Showing papers on "Sponge function published in 2017"

ISAP – Towards Side-Channel Secure Authenticated Encryption

Abstract: Side-channel attacks and in particular differential power analysis (DPA) attacks pose a serious threat to cryptographic implementations. One approach to counteract such attacks are cryptographic schemes based on fresh re-keying. In settings of pre-shared secret keys, such schemes render DPA attacks infeasible by deriving session keys and by ensuring that the attacker cannot collect side-channel leakage on the session key during cryptographic operations with different inputs. While these schemes can be applied to secure standard communication settings, current re-keying approaches are unable to provide protection in settings where the same input needs to be processed multiple times. In this work, we therefore adapt the re-keying approach and present a symmetric authenticated encryption scheme that is secure against DPA attacks and that does not have such a usage restriction. This means that our scheme fully complies with the requirements given in the CAESAR call and hence, can be used like other noncebased authenticated encryption schemes without loss of side-channel protection. Its resistance against side-channel analysis is highly relevant for several applications in practice, like bulk storage settings in general and the protection of FPGA bitfiles and firmware images in particular.

Conditional Cube Attack on Reduced-Round Keccak Sponge Function

Abstract: The security analysis of Keccak, the winner of SHA-3, has attracted considerable interest. Recently, some attention has been paid to the analysis of keyed modes of Keccak sponge function. As a notable example, the most efficient key recovery attacks on Keccak-MAC and Keyak were reported at EUROCRYPT’15 where cube attacks and cube-attack-like cryptanalysis have been applied. In this paper, we develop a new type of cube distinguisher, the conditional cube tester, for Keccak sponge function. By imposing some bit conditions for certain cube variables, we are able to construct cube testers with smaller dimensions. Our conditional cube testers are used to analyse Keccak in keyed modes. For reduced-round Keccak-MAC and Keyak, our attacks greatly improve the best known attacks in key recovery in terms of the number of rounds or the complexity. Moreover, our new model can also be applied to keyless setting to distinguish Keccak sponge function from random permutation. We provide a searching algorithm to produce the most efficient conditional cube tester by modeling it as an MILP (mixed integer linear programming) problem. As a result, we improve the previous distinguishing attacks on Keccak sponge function significantly. Most of our attacks have been implemented and verified by desktop computers. Finally we remark that our attacks on the reduced-round Keccak will not threat the security margin of Keccak sponge function.

Reliable Hardware Architectures for Cryptographic Block Ciphers LED and HIGHT

Abstract: Cryptographic architectures provide different security properties to sensitive usage models. However, unless reliability of architectures is guaranteed, such security properties can be undermined through natural or malicious faults. In this paper, two underlying block ciphers which can be used in authenticated encryption algorithms are considered, i.e., light encryption device and high security and lightweight block ciphers. The former is of the Advanced Encryption Standard type and has been considered area-efficient, while the latter constitutes a Feistel network structure and is suitable for low-complexity and low-power embedded security applications. In this paper, we propose efficient error detection architectures including variants of recomputing with encoded operands and signature-based schemes to detect both transient and permanent faults. Authenticated encryption is applied in cryptography to provide confidentiality, integrity, and authenticity simultaneously to the message sent in a communication channel. In this paper, we show that the proposed schemes are applicable to the case study of simple lightweight CFB for providing authenticated encryption with associated data. The error simulations are performed using Xilinx Integrated Synthesis Environment tool and the results are benchmarked for the Xilinx FPGA family Virtex-7 to assess the reliability capability and efficiency of the proposed architectures.

Investigating Cube Attacks on the Authenticated Encryption Stream Cipher MORUS

Abstract: We investigated the application of cube attacks to MORUS, a candidate in the CAESAR competition. We applied the cube attack to a version of MORUS where the initialization phase is reduced from 16 steps to 4. Our analysis shows that the cube attack can successfully recover the secret key of MORUS-640 with a total complexity of about 2^10 for this reduced version, and similarly for MORUS-1280 with complexity 2^9. Additionally, we obtained cubes resulting in distinguishers for 5 steps of the initialization of MORUS- 1280; these can distinguish the cipher output function from a random function with complexity of 2^8. All our attacks are verified experimentally. Currently, the cube attack does not threaten the security of MORUS if the full initialization phase is performed.

FPGA implementation and comparison of AES-GCM and Deoxys authenticated encryption schemes

Abstract: Authenticated Encryption (AE) schemes are key-based cryptographic algorithms that provide both goals of confidentiality of message and authenticity of the sender, simultaneously. Traditionally, Advanced Encryption Standard (AES) in Galois Counter Mode (AES-GCM), among several other approaches, has been employed for Authenticated Encryption. However, several lightweight cryptographic applications such as those used in sensor networks or RFID security can benefit from new AE schemes which can be constructed more efficiently. In this paper we provide evaluations for Deoxys, a third round candidate from the ongoing Competition for Authenticated Encryption: Security, Applicability, and Robustness (CAESAR). We describe simplified flow diagrams and a detailed summary on the timing performance, area, memory and energy requirements of AES-GCM and Deoxys, using our own implementations on Altera Cyclone V FPGAs. Our analysis shows that Deoxys requires 10% less energy per bit and 25% less LUTs as compared to AES-GCM.

