Showing papers on "Differential cryptanalysis published in 2021"

A Deeper Look at Machine Learning-Based Cryptanalysis.

Abstract: At CRYPTO’19, Gohr proposed a new cryptanalysis strategy based on the utilisation of machine learning algorithms. Using deep neural networks, he managed to build a neural based distinguisher that surprisingly surpassed state-of-the-art cryptanalysis efforts on one of the versions of the well studied NSA block cipher SPECK (this distinguisher could in turn be placed in a larger key recovery attack). While this work opens new possibilities for machine learning-aided cryptanalysis, it remains unclear how this distinguisher actually works and what information is the machine learning algorithm deducing. The attacker is left with a black-box that does not tell much about the nature of the possible weaknesses of the algorithm tested, while hope is thin as interpretability of deep neural networks is a well-known difficult task.

Investigations on c -(Almost) Perfect Nonlinear Functions

Abstract: In a prior paper (Ellingsen et al. , 2020), two of us, along with P. Ellingsen, P. Felke, and A. Tkachenko, defined a new (output) multiplicative differential and the corresponding $c$ -differential uniformity, which has the potential of extending differential cryptanalysis. Here, we continue the work by looking at some APN functions through the mentioned concept and showing that their $c$ -differential uniformity increases significantly in some cases.

Improved Rectangle Attacks on SKINNY and CRAFT

Abstract: The boomerang and rectangle attacks are adaptions of differential cryptanalysis that regard the target cipher E as a composition of two sub-ciphers, i.e., E = E1 ∘ E0, to construct a distinguisher for E with probability p2q2 by concatenating two short differential trails for E0 and E1 with probability p and q respectively. According to the previous research, the dependency between these two differential characteristics has a great impact on the probability of boomerang and rectangle distinguishers. Dunkelman et al. proposed the sandwich attack to formalise such dependency that regards E as three parts, i.e., E = E1 ∘ Em ∘ E0, where Em contains the dependency between two differential trails, satisfying some differential propagation with probability r. Accordingly, the entire probability is p2q2r. Recently, Song et al. have proposed a general framework to identify the actual boundaries of Em and systematically evaluate the probability of Em with any number of rounds, and applied their method to accurately evaluate the probabilities of the best SKINNY’s boomerang distinguishers. In this paper, using a more advanced method to search for boomerang distinguishers, we show that the best previous boomerang distinguishers for SKINNY can be significantly improved in terms of probability and number of rounds. More precisely, we propose related-tweakey boomerang distinguishers for up to 19, 21, 23, and 25 rounds of SKINNY-64-128, SKINNY-128-256, SKINNY-64-192 and SKINNY-128-384 respectively, which improve the previous boomerang distinguishers of these variants of SKINNY by 1, 2, 1, and 1 round respectively. Based on the improved boomerang distinguishers for SKINNY, we provide related-tweakey rectangle attacks on 23 rounds of SKINNY-64-128, 24 rounds of SKINNY-128-256, 29 rounds of SKINNY-64-192, and 30 rounds of SKINNY-128-384. It is worth noting that our improved related-tweakey rectangle attacks on SKINNY-64-192, SKINNY-128-256 and SKINNY-128-384 can be directly applied for the same number of rounds of ForkSkinny-64-192, ForkSkinny-128-256 and ForkSkinny-128-384 respectively. CRAFT is another SKINNY-like tweakable block cipher for which we provide the security analysis against rectangle attack for the first time. As a result, we provide a 14-round boomerang distinguisher for CRAFT in the single-tweak model based on which we propose a single-tweak rectangle attack on 18 rounds of this cipher. Moreover, following the previous research regarding the evaluation of switching in multiple rounds of boomerang distinguishers, we also introduce new tools called Double Boomerang Connectivity Table (DBCT), LBCT⫤, and UBCT⊨ to evaluate the boomerang switch through the multiple rounds more accurately.

