scispace - formally typeset
Search or ask a question

Showing papers on "Sponge function published in 2016"


Journal ArticleDOI
TL;DR: This paper provides the latest survey of stream ciphers for embedded systems, with a focus on lightweight implementations in embedded hardware and software as well as relevant authenticated encryption schemes.
Abstract: Pervasive computing constitutes a growing trend, aiming to embed smart devices into everyday objects. The limited resources of these devices and the ever-present need for lower production costs, lead to the research and development of lightweight cryptographic mechanisms. Block ciphers, the main symmetric key cryptosystems, perform well in this field. Nevertheless, stream ciphers are also relevant in ubiquitous computing applications, as they can be used to secure the communication in applications where the plaintext length is either unknown or continuous, like network streams. This paper provides the latest survey of stream ciphers for embedded systems. Lightweight implementations of stream ciphers in embedded hardware and software are examined as well as relevant authenticated encryption schemes. Their speed and simplicity enable compact and low-power implementations, allow them to excel in applications pertaining to resource-constrained devices. The outcomes of the International Organization for Standardization/International Electrotechnical Commission 29192-3 standard and the cryptographic competitions eSTREAM and Competition for Authenticated Encryption: Security, Applicability, and Robustness are summarized along with the latest results in the field. However, cryptanalysis has proven many of these schemes are actually insecure. From the 31 designs that are examined, only six of them have been found to be secure by independent cryptanalysis. A constrained benchmark analysis is performed on low-cost embedded hardware and software platforms. The most appropriate and secure solutions are then mapped in different types of applications. Copyright © 2015 John Wiley & Sons, Ltd.

80 citations


Posted Content
TL;DR: In this paper, a new type of cube distinguisher, the conditional cube tester, was developed for Keccak sponge function, by imposing some bit conditions for certain cube variables, which can be used to construct cube testers with smaller dimensions.
Abstract: The security analysis of Keccak, the winner of SHA-3, has attracted considerable interest. Recently, some attention has been paid to the analysis of keyed modes of Keccak sponge function. As a notable example, the most efficient key recovery attacks on Keccak-MAC and Keyak were reported at EUROCRYPT’15 where cube attacks and cube-attack-like cryptanalysis have been applied. In this paper, we develop a new type of cube distinguisher, the conditional cube tester, for Keccak sponge function. By imposing some bit conditions for certain cube variables, we are able to construct cube testers with smaller dimensions. Our conditional cube testers are used to analyse Keccak in keyed modes. For reduced-round Keccak-MAC and Keyak, our attacks greatly improve the best known attacks in key recovery in terms of the number of rounds or the complexity. Moreover, our new model can also be applied to keyless setting to distinguish Keccak sponge function from random permutation. We provide a searching algorithm to produce the most efficient conditional cube tester by modeling it as an MILP (mixed integer linear programming) problem. As a result, we improve the previous distinguishing attacks on Keccak sponge function significantly. Most of our attacks have been implemented and verified by desktop computers. Finally we remark that our attacks on the reduced-round Keccak will not threat the security margin of Keccak sponge function.

32 citations


Journal ArticleDOI
TL;DR: This paper designs a new online secure authenticated encryption, called ELmD or Encrypt-Linear mix-Decrypt, which is completely (two-stage) parallel (even in associated data) and fully pipeline implementable and provides full privacy when associated data is not repeated.
Abstract: Authenticated encryption schemes which resist misuse of nonce at some desired level of privacy are two-pass or Mac-then-Encrypt constructions (inherently inefficient but provide full privacy) and online constructions like McOE, sponge-type authenticated encryptions (such as duplex) and COPA. Only the last one is almost parallelizable except that for associated data processing, the final block-cipher call is sequential (it needs to wait for the encryption of all the previous ones). In this paper, we design a new online secure authenticated encryption, called ELmD or Encrypt-Linear mix-Decrypt, which is completely (two-stage) parallel (even in associated data) and fully pipeline implementable . It also provides full privacy when associated data is not repeated. Like COPA, our construction is based on EME, an Encrypt-Mix-Encrypt type SPRP construction (secure against chosen plaintext and ciphertext). But unlike EME, we have used an online computable efficient linear mixing instead of a non-linear mixing. We have also provided the hardware implementation of the construction and compare the performance with similar constructions like COPA and EME2.

