Statistical cryptanalysis of block ciphers

Since the development of cryptology in the industrial and academic worlds in the seventies, public knowledge and expertise have grown in a tremendous way, notably because of the increasing, nowadays almost ubiquitous, presence of electronic communication means in our lives. Block ciphers are inevitable building blocks of the security of various electronic systems. Recently, many advances have been published in the field of public-key cryptography, being in the understanding of involved security models or in the mathematical security proofs applied to precise cryptosystems. Unfortunately, this is still not the case in the world of symmetric-key cryptography and the current state of knowledge is far from reaching such a goal. However, block and stream ciphers tend to counterbalance this lack of "provable security" by other advantages, like high data throughput and ease of implementation. In the first part of this thesis, we would like to add a (small) stone to the wall of provable security of block ciphers with the (theoretical and experimental) statistical analysis of the mechanisms behind Matsui's linear cryptanalysis as well as more abstract models of attacks. For this purpose, we consider the underlying problem as a statistical hypothesis testing problem and we make a heavy use of the Neyman-Pearson paradigm. Then, we generalize the concept of linear distinguisher and we discuss the power of such a generalization. Furthermore, we introduce the concept of sequential distinguisher, based on sequential sampling, and of aggregate distinguishers, which allows to build sub-optimal but efficient distinguishers. Finally, we propose new attacks against reduced-round version of the block cipher IDEA. In the second part, we propose the design of a new family of block ciphers named FOX. First, we study the efficiency of optimal diffusive components when implemented on low-cost architectures, and we present several new constructions of MDS matrices; then, we precisely describe FOX and we discuss its security regarding linear and differential cryptanalysis, integral attacks, and algebraic attacks. Finally, various implementation issues are considered

Survey and Taxonomy of Key Management Protocols for Wired and Wireless Networks

ABSTRACT Number of keys used to convert plaintext to ciphertext. For example, symmetric/single or asymmetric/two key/public key. Key is an element which can be either numeric or non-numeric, which when applied to a given message results in a encrypted message. Key can be implicitly or explicitly derived from plaintext. Implicit key derivation is also known as auto keying, where the derived key is a part of the plaintext. Explicit key or individual key is a key that is not a part of the plaintext. For a secure communication to take place, the life cycle of key involves: initialization, agreement, distribution and cancellation. This entire process is also known as key management

Issues in electronic payment systems: a new off-line transferable e-coin scheme and a new off-line e-check scheme.

by Wong Ha Yin.Thesis (M.Phil.)--Chinese University of Hong Kong, 2001.Includes bibliographical references (leaves 71-74).Abstracts in English and Chinese.Chapter Chapter 1 --- Introduction --- p.1Chapter 1.1 --- Traditional Payment Systems --- p.1Chapter 1.2 --- Electronic Payment System --- p.2Chapter 1.3 --- Thesis Organization --- p.4Chapter Chapter 2 --- Cryptographic Techniques --- p.5Chapter 2.1 --- Encryption and Decryption --- p.5Chapter 2.1.1 --- Symmetric Encryption --- p.6Chapter 2.1.2 --- Asymmetric or Public-Key Encryption --- p.6Chapter 2.2 --- RSA --- p.7Chapter 2.3 --- Blind Signatures --- p.8Chapter 2.4 --- General Computation Protocols --- p.8Chapter 2.5 --- Cut-and-Choose Method --- p.9Chapter 2.6 --- Hash Functions --- p.9Chapter 2.7 --- Secret Sharing --- p.10Chapter 2.8 --- Zero-Knowledge Proofs --- p.11Chapter 2.9 --- Timestamps --- p.12Chapter Chapter 3 --- Overview of Electronic Payment Systems --- p.13Chapter 3.1 --- Life Cycle --- p.13Chapter 3.2 --- Six Basic Requirements --- p.15Chapter 3.3 --- Efficiency --- p.16Chapter 3.4 --- History --- p.17Chapter Chapter 4 --- Ferguson's Single-term Off-Line Coins --- p.19Chapter 4.1 --- Basic Assumption and Tools --- p.19Chapter 4.1.1 --- Secure Hash Function --- p.19Chapter 4.1.2 --- Polynomial Secret Sharing Scheme --- p.20Chapter 4.1.3 --- Randomized Blind Signature --- p.21Chapter 4.2 --- The Basic Signal-term Cash System --- p.23Chapter 4.2.1 --- The Withdrawal Protocol --- p.24Chapter 4.2.2 --- The Payment Protocol --- p.26Chapter 4.2.3 --- The Deposit Protocol --- p.27Chapter Chapter 5 --- Cash with Different Denominations --- p.28Chapter 5.1 --- Denomination Bundling --- p.28Chapter 5.2 --- Coin Storage --- p.29Chapter Chapter 6 --- An Off-Line Transferable E-coin System --- p.32Chapter 6.1 --- Introduction --- p.32Chapter 6.2 --- The Withdrawal Protocol --- p.34Chapter 6.3 --- The Transfer / Payment Protocol --- p.36Chapter 6.4 --- The Deposit Protocol --- p.40Chapter 6.5 --- Expansion of Coins --- p.42Chapter 6.6 --- Security and privacy Analysis --- p.43Chapter 6.7 --- Complexity Analysis --- p.47Chapter 6.8 --- Conclusion --- p.49Chapter Chapter 7 --- A New Off-line E-check System --- p.50Chapter 7.1 --- Introduction --- p.50Chapter 7.2 --- E-checks Models --- p.51Chapter 7.3 --- E-Check System with Partial Privacy --- p.52Chapter 7.3.1 --- The Withdrawal Protocol --- p.52Chapter 7.3.2 --- The Payment Protocol --- p.55Chapter 7.3.3 --- The Deposit Protocol --- p.56Chapter 7.3.4 --- The Refund Protocol --- p.57Chapter 7.3.5 --- Protocol Discussion --- p.58Chapter 7.4 --- E-Check System with Unconditional Privacy --- p.59Chapter 7.4.1 --- The Withdrawal Protocol --- p.59Chapter 7.4.2 --- The Payment Protocol --- p.63Chapter 7.4.3 --- The Deposit Protocol --- p.64Chapter 7.4.4 --- The Refund Protocol --- p.65Chapter 7.4.5 --- Protocol Discussion --- p.67Chapter 7.5 --- Conclusion --- p.68Chapter Chapter 8 --- Conclusion --- p.69Reference --- p.7

