarithms in GF (q).- Some Remarks on the Herlestam-Johannesson Algorithm for Computing Logarithms over GF(2p).- A Public-Key Cryptosystem Based on the Matrix Cover NP-Complete Problem.- Infinite Structures in Information Theory.- A Fast Modular Multiplication Algorithm with Application to Two Key Cryptography.- Comparison of Two Pseudo-Random Number Generators.- On Computationally Secure Authentication Tags Requiring Short Secret Shared Keys.- Modes of Operation.- Some Regular Properties of the 'Data Encryption Standard' Algorithm.- The Average Cycle Size of the Key Stream in Output Feedback Encipherment.- Analysis of Certain Aspects of Output Feedback Mode.- Drainage and the DES Summary.- Security of a Keystream Cipher with Secret Initial Value.- Using Data Uncertainty to Increase the Crypto-Complexity of Simple Private Key Enciphering Schemes.- Randomized Encryption Techniques.- Protocols and Transaction Security.- On the Security of Multi-Party Protocols in Distributed Systems.- On the Security of Ping-Pong Protocols.- The Use of Public-Key Cryptography for Signing Checks.- Blind Signatures for Untraceable Payments.- A Randomized Protocol for Signing Contracts.- On Signatures and Authentication.- Applications.- Cryptographic Protection of Personal Data Cards.- Non-Public Key Distribution.- Cryptographic Solution to a Multilevel Security Problem.- Local Network Cryptosystem Architecture: Access Control.- Implementing an Electronic Notary Public.- Quantum Cryptography, or Unforgeable Subway Tokens.- Special Session on Cryptanalysis.- A Polynomial Time Algorithm for Breaking the Basic Merkle-Hellman Cryptosystem.- A Preliminary Report on the Cryptanalysis of Merkle-Hellman Knapsack Cryptosystems.- On Breaking the Iterated Merkle-Hellman Public-Key Cryptosystem.- Rump Session: Impromptu Talks by Conference Attendees.- Long Key Variants of DES.- On the Security of Multi-Party Ping-Pong Protocols.- Inferring a Sequence Generated by a Linear Congruence.- Key Reconstruction.- Nondeterministic Cryptography.- A Short Report on the RSA Chip.

Security Analysis of PRINCE

Abstract: In this article, we provide the first third-party security analysis of the PRINCE lightweight block cipher, and the underlying \(\mathtt{PRINCE}_{core}\). First, while no claim was made by the authors regarding related-key attacks, we show that one can attack the full cipher with only a single pair of related keys, and then reuse the same idea to derive an attack in the single-key model for the full \(\mathtt{PRINCE}_{core}\) for several instances of the \(\alpha \) parameter (yet not the one randomly chosen by the designers). We also show how to exploit the structural linear relations that exist for PRINCE in order to obtain a key recovery attack that slightly breaks the security claims for the full cipher. We analyze the application of integral attacks to get the best known key-recovery attack on a reduced version of the PRINCE cipher. Finally, we provide time-memory-data tradeoffs that require only known plaintext-ciphertext data and that can be applied to full PRINCE.

New differential fault analysis on PRESENT

Abstract: In this paper, we present two differential fault analyses on PRESENT-80 which is a lightweight block cipher. The first attack is a basic attack which induces a fault on only one bit of intermediate states, and we can obtain the last subkey of the block cipher, given 48 faulty cipher texts on average. The second attack can retrieve the master key of the block cipher, given 18 faulty cipher texts on average. In the latter attack, we assume that we can induce faults on a single nibble of intermediate states. Given those faulty cipher texts, the computational complexity of attacks is negligible.