Showing papers on "Cipher published in 2015"

Post-Quantum Key Exchange for the TLS Protocol from the Ring Learning with Errors Problem

Abstract: Lattice-based cryptographic primitives are believed to offer resilience against attacks by quantum computers. We demonstrate the practicality of post-quantum key exchange by constructing cipher suites for the Transport Layer Security (TLS) protocol that provide key exchange based on the ring learning with errors (R-LWE) problem, we accompany these cipher suites with a rigorous proof of security. Our approach ties lattice-based key exchange together with traditional authentication using RSA or elliptic curve digital signatures: the post-quantum key exchange provides forward secrecy against future quantum attackers, while authentication can be provided using RSA keys that are issued by today's commercial certificate authorities, smoothing the path to adoption. Our cryptographically secure implementation, aimed at the 128-bit security level, reveals that the performance price when switching from non-quantum-safe key exchange is not too high. With our R-LWE cipher suites integrated into the Open SSL library and using the Apache web server on a 2-core desktop computer, we could serve 506 RLWE-ECDSA-AES128-GCM-SHA256 HTTPS connections per second for a 10 KiB payload. Compared to elliptic curve Diffie-Hellman, this means an 8 KiB increased handshake size and a reduction in throughput of only 21%. This demonstrates that provably secure post-quantum key-exchange can already be considered practical.

Midori: A Block Cipher for Low Energy

Abstract: In the past few years, lightweight cryptography has become a popular research discipline with a number of ciphers and hash functions proposed. The designers' focus has been predominantly to minimize the hardware area, while other goals such as low latency have been addressed rather recently only. However, the optimization goal of low energy for block cipher design has not been explicitly addressed so far. At the same time, it is a crucial measure of goodness for an algorithm. Indeed, a cipher optimized with respect to energy has wide applications, especially in constrained environments running on a tight power/energy budget such as medical implants. This paper presents the block cipher Midorii¾?The name of the cipher is the Japanese translation for the word Green. that is optimized with respect to the energy consumed by the circuit per bt in encryption or decryption operation. We deliberate on the design choices that lead to low energy consumption in an electrical circuit, and try to optimize each component of the circuit as well as its entire architecture for energy. An added motivation is to make both encryption and decryption functionalities available by small tweak in the circuit that would not incur significant area or energy overheads. We propose two energy-efficient block ciphers Midori128i¾?and Midori64i¾?with block sizes equal to 128 and 64 bits respectively. These ciphers have the added property that a circuit that provides both the functionalities of encryption and decryption can be designed with very little overhead in terms of area and energy. We compare our results with other ciphers with similar characteristics: it was found that the energy consumptions ofi¾?Midori64i¾? and Midori128i¾? are by far better when compared ciphers like PRINCE and NOEKEON.

Ciphers for MPC and FHE

Abstract: Designing an efficient cipher was always a delicate balance between linear and non-linear operations. This goes back to the design of DES, and in fact all the way back to the seminal work of Shannon.

The Simeck Family of Lightweight Block Ciphers

Abstract: Two lightweight block cipher families, Simon and Speck, have been proposed by researchers from the NSA recently. In this paper, we introduce Simeck, a new family of lightweight block ciphers that combines the good design components from both Simon and Speck, in order to devise even more compact and efficient block ciphers. For Simeck32/64, we can achieve 505 GEs (before the Place and Route phase) and 549 GEs (after the Place and Route phase), with the power consumption of 0.417 \(\mu W\) in CMOS 130 nm ASIC, and 454 GEs (before the Place and Route phase) and 488 GEs (after the Place and Route phase), with the power consumption of 1.292 \(\mu W\) in CMOS 65 nm ASIC. Furthermore, all of the instances of Simeck are smaller than the ones of hardware-optimized cipher Simon in terms of area and power consumption in both CMOS 130 nm and CMOS 65 nm techniques. In addition, we also give the security evaluation of Simeck with respect to many traditional cryptanalysis methods, including differential attacks, linear attacks, impossible differential attacks, meet-in-the-middle attacks, and slide attacks. Overall, all of the instances of Simeck can satisfy the area, power, and throughput requirements in passive RFID tags.

