Showing papers on "Sponge function published in 2015"

Security of Full-State Keyed Sponge and Duplex: Applications to Authenticated Encryption

Abstract: We provide a security analysis for full-state keyed Sponge and full-state Duplex constructions. Our results can be used for making a large class of Sponge-based authenticated encryption schemes more efficient by concurrent absorption of associated data and message blocks. In particular, we introduce and analyze a new variant of SpongeWrap with almost free authentication of associated data. The idea of using full-state message absorption for higher efficiency was first made explicit in the Donkey Sponge MAC construction, but without any formal security proof. Recently, Gaži, Pietrzak and Tessaro CRYPTO 2015 have provided a proof for the fixed-output-length variant of Donkey Sponge. Yasuda and Sasaki CT-RSA 2015 have considered partially full-state Sponge-based authenticated encryption schemes for efficient incorporation of associated data. In this work, we unify, simplify, and generalize these results about the security and applicability of full-state keyed Sponge and Duplex constructions; in particular, for designing more efficient authenticated encryption schemes. Compared to the proof of Gaži et al., our analysis directly targets the original Donkey Sponge construction as an arbitrary-output-length function. Our treatment is also more general than that of Yasuda and Sasaki, while yielding a more efficient authenticated encryption mode for the case that associated data might be longer than messages.

Cube attacks and cube-attack-like cryptanalysis on the round-reduced Keccak sponge function

Abstract: In this paper, we comprehensively study the resistance of keyed variants of SHA-3 (Keccak) against algebraic attacks. This analysis covers a wide range of key recovery, MAC forgery and other types of attacks, breaking up to 9 rounds (out of the full 24) of the Keccak internal permutation much faster than exhaustive search. Moreover, some of our attacks on the 6-round Keccak are completely practical and were verified on a desktop PC. Our methods combine cube attacks (an algebraic key recovery attack) and related algebraic techniques with structural analysis of the Keccak permutation. These techniques should be useful in future cryptanalysis of Keccak and similar designs.

Customizable sponge-based authenticated encryption using 16-bit S-boxes

Abstract: Authenticated encryption (AE) is a symmetric key cryptographic scheme that aims to provide both confidentiality and data integrity. There are many AE algorithms in existence today. However, they are often far from ideal in terms of efficiency and ease of use. For this reason, there is ongoing effort to develop new AE algorithms that are secure, efficient, and easy to use.

NORX8 and NORX16: Authenticated Encryption for Low-End Systems.

Abstract: This paper presents NORX8 and NORX16, the 8-bit and 16-bit versions of the authenticated cipher NORX, one of the CAESAR candidates. These new versions are better suited for low-end systems—such as “internet of things” devices—than the original 32-bit and 64-bit versions: whereas 32-bit NORX requires 64 bytes of RAM or cache memory, NORX8 and NORX16 require just 16 and 32 bytes, respectively. Both of the low-end variants were designed to retain the security properties of the initial NORX and be fast on small CPUs. Keywords-authenticated encryption, lightweight, CAESAR

sp-AELM: Sponge Based Authenticated Encryption Scheme for Memory Constrained Devices

Abstract: In authenticated encryption schemes, there are two techniques for handling long ciphertexts while working within the constraints of a low buffer size: Releasing unverified plaintext (RUP) or Producing intermediate tags (PIT). In this paper, in addition to these two techniques, we propose another way to handle a long ciphertext with a low buffer size by storing and releasing only one (generally, or only few) intermediate state, without releasing or storing any part of an unverified plaintext and without need of generating any intermediate tag. In this paper we explain this generalized technique using our new construction sp-AELM. sp-AELM is a sponge based authenticated encryption scheme that provides support for limited memory devices. We also provide its security proof for privacy and authenticity in an ideal permutation model, using a code based game playing framework. Furthermore, we also present two more variants of sp-AELM that serve the same purpose and are more efficient than sp-AELM.

