Cipher

About: Cipher is a research topic. Over the lifetime, 9409 publications have been published within this topic receiving 110309 citations. The topic is also known as: cypher & cryptographic algorithm.

Algebraic attacks on stream ciphers with linear feedback

Abstract: A classical construction of stream ciphers is to combine several LFSRs and a highly non-linear Boolean function f. Their security is usually analysed in terms of correlation attacks, that can be seen as solving a system of multivariate linear equations, true with some probability. At ICISC'02 this approach is extended to systems of higher-degree multivariate equations, and gives an attack in 292 for Toyocrypt, a Cryptrec submission. In this attack the key is found by solving an overdefined system of algebraic equations. In this paper we show how to substantially lower the degree of these equations by multiplying them by well-chosen multivariate polynomials. Thus we are able to break Toyocrypt in 249 CPU clocks, with only 20 Kbytes of keystream, the fastest attack proposed so far. We also successfully attack the Nessie submission LILI-128, within 257 CPU clocks (not the fastest attack known). In general, we show that if the Boolean function uses only a small subset (e.g. 10) of state/LFSR bits, the cipher can be broken, whatever is the Boolean function used (worst case). Our new general algebraic attack breaks stream ciphers satisfying all the previously known design criteria in at most the square root of the complexity of the previously known generic attack.

The LED block cipher

Abstract: We present a new block cipher LED. While dedicated to compact hardware implementation, and offering the smallest silicon footprint among comparable block ciphers, the cipher has been designed to simultaneously tackle three additional goals. First, we explore the role of an ultra-light (in fact non-existent) key schedule. Second, we consider the resistance of ciphers, and LED in particular, to related-key attacks: we are able to derive simple yet interesting AES-like security proofs for LED regarding related- or single-key attacks. And third, while we provide a block cipher that is very compact in hardware, we aim to maintain a reasonable performance profile for software implementation.

Analysis And Design Of Stream Ciphers

Abstract: 1. Introduction.- 2. Stream Ciphers.- 2.1. Theoretical versus Practical Security.- 2.2. The Key Stream Generator.- 2.3. The Synchronization (Problem) of Stream Ciphers.- 3. Algebraic Tools.- 3.1. Finite Fields and Polynomials.- 3.2. Linear Feedback Shift Registers (LFSRs) and Sequences.- 3.3. Minimal Polynomial and Traces.- 4. Random Sequences and Linear Complexity.- 5. Nonlinear Theory of Periodic Sequences.- 5.1. Nonlinear Operations on Phases of a Sequence with Irreducible Minimal Polynomial.- 5.2. Nonlinear Operations on Sequences with Distinct Minimal Polynomials.- 5.3. Correlation-Immunity of Memoryless Combining Functions.- 5.4. Summary and Conclusions.- 6. Multiple Speed: An Additional Parameter in Secure Sequence Generation.- 6.1. The Simulated Linear Feedback Shift Register.- 6.2. A Random Number Generator Suggested by a Linear Cipher Problem.- 6.2.1. The Random Sequence Generator.- 6.2.2. Analysis of the Random Sequence Generator.- 6.2.3. Extensions and Comments.- 7. The Knapsack as a Nonlinear Function.- 7.1. The Significance of the Knapsack for Secrecy Systems.- 7.2. Addition is a Cryptographically Useful Function.- 7.3. The Knapsack in GF(2)-Arithmetic.- 8. The Hard Knapsack Stream Cipher.- 8.1. System Description.- 8.2. Analysis of the Knapsack Stream Cipher.- 8.3. Conclusions and Design Considerations.- 8.4. Simulation Results of Small Scale Knapsack Stream Ciphers.- 9. Nonlinear Combining Functions with Memory.- 9.1. Correlation Immunity.- 9.2. The Summation Principle.- 9.3. Summary and Conclusions.- Literature References.

The Block Cipher Square

Abstract: In this paper we present a new 128-bit block cipher called Square. The original design of Square concentrates on the resistance against differential and linear cryptanalysis. However, after the initial design a dedicated attack was mounted that forced us to augment the number of rounds. The goal of this paper is the publication of the resulting cipher for public scrutiny. A C implementation of Square is available that runs at 2.63 MByte/s on a 100 MHz Pentium. Our M68HC05 Smart Card implementation fits in 547 bytes and takes less than 2 msec. (4 MHz Clock). The high degree of parallellism allows hardware implementations in the Gbit/s range today.

KATAN and KTANTAN -- A Family of Small and Efficient Hardware-Oriented Block Ciphers

Abstract: In this paper we propose a new family of very efficient hardware oriented block ciphers. The family contains six block ciphers divided into two flavors. All block ciphers share the 80-bit key size and security level. The first flavor, KATAN, is composed of three block ciphers, with 32, 48, or 64-bit block size. The second flavor, KTANTAN, contains the other three ciphers with the same block sizes, and is more compact in hardware, as the key is burnt into the device (and cannot be changed). The smallest cipher of the entire family, KTANTAN32, can be implemented in 462 GE while achieving encryption speed of 12.5 KBit/sec (at 100 KHz). KTANTAN48, which is the version we recommend for RFID tags uses 588 GE, whereas KATAN64, the largest and most flexible candidate of the family, uses 1054 GE and has a throughput of 25.1 Kbit/sec (at 100 KHz).