Cryptoraptor : high throughput reconfigurable cryptographic processor for symmetric key encryption and cryptographic hash functions

textIn cryptographic processor design, the selection of functional primitives and connection structures between these primitives are extremely crucial to maximize throughput and flexibility. Hence, detailed analysis on the specifications and requirements of existing crypto-systems plays a crucial role in cryptographic processor design. This thesis provides the most comprehensive literature review that we are aware of on the widest range of existing cryptographic algorithms, their specifications, requirements, and hardware structures. In the light of this analysis, it also describes a high performance, low power, and highly flexible cryptographic processor, Cryptoraptor, that is designed to support both today's and tomorrow's encryption standards. To the best of our knowledge, the proposed cryptographic processor supports the widest range of cryptographic algorithms compared to other solutions in the literature and is the only crypto-specific processor targeting the future standards as well. Unlike previous work, we aim for maximum throughput for all known encryption standards, and to support future standards as well. Our 1GHz design achieves a peak throughput of 128Gbps for AES-128 which is competitive with ASIC designs and has 25X and 160X higher throughput per area than CPU and GPU solutions, respectively.Electrical and Computer Engineerin

An Overview of Cryptography (Updated Version, 3 March 2016)

There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography...While cryptography is necessary for secure communications, it is not by itself sufficient. This paper describes the first of many steps necessary for better security in any number of situations. A much shorter, edited version of this paper appears in the 1999 edition of Handbook on Local Area Networks published by Auerbach in September 1998

SMS Security by Elliptic Curve and Chaotic Encryption Algorithms

Short message services (SMS) represent one of the components of the global communications network and are one of the important developments in communication technologies and communications technology. SMS messages without a password are stored in the SMS server. For the purpose of review and dispute resolution. The security of SMS content cannot be protected because it is transmitted in plain text and is accessible to network operators and employees. Therefore, the end-to-end key is based on encryption and decryption technology can provide SMS security. The security protocols used for SMS security on contemporary mobile devices were examined in this study. SMS security system encryption time affects how well mobile devices work. This shows that security technologies take longer to generate keys and encrypt keys as the key size increases. Due to the limited processing power of mobile devices, large-scale algorithms such as DES, AES, RC4, and Blowfish are not suitable for SMS encryption. SMS may be encrypted using the elliptic curve technique because it provides great security with a smaller key on devices with limited resources, such as mobile phones. And chaotic theory, encryption is simple, fast and secure data encryption. As a result, a combination of elliptic curve algorithm and chaotic encryption algorithm is proposed to achieve a high level of security. In this paper, several tests have been done to compare the algorithms in terms of throughput, power consumption, SMS size, encoding time, and decoding time. The results indicate that the proposed method is better than the comparison method.

SPAE un schéma opératoire pour l'AES sur du matériel bas-coût.

We propose SPAE, a single pass, patent free, authenticated encryption with associated data (AEAD) for AES. The algorithm has been developped to address the needs of a growing trend in IoT systems: storing code and data on a low cost flash memory external to the main SOC. Existing AEAD algorithms such as OCB, GCM, CCM, EAX , SIV, provide the required functionality however in practice each of them suffer from various drawbacks for this particular use case. Academic contributions such as ASCON and AEGIS-128 are suitable and efficient however they require the development of new hardware accelerators and they use primitives which are not 'approved' by governemental institutions such as NIST, BSI, ANSSI. From a silicon manufacturer point of view, an efficient AEAD which use existing AES hardware is much more enticing: the AES is required already by most industry standards invovling symmetric encryption (GSMA, EMVco, FIDO, Bluetooth, ZigBee to name few). This paper expose the properties of an ideal AEAD for external memory encryption, present the SPAE algorithm and analyze various security aspects. Performances of SPAE on actual hardware are better than OCB, GCM and CCM.Nous présentons SPAE, un schéma en une passe, libre de droit, d'encryption authentifiée avec données associées (AEAD) appliqué à l'AES. Cet algorithme a été développé afin de répondre à une tendance grandissante dans l'internet des objets: stocker du code et des données sur une mémoire flash à bas coût externe au système sur puce (SOC). Des algorithmes AEAD existent déjà tels que OCB, GCM, CCM, EAX, SIV, ils répondent à l'usage demandé cependant en pratique chacun de ces algorithmes présente des désavantages pour cet usage particulier. Les contributions académique telles que ASCON et AEGIS-128 sont appropriés et efficaces cependant ils nécessitent le développement de nouveaux accélérateurs matériels et ils utilisent des primitives qui ne sont pas approuvés par les instituions gouvernementales telles que le NIST, BSI ANSSI. Du point de vue du fabricant de silicone, un AEAD efficace qui utilise du matériel AES existant est beaucoup plus attirant: l'AES est déjà requis par la plupart des standards industriels utilisant de l’encryption symétrique (GSMA, EMVco, FIDO, Bluetooth, ZigBee par exemple). Cet article montre les propriétés d'un AEAD idéal pour de la mémoire encryptée externe, présente l'algorithme SPAE et analyse plusieurs aspects de sécurité. Les performances de SPAE sur du matériel actuel sont meilleures que sur OCB, GCM, et CCM