Human Behaviour Based Optimization Supported With Self-Organizing Maps for Solving the S-Box Design Problem

Abstract: The cryptanalytic resistance of modern block and stream encryption systems mainly depends on the substitution box (S-box). In this context, the problem is thus to create an S-box with higher value of nonlinearity because this property can provide some degree of protection against linear and differential cryptanalysis attacks. In this paper, we design a scheme built on a human behavior-based optimization algorithm, supported with Self-Organizing Maps to prevent premature convergence and improve the nonlinearity property in order to obtain strong $8 \times 8$ substitution boxes. The experiments are compared with S-boxes obtained using other metaheuristic algorithms such as Ant Colony Optimization, Genetic Algorithm and an approach based on chaotic functions and show that the obtained S-boxes have good cryptographic properties. The obtained S-box is investigated against standard tests such as bijectivity, nonlinearity, strict avalanche criterion, bit independence criterion, linear probability and differential probability, proving that the proposed scheme is proficient to discover a strong nonlinear component of encryption systems.

Some classes of power functions with low c-differential uniformity over finite fields

Abstract: Functions with low c-differential uniformity have optimal resistance to some types of differential cryptanalysis. In this paper, we investigate the c-differential uniformity of power functions over finite fields of odd characteristic. Based on some known almost perfect nonlinear functions, we present several classes of power functions $$f(x)=x^d$$ with $$_{c}\varDelta _f\le 3$$ . Especially, two new classes of perfect c-nonlinear power functions are proposed.

Machine Learning Assisted Differential Distinguishers For Lightweight Ciphers

Abstract: At CRYPTO 2019, Gohr first introduces the deep learning based cryptanalysis on round-reduced SPECK. Using a deep residual network, Gohr trains several neural network based distinguishers on 8-round SPECK-32/64. The analysis follows an ‘all-in-one’ differential cryptanalysis approach, which considers all the output differences effect under the same input difference. Usually, the all-in-one differential cryptanalysis is more effective compared to the one using only one single differential trail. However, when the cipher is non-Markov or its block size is large, it is usually very hard to fully compute. Inspired by Gohr's work, we try to simulate the all-in-one differentials for non-Markov ciphers through machine learning. Our idea here is to reduce a distinguishing problem to a classification problem, so that it can be efficiently managed by machine learning. As a proof of concept, we show several distinguishers for four high profile ciphers, each of which works with trivial complexity. In particular, we show differential distinguishers for 8-round Gimli-Hash, Gimli-Cipher and Gimli-Permutation; 3-round Ascon-Permutation; 10-round Knot-256 permutation and 12-round Knot-512 permutation; and 4-round Chaskey-Permutation. Finally, we explore more on choosing an efficient machine learning model and observe that only a three layer neural network can be used. Our analysis shows the attacker is able to reduce the complexity of finding distinguishers by using machine learning techniques.

Differential-ML Distinguisher: Machine Learning Based Generic Extension for Differential Cryptanalysis

Abstract: The differential attack is a basic cryptanalytic technique for block ciphers. Application of machine learning shows promising results for the differential cryptanalysis. In this paper, we present a new technique to extend the classical differential distinguisher using machine learning (ML). We use r-round classical differential distinguisher to build an s-round ML based differential distinguisher. This s-round ML distinguisher is used to construct an \((r+s)\)-round differential-ML distinguisher with the reduced data complexity. We demonstrate this technique on the lightweight block ciphers SPECK32, SIMON32, and GIFT64 by constructing the differential-ML distinguishers. The data complexities of distinguishers for 9-round SPECK32, 12-round SIMON32, and 8-round GIFT64 are reduced from \(2^{30}\) to \(2^{20}\), \(2^{34}\) to \(2^{22}\), and \(2^{38}\) to \(2^{20}\) respectively. Moreover, the differential-ML distinguisher for SIMON32 is the first 12-round distinguisher with the data complexity less than \(2^{32}\).