Selective encryption for gray images based on chaos and DNA complementary rules

Abstract: A new block cipher for gray images is proposed in this paper which fully utilizes whole set of DNA complementary rules dynamically for encoding and decoding each pixel of a block. The most significant (MSB) part of each block is added under DNA addition operation with least significant (LSB) while LSB part itself get encrypted by chaotically selecting different DNA rules for each pixel. The initial condition is calculated from 128-bits external input key and then the said key is modified for each subsequent block of an image. An image is permuted by Piecewise Linear Chaotic Map (PWLCM) while logistic sequence is used for the selection of encoding and decoding rules for each pixel of a block. The simulated experimental results and the security analysis in terms of quantitative and qualitative way show that our cipher can not only achieve good encryption effect to resist the exhaustive and statistical attacks but also is a good candidate for encrypting large sized uncompressed gray images.

An efficient image encryption scheme using lookup table-based confusion and diffusion

Abstract: This paper presents a solution to satisfy the increasing requirement of real-time secure image transmission over public networks. The main advantage of the proposed cryptosystem is high efficiency. The confusion and diffusion operations are both performed based on a lookup table. Therefore, the time-consuming floating point arithmetic in chaotic map iteration and quantization procedures of traditional chaos-based image cipher can be avoided. Besides, this cryptosystem possesses satisfactory resistance to noise perturbation and loss of cipher data, which are inevitable and unpredictable in real-world channels. The channel disturbance and the deliberate damage from the opponents are both tolerated. The recovered image from the damaged cipher data has satisfactory visual perception. Simulations prove the advantages of the proposed scheme, which render it a good candidate for real-time secure image applications.

Triathlon of Lightweight Block Ciphers for the Internet of Things.

Abstract: In this paper we introduce an open framework for the benchmarking of lightweight block ciphers on a multitude of embedded platforms. Our framework is able to evaluate execution time, RAM footprint, as well as (binary) code size, and allows a user to define a custom “figure of merit” according to which all evaluated candidates can be ranked. We used the framework to benchmark various implementations of 13 lightweight ciphers, namely AES, Fantomas, HIGHT, LBlock, LED, Piccolo, PRESENT, PRINCE, RC5, Robin, Simon, Speck, and TWINE, on three different platforms: 8-bit ATmega, 16-bit MSP430, and 32-bit ARM. Our results give new insights to the question of how well these ciphers are suited to secure the Internet of Things (IoT). The benchmarking framework provides cipher designers with a tool to compare new algorithms with the state-of-the-art and allows standardization bodies to conduct a fair and comprehensive evaluation of a large number of candidates.

A New Chaos-Based Cryptosystem for Secure Transmitted Images

Abstract: This paper presents a novel and robust chaos-based cryptosystem for secure transmitted images and four other versions. In the proposed block encryption/decryption algorithm, a 2D chaotic map is used to shuffle the image pixel positions. Then, substitution (confusion) and permutation (diffusion) operations on every block, with multiple rounds, are combined using two perturbed chaotic PWLCM maps. The perturbing orbit technique improves the statistical properties of encrypted images. The obtained error propagation in various standard cipher block modes demonstrates that the proposed cryptosystem is suitable to transmit cipher data over a corrupted digital channel. Finally, to quantify the security level of the proposed cryptosystem, many tests are performed and experimental results show that the suggested cryptosystem has a high security level.

