142 research outputs found
Security of balanced and unbalanced Feistel Schemes with Linear Non Equalities
\begin{abstract}
In this paper we will study 2 security results ``above the birthday bound\u27\u27 related to secret key cryptographic problems.\\
1. The classical problem of the security of 4, 5, 6 rounds balanced Random Feistel Schemes.\\
2. The problem of the security of unbalanced Feistel Schemes with contracting functions from bits to bits. This problem was studied by Naor and Reingold~\cite{NR99} and by~\cite{YPL} with a proof of security up to the birthday bound.\\
These two problems are included here in the same paper since their analysis is closely related, as we will see. In problem 1 we will obtain security result very near the information bound (in ) with improved proofs and stronger explicit security bounds than previously known. In problem 2 we will cross the birthday bound of Naor and Reingold. For some of our proofs we will use~\cite{A2} submitted to Crypto 2010.
\end{abstract
Elastic-Tweak: A Framework for Short Tweak Tweakable Block Cipher
Tweakable block cipher (TBC), a stronger notion than standard
block ciphers, has wide-scale applications in symmetric-key schemes. At a high level, it provides flexibility in design and (possibly) better security bounds. In multi-keyed applications, a TBC with short tweak values can be used to replace multiple keys. However, the existing TBC construction frameworks, including TWEAKEY and XEX, are designed for general purpose tweak sizes. Specifically, they are not optimized for short tweaks, which might render them inefficient for certain resource constrained applications. So a dedicated paradigm to construct short-tweak TBCs (tBC) is highly desirable. In this paper, as a first contribution, we present a dedicated framework, called the Elastic-Tweak framework (ET in short), to convert any reasonably secure SPN block cipher into a secure tBC. We apply the ET framework on GIFT and AES to construct efficient tBCs, named TweGIFT and TweAES. These short-tweak TBCs have already been employed in recent NIST lightweight competition candidates, LOTUS-LOCUS and ESTATE. As our second contribution, we show some concrete applications of ET-based tBCs, which are better than their block cipher counterparts in terms of key size, state size, number of block cipher calls, and short message processing. Some notable applications include, Twe-FCBC (reduces the key size of FCBC and gives better security than CMAC), Twe-LightMAC Plus (better rate than LightMAC Plus), Twe-CLOC, and Twe-SILC (reduces the number of block cipher calls and simplifies the design of CLOC and SILC)
Privacy in Bitcoin through decentralized mixers
Dans les crypto-monnaies telles Bitcoin, lâanonymitĂ© des utilisateurs peut ĂȘtre compromise de plusieurs façons. Dans ce mĂ©moire, nous effectuons une revue de littĂ©rature et une classification des diffĂ©rents protocoles existants pour anonymiser les usagers et analysons leur efficacitĂ©. Sâappuyant sur certains critĂšres dĂ©sirables dans de tels protocoles, nous proposons un modĂšle de mixeur synchrone dĂ©centralisĂ©. Nous avons ciblĂ© deux approches qui sâinscrivent dans ce modĂšle, le plan de transaction et le rĂ©seau de transactions, le second Ă©tant une contribution originale de ce mĂ©moire. Nous expliquons son fonctionnement puis analysons son efficacitĂ© dans le contexte actuel dâutilisation de BitcoinIn cryptocurrencies such as Bitcoin, the anonymity of the users may be compromised
in many ways. In this thesis, we review the literature concerning existing protocols used
to increase anonymity by a method called mixing and produce a classification for such
protocols. We propose a decentralized synchronous N-to-N mixing model that takes into
account many considerations of mixers. We address two frameworks within this model,
the transaction blueprint and the network of transactions, the second approach being a
new contribution. We explain how it functions and analyse its efficiency in the current
Bitcoin ecosystem
Elastic-Tweak: A Framework for Short Tweak Tweakable Block Cipher
Tweakable block cipher (TBC), a stronger notion than standard block ciphers, has wide-scale applications in symmetric-key schemes. At a high level, it provides flexibility in design and (possibly) better security bounds. In multi-keyed applications, a TBC with short tweak values can be used to replace multiple keys. However, the existing TBC construction frameworks, including TWEAKEY and XEX, are designed for general purpose tweak sizes. Specifically, they are not optimized for short tweaks, which might render them inefficient for certain resource constrained applications. So a dedicated paradigm to construct short-tweak TBCs (tBC) is highly desirable. In this paper, we present a dedicated framework, called the Elastic-Tweak framework (ET in short), to convert any reasonably secure SPN block cipher into a secure tBC. We apply the ET framework on GIFT and AES to construct efficient tBCs, named TweGIFT and TweAES. We present hardware and software results to show that the performance overheads for these tBCs are minimal. We perform comprehensive security analysis and observe that TweGIFT and