A smart review and two new techniques using 4-bit Boolean functions for cryptanalysis of 4-bit crypto S-boxes

Abstract: 4-bit linear relations play an important role in cryptanalysis of 4-bit crypto S-boxes. 4-bit finite differences have also been a major concern in cryptanalysis of 4-bit S-boxes. In linear cryptana...

New extension of data encryption standard over 128-bit key for digital images

Abstract: The strength of any block cipher depends on the key size, total number of rounds and the strength of confusion component against differential cryptanalysis. Data encryption standard (DES) as a block cipher has enjoyed a worldwide acceptance for more than three decades. It is a symmetric block cipher and considered to be very strong against all known attacks at that time. It uses 64-bit key size and block size, but the advancement in technology results in increasing the speed of the computers and thus makes DES not secure any more. The shorter key size is the weak area of DES. In this article, we have increased the block size as well as the key size from 64 to 128 bits. The internal structure of our proposed mechanism ultimately changed all other components of DES accordingly. By this improvement, our anticipated scheme is more secure due to its robust due to its confusion and diffusion components. The algorithm is applied on the plain text and on images. We have performed the standard benchmarks statistical analyses on our suggested encryption scheme in order to authenticate the anticipated mechanism.

A Deep Learning Approach for Active S-Box Prediction of Lightweight Generalized Feistel Block Ciphers

Abstract: One of the main security requirements for symmetric-key block ciphers is resistance against differential cryptanalysis. This is commonly assessed by counting the number of active substitution boxes (S-boxes) using search algorithms or mathematical solvers that incur high computational costs. These costs increase exponentially with respect to block cipher size and rounds, quickly becoming inhibitive. Conventional S-box enumeration methods also require niche cryptographic knowledge to perform. In this paper, we overcome these problems by proposing a data-driven approach using deep neural networks to predict the number of active S-boxes. Our approach trades off exactness for real-time efficiency as the bulk of computational work is brought over to pre-processing (training). Active S-box prediction is framed as a regression task whereby neural networks are trained using features such as input and output differences, number of rounds, and permutation pattern. We first investigate the feasibility of the proposed approach by applying it on a reduced (4-branch) generalized Feistel structure (GFS) cipher. Apart from optimizing a neural network architecture for the task, we also explore the impact of each feature and its representation on prediction error. We then extend the idea to 64-bit GFS ciphers by first training neural networks using data from five different ciphers before using them to predict the number of active S-boxes for TWINE, a lightweight block cipher. The best performing model achieved the lowest root mean square error of 1.62 and R2 of 0.87, depicting the feasibility of the proposed approach.

A new hybrid image encryption algorithm based on Gray code transformation and snake-like diffusion

Abstract: Because Gray code has good spatial traversal and easy to generate binary conversion, this paper proposes an image encryption algorithm based on Gray code scrambling. Firstly, the Lorenz system is used to generate chaotic sequences for binary and Gray code transformation to achieve global scrambling. Different from the traditional row (column) XOR method, this paper uses the snake shape to diffuse the row (column) XOR. The lines of the scrambled image are first XORed from left to right in a serpentine order, and the row elements are cyclically shifted. Then, the columns of the image are XORed from right to left in a serpentine order, and the column elements are cyclically shifted. Finally, the scrambled image is further diffused. The comparative experiment shows that the algorithm has good encryption effect. Not only is it well resistant to differential cryptanalysis and exhaustive attack, but it also improves key sensitivity.