White-Box Cryptography Revisited: Space-Hard Ciphers

Abstract: The need for software security in untrusted environments is ever increasing. White-box cryptography aims to ensure the security of cryptographic algorithms when the attacker has full access to their implementations. However, there is no secure white-box implementation of standard block ciphers such as DES and AES known to date: All published techniques have been practically broken. In this paper, we revisit white-box cryptography and propose a family of white-box secure block ciphers SPACE with several novel features. The design of SPACE is such that the key-extraction security in the white box reduces to the well-studied problem of key recovery for block ciphers (AES in our example) in the standard black-box setting. Moreover, to mitigate code lifting, we introduce the notion of space hardness. It measures the difficulty of compressing the white-box implementation of a cipher, and quantifies security against code lifting by the amount of code that needs to be extracted from the implementation by a white-box attacker to maintain its functionality. SPACE includes several variants with different white-box code sizes. Therefore, it is applicable to a wide range of environments and use cases. One of the variants called N-SPACE can be implemented with different code sizes while keeping the cipher itself unchanged. SPACE offers a high level of space hardness: It is difficult to find a compact but still functional representation of SPACE given its white-box implementation. This property has several useful consequences for applications. First, it gets more challenging for a DRM attacker (e.g. in a pay TV setting) to scale a code-lifting attack and to distribute the break. Moreover, this paves the way for mass-surveillance resistant cryptography: If a large proportion of users dedicates a significant part of their computers' storage (e.g. HDD) to white-box SPACE implementations, it will be much more complex or even infeasible for governmental agencies to deal with the keys of all users simultaneously due to the limited storage available, forcing them to focus on targeted attacks instead. This consequence is especially important given Snowden's revelations on the extent of the mass surveillance practice by NSA and GCHQ. Finally, the usage of SPACE ciphers can mitigate the damage of having malware in security-critical systems such as networks processing top-secret data: As those are typically insulated from the Internet, the capacity of the communication channel from inside to outside the system is often limited, making it infeasible for Trojans to transmit the necessary key material.

Prohibiting RC4 Cipher Suites

Abstract: This document requires that Transport Layer Security (TLS) clients and servers never negotiate the use of RC4 cipher suites when they establish connections. This applies to all TLS versions. This document updates RFCs 5246, 4346, and 2246.

Tweaking Even-Mansour Ciphers

Abstract: We study how to construct efficient tweakable block ciphers in the Random Permutation model, where all parties have access to public random permutation oracles. We propose a construction that combines, more efficiently than by mere black-box composition, the CLRW construction (which turns a traditional block cipher into a tweakable block cipher) of Landecker et al. (CRYPTO 2012) and the iterated Even-Mansour construction (which turns a tuple of public permutations into a traditional block cipher) that has received considerable attention since the work of Bogdanov et al. (EUROCRYPT 2012). More concretely, we introduce the (one-round) tweakable Even-Mansour (TEM) cipher, constructed from a single n-bit permutation P and a uniform and almost XOR-universal family of hash functions \((H_k)\) from some tweak space to \(\{0,1\}^n\), and defined as \((k,t,x)\mapsto H_k(t)\oplus P(H_k(t)\oplus x)\), where k is the key, t is the tweak, and x is the n-bit message, as well as its generalization obtained by cascading r independently keyed rounds of this construction. Our main result is a security bound up to approximately \(2^{2n/3}\) adversarial queries against adaptive chosen-plaintext and ciphertext distinguishers for the two-round TEM construction, using Patarin’s H-coefficients technique. We also provide an analysis based on the coupling technique showing that asymptotically, as the number of rounds r grows, the security provided by the r-round TEM construction approaches the information-theoretic bound of \(2^n\) adversarial queries.

Exploring Energy Efficiency of Lightweight Block Ciphers

Abstract: In the last few years, the field of lightweight cryptography has seen an influx in the number of block ciphers and hash functions being proposed. One of the metrics that define a good lightweight design is the energy consumed per unit operation of the algorithm. For block ciphers, this operation is the encryption of one plaintext. By studying the energy consumption model of a CMOS gate, we arrive at the conclusion that the energy consumed per cycle during the encryption operation of an r-round unrolled architecture of any block cipher is a quadratic function in r. We then apply our model to 9 well known lightweight block ciphers, and thereby try to predict the optimal value of r at which an r-round unrolled architecture for a cipher is likely to be most energy efficient. We also try to relate our results to some physical design parameters like the signal delay across a round and algorithmic parameters like the number of rounds taken to achieve full diffusion of a difference in the plaintext/key.