30 citations


Proceedings ArticleDOI
15 Sep 2016
TL;DR: Genetic Algorithm is used in the key generation process where key selection depends upon the fitness function and the generated keys using GA are unique and more secure for encryption of data.
Abstract: Cryptography is essential to protect and secure data using a key. Different types of cryptographic techniques are found for data security. Genetic Algorithm is essentially used for obtaining optimal solution. Also, it can be efficiently used for random number generation which are very important in cryptography. This paper discusses the application of genetic algorithms for stream ciphers. Key generation is the most important factor in stream ciphers. In this paper Genetic Algorithm is used in the key generation process where key selection depends upon the fitness function. Here genetic algorithm is repeated for key selection. In each iteration, the key having highest fitness value is selected which further be compared with the threshold value. Selected key was unique and non-repeating. Therefore encryption with selected key are highly encrypted because of more randomness of key. This paper shows that the generated keys using GA are unique and more secure for encryption of data.

15 citations


Book ChapterDOI
24 Feb 2016
TL;DR: A generic construction based on the Bellare-Namprempre model for producing an authenticated encryption protocol from any quantum-resistant symmetric-key encryption scheme together with any authentication scheme digital signature scheme or MAC admitting a classical security reduction to a quantum-computationally hard problem.
Abstract: We propose a security model for evaluating the security of authenticated encryption schemes in the post-quantum setting. Our security model is based on a combination of the classical Bellare-Namprempre security model for authenticated encryption together with modifications from Boneh and Zhandry to handle message authentication against quantum adversaries. We give a generic construction based on the Bellare-Namprempre model for producing an authenticated encryption protocol from any quantum-resistant symmetric-key encryption scheme together with any authentication scheme digital signature scheme or MAC admitting a classical security reduction to a quantum-computationally hard problem. We give examples of suitable authentication schemes under the quantum random oracle model using the Boneh-Zhandry transformation. We also provide tables of communication overhead calculations and comparisons for various choices of component primitives in our construction.

15 citations


Journal Article
TL;DR: In this paper, the authors analyzed the authenticated encryption algorithm (ACORN) and identified weaknesses in the state update function of ACORN which result in collisions in the internal state of the ACORN.
Abstract: This paper analyzes the authenticated encryption algorithm ACORN, a candidate in the CAESAR cryptographic competition. We identify weaknesses in the state update function of ACORN which result in collisions in the internal state of ACORN. This paper shows that for a given set of key and initialization vector values we can construct two distinct input messages which result in a collision in the ACORN internal state. Using a standard PC the collision can be found almost instantly when the secret key is known. This flaw can be used by a message sender to create a forged message which will be accepted as legitimate.

11 citations


01 Jun 2016
TL;DR: This thesis studies message authentication and authenticated encryption algorithms, which are symmetric-key solutions to providing data integrity and confidentiality, and introduces a new design, LightMAC, which enables keys to be used longer than typically possible and an existing construction, PMAC, is analyzed in depth for its potential to provide more security than what was commonly thought.
Abstract: Awareness of the significance of securing communication and data has increased dramatically due to the countless examples showing that systems with little or no protection can and will be attacked. Lack of adoption, or improper use of strong cryptographic techniques could be attributed to the fact that cryptographic solutions are not efficient enough, impose impractical constraints on their use, or their analysis does not align with how they are used in practice. This thesis studies message authentication and authenticated encryption algorithms, which are symmetric-key solutions to providing data integrity and confidentiality. A formal study is performed of how security degrades when authenticated encryption algorithms are implemented in environments where theoretical assumptions might not be met, the so-called nonce abuse and release of unverified plaintext settings. Designs for authenticated encryption schemes are analyzed, including our designs COPA and COBRA, while keeping efficiency constraints in mind. Additionally, limits imposed by constrained environments, which commonly appear in applications for the internet of things, are considered, and discussed in the context of message authentication algorithms. A new design is introduced, LightMAC, which enables keys to be used longer than typically possible, and an existing construction, PMAC, is analyzed in depth for its potential to provide more security than what was commonly thought.

8 citations


Proceedings ArticleDOI
23 Mar 2016
TL;DR: An improved Linear Feedback Shift Register based stream cipher for A5 family which comprises variable tapping scheme, a new clocking mechanism, a non-linear combination function and key-generation mechanism with increased number of LFSRs and their length is proposed.
Abstract: Divulgence of A5 family of stream ciphers disclosed a number of cryptographic faults, especially in A5/1, and several cryptographic attacks were also proposed. This paper proposes an improved Linear Feedback Shift Register based stream cipher for A5 family which comprises variable tapping scheme, a new clocking mechanism, a non-linear combination function and key-generation mechanism with increased number of LFSRs and their length. Based on the feedback, period of polynomial changes randomly in this algorithm. Randomness of this proposed algorithm has been tested through “Randomness Test Suit” and it is simulated on MATLAB. Result unveils improvement in randomness of key-stream and creation of a better binary sequence in comparison to A5/1 stream cipher of comparable complexity.