Provable Security Evaluation of Block Ciphers Against Demirci-Selçuk’s Meet-in-the-Middle Attack

Abstract: The Demirci-Selcuk’s meet-in-the-middle attack is one of the most important methods among all the cryptanalytic vectors, which gives the best result against the round-reduced AES with respect to the rounds, and tradeoffs between data, time and memory. While we have already built provable security models against the differential cryptanalysis, linear cryptanalysis cryptanalysis, impossible differential and zero-correlation linear cryptanalysis, the provable security against the meet-in-the-middle attack is missing. In this paper, we propose the subset representation of function based on which we could give an algorithm to compute the exact number of parameters of the Demirci-Selcuk’s distinguisher given the input and output, respectively. Experiments show that this algorithm can be more efficient than the automatical tool presented by Shi et al. at Asiacrypt 2018. We further extract a formula based on this algorithm and show an upper bound for the length of the Demirci-Selcuk’s distinguisher of an iterative SPN cipher. We prove that for an SPN block cipher whose block size equals the key size, an effective Demirci-Selcuk-type meet-in-the-middle distinguisher covers at most twice the maximum of the primitive indexes of the linear layer and its inverse. As a result, we show that the known length of the Demirci-Selcuk’s distinguisher of the AES-128 cannot be improved unless the details of the S-boxes are exploited, which demonstrates that the AES has a provable security against the Demirci-Selcuk’s meet-in-the-middle attack.

Security Enhancement Using Modified AES and Diffie–Hellman Key Exchange

Abstract: In today’s world, providing data security is a primary concern. For this purpose, many researchers have introduced asymmetric and symmetric algorithms to ensure security. But they are not resistant to many attacks. In this paper, we combine symmetric and asymmetric techniques to provide more security. Advanced Encryption Standard algorithm is modified by generating Dynamic S-Boxes (DS-Boxes) to provide a better attack-resistant algorithm. In our approach, Diffie–Hellman is used to generate and exchange both keys and random numbers. These random numbers create DS-Boxes used in Modified AES. The proposed algorithm is resistant to timing attacks, linear, and differential cryptanalysis attacks due to the usage of DS-Boxes.

Efficient Methods to Search for Best Differential Characteristics on SKINNY

Abstract: Evaluating resistance of ciphers against differential cryptanalysis is essential to define the number of rounds of new designs and to mount attacks derived from differential cryptanalysis.

A CPU-GPU-based parallel search algorithm for the best differential characteristics of block ciphers

Abstract: The differential characteristics with high probability are critical for differential cryptanalysis. The process of searching such differential characteristics, especially the best one, is time-consuming. We believe that the modern hybrid computing systems can be used to accelerate the search process. However, to the best of our knowledge, the existing solutions are not designed for heterogeneous architectures. In this paper, we propose a parallel search algorithm for the best differential characteristic. Our method can be applied to any substitution–permutation network (SPN) block ciphers after making minor modifications. We implemented the proposed parallel search algorithm for PRESENT block cipher and also a sequential version, which based on the classic Matsui’s method, for comparison. The experimental result shows that the parallel algorithm using both CPU and GPU can achieve at least 4.4x and up to 18x speed-up compared to the sequential version.

Quantum differential cryptanalysis

Abstract: The work is devoted to the study quantum versions of the differential cryptanalysis based on using a combination of the quantum minimum/maximum search algorithm and the quantum counting algorithm. We have estimated the complexity and the required resources for applying the quantum differential and quantum linear cryptanalysis to searching round keys of block ciphers. It is shown that the implementation of the quantum linear method requires less logical qubits than for the implementation of the quantum differential method. The acceleration of calculations due to “quantum parallelism” in the quantum differential cryptanalysis, based on a combination of Grover’s quantum algorithms and quantum counting algorithm, is apparently absent, because the using of quantum counting as “subprogram” in the Grover algorithm eliminates quantum acceleration, as far as $$ O (\sqrt{K}) \cdot O (\sqrt{K}) \approx O (K) $$ .

