scispace - formally typeset
Search or ask a question

Showing papers on "CLEFIA published in 2011"


01 Jan 2011
TL;DR: A new 128-bit blockcipher CLEFIA supporting key lengths of 128, 192 and 256 bits, which is compatible with AES is proposed, which achieves enough immunity against known attacks and flexibility for efficient implementation in both hardware and software.

167 citations


Book ChapterDOI
11 Aug 2011
TL;DR: Very compact hardware implementations of CLEFIA-128, based on novel serialized architectures in the data processing block, are proposed using a 0.13 $#956;m standard cell library.
Abstract: The 128-bit blockcipher CLEFIA is known to be highly efficient in hardware implementations. This paper proposes very compact hardware implementations of CLEFIA-128. Our implementations are based on novel serialized architectures in the data processing block. Three types of hardware architectures are implemented and synthesized using a 0.13 $#956;m standard cell library. In the smallest implementation, the area requirements are only 2,488 GE, which are about half of the previous smallest implementation as far as we know. Furthermore, only additional 116 GE enable to support decryption.

51 citations


Posted Content
TL;DR: Zero-correlation linear cryptanalysis (ZCL) as mentioned in this paper is a technique applicable to many block cipher constructions, including AES, balanced Feistel networks, Skipjack, CLEFIA and CAST256.
Abstract: Linear cryptanalysis, along with differential cryptanalysis, is an important tool to evaluate the security of block ciphers. This work introduces a novel extension of linear cryptanalysis – zero-correlation linear cryptanalysis – a technique applicable to many block cipher constructions. It is based on linear approximations with a correlation value of exactly zero. For a permutation on n bits, an algorithm of complexity 2 is proposed for the exact evaluation of correlation. Non-trivial zero-correlation linear approximations are demonstrated for various block cipher structures including AES, balanced Feistel networks, Skipjack, CLEFIA, and CAST256. Using the zero-correlation linear cryptanalysis, a key-recovery attack is shown on 6 rounds of AES-192 and AES-256 as well as 13 rounds of CLEFIA-256.

38 citations


Book ChapterDOI
22 Aug 2011
TL;DR: The results demonstrate that based on the byte-pattern the authors can improve the integral attacks on CLEFIA two more rounds than those given by the designers.
Abstract: In this paper a new 9-round integral distinguisher of CLEFIA is proposed based on byte-pattern, which is proved in detail. Then by using the partial sum technique we improve the previous result on 11-round CLEFIA and proposed integral attack on 12-, 13- and 14- round CLEFIA with the whitening keys. The 12-round CLEFIA-128/192/256 is attacked with data complexity 2113 and time complexity 2116.7, 13-round CLEFIA-192/256 is attacked with data complexity 2113 and time complexity 2180.5, and 14-round CLEFIA-256 is breakable with data complexity 2113 and time complexity 2244.5. These results demonstrate that based on the byte-pattern we can improve the integral attacks on CLEFIA two more rounds than those given by the designers.

36 citations


Book ChapterDOI
14 Feb 2011
TL;DR: The paper shows that although obtaining cache access patterns from the power consumption of the device may be difficult due to the non-blocking cache architectures of modern processors, still the cache trace has a distinct signature on the power profiles.
Abstract: In this paper we use a combination of differential techniques and cache traces to attack the block cipher CLEFIA in less than 214 encryptions on an embedded processor with a cache line size of 32 bytes. The attack is evaluated on an implementation of CLEFIA on the PowerPC processor present in the SASEBO side channel attack evaluation board. The paper shows that although obtaining cache access patterns from the power consumption of the device may be difficult due to the non-blocking cache architectures of modern processors, still the cache trace has a distinct signature on the power profiles. Experimental results have been presented to show that the power consumption of the device reveal the cache access patterns, which are then used to obtain the CLEFIA key. Further, a simple low overhead countermeasure is implemented that is guaranteed to prevent cache attacks.

29 citations


Proceedings ArticleDOI
Paulo Proenca1, Ricardo Chaves1
05 Sep 2011
TL;DR: Implementation results suggest that a LUT reduction up to 67% can be achieved at a performance cost of 17% on a VIRTEX 4 FPGA, resulting in Throughput/Slice efficiency gains up to 2.5 times, when compared with the related state of the art.
Abstract: In this paper two compact hardware structures for the computation of the CLEFIA encryption algorithm are presented. One structure based on the existing state of the art and a novel structure with a more compact organization. This paper shows that, with the use of the existing embedded FPGA components and a careful scheduling, throughputs above 1Gbit/s can be achieved with a resource usage as low as 86 LUTs and 3 BRAMs on a VIRTEX 5 FPGA. Implementation results suggest that a LUT reduction up to 67% can be achieved at a performance cost of 17% on a VIRTEX 4 FPGA, resulting in Throughput/Slice efficiency gains up to 2.5 times, when compared with the related state of the art.