Optimization of SM4 Encryption Algorithm for Power Metering Data Transmission

This study focuses on enhancing the security of the SM4 encryption algorithm for power metering data transmission by employing hybrid algorithms to optimize its substitution box (S-box). A multi-objective fitness function is constructed to evaluate the S-box structure, aiming to identify design solutions that satisfy differential probability, linear probability, and non-linearity balance. To achieve global optimization and local search for the S-box, a hybrid algorithm model that combines genetic algorithm and simulated annealing is introduced. This approach yields significant improvements in optimization effects and increased non-linearity. Experimental results demonstrate that the optimized S-box significantly reduces differential probability and linear probability while increasing non-linearity to 112. Furthermore, a comparison of the ciphertext entropy demonstrates enhanced encryption security with the optimized S-box. This research provides an effective method for improving the performance of the SM4 encryption algorithm

Optimization of SM4 Encryption Algorithm for Power Metering Data Transmission

This study focuses on enhancing the security of the SM4 encryption algorithm for power metering data transmission by employing hybrid algorithms to optimize its substitution box (S-box). A multi-objective fitness function is constructed to evaluate the S-box structure, aiming to identify design solutions that satisfy differential probability, linear probability, and non-linearity balance. To achieve global optimization and local search for the S-box, a hybrid algorithm model that combines genetic algorithm and simulated annealing is introduced. This approach yields significant improvements in optimization effects and increased non-linearity. Experimental results demonstrate that the optimized S-box significantly reduces differential probability and linear probability while increasing non-linearity to 112. Furthermore, a comparison of the ciphertext entropy demonstrates enhanced encryption security with the optimized S-box. This research provides an effective method for improving the performance of the SM4 encryption algorithm

VANET SECURITY FRAMEWORK FOR LOW LATENCY SAFETY APPLICATIONS

Vehicular Ad hoc Network (VANET) is a communication network for vehicles on the road. The concept of VANET is to create communication between vehicles, such as one vehicle is able to inform another vehicle about the road conditions. Communication is possible by vehicle to vehicle (V2V) and vehicle to road side unit (V2R). Presently, VANET technology is surrounded with security challenges and it is essentially important for VANET to successfully implement a security measure according to the safety applications requirements. Many researchers have proposed a number of solutions to counter security attacks and also to improve certain aspects of security i.e. authentication, privacy, and non-repudiation. The current most suitable security scheme for VANET is an Elliptic Curve Digital Signature Algorithm (ECDSA) asymmetric security mechanism. ECDSA is small in key size but it provides the same level of security as the large key sized scheme. However ECDSA is associated with high computational cost, thus lacking applicability in life-critical safety messaging. Due to that reason, alternative security schemes have been proposed, such as symmetric methods which provide faster communication, but at the expense of reduced security. Hence, hybrid and hardware based solutions have been proposed by researchers to mitigate the issue. However, these solutions still do not satisfy the existing safety applications standard or have larger message size due to increased message drop ratio. In this thesis, a security framework is presented; one that uses both standard asymmetric PKI and symmetric cryptography for faster and secured safety message exchange. The proposed framework is expected to improve the security mechanism in VANET by developing trust relationship among the neighboring nodes, hence forming trusted groups. The trust is established via Trusted Platform Module (TPM) and group communication. In this study, the proposed framework methods are simulated using two propagation models, i.e. two ray ground model and Nakagami model for VANET environment (802.11p). In this simulation, two traffic scenarios such as highway and urban are established. The outcome of both simulation scenarios is analyzed to identify the performance of the proposed methods in terms of latency (End-to-End Delay and Processing Delay). Also, the proposed V2V protocol for a framework is validated using a software in order to establish trust among vehicles