A New Quaternion-Based Encryption Method for DICOM Images

Abstract: In this paper, a new quaternion-based lossless encryption technique for digital image and communication on medicine (DICOM) images is proposed. We have scrutinized and slightly modified the concept of the DICOM network to point out the best location for the proposed encryption scheme, which significantly improves speed of DICOM images encryption in comparison with those originally embedded into DICOM advanced encryption standard and triple data encryption standard algorithms. The proposed algorithm decomposes a DICOM image into two 8-bit gray-tone images in order to perform encryption. The algorithm implements Feistel network like the scheme proposed by Sastry and Kumar. It uses special properties of quaternions to perform rotations of data sequences in 3D space for each of the cipher rounds. The images are written as Lipschitz quaternions, and modular arithmetic was implemented for operations with the quaternions. A computer-based analysis has been carried out, and the obtained results are shown at the end of this paper.

System on chip, method of operating the same, and devices including the system on chip

Abstract: A method of operating a system on chip (SoC) includes converting plain data into cipher data by using an encryption key and transmitting the cipher data directly to a memory controller which controls an operation of a non-volatile memory. The encryption key may be output by a one-time programmable (OTP) memory.

Chosen-plaintext attack of an image encryption scheme based on modified permutation-diffusion structure

Abstract: Since the first appearance in Fridrich's design, the usage of permutation-diffusion structure for designing digital image cryptosystem has been receiving increasing research attention in the field of chaos-based cryptography. Recently, a novel chaotic Image Cipher using one round Modified Permutation-Diffusion pattern (ICMPD) was proposed. Unlike traditional permutation-diffusion structure, the permutation is operated on bit level instead of pixel level and the diffusion is operated on masked pixels, which are obtained by carrying out the classical affine cipher, instead of plain pixels in ICMPD. Following a \textit{divide-and-conquer strategy}, this paper reports that ICMPD can be compromised by a chosen-plaintext attack efficiently and the involved data complexity is linear to the size of the plain-image. Moreover, the relationship between the cryptographic kernel at the diffusion stage of ICMPD and modulo addition then XORing is explored thoroughly.

A colour image encryption algorithm using 4-pixel Feistel structure and multiple chaotic systems

Abstract: In recent years, chaos-based image encryption algorithms have attracted much attention. Particularly, with larger data capacity and higher correlation among pixels, encryption of colour images demands better statistic and diffusion properties of image algorithms than that of grey images. In this paper, a chaos-based algorithm aiming at colour image encryption is proposed. Two 3D chaotic systems are used as key generators for three colours of colour images’ pixels. 4-Pixel Feistel structure and functions based on multiple chaotic maps are used to improve the statistic and diffusion properties of cipher image. Dependent encryption progress is used to resist certain cryptanalysis methods, such as known-/chosen plaintext attack and chosen cipher attack. According to large number of simulation experiments, with good speed performance being taken into account, our algorithm has better properties and higher security level than certain other chaos-based colour image encryption algorithms.

Cryptanalysis of Full Sprout

Abstract: A new method for reducing the internal state size of stream cipher registers has been proposed in FSE 2015, allowing to reduce the area in hardware implementations. Along with it, an instantiated proposal of a cipher was also proposed: Sprout. In this paper, we analyze the security of Sprout, and we propose an attack that recovers the whole key more than \(2^{10}\) times faster than exhaustive search and has very low data complexity. The attack can be seen as a divide-and-conquer evolved technique, that exploits the non-linear influence of the key bits on the update function. We have implemented the attack on a toy version of Sprout, that conserves the main properties exploited in the attack. The attack completely matches the expected complexities predicted by our theoretical cryptanalysis, which proves its validity. We believe that our attack shows that a more careful analysis should be done in order to instantiate the proposed design method.

A new LSB-S image steganography method blend with Cryptography for secret communication

Abstract: In this paper, a new method of image steganography in spatial domain on gray images blend with cryptography is present. Steganography and cryptography are used to hide message and its meaning respectively. By this method, the message is first encrypted using Vernam cipher algorithm and then the message (encrypted) is embedded inside an image using the new image steganography method i.e. LSB with Shifting (LSB-S). In LSB-S method we have used four LSB of the pixel and performed circular Left shift operation and XOR operation. The combinations of Cryptography and steganography method enhance the security of embedded data. After implementation the proposed method it is checked on the different parameter such as PSNR and MSE and got good results.

