392 research outputs found

    Collision Attack on Reduced-Round Camellia

    Get PDF
    Camellia is the final winner of 128-bit block cipher in NESSIE. In this paper, we construct some efficient distinguishers between 4-round Camellia and a random permutation of the blocks space. By using collision-searching techniques, the distinguishers are used to attack on 6,7,8 and 9 rounds of Camellia with 128-bit key and 8,9 and 10 rounds of Camellia with 192/256-bit key. The 128-bit key of 6 rounds Camellia can be recovered with 2102^{10} chosen plaintexts and 2152^{15} encryptions. The 128-bit key of 7 rounds Camellia can be recovered with 2122^{12} chosen plaintexts and 254.52^{54.5} encryptions. The 128-bit key of 8 rounds Camellia can be recovered with 2132^{13} chosen plaintexts and 2112.12^{112.1} encryptions. The 128-bit key of 9 rounds Camellia can be recovered with 2113.62^{113.6} chosen plaintexts and 21212^{121} encryptions. The 192/256-bit key of 8 rounds Camellia can be recovered with 2132^{13} chosen plaintexts and 2111.12^{111.1} encryptions. The 192/256-bit key of 9 rounds Camellia can be recovered with 2132^{13} chosen plaintexts and 2175.62^{175.6} encryptions.The 256-bit key of 10 rounds Camellia can be recovered with 2142^{14} chosen plaintexts and 2239.92^{239.9} encryptions

    Survey and Benchmark of Block Ciphers for Wireless Sensor Networks

    Get PDF
    Cryptographic algorithms play an important role in the security architecture of wireless sensor networks (WSNs). Choosing the most storage- and energy-efficient block cipher is essential, due to the facts that these networks are meant to operate without human intervention for a long period of time with little energy supply, and that available storage is scarce on these sensor nodes. However, to our knowledge, no systematic work has been done in this area so far.We construct an evaluation framework in which we first identify the candidates of block ciphers suitable for WSNs, based on existing literature and authoritative recommendations. For evaluating and assessing these candidates, we not only consider the security properties but also the storage- and energy-efficiency of the candidates. Finally, based on the evaluation results, we select the most suitable ciphers for WSNs, namely Skipjack, MISTY1, and Rijndael, depending on the combination of available memory and required security (energy efficiency being implicit). In terms of operation mode, we recommend Output Feedback Mode for pairwise links but Cipher Block Chaining for group communications

    An analysis and a comparative study of cryptographic algorithms used on the internet of things (IoT) based on avalanche effect

    Get PDF
    Ubiquitous computing is already weaving itself around us and it is connecting everything to the network of networks. This interconnection of objects to the internet is new computing paradigm called the Internet of Things (IoT) networks. Many capacity and non-capacity constrained devices, such as sensors are connecting to the Internet. These devices interact with each other through the network and provide a new experience to its users. In order to make full use of this ubiquitous paradigm, security on IoT is important. There are problems with privacy concerns regarding certain algorithms that are on IoT, particularly in the area that relates to their avalanche effect means that a small change in the plaintext or key should create a significant change in the ciphertext. The higher the significant change, the higher the security if that algorithm. If the avalanche effect of an algorithm is less than 50% then that algorithm is weak and can create security undesirability in any network. In this, case IoT. In this study, we propose to do the following: (1) Search and select existing block cryptographic algorithms (maximum of ten) used for authentication and encryption from different devices used on IoT. (2) Analyse the avalanche effect of select cryptographic algorithms and determine if they give efficient authentication on IoT. (3) Improve their avalanche effect by designing a mathematical model that improves their robustness against attacks. This is done through the usage of the initial vector XORed with plaintext and final vector XORed with cipher tect. (4) Test the new mathematical model for any enhancement on the avalanche effect of each algorithm as stated in the preceding sentences. (5) Propose future work on how to enhance security on IoT. Results show that when using the proposed method with variation of key, the avalanche effect significantly improved for seven out of ten algorithms. This means that we have managed to improve 70% of algorithms tested. Therefore indicating a substantial success rate for the proposed method as far as the avalanche effect is concerned. We propose that the seven algorithms be replaced by our improved versions in each of their implementation on IoT whenever the plaintext is varied.Electrical and Mining EngineeringM. Tech. (Electrical Engineering

    Cache Timing Attacks on Camellia Block Cipher

    Get PDF
    Camellia, as the final winner of 128-bit block cipher in NESSIE, is the most secure block cipher of the world. In 2003, Tsunoo proposed a Cache Attack using a timing of CPU cache, successfully recovered Camellia-128 key within 228 plaintexts and 35 minutes. In 2004, IKEDA YOSHITAKA made some further improvements on Tsunoo’s attacks, recovered Camellia-128 key within 221.4 plaintexts and 22 minutes. All of their attacks are belonged to timing driven Cache attacks, our research shows that, due to its frequent S-box lookup operations, Camellia is also quite vulnerable to access driven Cache timing attacks, and it is much more effective than timing driven Cache attacks. Firstly, we provide a general analysis model for symmetric ciphers using S-box based on access driven Cache timing attacks, point out that the F function of the Camellia can leak information about the result of encryption key XORed with expand-key, and the left circular rotating operation of the key schedule in Camellia has serious designing problem. Next, we present several attacks on Camellia-128/192/256 with and without FL/FL-1. Experiment results demonstrate: 500 random plaintexts are enough to recover full Camellia-128 key; 900 random plaintexts are enough to recover full Camellia-192/256 key; also, our attacks can be expanded to known ciphertext conditions by attacking the Camellia decryption procedure; besides, our attacks are quite easy to be expanded to remote scenarios, 3000 random plaintexts are enough to recover full encryption key of Camellia-128/192/256 in both local and campus networks. Finally, we discuss the reason why Camellia is weak in this type of attack, and provide some advices to cipher designers for hardening ciphers against cache timing attacks

