Year 2010 Issues on Cryptographic Algorithms

In the financial sector, cryptographic algorithms are used as fundamental techniques for assuring confidentiality and integrity of data used in financial transactions and for authenticating entities involved in the transactions. Currently, the most widely used algorithms appear to be two-key triple DES and RC4 for symmetric ciphers, RSA with a 1024-bit key for an asymmetric cipher and a digital signature, and SHA-1 for a hash function according to international standards and guidelines related to the financial transactions. However, according to academic papers and reports regarding the security evaluation for such algorithms, it is difficult to ensure enough security by using the algorithms for a long time period, such as 10 or 15 years, due to advances in cryptanalysis techniques, improvement of computing power, and so on. To enhance the transition to more secure ones, National Institute of Standards and Technology (NIST) of the United States describes in various guidelines that NIST will no longer approve two-key triple DES, RSA with a 1024-bit key, and SHA-1 as the algorithms suitable for IT systems of the U.S. Federal Government after 2010. It is an important issue how to advance the transition of the algorithms in the financial sector. This paper refers to issues regarding the transition as Year 2010 issues in cryptographic algorithms. To successfully complete the transition by 2010, the deadline set by NIST, it is necessary for financial institutions to begin discussing the issues at the earliest possible date. This paper summarizes security evaluation results of the current algorithms, and describes Year 2010 issues, their impact on the financial industry, and the transition plan announced by NIST. This paper also shows several points to be discussed when dealing with Year 2010 issues.Cryptographic algorithm; Symmetric cipher; Asymmetric cipher; Security; Year 2010 issues; Hash function

A dynamical systems approach to the discrimination of the modes of operation of cryptographic systems

Evidence of signatures associated with cryptographic modes of operation is established. Motivated by some analogies between cryptographic and dynamical systems, in particular with chaos theory, we propose an algorithm based on Lyapunov exponents of discrete dynamical systems to estimate the divergence among ciphertexts as the encryption algorithm is applied iteratively. The results allow to distinguish among six modes of operation, namely ECB, CBC, OFB, CFB, CTR and PCBC using DES, IDEA, TEA and XTEA block ciphers of 64 bits, as well as AES, RC6, Twofish, Seed, Serpent and Camellia block ciphers of 128 bits. Furthermore, the proposed methodology enables a classification of modes of operation of cryptographic systems according to their strength.Comment: 14 pages, 10 figure

DTLS Performance in Duty-Cycled Networks

The Datagram Transport Layer Security (DTLS) protocol is the IETF standard for securing the Internet of Things. The Constrained Application Protocol, ZigBee IP, and Lightweight Machine-to-Machine (LWM2M) mandate its use for securing application traffic. There has been much debate in both the standardization and research communities on the applicability of DTLS to constrained environments. The main concerns are the communication overhead and latency of the DTLS handshake, and the memory footprint of a DTLS implementation. This paper provides a thorough performance evaluation of DTLS in different duty-cycled networks through real-world experimentation, emulation and analysis. In particular, we measure the duration of the DTLS handshake when using three duty cycling link-layer protocols: preamble-sampling, the IEEE 802.15.4 beacon-enabled mode and the IEEE 802.15.4e Time Slotted Channel Hopping mode. The reported results demonstrate surprisingly poor performance of DTLS in radio duty-cycled networks. Because a DTLS client and a server exchange more than 10 signaling packets, the DTLS handshake takes between a handful of seconds and several tens of seconds, with similar results for different duty cycling protocols. Moreover, because of their limited memory, typical constrained nodes can only maintain 3-5 simultaneous DTLS sessions, which highlights the need for using DTLS parsimoniously.Comment: International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC - 2015), IEEE, IEEE, 2015, http://pimrc2015.eee.hku.hk/index.htm

Using quantum key distribution for cryptographic purposes: a survey

The appealing feature of quantum key distribution (QKD), from a cryptographic viewpoint, is the ability to prove the information-theoretic security (ITS) of the established keys. As a key establishment primitive, QKD however does not provide a standalone security service in its own: the secret keys established by QKD are in general then used by a subsequent cryptographic applications for which the requirements, the context of use and the security properties can vary. It is therefore important, in the perspective of integrating QKD in security infrastructures, to analyze how QKD can be combined with other cryptographic primitives. The purpose of this survey article, which is mostly centered on European research results, is to contribute to such an analysis. We first review and compare the properties of the existing key establishment techniques, QKD being one of them. We then study more specifically two generic scenarios related to the practical use of QKD in cryptographic infrastructures: 1) using QKD as a key renewal technique for a symmetric cipher over a point-to-point link; 2) using QKD in a network containing many users with the objective of offering any-to-any key establishment service. We discuss the constraints as well as the potential interest of using QKD in these contexts. We finally give an overview of challenges relative to the development of QKD technology that also constitute potential avenues for cryptographic research.Comment: Revised version of the SECOQC White Paper. Published in the special issue on QKD of TCS, Theoretical Computer Science (2014), pp. 62-8

