Showing papers on "CLEFIA published in 2015"

Implementation of a New Lightweight Encryption Design for Embedded Security

Abstract: Lightweight cryptography is an interesting field that strikes the perfect balance in providing security, higher throughput, low-power consumption, and compactness. In recent years, many compact algorithms like PRESENT, CLEFIA, SEA, TEA, LED, ZORRO, Hummingbird, and KANTAN have made the mark to be used as lightweight crypto engines. In this paper, we present the design of a new lightweight compact encryption system based on bit permutation instruction group operation (GRP), which is widely studied and extensively researched. Using the S-box of PRESENT, we have added the confusion property for GRP, because all the existing algorithms using bit permutation instructions do not have this confusion property. By comparing the existing S-boxes of compact algorithms and its cryptanalysis, a new hybrid system is proposed in this paper that provides more compact results in terms of both memory space and gate equivalents. A hybrid cryptosystem, which consists of GRP and S-box of PRESENT, is designed and implemented on a 32-bit processor. This fusion has resulted in a lightweight cipher that is the most compact implementation, till now, in terms of memory requirement. We have tested and verified this on an LPC2129 processor. Various S-boxes of recently used lightweight algorithms, such as PRESENT and CLEFIA, are designed and analyzed to create a perfect fusion that should be resistant to attacks. Using the S-box of PRESENT, it helps in further reducing the gate complexity. This hybrid model results in 2125 gate equivalents, which is better than other light variant models like DESXL, CLEFIA, and AES. Moreover, GRP properties are very helpful not only to attain the desired avalanche effect, but also as it results in a compact implementation in hardware. This paper proposes a novel approach that will have a positive impact in the field of lightweight encryption protocols.

Meet-in-the-Middle Technique for Truncated Differential and Its Applications to CLEFIA and Camellia

Abstract: As one of the generalizations of differential cryptanalysis, the truncated differential cryptanalysis has become a powerful toolkit to evaluate the security of block ciphers. In this article, taking advantage of the meet-in-the-middle like technique, we introduce a new method to construct truncated differential characteristics of block ciphers. Based on the method, we propose 10-round and 8-round truncated differential characteristics for CLEFIA and Camellia, respectively, which are ISO standard block ciphers. Applying the 10-round truncated differential characteristic for CLEFIA, we launch attacks on 14/14/15-round CLEFIA-128/192/256 with \(2^{108}\), \(2^{135}\) and \(2^{203}\) encryptions, respectively. For Camellia, we utilize the 8-round truncated differential to attack 11/12-round Camellia-128/192 including the \(FL/FL^{-1}\) and whiten layers with \(2^{121.3}\) and \(2^{185.3}\) encryptions. As far as we know, most of the cases are the best results of these attacks on both ciphers.

Improved Meet-in-the-Middle Distinguisher on Feistel Schemes

Abstract: Improved meet-in-the-middle cryptanalysis with efficient tabulation technique has been shown to be a very powerful form of cryptanalysis against SPN block ciphers, especially AES. However, few results have been proposed on Balanced-Feistel-Networks BFN and Generalized-Feistel-Networks GFN. This is due to the stagger of affected trail and special truncated differential trail in the precomputation phase, i.e. these two trails differ a lot from each other for BFN and GFN ciphers. In this paper, we describe an efficient and generic algorithm to search for an optimal improved meet-in-the-middle distinguisher with efficient tabulation technique on word-oriented BFN and GFN block ciphers. It is based on recursive algorithm and greedy algorithm. To demonstrate the usefulness of our approach, we show key recovery attacks on 14/16-round CLEFIA-192/256 which are the best attacks. We also give key recovery attacks on 13/15-round Camellia-192/256 without $$FL/FL^{-1}$$FL/FL-1.

On the Optimality of Differential Fault Analyses on CLEFIA

Abstract: In 2012, several Differential Fault Analyses on the AES cipher were analyzed from an information-theoretic perspective. This analysis exposed whether or not the leaked information was fully exploited. We apply the same approach to all existing Differential Fault Analyses on the CLEFIA cipher. We show that only some of these attacks are already optimal. We improve those analyses which did not exploit all information. With one exception, all attacks against CLEFIA-128 reach the theoretical limit after our improvement. Our improvement of an attack against CLEFIA-192 and CLEFIA-256 reduces the number of fault injections to the lowest possible number reached so far.