Differential Fault Attack against Grain Family with Very Few Faults and Minimal Assumptions

Abstract: The series of published works, related to differential fault attack (DFA) against the Grain family, require quite a large number (hundreds) of faults and also several assumptions on the locations and the timings of the faults injected. In this paper, we present a significantly improved scenario from the adversarial point of view for DFA against the Grain family of stream ciphers. Our model is the most realistic one so far as it considers that the cipher has to be re-keyed only a few times and faults can be injected at any random location and at any random point of time, i.e., no precise control is needed over the location and timing of fault injections. We construct equations based on the algebraic description of the cipher by introducing new variables so that the degrees of the equations do not increase. In line of algebraic cryptanalysis, we accumulate such equations based on the fault-free and faulty key-stream bits and solve them using the SAT Solver Cryptominisat-2.9.5 installed with SAGE 5.7. In a few minutes we can recover the state of Grain v1, Grain-128 and Grain-128a with as little as 10, 4 and 10 faults respectively.

Reflection Cryptanalysis of PRINCE-Like Ciphers

Abstract: PRINCE is a low-latency block cipher presented at ASIACRYPT 2012. The cipher was designed with a property called ?-reflection which reduces the definition of decryption with a given key to encryption with a different but related key determined by ?. In the design document, it was shown that PRINCE is secure against known attacks independently of the value of ?, and the design criteria for ? remained open. In this paper, we introduce new distinguishers on PRINCE-like ciphers by constructing probable or impossible relations from the cipher data located at layers that are symmetric around the middle of the cipher. We show that the probabilities of such relations, called reflection characteristics in this paper, depend crucially on the choice of the reflection parameter ?. Several classes of ? are investigated. As a result we show that there exist values of ? which, if used in the otherwise original PRINCE, would allow a key-recovery attack on the full 12-round cipher with the data complexity of 257.98 known plaintexts and the time complexity of 272.39 encryptions. While this attack is not better than the generic attack on the complete cipher, where the core cipher is protected by the whitening key, the same reflection distinguisher, when applied on the core cipher without the whitening key, yields a key-recovery attack with time complexity less than exhaustive key search and data complexity of 256.21 known plaintexts. As a result of the new cryptanalysis method presented in this paper, new design criteria concerning the selection of the value of ? for PRINCE-like ciphers are obtained.

Secure and Efficient Data Transmission for Cluster-Based Wireless Sensor Networks

Abstract: Secure and efficient data transmission is a critical issue for cluster-based wireless Sensor Networks (WSNs). In Cluster-based WSNs authentication of users is a very Important issue .So, by authenticating the sent user and the destination user , we can achieve the security and efficiency of data over CWSNs. To provide security of data and authentication of user we proposed a technique where we are implementing two concepts for performing those operations. The first one is identity based signature (IBS) for verification of user generated by the verifier and second one is a key is xor operated with the data and get the cipher and then binary level technique for encryption and decryption of the original message. The binary level technique converts the plain text into binary form and then splits the data into blocks and assign values to it based on identification mark (IM) technique which depends upon the length of the binary digits, then these are divided into two level, 1 st level is 2 bit and 2 nd level is 4 bit . Then at the receiver user the Cipher text will be decrypted by using the reverse technique and the destination user will get the original message. By providing those techniques we can improve efficiency, security overhead and energy consumption.

Espresso: A Stream Cipher for 5G Wireless Communication Systems.

Abstract: The demand for more efficient ciphers is a likely to sharpen with new generation of products and applications. Previous cipher designs typically focused on optimizing only one of the two parameters hardware size or speed, for a given security level. In this paper, we present a methodology for designing a class of stream ciphers which takes into account both parameters simultaneously. We combine the advantage of the Galois configuration of NLFSRs, short propagation delay, with the advantage of the Fibonacci configuration of NLFSRs, which can be analyzed formally. According to our analysis, the presented stream cipher Espresso is the fastest among the ciphers below 1500 GE, including Grain-128 and Trivium.