    SoK: Security Evaluation of SBox-Based Block Ciphers

    Get PDF
    Cryptanalysis of block ciphers is an active and important research area with an extensive volume of literature. For this work, we focus on SBox-based ciphers, as they are widely used and cover a large class of block ciphers. While there have been prior works that have consolidated attacks on block ciphers, they usually focus on describing and listing the attacks. Moreover, the methods for evaluating a cipher\u27s security are often ad hoc, differing from cipher to cipher, as attacks and evaluation techniques are developed along the way. As such, we aim to organise the attack literature, as well as the work on security evaluation. In this work, we present a systematization of cryptanalysis of SBox-based block ciphers focusing on three main areas: (1) Evaluation of block ciphers against standard cryptanalytic attacks; (2) Organisation and relationships between various attacks; (3) Comparison of the evaluation and attacks on existing ciphers

    Improved Results on Impossible Differential Cryptanalysis of Reduced-Round Camellia-192/256

    Get PDF
    As an international standard adopted by ISO/IEC, the block cipher Camellia has been used in various cryptographic applications. In this paper, we reevaluate the security of Camellia against impossible differential cryptanalysis. Specifically, we propose several 7-round impossible differentials with the FL/FL1FL/FL^{-1} layers. Based on them, we mount impossible differential attacks on 11-round Camellia-192 and 12-round Camellia-256. The data complexities of our attacks on 11-round Camellia-192 and 12-round Camellia-256 are about 21202^{120} chosen plaintexts and 2119.82^{119.8} chosen plaintexts, respectively. The corresponding time complexities are approximately 2167.12^{167.1} 11-round encryptions and 2220.872^{220.87} 12-round encryptions. As far as we know, our attacks are 216.92^{16.9} times and 219.132^{19.13} times faster than the previously best known ones but have slightly more data

    Improved Meet-in-the-Middle Attacks on Reduced-Round Camellia-192/256

    Get PDF
    Camellia is one of the widely used block ciphers, which has been selected as an international standard by ISO/IEC. In this paper, we focus on the key-recovery attacks on reduced-round Camellia-192/256 with meet-in-the-middle methods. We utilize multiset and the differential enumeration methods which are popular to analyse AES in the recent to attack Camellia-192/256. We propose a 7-round property for Camellia-192, and achieve a 12-round attack with 21802^{180} encryptions, 21132^{113} chosen plaintexts and 21302^{130} 128-bit memories. Furthermore, we present an 8-round property for Camellia-256, and apply it to break the 13-round Camellia-256 with 2232.72^{232.7} encryptions, 21132^{113} chosen ciphertexts and 22272^{227} 128-bit memories

    New Impossible Differential Attacks on Camellia

    Get PDF
    Camellia is one of the most worldwide used block ciphers, which has been selected as a standard by ISO/IEC. In this paper, we propose several new 7-round impossible differentials of Camellia with 2 FL/FL1FL/FL^{-1} layers, which turn out to be the first 7-round impossible differentials with 2 FL/FL1FL/FL^{-1} layers. Combined with some basic techniques including the early abort approach and the key schedule consideration, we achieve the impossible differential attacks on 11-round Camellia-128, 11-round Camellia-192, 12-round Camellia-192, and 14-round Camellia-256, and the time complexity are 2123.62^{123.6}, 2121.72^{121.7}, 2171.42^{171.4} and 2238.22^{238.2} respectively. As far as we know, these are the best results against the reduced-round variants of Camellia. Especially, we give the first attack on 11-round Camellia-128 reduced version with FL/FL1FL/FL^{-1} layers

    New Impossible Differential Attacks of Reduced-Round Camellia-192 and Camellia-256

    Get PDF
    Camellia is a block cipher selected as a standard by ISO/IEC, which has been analyzed by a number of cryptanalysts. In this paper, we propose several 6-round impossible differential paths of Camellia with the FL/FL1FL/FL^{-1} layer in the middle of them. With the impossible differential and a well-organized precomputational table, impossible differential attacks on 10-round Camellia-192 and 11-round Camellia-256 are given, and the time complexity are 21752^{175} and 2206.82^{206.8} respectively. An impossible differential attack on 15-round Camellia-256 without FL/FL1FL/FL^{-1} layers and whitening is also be given, which needs about 2236.12^{236.1} encryptions. To the best of our knowledge, these are the best cryptanalytic results of Camellia-192/-256 with FL/FL1FL/FL^{-1} layers and Camellia-256 without FL/FL1FL/FL^{-1} layers to date
    corecore