Scalable method of searching for full-period Nonlinear Feedback Shift Registers with GPGPU. New List of Maximum Period NLFSRs.

This paper addresses the problem of efficient searching for Nonlinear Feedback Shift Registers (NLFSRs) with a guaranteed full period. The maximum possible period for an $n$-bit NLFSR is $2^n-1$ (all-zero state is omitted). %but omitting all-0 state makes the period $2^n-1$ in their longest cycle of states. A multi-stages hybrid algorithm which utilizes Graphics Processor Units (GPU) power was developed for processing data-parallel throughput computation.Usage of abovementioned algorithm allows to give an extended list of n-bit NLFSR with maximum period for 7 cryptographically applicable types of feedback functions

New Family of Stream Ciphers as Physically Clone-Resistant VLSI-Structures

A new large class of $2^{100}$ possible stream ciphers as keystream generators KSGs, is presented. The sample cipher-structure-concept is based on randomly selecting a set of 16 maximum-period Nonlinear Feedback Shift Registers (NLFSRs). A non-linear combining function is merging the 16 selected sequences. All resulting stream ciphers with a total state-size of 223 bits are designed to result with the same security level and have a linear complexity exceeding $2^{81}$ and a period exceeding $2^{161}$. A Secret Unknown Cipher (SUC) is created randomly by selecting one cipher from that class of $2^{100}$ ciphers. SUC concept was presented recently as a physical security anchor to overcome the drawbacks of the traditional analog Physically Unclonable Functions (PUFs). Such unknown ciphers may be permanently self-created within System-on-Chip SoC non-volatile FPGA devices to serve as a digital clone-resistant structure. Moreover, a lightweight identification protocol is presented in open networks for physically identifying such SUC structures in FPGA-devices. The proposed new family may serve for lightweight realization of clone-resistant identities in future self-reconfiguring SoC non-volatile FPGAs. Such self-reconfiguring FPGAs are expected to be emerging in the near future smart VLSI systems. The security analysis and hardware complexities of the resulting clone-resistant structures are evaluated and shown to exhibit scalable security levels even for post-quantum cryptography.Comment: 24 pages, 7 Figures, 3 Table

On Some Symmetric Lightweight Cryptographic Designs

This dissertation presents cryptanalysis of several symmetric lightweight primitives, both stream ciphers and block ciphers. Further, some aspects of authentication in combination with a keystream generator is investigated, and a new member of the Grain family of stream ciphers, Grain-128a, with built-in support for authentication is presented. The first contribution is an investigation of how authentication can be provided at a low additional cost, assuming a synchronous stream cipher is already implemented and used for encryption. These findings are then used when presenting the latest addition to the Grain family of stream ciphers, Grain-128a. It uses a 128-bit key and a 96-bit initialization vector to generate keystream, and to possibly also authenticate the plaintext. Next, the stream cipher BEAN, superficially similar to Grain, but notably using a weak output function and two feedback with carry shift registers (FCSRs) rather than linear and (non-FCSR) nonlinear feedback shift registers, is cryptanalyzed. An efficient distinguisher and a state-recovery attack is given. It is shown how knowledge of the state can be used to recover the key in a straightforward way. The remainder of this dissertation then focuses on block ciphers. First, a related-key attack on KTANTAN is presented. The attack notably uses only a few related keys, runs in less than half a minute on a current computer, and directly contradicts the designers' claims. It is discussed why this is, and what can be learned from this. Next, PRINTcipher is subjected to linear cryptanalysis. Several weak key classes are identified and it is shown how several observations of the same statistical property can be made for each plaintext--ciphertext pair. Finally, the invariant subspace property, first observed for certain key classes in PRINTcipher, is investigated. In particular, its connection to large linear biases is studied through an eigenvector which arises inside the cipher and leads to trail clustering in the linear hull which, under reasonable assumptions, causes a significant number of large linear biases. Simulations on several versions of PRINTcipher are compared to the theoretical findings

Codes and Sequences for Information Retrieval and Stream Ciphers

Given a self-similar structure in codes and de Bruijn sequences, recursive techniques may be used to analyze and construct them. Batch codes partition the indices of code words into m buckets, where recovery of t symbols is accomplished by accessing at most tau in each bucket. This finds use in the retrieval of information spread over several devices. We introduce the concept of optimal batch codes, showing that binary Hamming codes and first order Reed-Muller codes are optimal. Then we study batch properties of binary Reed-Muller codes which have order less than half their length. Cartesian codes are defined by the evaluation of polynomials at a subset of points in F_q. We partition F_q into buckets defined by the quotient with a subspace V. Several properties equivalent to (V intersect ) = {0} for all i,j between 1 and mu are explored. With this framework, a code in F_q^(mu-1) capable of reconstructing mu indices is expanded to one in F_q^(mu) capable of reconstructing mu+1 indices. Using a base case in F_q^3, we are able to prove batch properties for codes in F_q. We generalize this to Cartesian Codes with a limit on the degree mu of the polynomials. De Bruijn sequences are cyclic sequences of length q^n that contain every q-ary word of length n exactly once. The pseudorandom properties of such sequences make them useful for stream ciphers. Under a particular homomorphism, the preimages of a binary de Bruijn sequence form two cycles. We examine a method for identifying points where these sequences may be joined to make a de Bruijn sequence of order n. Using the recursive structure of this construction, we are able to calculate sums of subsequences in O(n^4 log(n)) time, and the location of a word in O(n^5 log(n)) time. Together, these functions allow us to check the validity of any potential toggle point, which provides a method for efficiently generating a recursive specification. Each successful step takes O(k^5 log(k)), for k from 3 to n

Error-Correction Coding and Decoding: Bounds, Codes, Decoders, Analysis and Applications

Coding; Communications; Engineering; Networks; Information Theory; Algorithm