21 citations


Journal ArticleDOI
TL;DR: Two new impossible differential attacks on 13 rounds of CLEFIA-128 are presented, utilizing a variety of previously known techniques, in particular the hash table technique and redundancy in the key schedule of this block cipher.
Abstract: CLEFIA, a new 128-bit block cipher proposed by Sony Corporation, is increasingly attracting cryptanalysts’ attention. In this paper, we present two new impossible differential attacks on 13 rounds of CLEFIA-128. The proposed attacks utilize a variety of previously known techniques, in particular the hash table technique and redundancy in the key schedule of this block cipher. The first attack does not consider the whitening layers of CLEFIA, requires 2109.5 chosen plaintexts, and has a running time equivalent to about 2112.9 encryptions. The second attack preserves the whitening layers, requires 2117.8 chosen plaintexts, and has a total time complexity equivalent to about 2121.2 encryptions.

21 citations


Book ChapterDOI
11 Dec 2011
TL;DR: An enhanced cache trace attack on CLEFIA is presented using the differential property of the s-boxes of the cipher and the diffusion properties of the linear transformations of the underlying Feistel structures to show the effectiveness of power and timing side-channels in deducing cache access patterns.
Abstract: Reported results on cache trace attacks on CLEFIA do not work with increased cache line size. In this paper we present an enhanced cache trace attack on CLEFIA using the differential property of the s-boxes of the cipher and the diffusion properties of the linear transformations of the underlying Feistel structures. The attack requires 3 round keys, which are obtained by monitoring cache access patterns of 4 rounds of the cipher. A theoretical analysis is made on the complexity of the attack, while experimental results are presented to show the effectiveness of power and timing side-channels in deducing cache access patterns. The efficacy of the attack is theoretically justified by showing the effect of cache line size on the time and space complexity of the attack. Finally countermeasures that guarantee security against cache-attacks are compared for their efficiency on large cache lines.

17 citations


Journal ArticleDOI
TL;DR: This paper presents the first successful impossible differential cryptanalysis of 13-round CLEFIA-128, a 128-bit block cipher proposed by SONY Corporation in FSE 2007, using the previous 9-round impossible differentials, the redundancy in the key schedule and the early-abort technique.

11 citations


Posted Content
TL;DR: Zero-correlation linear cryptanalysis (ZCLC) as discussed by the authors is a technique applicable to many block cipher constructions and is based on linear approximations with a correlation value of exactly zero.
Abstract: Linear cryptanalysis, along with differential cryptanalysis, is an important tool to evaluate the security of block ciphers. This work introduces a novel extension of linear cryptanalysis: zero-correlation linear cryptanalysis, a technique applicable to many block cipher constructions. It is based on linear approximations with a correlation value of exactly zero. For a permutation on n bits, an algorithm of complexity 2 n-1 is proposed for the exact evaluation of correlation. Non-trivial zero-correlation linear approximations are demonstrated for various block cipher structures including AES, balanced Feistel networks, Skipjack, CLEFIA, and CAST256. As an example, using the zero-correlation linear cryptanalysis, a key-recovery attack is shown on 6 rounds of AES-192 and AES-256 as well as 13 rounds of CLEFIA-256.

3 citations


Journal Article
TL;DR: An improved Cache trace attack on AES and CLEFIA was proposed by considering Cache miss trace informa-tion and S-box misalignment and demonstrates that the S- box is misaligned in Cache at most cases.
Abstract: An improved Cache trace attack on AES and CLEFIA was proposed by considering Cache miss trace informa-tion and S-box misalignment.Current trace driven attacks all assume that the S-box is perfectly aligned in Cache,and it's impossible to recover the whole first round key of AES and CLEFIA under limited key searching space.However,the re-search demonstrates that the S-box is misaligned in Cache at most cases,by utilizing the Cache miss trace information of the cipher encryption,200 samples first round analysis and 50 samples last round analysis can reduce 128bit AES master key searching space to 216 and 1 respectively,80 samples first round analysis can reduce 128bit CLEFIA first round key searching space to 216,220 samples first three rounds analysis can reduce 128bit CLEFIA master key searching space to 216,all of the attacks above can be finished within 1 second.

01 Jan 2011
TL;DR: The performance of the 128-bit version of the block cipher CLEFIA is evaluated on an ATMega type 8-bit processor and is compared to the performance of another block cipher: IDEA and it is concluded that 128- bit CLEFia is very slow in comparison to the alternatives.
Abstract: In this document, the performance of the 128-bit version of the block cipher CLEFIA is evaluated on an ATMega type 8-bit processor. It is compared to the performance of another block cipher: IDEA. Optimisations for these algorithms are analyzed and the results are compared to previous performance analyses of the block ciphers TEA and AES on an ATMega type processor. By doing this we decide whether, when looking at performance only, CLEFIA is an interesting candidate for low-power, low-cost encryption and decryption on 8-bit platforms. We conclude that 128-bit CLEFIA is very slow in comparison to the alternatives. We recommend choosing IDEA when an 128-bit block cipher is needed on an 8-bit system.