Enhancing the Anti-Cryptanalysis Ability and Avalanche Effect with Zeckendorf Representation via FPGA Implementation

Abstract: Recently, many investigations have been conducted on the security of well-established protocols and standards, and it turns out that classical cryptography has seen some plight stemming from statistical cryptanalysis, inadequate avalanche effect, and so forth. To address the aforementioned problems, we resort to Zeckendorf representation whose non-uniqueness feature suggests a novel paradigm for anti-cryptanalysis and avalanche effect enhancement. Specifically, it renders the ciphertext exlusive if we write the plaintext as Zeckendorf representation before encrypting (we call this an "obfuscation" operation). "Obfuscation" squeezes the chance of statistical cryptanalysts: it destroys the basis of frequency analysis by removing repeated segments in substitution ciphers, and disables differential cryptanalysis by running the attackers into difficulties finding the initial plaintext pairs of block ciphers. "Obfuscation" also slightly enhances the avalanche effect by magnifying the change in plaintext. Simulation results on FPGA platform had confirmed our analysis. This paper strives to add a small stone to the wall of security of existing ciphers.

Linear and Differential Cryptanalysis

Abstract: In this chapter, we will discuss two important types of cryptanalysis: linear and differential cryptanalysis. To explain how to merge theoretical concepts with the practical, in the beginning we will go through a set of basic concepts and advanced techniques on how these two types of cryptanalysis can be implemented by professionals.

Secure one-way relaying scheme based on random difference family (RDF) lattice codes

Abstract: In this paper, we present a one-way relaying scheme in which two wireless nodes create an information flow to each other via a single decode-and-forward (DF) relay. We consider an additional secrecy constraint for protection against an honest-but-curious relay. Indeed, while the relay should decode the source message, it should be fully ignorant about the message content. We provide a secure lattice coding strategy based on random difference families (RDF) lattice codes for unidirectional Gaussian relay channels. RDF lattice codes are carved from infinite RDF lattices using a shaping algorithm. By RDF lattice we mean a Construction A lattice with a QC-LDPC code, which is obtained from random difference families, as underlying code. Due to the existence of low-overhead encoding and decoding algorithms, these lattice codes can be implemented practically in high dimensions. Our proposed scheme combines a new Rao–Nam-like encryption with a new DF relaying scheme for RDF lattice codes. Security analysis of the scheme against chosen-plaintext attacks like differential attack and other recent attacks on the Rao–Nam-like schemes are provided. We show that the proposed scheme resists against all variants of differential cryptanalysis. To the best of our knowledge, the proposed scheme is the first in its type and according to our simulation results, it improves the error performance, efficiency and security at the same time, compared to its counterparts.

Higher Order c-Differentials

Abstract: In [9], the notion of c-differentials was introduced as a potential expansion of differential cryptanalysis against block ciphers utilizing substitution boxes. Drawing inspiration from the technique of higher order differential cryptanalysis, in this paper we propose the notion of higher order c-derivatives and differentials and investigate their properties. Additionally, we consider how several classes of functions, namely the multiplicative inverse function and the Gold function, perform under higher order c-differential uniformity.

A novel approach for Chaotic image Encryption based on block level permutation and bit-wise substitution

Abstract: Digital multimedia information is frequently transferred over the Internet due to its widespread usage. A novel Butterfly Network Topology (BNT) based block-level permutation ( $$\mathrm{B}^{2}$$ LP) and Crown Graph-based Bit-wise Substitution (CGBS) is proposed in this work to securely transfer images over untrusted networks, such as social networks. First, a plain image related initial vector generation is suggested to obtain good plain image sensitivity to withstand chosen/known plain text attacks. Using these initial vectors, Henon map is iterated to produce the random key sequence values to be utilized over the confusion and diffusion processes. Second, BNT based block-level scrambling is proposed by which the plain image is transformed into blocks to attain the block level confused image. Additionally, simple sorting based confusion is applied to obtain the final confused image. Third, crown graph-based bit-wise diffusion is proposed to attain the final encrypted image. General security measures are carried out for the proposed method to validate its security level. It is shown from the simulations that the suggested approach has good randomness, high key sensitivity, good key space, and flat cipher image pixel distribution. Differential cryptanalysis for the proposed system is also conducted to show its efficacy against differential attacks.