5 citations


Book ChapterDOI
Yusuke Naito1
14 Nov 2016
TL;DR: This work studies the pseudo-random function (PRF) security of keyed sponges that use a sponge function with extendable outputs in a black-box way and investigates whether a keyed sponge can be constructed with beyond the \((q^2+qQ)/2^c\) bound security.
Abstract: We study the pseudo-random function (PRF) security of keyed sponges that use a sponge function with extendable outputs in a black-box way “Capacity” is a parameter of a keyed sponge that usually defines a dominant term in the PRF-bound The previous works have improved the capacity term in the PRF-bound of the “prefix” keyed sponge, where the key is prepended to an input message, and then the resultant value is inputted into the sponge function A tight bound for the capacity term was given by Naito and Yasuda (FSE 2016): \((qQ+q^2)/2^c\) where c is the capacity, q is the number of online queries and Q is the number of offline queries Thus the following question is naturally arisen: can we construct a keyed sponge with beyond the \((q^2+qQ)/2^c\) bound security?

5 citations


Dissertation
01 Jan 2016
TL;DR: This thesis proposes an alternative word-oriented symmetric stream cipher based on graphic methods called Coordinate Matrix Encryption (CME), which offers quantifiably high levels of security and a non-singular mapping of plaintext to ciphertext.
Abstract: With the ever-expanding use of technology for communications, the demand for strong cryptographic methods is continually growing. The implementation of cryptographic algorithms in modern networked systems is crucial to ensure the security and confidentiality of data. Standardized encryption algorithms have emerged to allow users and developers a quantifiable and thoroughly tested level of security within their systems. While much research has been done to improve the security of traditional ciphers such as the Advanced Encryption Standard (AES) and the now-defunct Rivest Cipher 4 (RC4), there are opportunities for the development and improvement of alternative ciphers based on graphic methods. Encryption using graphic methods, such as Visual Cryptography (VC) and Elliptic Curve Cryptography (ECC), give high levels of security, and demonstrate alternative approaches to achieve secure methods for the ever-expanding online world. This thesis proposes an alternative word-oriented symmetric stream cipher based on graphic methods called Coordinate Matrix Encryption (CME), which offers quantifiably high levels of security and a non-singular mapping of plaintext to ciphertext. The focus of this thesis was to explore the security offered by alternative graphic methods, in comparison to traditional classical methods, as well as the difficulties faced in implementing these alternative systems. It is hypothesized that graphic-based methods would offer higher levels of security with lower overheads than classical methods, and that the proposed CME system would prove secure against attack. The proposed system was implemented in Java along with four comparable algorithms, both graphic-based and traditional, which were AES, RC4, ECC, and VC. The algorithms were all tested for security and efficiency, and the comparative results show the high levels of security achievable by alternative graphic-based ciphers. The resistance of the proposed 8-bit CME system to brute force attacks was shown to be 157,899 orders of magnitude higher than that of a 128-bit key in traditional ciphers such as AES. Examination of the avalanche effect of the CME scheme showed that less than 0.5% of all bytes within the ciphertext remained in the same position when a single bit of the plaintext was altered. While the RC4 scheme offered the best efficiency in terms of time required to encrypt and decrypt the data, the CME scheme had lower memory requirements and was faster in the setup execution. Further research into alternative graphic methods is required to explore the applications of alternative systems such as CME. The security offered by the proposed

4 citations


Book ChapterDOI
01 Jan 2016
TL;DR: This work proposes a technique of using Sponge hash for generating the hash code and signing the message with the newly generated hash code to design a light weight and fast message authentication algorithm.
Abstract: Elliptic Curve Cryptography (ECC) is a public key cryptographic technique. Here the encryption and decryption are done in finite field either in prime mode or in binary mode. Goal of this work is to design a light weight and fast message authentication algorithm. The Digital signature Algorithm used in ECC i.e. Elliptic curve digital signature algorithm (ECDSA) uses SHA-1 as the algorithm for generating the hash code. In this paper we propose a technique of using Sponge hash for generating the hash code and signing the message with the newly generated hash code. This approach reduces the bytes per cycle time of the algorithm used in generating the hash code for authentication. when the bytes/cycle time is reduced then the energy consumption will also be reduced and the computation time is also reduced when used in resource constrained environments. abstract environment.

Journal ArticleDOI
TL;DR: The CEASAR competition and its candidates, the most popular construction principles, and various design goals for authenticated encryption, many of which appeared during the CAESAR competition are reviewed.
Abstract: Ensuring confidentiality and integrity of communication remains among the most important goals of cryptography. The notion of authenticated encryption marries these two security goals in a single symmetric-key, cryptographic primitive. A lot of effort has been invested in authenticated encryption during the fifteen years of its existence. The recent Competition for Authenticated Encryption: Security, Applicability, and Robustness (CAESAR) has boosted the research activity in this area even more. As a result, the area of authenticated encryption boasts numerous results, both theoretically and practically oriented, and perhaps, even greater number of constructions of authenticated encryption schemes. We explore the current landscape of results on authenticated encryption. We review the CEASAR competition and its candidates, the most popular construction principles, and various design goals for authenticated encryption, many of which appeared during the CAESAR competition. We also take a closer look at the candidate Offset Merkle-Damg\r{a}rd (OMD).