Dual CLEFIA/AES Cipher Core on FPGA

Abstract: In this paper a compact high throughput dual-cipher hardware structure is proposed, supporting the novel CLEFIA algorithm and the encryption standard AES. Currently, the more efficient and dedicated structures only allow to process the CLEFIA or the AES encryption algorithms. On the other hand, the existing multi-algorithm processors impose significantly higher area costs and are not able to achieve the throughputs of dedicated solutions. The presented work shows that by adequately scheduling and merging the processing structures, and with the proper use of the existing components in current FPGA technologies, it is possible to achieve a compact and efficient structure capable of computing the novel CLEFIA cipher while also supporting the well implanted AES cipher. Overall, the proposed structure allows for a throughput up to 1Gbps in feedback modes with low area cost, achieving identical efficiency metrics as the existing single cipher state of the art.

VH: A Lightweight Block Cipher Based on Dual Pseudo-random Transformation

Abstract: In this paper, we propose a new lightweight block cipher based on dual pseudo-random transformation called VH. Similar to many other lightweight block ciphers, the block size of VH is 64-bit and the key size is 80-bit. Our security evaluation shows that VH can achieve enough security margin against known attacks, such as differential cryptanalysis, linear cryptanalysis, and impossible differential cryptanalysis etc. Furthermore, VH can be implemented efficiently not only in hardware environments but also in software platforms such as 8-bit microcontroller. Our hardware implementation of VH requires about 3182 GE on 0.18 μm technology with a throughput of 200 Kbps at 100 kHz. The software implementation of VH on 8-bit microcontroller requires about 44.47 Mb/s to encrypt a plaintext block. The implementation efficiency of both software and hardware based on VH algorithm is higher than CLEFIA algorithm, which is the international standard also oriented to 8-bit platform.

A Practical Chosen Message Power Analysis Method on the Feistel-SP ciphers with Applications to CLEFIA and Camellia.

Abstract: The Feistel-SP structure is a commonly adopted structure in symmetric cryptography with many practical instances. Differential power analysis (DPA) has proven to be effective against these ciphers with compact implementations within these years. However, the applications of DPA on Feistel-SP ciphers with loop hardware implementations are more complicated and less evaluated in literature, mainly due to the relatively large size (32-bit or more) of the whole round key which often results in complex relations with the targeted intermediate variable. In this paper, we propose a practical chosen message power analysis method on Feistel-SP ciphers with loop hardware implementations. The essence of the new method lies in the delicate selection of the plaintext set in a chosen message manner. Thus, the input space of the plaintext in our method is decreased from 2 or more to 2 or less, which is suitable for practical power analysis. Moreover, we show that the whitening key at the first or last round can be easily revealed with our method, thus leading to the full exposure of the master key thanks to the relations between whitening keys and the master key in many practical ciphers. In order to further manifest the validity of the new method, we carry extensive experiments on two ISO standardized and widely deployed ciphers CLEFIA and Camellia with loop implementations on FPGA, and the master keys are recovered as expected.

Automatic Application of Power Analysis Countermeasures AliGalipBayrak,FrancescoRegazzoni,DavidNovo,PhilipBrisk,François-XavierStandaert,andPaoloIenne

Abstract: software protection incurs significant overhead in terms of cryptosystem runtime and memory usage, the compiler protects the minimum number of instruction instances to achieve a desired level of security. The compiler is evaluated on two block ciphers, AES and Clefia; our experiments demonstrate that the compiler can automatically identify and protect the most important instruction instances. To date, these software countermeasures have been inserted manually by security experts, who are not necessarily the main cryptosystem developers. Our compiler offers significant productivity gains for cryptosystem developers who wish to protect their implementations from side-channel attacks. Index Terms—Side-channel attacks, power analysis attacks, software countermeasures, compiler

CLEFIA Implementation with Full Key Expansion

Abstract: In this paper a compact and high throughput hardware structure is proposed allowing for the computation of the novel 128-bit CLEFIA encryption algorithm and its associated full key expansion. In the existing state of the art only the 128-bit key schedule is supported, given the needed modification to the CLEFIA Feistel network. This work shows that with a small area cost and with no performance impact, full key expansion can be supported. This is achieved by using addressable shift registers, available in modern FPGAs, and adaptable scheduling, allowing to compute the 4 and 8 branch CLEFIA Feistel network within the same structure. The obtained experimental results suggest that throughputs above 1 Gbps can be achieved with a low area cost, while achieving efficiency metrics above those of the restricted state of the art.