The Related-Key Security of Iterated Even–Mansour Ciphers

Abstract: The simplicity and widespread use of blockciphers based on the iterated Even–Mansour (EM) construction has sparked recent interest in the theoretical study of their security. Previous work has established their strong pseudorandom permutation and indifferentiability properties, with some matching lower bounds presented to demonstrate tightness. In this work we initiate the study of the EM ciphers under related-key attacks which, despite extensive prior work on EM ciphers, has received little attention. We show that the simplest one-round EM cipher is strong enough to achieve non-trivial levels of RKA security even under chosen-ciphertext attacks. This class, however, does not include the practically relevant case of offsetting keys by constants. We show that two rounds suffice to reach this level under chosen-plaintext attacks and that three rounds can boost security to resist chosen-ciphertext attacks. We also formalize how indifferentiability relates to RKA security, showing strong positive results despite counterexamples presented for indifferentiability in multi-stage games.

An Encryption Scheme Using Chaotic Map and Genetic Operations for Wireless Sensor Networks

Abstract: Over the past decade, the application domain of wireless sensor networks has expanded steadily, ranging from environmental management to industry control, and from structural health monitoring to strategic surveillance. With the proliferation of sensor networks at home, work place, and beyond, securing data in the network has become a challenge. A number of security mechanisms have been proposed for sensor networks to provide data confidentiality: 1) advanced encryption system; 2) KATAN; 3) LED; and 4) TWINE. However, these schemes have drawbacks, including security vulnerabilities, need for hardware-based implementation, and higher computational complexity. To address these limitations, we propose a lightweight block cipher based on chaotic map and genetic operations. The proposed cryptographic scheme employs elliptic curve points to verify the communicating nodes and as one of the chaotic map parameters to generate the pseudorandom bit sequence. This sequence is used in XOR, mutation, and crossover operations in order to encrypt the data blocks. The experimental results based on Mica2 sensor mote show that the proposed encryption scheme is nine times faster than the LED protocol and two times faster than the TWINE protocol. We have also performed a number of statistical tests and cryptanalytic attacks to evaluate the security strength of the algorithm and found the cipher provably secure.

Medical Image Encryption and Compression Scheme Using Compressive Sensing and Pixel Swapping Based Permutation Approach

Abstract: This paper presents a solution to satisfy the increasing requirements for secure medical image transmission and storage over public networks. The proposed scheme can simultaneously encrypt and compress the medical image using compressive sensing (CS) and pixel swapping based permutation approach. In the CS phase, the plain image is compressed and encrypted by chaos-based Bernoulli measurement matrix, which is generated under the control of the introduced Chebyshev map. The quantized measurements are then encrypted by permutation-diffusion type chaotic cipher for the second level protection. Simulations and extensive security analyses have been performed. The results demonstrate that at a large scale of compression ratio the proposed cryptosystem can provide satisfactory security level and reconstruction quality.

Linear Cryptanalysis of Reduced-Round SIMECK Variants

Abstract: SIMECK is a family of 3 lightweight block ciphers designed by Yangi¾?et al. They follow the framework used by Beaulieu et al. from the United States National Security Agency NSA to design SIMON and SPECK. A cipher in this family with K-bit key and N-bit block is called SIMECKNi¾?/i¾?K. We show that the security of this block cipher against linear cryptanalysis is not as good as its predecessors SIMON. More precisely, while the best known linear attack for SIMON32/64, using Algorithm 1 of Matsui, covers 13 rounds we present a linear attack in this senario which covers 14 rounds of SIMECK32/64. Similarly, using Algorithm 1 of Matsui, we present attacks on 19 and 22 rounds of SIMECK48/96 and SIMECK64/128 respectively, compare them with known attacks on 16 and 19 rounds SIMON48/96 and SIMON64/128 respectively. In addition, we use Algorithm 2 of Matsui to attack 18, 23 and 27 rounds of SIMECK32/64, SIMECK48/96 and SIMECK64/128 respectively, compare them with known attacks on 18, 19 and 21 rounds SIMON32/64, SIMON48/96 and SIMON64/128 respectively.