Proceedings ArticleDOI
01 Aug 2016
TL;DR: In this article, the authors used register transfer-level (RTL) design to describe selected authenticated ciphers using a hardware description language (HDL), verifies their proper operation through functional simulation, and implements them on target FPGAs.
Abstract: Authenticated ciphers are cryptographic transformations which combine the functionality of confidentiality, integrity, and authentication This research uses register transfer-level (RTL) design to describe selected authenticated ciphers using a hardware description language (HDL), verifies their proper operation through functional simulation, and implements them on target FPGAs The authenticated ciphers chosen for this research are the CAESAR Round Two variants of SCREAM, POET, and Minalpher Ciphers are discussed from an engineering standpoint, and are compared and contrasted in terms of design features To ensure conformity and standardization in evaluation, all three candidates are implemented with an identical version of the CAESAR Hardware API for authenticated ciphers Functionally correct implementations of all three ciphers are realized, and results are compared against each other and previous results in terms of throughput, area, and throughput-to-area (T/A) ratio SCREAM is found to have the highest T/A ratio of these three ciphers in the Virtex-6 FPGA, while Minalpher has the highest T/A ratio in the Virtex-7 FPGA

Dissertation
01 Jan 2016
TL;DR: This work provides a technique using which any AE scheme can be used directly (without any change), whilst providing the good fail-fast features at the same time.
Abstract: In the modern world, almost every computing device uses some cryptographic technique or the other. Over the years several schemes have been proposed implemented and standardized. For any kind of data transfer the primary goals are encryption and authentication. Historically, these two goals are achieved separately, via two different techniques. Any symmetric cipher scheme can be used for encryption, whereas, for authentication, usage of a keyed MAC is prevalent. There is another approach known as Authenticated Encryption (AE), which fulfills both the goals at the same time. From an implementation perspective, it is important that, if the packet is malformed, it is rejected as soon as possible. Common techniques like AES-CBC, allow for such a fail-fast paradigm using padding oracle. But, the same technique cannot be applied for other common AE techniques like AES-GCM. In this work, we provide a technique using which any AE scheme can be used directly (without any change), whilst providing the good fail-fast features at the same time.

Proceedings ArticleDOI
01 May 2016
TL;DR: In this article, the authors used register transfer-level (RTL) design to describe selected authenticated ciphers using a hardware description language (HDL), verifies their proper operation through functional simulation, and implements them on target FPGAs.
Abstract: Authenticated ciphers are cryptographic transformations which combine the functionality of confidentiality, integrity, and authentication. This research uses register transfer-level (RTL) design to describe selected authenticated ciphers using a hardware description language (HDL), verifies their proper operation through functional simulation, and implements them on target FPGAs -- the Xilinx Virtex-6 and Virtex-7. The authenticated ciphers chosen for this research are the CAESAR Round Two variants of SCREAM, POET, and Minalpher. To ensure standardization in evaluation, all three candidates are implemented with an identical version of a universal hardware API for authenticated ciphers. Results are compared against each other in terms of performance, area, and throughput-to-area (TP/A) ratio. SCREAM is found to have the highest TP/A ratio of these three ciphers.

Proceedings ArticleDOI
26 Jul 2016
TL;DR: The results show that the Spritz accelerator is significantly faster in encryption compared to the software implementation and fares weakly against hardware implementation of state-of-the-art hash functions and stream ciphers in terms of area-efficiency.
Abstract: RC4, the dominant stream cipher in e-commerce and communication protocols such as, WEP, TLS, is being considered for replacement due to the series of vulnerabilities that have been pointed out in recent past. After a thorough analysis of the possible weaknesses, Spritz, a new stream cipher is proposed to that effect by the author of RC4. The design of Spritz is based on Cryptographic Sponge construction, which permits Spritz to be used in different modes, and therefore, makes it an attractive design choice for security protocols. Initial software performance analysis of Spritz shows that it fares poorly compared to the state-of-the-art hash functions and stream ciphers. In this paper, we extend the analysis to the hardware performance. We propose a fully customized accelerator design for Spritz and identify the highest achievable runtime performance for ASIC and FPGA technology. Our results show that the Spritz accelerator is significantly faster in encryption compared to the software implementation (32.38x speed-up for the SQUEEZE and 64.07x speed-up for the ABSORB function), though fares weakly against hardware implementation of state-of-the-art hash functions and stream ciphers in terms of area-efficiency.