Towards a Theory of Symmetric Encryption

Motivée par le commerce et l'industrie, la recherche publique dans le domaine du chiffrement symétrique s'est considérablement développée depuis vingt cinq ans si bien qu'il est maintenant possible d'en faire le bilan. La recherche a tout d'abord progressé de manière empirique. De nombreux algorithmes de chiffrement fondés sur la notion de réseau de substitutions et de permutations ont été proposés, suivis d'attaques dédiées contre eux. Cela a permis de définir des stratégies générales: les méthodes d'attaques différentielles, linéaires et statistiques, et les méthodes génériques fondées sur la notion de boîte noire. En modélisant ces attaques on a trouvé en retour des règles utiles dans la conception d'algorithmes sûrs: la notion combinatoire de multipermutation pour les fonctions élémentaires, le contrôle de la diffusion par des critères géométriques de réseau de calcul, l'étude algébrique de la non-linéarité, ... Enfin, on montre que la sécurité face à un grand nombre de classes d'attaques classiques est assurée grâce à la notion de décorrélation par une preuve formelle. Ces principes sont à l'origine de deux algorithmes particuliers: la fonction CS-Cipher qui permet un chiffrement à haut débit et une sécurité heuristique, et le candidat DFC au processus de standardisation AES, prototype d'algorithme fondé sur la notion de décorrélation

Journal of Telecommunications and Information Technology, 2002, nr 4

kwartalni

Enhancing Privacy Protection:Set Membership, Range Proofs, and the Extended Access Control

Privacy has recently gained an importance beyond the field of cryptography. In that regard, the main goal behind this thesis is to enhance privacy protection. All of the necessary mathematical and cryptographic preliminaries are introduced at the start of this thesis. We then show in Part I how to improve set membership and range proofs, which are cryptographic primitives enabling better privacy protection. Part II shows how to improve the standards for Machine Readable Travel Documents (MRTDs), such as biometric passports. Regarding set membership proofs, we provide an efficient protocol based on the Boneh-Boyen signature scheme. We show that alternative signature schemes can be used and we provide a general protocol description that can be applied for any secure signature scheme. We also show that signature schemes in our design can be replaced by cryptographic accumulators. For range proofs, we provide interactive solutions where the range is divided in a base u and the u-ary digits are handled by one of our set membership proofs. A general construction is also provided for any set membership proof. We additionally explain how to handle arbitrary ranges with either two range proofs or with an improved solution based on sumset representation. These efficient solutions achieve, to date, the lowest asymptotical communication load. Furthermore, this thesis shows that the first efficient non-interactive range proof is insecure. This thesis thus provides the first efficient and secure non-interactive range proof. In the case of MRTDs, two standards exist: one produced by the International Civil Aviation Organization (ICAO) and the other by the European Union, which is called the Extended Access Control (EAC). Although this thesis focuses on the EAC, which is supposed to solve all privacy concerns, it shows that both standards fail to provide complete privacy protection. Lastly, we provide several solutions to improve them