Slid Pairs of the Fruit-80 Stream Cipher

Fruit is a small-state stream cipher designed for securing communications among resource-constrained devices. The design of Fruit was first known to the public in 2016. It was later improved as Fruit-80 in 2018 and becomes the latest and final version among all versions of the Fruit stream ciphers. In this paper, we analyze the Fruit-80 stream cipher. We found that Fruit-80 generates identical keystreams from certain two distinct pairs of key and IV. Such pair of key and IV pairs is known as a slid pair. Moreover, we discover that when two pairs of key and IV fulfill specific characteristics, they will generate identical keystreams. This shows that slid pairs do not always exist arbitrarily in Fruit-80. We define specific rules which are equivalent to the characteristics. Using the defined rules, we are able to automate the searching process using an MILP solver, which makes searching of the slid pairs trivial

A New Version of Grain-128 with Authentication

A new version of the stream cipher Grain-128 is proposed. The new version, Grain-128a, is strengthened against all known attacks and observations on the original Grain-128, and has built-in support for authentication. The changes are modest, keeping the basic structure of Grain-128. This gives a high confidence in Grain-128a and allows for easy updating of existing implementations

On the Design of Perceptual MPEG-Video Encryption Algorithms

In this paper, some existing perceptual encryption algorithms of MPEG videos are reviewed and some problems, especially security defects of two recently proposed MPEG-video perceptual encryption schemes, are pointed out. Then, a simpler and more effective design is suggested, which selectively encrypts fixed-length codewords (FLC) in MPEG-video bitstreams under the control of three perceptibility factors. The proposed design is actually an encryption configuration that can work with any stream cipher or block cipher. Compared with the previously-proposed schemes, the new design provides more useful features, such as strict size-preservation, on-the-fly encryption and multiple perceptibility, which make it possible to support more applications with different requirements. In addition, four different measures are suggested to provide better security against known/chosen-plaintext attacks.Comment: 10 pages, 5 figures, IEEEtran.cl

セキュアRFIDタグチップの設計論

In this thesis, we focus on radio frequency identification (RFID) tag. We design, implement, and evaluate hardware performance of a secure tag that runs the authentication protocol based on cryptographic algorithms. The cryptographic algorithm and the pseudorandom number generator are required to be implemented in the tag. To realize the secure tag, we tackle the following four steps: (A) decision of hardware architecture for the authentication protocol, (B) selection of the cryptographic algorithm, (C) establishment of a pseudorandom number generating method, and (D) implementation and performance evaluation of a silicon chip on an RFID system.(A) The cryptographic algorithm and the pseudorandom number generator are repeatedly called for each authentication. Therefore, the impact of the time needed for the cryptographic processes on the hardware performance of the tag can be large. While low-area requirements have been mainly discussed in the previous studies, it is needed to discuss the hardware architecture for the authentication protocol from the viewpoint of the operating time. In this thesis, in order to decide the hardware architecture, we evaluate hardware performance in the sense of the operating time. As a result, the parallel architecture is suitable for hash functions that are widely used for tag authentication protocols.(B) A lot of cryptographic algorithms have been developed and hardware performance of the algorithms have been evaluated on different conditions. However, as the evaluation results depend on the conditions, it is hard to compare the previous results. In addition, the interface of the cryptographic circuits has not been paid attention. In this thesis, in order to select a cryptographic algorithm, we design the interface of the cryptographic circuits to meet with the tag, and evaluate hardware performance of the circuits on the same condition. As a result, the lightweight hash function SPONGENT-160 achieves well-balanced hardware performance.(C) Implementation of a pseudorandom number generator based on the performance evaluation results on (B) can be a method to generate pseudorandom number on the tag. On the other hand, as the cryptographic algorithm and the pseudorandom number generator are not used simultaneously on the authentication protocol. Therefore, if the cryptographic circuit could be used for pseudorandom number generation, the hardware resource on the tag can be exploited efficiently. In this thesis, we propose a pseudorandom number generating method using a hash function that is a cryptographic component of the authentication protocol. Through the evaluation of our proposed method, we establish a lightweight pseudorandom number generating method for the tag.(D) Tag authentication protocols using a cryptographic algorithm have been developed in the previous studies. However, hardware implementation and performance evaluation of a tag, which runs authentication processes, have not been studied. In this thesis, we design and do a single chip implementation of an analog front-end block and a digital processing block including the results on (A), (B), and (C). Then, we evaluate hardware performance of the tag. As a result, we show that a tag, which runs the authentication protocol based on cryptographic algorithms, is feasible.電気通信大学201

Modification of Hill Cipher Technique using Self Repetitive Matrix (Modular Arithmatic) and Correlation of Eigen values of Matrix with the Exponent N

Cryptography has a long and fascinating history. Over the centuries, an elaborate set of protocols and mechanisms has been created to deal with information security issues when the information is conveyed by physical documents. Often the objectives of information security cannot solely be achieved through mathematical algorithms and protocols alone, but require procedural techniques and abidance of laws to achieve the desired result. For example, privacy of letters is provided by sealed envelopes delivered by an accepted mail service. The physical security of the envelope is, for practical necessity, limited and so laws are enacted which make it a criminal offense to open mail for which one is not authorized. It is sometimes the case that security is achieved not through the information itself but through the physical document recording it. For example, paper currency requires special inks and material to prevent counterfeiting