Verified Correctness and Security of mbedTLS HMAC-DRBG

We have formalized the functional specification of HMAC-DRBG (NIST 800-90A), and we have proved its cryptographic security--that its output is pseudorandom--using a hybrid game-based proof. We have also proved that the mbedTLS implementation (C program) correctly implements this functional specification. That proof composes with an existing C compiler correctness proof to guarantee, end-to-end, that the machine language program gives strong pseudorandomness. All proofs (hybrid games, C program verification, compiler, and their composition) are machine-checked in the Coq proof assistant. Our proofs are modular: the hybrid game proof holds on any implementation of HMAC-DRBG that satisfies our functional specification. Therefore, our functional specification can serve as a high-assurance reference.Comment: Appearing in CCS '1

Semantic Security and Indistinguishability in the Quantum World

At CRYPTO 2013, Boneh and Zhandry initiated the study of quantum-secure encryption. They proposed first indistinguishability definitions for the quantum world where the actual indistinguishability only holds for classical messages, and they provide arguments why it might be hard to achieve a stronger notion. In this work, we show that stronger notions are achievable, where the indistinguishability holds for quantum superpositions of messages. We investigate exhaustively the possibilities and subtle differences in defining such a quantum indistinguishability notion for symmetric-key encryption schemes. We justify our stronger definition by showing its equivalence to novel quantum semantic-security notions that we introduce. Furthermore, we show that our new security definitions cannot be achieved by a large class of ciphers -- those which are quasi-preserving the message length. On the other hand, we provide a secure construction based on quantum-resistant pseudorandom permutations; this construction can be used as a generic transformation for turning a large class of encryption schemes into quantum indistinguishable and hence quantum semantically secure ones. Moreover, our construction is the first completely classical encryption scheme shown to be secure against an even stronger notion of indistinguishability, which was previously known to be achievable only by using quantum messages and arbitrary quantum encryption circuits.Comment: 37 pages, 2 figure

D.STVL.9 - Ongoing Research Areas in Symmetric Cryptography

This report gives a brief summary of some of the research trends in symmetric cryptography at the time of writing (2008). The following aspects of symmetric cryptography are investigated in this report: • the status of work with regards to different types of symmetric algorithms, including block ciphers, stream ciphers, hash functions and MAC algorithms (Section 1); • the algebraic attacks on symmetric primitives (Section 2); • the design criteria for symmetric ciphers (Section 3); • the provable properties of symmetric primitives (Section 4); • the major industrial needs in the area of symmetric cryptography (Section 5)

An Encryption Technique for Provably Secure Transmission from a High Performance Computing Entity to a Tiny One

An encryption/decryption approach is proposed dedicated to one-way communication between a transmitter which is a computationally powerful party and a receiver with limited computational capabilities. The proposed encryption technique combines traditional stream ciphering and simulation of a binary channel which degrades channel input by inserting random bits. A statistical model of the proposed encryption is analyzed from the information-theoretic point of view. In the addressed model an attacker faces the problem implied by observing the messages through a channel with random bits insertion. The paper points out a number of security related implications of the considered channel. These implications have been addressed by estimation of the mutual information between the channel input and output and estimation of the number of candidate channel inputs for a given channel output. It is shown that deliberate and secret key controlled insertion of random bits into the basic ciphertext provides security enhancement of the resulting encryption scheme

Security of Ubiquitous Computing Systems

The chapters in this open access book arise out of the EU Cost Action project Cryptacus, the objective of which was to improve and adapt existent cryptanalysis methodologies and tools to the ubiquitous computing framework. The cryptanalysis implemented lies along four axes: cryptographic models, cryptanalysis of building blocks, hardware and software security engineering, and security assessment of real-world systems. The authors are top-class researchers in security and cryptography, and the contributions are of value to researchers and practitioners in these domains. This book is open access under a CC BY license

Designing and Improving Code-based Cryptosystems

In modern cryptography, the security of the most secure cryptographic primitives is based on hard problems coming from number theory such as the factorization and the discrete logarithm problem.However, being mainly based on the intractability of those problems seems to be risky. In 1994, Peter Shor showed how these two problems can be solved in polynomial time using a quantum computer. In contrast, crypttographic primitives based on problems from coding theory are believed to resistquantum computer based attacks and the best known attacks have exponential running time. Alongwith post-quantum security, code-based systems offer other advantages for present-day applicationsdue to their excellent algorithmic efficiency. Actually, they run faster than traditional cryptosystemslike RSA, since they only require very simple operations like shifts and XORs instead of expensivecomputations over big integers. However, although efficient, most code-based schemes suffer fromconsiderably large key sizes. Codes with algebraic structure such as quasi-cyclic and quasi-dyadiccodes, were proposed to overcome the key size issue, but it has been shown to be insecure against algebraic cryptanalysis. This thesis contributes to the research and development of code-based cryptosystems. In particular,we are interested in developing as well as improving three important primitives: stream ciphers andhash functions. We study the FSB hash function and the SYND stream cipher and find a way to con-siderably improve their efficiency, while maintaining the security reduction to the same NP-complete problems. Independently of these results, we address and solve the problem of selecting appropriate parametersets for the binary Goppa code-based McEliece cryptosystem. Based on the Lenstra-Verheul model,we also provide, for the first time, a framework allowing to choose optimal parameters that offer adesired security level in a given year