Sponge Based CCA2 Secure Asymmetric Encryption for Arbitrary Length Message

Abstract: OAEP and other similar schemes proven secure in Random-Oracle Model require one or more hash functions with output size larger than those of standard hash functions. In this paper, we show that by utilizing popular Sponge constructions in OAEP framework, we can eliminate the need of such hash functions. We provide a new scheme in OAEP framework based on Sponge construction and call our scheme Sponge based asymmetric encryption padding (SpAEP). SpAEP is based on 2 functions: Sponge and SpongeWrap, and requires only standard output sizes proposed and standardized for Sponge functions. Our scheme is CCA2 secure for any trapdoor one-way permutation in the ideal permutation model for arbitrary length messages. Our scheme utilizes the versatile Sponge function to enhance the capability and efficiency of the OAEP framework. SpAEP with any trapdoor one-way permutation can also be used as a key encapsulation mechanism and a tag-based key encapsulation mechanism for hybrid encryption. Our scheme SpAEP utilizes the permutation model efficiently in the setting of public key encryption in a novel manner.

Contributions to identity-based cryptography

Abstract: In traditional public key cryptography, public keys of users are essentially random strings generated from random secret keys. Hence, public key certificates are required to attest to the relations between users’ identities and their public keys. In the identity-based cryptography, public keys can be identities such as names, email addresses or IP addresses. This avoids the use of certificates which is a burden in traditional public key cryptography. Attribute-based cryptography originated from the identity-based cryptography goes one step further to support fine-grain access control. In the attribute-based cryptography, a user is defined by a set of attributes rather than atomically by a single string. In this thesis, we investigate several cryptographic primitives in the identity-based setting and its successor, attribute-based setting. There are two classes of digital signature schemes: signature schemes that require the original message as input to the verification algorithm and signature schemes with message recovery which do not require the original message as input to the verification algorithm. One of effective methods for saving bandwidth in transmission is to eliminate the requirement of transmitting the original message for the signature verification. In a signature with message recovery, all or part of the original message is embedded within the signature and can be recovered. Therefore, it minimizes the total length of the original message and the appended signature. In this thesis, we consider digital signatures with message recovery in both the identitybased multisignature setting and the attribute-based setting. In the identity-based multisignature with message recovery, multiple signers generate a single constant size multisignature on the same message regardless of the number of signers. The size of the multisignature is the same as that of a signature generated by one signer. Furthermore, it does not require the transmission of the original message in order to verify the multisignature. In the attribute-based signature with message recovery, the signature size is the same as that of a traditional attribute-based signature,

Improvement A5/1 encryption algorithm based on sponge techniques

Abstract: A5/1 stream cipher is used in Global System for Mobile Communications (GSM) in order to provide privacy on air communication. In this paper introduce new improvements to the A5/1 stream cipher based on using new technology concepts called sponge function. Sponge functions that represent in this paper constructed based on combine between the advantage of stream cipher and hash concepts. New S-box generation is proposed to provide the dynamic features to the sponge technology in order solve the weakness that appear in majority function that used in A5/1 stream cipher by provide dynamic behavior in number of registers and transformation. According the experimental results and the compassion between the A5/1 and the proposed improvement shown the proposed algorithm will increase the randomness features for the A5/l algorithm. The output bit-stream generated by the proposed stream cipher has improved the randomness performance and provide more security to the GSM security algorithm.

Attacks on the Authenticated Encryption Mode of Operation PAE

Abstract: We show several concrete attacks on an authenticated encryption (AE) scheme PAE, which appeared in the IEEE TRANSACTIONS ON INFORMATION THEORY, vol. 56, no. 8, pp. 4025–4037. In addition, we show some flaws and oversights in the analysis (presented in the same paper) used to prove PAE to be a secure AE scheme.

PPAE: Practical Parazoa Authenticated Encryption Family

Abstract: The CAESAR competition for standardization of schemes for authenticated encryption has received 49 entries. Constructions such as Keyak, ICEPOLE, Artemia, NORX and Ascon use DuplexWrap and JHAE modes. DuplexWrap is based on the sponge construction and JHAE is based on the JH hash function. Andreeva et al. have recently defined a generalized sponge like construction called Parazoa hash family and provided indifferentiability security bound for the same. They had shown that the sponge as well as the JH hash function are instances of the parazoa construction with suitable choices of parameters. In our work, we define PPAE as an Authenticated Encryption family based on Parazoa construction. The proposed AE mode supports feed-forward operation which is lacking in sponge based AE constructions. We also provide security analysis of the PPAE family.