TweAES provide sufficient security without any increase in the number of block cipher rounds when compared to GIFT and AES. We also show some concrete applications of ET-based tBCs, which are better than their block cipher counterparts in terms of key size, state size, number of block cipher calls, and short message processing. Some notable applications include, Twe-FCBC (reduces the key size of FCBC and gives better security than CMAC), Twe-LightMAC Plus (better rate than LightMAC Plus), Twe-CLOC, and Twe-SILC (reduces the number of block cipher calls and simplifies the design of CLOC and SILC)
Generic Attacks on Misty Schemes -5 rounds is not enough-
Misty schemes are classic cryptographic schemes used to construct pseudo-random permutations from bits to bits by using pseudo-random permutations from bits to bits. These permutations will be called the ``internal\u27\u27 permutations, and is the number of rounds of the Misty scheme. Misty schemes are important from a practical point of view since for example, the Kasumi algorithm based on Misty schemes has been adopted as the standard blockcipher in the third generation mobile systems. In this paper we describe the best known ``generic\u27\u27 attacks on Misty schemes, i.e. attacks when the internal permutations do not have special properties, or are randomly chosen. We describe known plaintext attacks (KPA), non-adaptive chosen plaintext attacks (CPA-1) and adaptive chosen plaintext and ciphertext attacks (CPCA-2) against these schemes. Some of these attacks were previously known, some are new. One important result of this paper is that we will show that when rounds, there exist such attacks with a complexity strictly less than . Consequently, at least 6 rounds are necessary to avoid these generic attacks on Misty schemes. When we also describe some attacks on Misty generators, i.e. attacks where more than one Misty permutation is required
Proof of Mirror Theory for a Wide Range of
In CRYPTO\u2703, Patarin conjectured a lower bound on the number of distinct solutions satisfying a system of equations of the form such that , are pairwise distinct. This result is known as \emph{`` Theorem for any \u27\u27} or alternatively as \emph{Mirror Theory for general }, which was later proved by Patarin in ICISC\u2705. Mirror theory for general stands as a powerful tool to provide a high-security guarantee for many blockcipher-(or even ideal permutation-) based designs. Unfortunately, the proof of the result contains gaps that are non-trivial to fix. In this work, we present the first complete proof of the theorem for a wide range of , typically up to order . Furthermore, our proof approach is made simpler by using a new type of equation, dubbed link-deletion equation, that roughly corresponds to half of the so-called orange equations from earlier works. As an illustration of our result, we also revisit the security proofs of two optimally secure blockcipher-based pseudorandom functions, and -bit security proof for six round Feistel cipher, and provide updated security bounds
Secret Shared Shuffle
Generating secret shares of a shuffled dataset - such that neither party knows the order in which it is permuted - is a fundamental building block in many protocols, such as secure collaborative filtering, oblivious sorting, and secure function evaluation on set intersection. Traditional approaches to this problem either involve expensive public-key based crypto or using symmetric crypto on permutation networks. While public-key based solutions are bandwidth efficient, they are computation-bound. On the other hand, permutation network based constructions are communication-bound, especially when the elements are long, for example feature vectors in an ML context.
We design a new 2-party protocol for this task of computing secret shares of shuffled data, which we refer to as secret-shared shuffle. Our protocol is secure against static semi-honest adversary.
At the heart of our approach is a new method of obtaining two sets of pseudorandom shares which are ``correlated via the permutation\u27\u27, which can be implemented with low communication using GGM puncturable PRFs. This gives a new protocol for secure shuffle which is concretely more efficient than the existing techniques in the literature. In particular, we are three orders of magnitude faster than public key based approach and one order of magnitude faster compared to the best known symmetric-key cryptography approach based on permutation network when the elements are moderately large
Tight Security Analysis of EHtM MAC
The security of a probabilistic Message Authentication Code (MAC) usually depends on the uniqueness of the random salt which restricts the security to birthday bound of the salt size due to the collision on random salts (e.g XMACR). To overcome the birthday bound limit, the natural approach to use (a) either a larger random salt (e.g MACRX3 uses 3n bits of random salt where n is the input and output size of the underlying non-compressing pseudorandom function or PRF) or (b) a PRF with increased domain size (e.g RWMAC or Randomized WMAC). Enhanced Hashthen- Mask (EHtM), proposed by Minematsu in FSE 2010, is the first probabilistic MAC scheme that provides beyond birthday bound security without increasing the randomness of the salt and the domain size of the non-compressing PRF. The author proved the security of EHtM as long as the number of MAC query is smaller than 22n/3 where n is the input size of the underlying non-compressing PRF. In this paper, we provide the exact security bound of EHtM and prove that this construction offers security up to 23n/4 MAC queries. The exactness is shown by demonstrating a matching attack
- âŠ