A new authenticated encryption technique for handling long ciphertexts in memory constrained devices

Abstract: In authenticated encryption schemes, there are two techniques for handling long ciphertexts while working within the constraints of a low buffer size: releasing unverified plaintext (RUP) or producing intermediate tags (PIT). In this paper, in addition to the two techniques, we propose another way to handle a long ciphertext with a low buffer size by storing and releasing only one (generally, or only few) intermediate state without releasing or storing any part of an unverified plaintext and without need of generating any intermediate tag. In this paper we explain this generalised technique using our new construction sp-AELM. sp-AELM is a sponge-based authenticated encryption scheme that provides support for limited memory devices. We also provide its security proof for privacy and authenticity in an ideal permutation model, using a code-based game playing framework. Furthermore, we also present two more variants of sp-AELM that serve the same purpose and are more efficient than sp-AELM. The ongoing CAESAR competition has nine submissions which are based on the sponge construction. We apply our generalised technique of storing single intermediate state to all these submissions, to determine their suitability with a crypto module having limited memory. Our findings show that only ASCON and one of the PRIMATE's modes (namely GIBBON) satisfy the limited memory constraint using this technique, while the remaining schemes (namely, Artemia, ICEPOLE, Ketje, Keyak, NORX, Π-cipher, STRIBOB and two of the PRIMATEs modes: APE and HANUMAN) are not suitable for this scenario directly.

Using ChaCha20-Poly1305 Authenticated Encryption in the Cryptographic Message Syntax (CMS)

Abstract: This document describes the conventions for using ChaCha20-Poly1305 Authenticated Encryption in the Cryptographic Message Syntax (CMS). ChaCha20-Poly1305 is an authenticated encryption algorithm constructed of the ChaCha stream cipher and Poly1305 authenticator.

Analysis of sponge function based authenticated encryption schemes

Abstract: Today's modern communication systems are to be protected from many security risks. Confidential messages sent over an insecure channel should be ensured integrity along with privacy. Authenticated encryption is such a scheme which provides both privacy and integrity simultaneously. Privacy is achieved by means of encryption and authentication using a Message Authentication Code (MAC). For resource-constrained devices, lightweight authenticated encryption schemes are to be devised. Sponge function is an ideal candidate for designing these lightweight schemes. In this paper, a literature survey is made on sponge function based authenticated encryption schemes, their designs and security details. Finally, a comparison of all these schemes is performed.

Sponge-based CCA2 secure asymmetric encryption for arbitrary length message (extended version)

Abstract: OAEP and other similar schemes, proven secure in random-oracle model, require one or more hash functions with an output size larger than those of the standard hash functions. In this paper, we show that by using the popular Sponge construction in the OAEP framework, we can eliminate the need for such a hash function. We provide a new scheme in the OAEP framework and call our scheme Sponge-based asymmetric encryption padding (SpAEP). The scheme SpAEP is based on two functions: Sponge and SpongeWrap, and requires only standard output sizes proposed and standardised for Sponge functions. Our scheme is CCA2 secure for any trapdoor one-way permutation in the ideal permutation model for arbitrary length messages. Our scheme utilises the versatile Sponge function to enhance the capability and efficiency of the OAEP framework. Prior to this work, the only scheme proven secure in the ideal permutation model was OAEP-3R. However this scheme is not efficient in practice as it utilises a full domain permutation which is hard to find and construct efficiently in practice. Therefore, the author of OAEP-3R provided another version of OAEP-3R but in random oracle model. Our scheme SpAEP utilises the ideal permutation model in a novel manner which makes SpAEP efficient and practical to construct a public key encryption. We also propose a key encapsulation mechanism for hybrid encryption using SpAEP with any trapdoor one-way permutation.

Mathematical investigation of cryptographic functions and operations used in cyber attacks

Abstract: Cryptography has always been a corner stone of security domain. Different security services such as confidentiality, integrity, availability, authentication, non-repudiation and access control, are provided by a number of cryptographic algorithms including block ciphers, stream ciphers and hash functions. Until to day, different operations and functions used in cryptography. In this paper, I have as mathematical survey of cryptographic functions and operations of the algorithms used in cyber attacks. Then, time series analysis of used algorithms have perform and their fruquency of use have determined. This investigation will help for identifying different operations and functions in cryptographic algorithms.

Double-a – a new cryptographic hash function (its design)

Abstract: This paper examines the outline decisions of the sponge constructed cryptographic hash function Double-A. Firstly, the relative favorable circumstances of why a stream mode cipher is utilized instead of a block mode are given. Furthermore, a portrayal of what a sponge function is, the way it is designed and what are its fundamental components. At long last, after a brief review of the Salsa20 stream cipher and its structure, the decisions of the states width, rounds and operations in the pseudorandom function f are talked about in subtle element to show how and why they are utilized as a part of the stage of Double-A.

Rolled versus plain fingerprints: Matching with cryptographic one-way hashes

Abstract: In password based authentication system, passwords are only stored and matched using cryptographic one-way hashes. Various biometrics have been utilized as an alternative authentication mechanism due to their permanent physical connections to a person. However, people have yet to see their usages in the formats of cryptographic one-way hashes for the reason that biometric templates cannot be reproduced with perfect accuracy and a tiny change in a template would significantly change its cryptographic hash value. In this paper we propose a novel approach of storing and matching fingerprint data with cryptographic one-way hashes. To our knowledge, it is the first proposal of matching biometric data using cryptographic one-way hashes. Experimental results with the NIST fingerprint database sd14v2 show the feasibility of our proposal.