Preliminary Design of a Novel Lightweight Authenticated Encryption Scheme Based on the Sponge Function

Abstract: The authenticated encryption plays a key cryptographic primitive that provides confidentiality, integrity, and authenticity in an efficient manner. This paper presents a preliminary design of a novel lightweight authenticated encryption scheme based on the duplex construction of the sponge function supporting the most required features of the authenticated encryption schemes.

Sponge based CCA2 secure asymmetric encryption for arbitrary length message.

Abstract: OAEP and other similar schemes proven secure in Random-Oracle Model require one or more hash functions with output size larger than those of standard hash functions. In this paper, we show that by utilizing popular Sponge constructions in OAEP framework, we can eliminate the need of such hash functions. We provide a new scheme in OAEP framework based on Sponge construction and call our scheme Sponge based asymmetric encryption padding (SpAEP). SpAEP is based on 2 functions: Sponge and SpongeWrap, and requires only standard output sizes proposed and standardized for Sponge functions. Our scheme is CCA2 secure for any trapdoor one-way permutation in the ideal permutation model for arbitrary length messages. Our scheme utilizes the versatile Sponge function to enhance the capability and efficiency of the OAEP framework. SpAEP with any trapdoor one-way permutation can also be used as a key encapsulation mechanism and a tag-based key encapsulation mechanism for hybrid encryption. Our scheme SpAEP utilizes the permutation model efficiently in the setting of public key encryption in a novel manner.

Design of SHA-3 Algorithm using Compression Box (3200 bit) for Digital Signature Applications

Abstract: SHA3 algorithm had proposed by five people with five different approaches. In that NIST (National Institute of Standards and Technology) selected one approach, that approach was proposed by Keccak. The Keccak-f permutation is the basic component of Keccak Hash function and supports 224-bit, 256-bit, 384-bit and 512bit hash variants. It consists of number of rounds and each round is the combination of logical operations and bit permutations. Keccak is generated from sponge function with Keccak [r, c] members. It is categorized by these additional functions i.e. bit rate (r) and capacity (c). The addition of r + c gives width of the Keccak function permutation and is it is further limited to values as indicated 25, 50, 100, 200, 400, 800, 1600. After that Keccak, SHA3 algorithm using with memories but it will take more area. SHA3 have different variants like sha224, sha256, sha512, sha1024. The basic SHA3 using 512 bits converts 128 bits input into 1600 bits in the intermediate stage with using one C-box and performs 24 rounds. In our paper, for improving the security margin with respect to 512-bit, we are designing 128 bit Keccak sequential architecture for SHA1024 variant by converting it into 3200 bits in the intermediate stage using two C-boxes and 24 rounds , which is to be implemented using Xilinx 13.2.

Analysis of Hummingbird Cryptographic Algorithm: a Review

Abstract: Lightweight cryptography (LWC) is an emerging research area which has to deal with the trade-off among security, cost, and performance. Hummingbird is a novel ultra lightweight cryptographic algorithm targeted for resource constrained devices like RFID tags, smart cards and wireless sensor nodes. Lightweight cryptography covers cryptographic algorithms intended for use in devices with low or extremely low resources. Different from existing ultra light weight cryptographic primitives which are either block ciphers or stream ciphers, hummingbird is an elegant combination of both block and stream ciphers. This paper presents the idea and lists of some types of LWC algorithms. This article also discusses various approaches through which lightweight cryptographic algorithms are implemented. Unlike the traditional cryptographic algorithms humming bird algorithms deals in the areas where there is minimal use of resources such as smart cards.

New Message Authentication Code Based on APN Functions and Stream Ciphers

Abstract: After the concept of the active wiretapper was proposed, integrity protection became more important than ever before. Therefore, message authentication code, a method that protects the message from being modified in an undetectable way, attracts more attention. In this paper, we propose a new message authentication code based on APN functions and stream ciphers. This new construction has provable security, which proves that the probability of successful substitution forgery attacks against our new message authentication code is upper bounded by a negligible value. We implement our algorithm, and compare its time consumption with the time consumption of EIA1, the message authentication code used in the 4G LTE system. The results show that our algorithm is much faster than EIA1. Moreover, our new construction is resistant to cycling and linear forgery attacks, which can be applied to EIA1.