ANALYSIS OF CRYPTOGRAPHIC ALGORITHMS AGAINST THEORETICAL AND IMPLEMENTATION ATTACKS

This thesis deals with theoretical and implementation analysis of cryptographic functions. Theoretical attacks exploit weaknesses in the mathematical structure of the cryptographic primitive, while implementation attacks leverage on information obtained by its physical implementation, such as leakage through physically observable parameters (side-channel analysis) or susceptibility to errors (fault analysis). In the area of theoretical cryptanalysis, we analyze the resistance of the Keccak-f permutations to differential cryptanalysis (DC). Keccak-f is used in different cryptographic primitives: Keccak (which defines the NIST standard SHA-3), Ketje and Keyak (which are currently at the third round of the CAESAR competition) and the authenticated encryption function Kravatte. In its basic version, DC makes use of differential trails, i.e. sequences of differences through the rounds of the primitive. The power of trails in attacks can be characterized by their weight. The existence of low-weight trails over all but a few rounds would imply a low resistance with respect to DC. We thus present new techniques to effciently generate all 6-round differential trails in Keccak-f up to a given weight, in order to improve known lower bounds. The limit weight we can reach with these new techniques is very high compared to previous attempts in literature for weakly aligned primitives. This allows us to improve the lower bound on 6 rounds from 74 to 92 for the four largest variants of Keccak-f. This result has been used by the authors of Kravatte to choose the number of rounds in their function. Thanks to their abstraction level, some of our techniques are actually more widely applicable than to Keccak-f. So, we formalize them in a generic way. The presented techniques have been integrated in the KeccakTools and are publicly available. In the area of fault analysis, we present several results on differential fault analysis (DFA) on the block cipher AES. Most DFA attacks exploit faults that modify the intermediate state or round key. Very few examples have been presented, that leverage changes in the sequence of operations by reducing the number of rounds. In this direction, we present four DFA attacks that exploit faults that alter the sequence of operations during the final round. In particular, we show how DFA can be conducted when the main operations that compose the AES round function are corrupted, skipped or repeated during the final round. Another aspect of DFA we analyze is the role of the fault model in attacks. We study it from an information theoretical point of view, showing that the knowledge that the attacker has on the injected fault is fundamental to mount a successful attack. In order to soften the a-priori knowledge on the injection technique needed by the attacker, we present a new approach for DFA based on clustering, called J-DFA. The experimental results show that J-DFA allows to successfully recover the key both in classical DFA scenario and when the model does not perfectly match the faults effect. A peculiar result of this method is that, besides the preferred candidate for the key, it also provides the preferred models for the fault. This is a quite remarkable ability because it furnishes precious information which can be used to analyze, compare and characterize different specific injection techniques on different devices. In the area of side-channel attacks, we improve and extend existing attacks against the RSA algorithm, known as partial key exposure attacks. These attacks on RSA show how it is possible to find the factorization of the modulus from the knowledge of some bits of the private key. We present new partial key exposure attacks when the countermeasure known as exponent blinding is used. We first improve known results for common RSA setting by reducing the number of bits or by simplifying the mathematical analysis. Then we present novel attacks for RSA implemented using the Chinese Remainder Theorem, a scenario that has never been analyzed before in this context

Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms

In this thesis, I present the research I did with my co-authors on several aspects of symmetric cryptography from May 2013 to December 2016, that is, when I was a PhD student at the university of Luxembourg under the supervision of Alex Biryukov. My research has spanned three different areas of symmetric cryptography. In Part I of this thesis, I present my work on lightweight cryptography. This field of study investigates the cryptographic algorithms that are suitable for very constrained devices with little computing power such as RFID tags and small embedded processors such as those used in sensor networks. Many such algorithms have been proposed recently, as evidenced by the survey I co-authored on this topic. I present this survey along with attacks against three of those algorithms, namely GLUON, PRINCE and TWINE. I also introduce a new lightweight block cipher called SPARX which was designed using a new method to justify its security: the Long Trail Strategy. Part II is devoted to S-Box reverse-engineering, a field of study investigating the methods recovering the hidden structure or the design criteria used to build an S-Box. I co-invented several such methods: a statistical analysis of the differential and linear properties which was applied successfully to the S-Box of the NSA block cipher Skipjack, a structural attack against Feistel networks called the yoyo game and the TU-decomposition. This last technique allowed us to decompose the S-Box of the last Russian standard block cipher and hash function as well as the only known solution to the APN problem, a long-standing open question in mathematics. Finally, Part III presents a unifying view of several fields of symmetric cryptography by interpreting them as purposefully hard. Indeed, several cryptographic algorithms are designed so as to maximize the code size, RAM consumption or time taken by their implementations. By providing a unique framework describing all such design goals, we could design modes of operations for building any symmetric primitive with any form of hardness by combining secure cryptographic building blocks with simple functions with the desired form of hardness called plugs. Alex Biryukov and I also showed that it is possible to build plugs with an asymmetric hardness whereby the knowledge of a secret key allows the privileged user to bypass the hardness of the primitive