Biased differential distinguisher – Cryptanalysis of reduced-round SKINNY

Abstract: SKINNY is a lightweight tweakable block cipher which received a great deal of cryptanalytic attention due to its elegant structure and efficiency. Despite the cryptanalytic efforts the security margins are remaining high. This has led to SKINNY being used as a component of multiple submissions in the NIST Lightweight Competition, an effort to standardize a lightweight AEAD scheme. Inspired by the SKINNY competitions, multiple attacks on it were reported in different settings (e.g. single vs. related-tweakey) using different techniques (impossible differentials, zero-correlation, meet-in-the-middle, etc.). In this paper we revisit some of these attacks, identify issues with several of them, and offer a series of improved attacks which were experimentally verified. Our best attack can attack up to 18 rounds of SKINNY -64 using 260 chosen plaintexts data, 2116 time, and 2112 memory.

Towards Finding Active Number of S-Boxes in Block Ciphers using Mixed Integer Linear Programming

Abstract: Secure lightweight block ciphers have become an important aspect due to the fact that they are a popular choice for providing security in ubiquitous devices. Two of the most important attacks on block ciphers are differential cryptanalysis [1] and linear cryptanalysis [2]. Calculating the number of active S-boxes is one of the method to examine the security of block ciphers against differential attack. In this paper, we count the minimum number of active S-boxes for several rounds of the lightweight ciphers namely KLEIN, LED and AES. We utilized the method proposed in [9], where calculation of the minimum number of active S-boxes is formulated as a Mixed Integer Linear Programming (MILP) problem. The objective function is to minimize the number of active S-boxes, subject to the constraints imposed by the differential propagation of the cipher. The experimental results are presented in this paper and found to be encouraging.

Linear Cryptanalysis through the Lens of Clauser-Horne-Shimony-Holt Game.

Abstract: Application of CHSH game in Linear Cryptanalysis is presented. Till date, the known usage of CHSH game in Quantum Cryptology is to verify the device independence of the protocols. We observed that the classical symmetric ciphers having the bias equal to 0:25 can be improved to 0:35 exploiting the game which indicates clear improvement over existing Linear and Differential cryptanalysis. In the present initiative, we showed the application of the game in linear cryptanalysis on a lightweight cipher named SIMON. However, the approach can be extended to Differential cryptanalysis too. This observation opens a new direction of research in quantum cryptography.

Classical and Quantum based Differential Cryptanalysis Methods

Abstract: The security of a significant proportion of cryptography in use today depends directly or indirectly on the presumed difficulty of either factoring or extracting discrete logarithms in polynomial time on quantum computers. This paper discusses a quantum version of differential cryptanalysis which propounds quadratic speedup over the existing classical one. Linear cryptanalysis and differential cryptanalysis are general form cryptanalysis which is primarily applicable to block cipher, but also to stream ciphers and cryptographic hash functions. Linear cryptanalysis is a known-plaintext attack, in which attacker studies probabilistic linear relations known as linear approximations between some bits of plaintext, some bits of cipher text and some bits of cipher key. And in differential cryptanalysis the role of attacker is to analyze how differences in input information can affect the resulting difference at the output. Differential Cryptanalysis is a chosen-plaintext attack. However, differential cryptanalysis is more compelling so in this paper we are proposing a quantum version of the same. The computational complexity of classical differential cryptanalysis reaches O(NK). But by applying variations of Grover's search that is either full or partial Quantum Search the number of queries required to find the cipher key will be reduced.

On the Differential Cryptanalysis of SEPAR Cipher.

Abstract: SEPAR is a lightweight cryptographic algorithm, designed to implement on resource-constrained devices especially those employed in IoT environments. Meanwhile, the mixed structure design of cipher leads to speed improvement while guaranteeing its resistance against common cryptographic attacks, especially differential and linear attacks. In order to confirm the resistance of the cipher against differential attack, an extensive investigation was presented in our previous work. In his study, we conduct new research continuing the previously presented research. We prove that there are enough active S-boxes so as to resist cipher against differential cryptanalysis. Moreover, this can provide a tight bound of resisting cipher against this attack.