11 research outputs found

    General Classification of the Authenticated Encryption Schemes for the CAESAR Competition

    Get PDF
    An Authenticated encryption scheme is a scheme which provides privacy and integrity by using a secret key. In 2013, CAESAR (the ``Competition for Authenticated Encryption: Security, Applicability, and Robustness\u27\u27) was co-founded by NIST and Dan Bernstein with the aim of finding authenticated encryption schemes that offer advantages over AES-GCM and are suitable for widespread adoption. The first round started with 57 candidates in March 2014; and nine of these first-round candidates where broken and withdrawn from the competition. The remaining 48 candidates went through an intense process of review, analysis and comparison. While the cryptographic community benefits greatly from the manifold different submission designs, their sheer number implies a challenging amount of study. This paper provides an easy-to-grasp overview over functional aspects, security parameters, and robustness offerings by the CAESAR candidates, clustered by their underlying designs (block-cipher-, stream-cipher-, permutation-/sponge-, compression-function-based, dedicated). After intensive review and analysis of all 48 candidates by the community, the CAESAR committee selected only 30 candidates for the second round. The announcement for the third round candidates was made on 15th August 2016 and 15 candidates were chosen for the third round

    State of the Art in Lightweight Symmetric Cryptography

    Get PDF
    Lightweight cryptography has been one of the ``hot topics'' in symmetric cryptography in the recent years. A huge number of lightweight algorithms have been published, standardized and/or used in commercial products. In this paper, we discuss the different implementation constraints that a ``lightweight'' algorithm is usually designed to satisfy. We also present an extensive survey of all lightweight symmetric primitives we are aware of. It covers designs from the academic community, from government agencies and proprietary algorithms which were reverse-engineered or leaked. Relevant national (\nist{}...) and international (\textsc{iso/iec}...) standards are listed. We then discuss some trends we identified in the design of lightweight algorithms, namely the designers' preference for \arx{}-based and bitsliced-S-Box-based designs and simple key schedules. Finally, we argue that lightweight cryptography is too large a field and that it should be split into two related but distinct areas: \emph{ultra-lightweight} and \emph{IoT} cryptography. The former deals only with the smallest of devices for which a lower security level may be justified by the very harsh design constraints. The latter corresponds to low-power embedded processors for which the \aes{} and modern hash function are costly but which have to provide a high level security due to their greater connectivity

    State of the Art in Lightweight Symmetric Cryptography

    Get PDF
    Lightweight cryptography has been one of the hot topics in symmetric cryptography in the recent years. A huge number of lightweight algorithms have been published, standardized and/or used in commercial products. In this paper, we discuss the different implementation constraints that a lightweight algorithm is usually designed to satisfy in both the software and the hardware case. We also present an extensive survey of all lightweight symmetric primitives we are aware of. It covers designs from the academic community, from government agencies and proprietary algorithms which were reverse-engineered or leaked. Relevant national (NIST...) and international (ISO/IEC...) standards are listed. We identified several trends in the design of lightweight algorithms, such as the designers\u27 preference for ARX-based and bitsliced-S-Box-based designs or simpler key schedules. We also discuss more general trade-offs facing the authors of such algorithms and suggest a clearer distinction between two subsets of lightweight cryptography. The first, ultra-lightweight cryptography, deals with primitives fulfilling a unique purpose while satisfying specific and narrow constraints. The second is ubiquitous cryptography and it encompasses more versatile algorithms both in terms of functionality and in terms of implementation trade-offs

    Security of Ubiquitous Computing Systems

    Get PDF
    The chapters in this open access book arise out of the EU Cost Action project Cryptacus, the objective of which was to improve and adapt existent cryptanalysis methodologies and tools to the ubiquitous computing framework. The cryptanalysis implemented lies along four axes: cryptographic models, cryptanalysis of building blocks, hardware and software security engineering, and security assessment of real-world systems. The authors are top-class researchers in security and cryptography, and the contributions are of value to researchers and practitioners in these domains. This book is open access under a CC BY license

    Electromagnetic Side-Channel Resilience against Lightweight Cryptography

    Get PDF
    Side-channel attacks are an unpredictable risk factor in cryptography. Therefore, observations of leakages through physical parameters, i.e., power and electromagnetic (EM) radiation, etc., of digital devices are essential to minimise vulnerabilities associated with cryptographic functions. Compared to costs in the past, performing side-channel attacks using inexpensive test equipment is becoming a reality. Internet-of-Things (IoT) devices are resource-constrained, and lightweight cryptography is a novel approach in progress towards IoT security. Thus, it would provide sufficient data and privacy protection in such a constrained ecosystem. Therefore, cryptanalysis of physical leakages regarding these emerging ciphers is crucial. EM side-channel attacks seem to cause a significant impact on digital forensics nowadays. Within existing literature, power analysis seems to have considerable attention in research whereas other phenomena, such as EM, should continue to be appropriately evaluated in playing a role in forensic analysis.The emphasis of this thesis is on lightweight cryptanalysis. The preliminary investigations showed no Correlation EManalysis (CEMA) of PRESENT lightweight algorithm. The PRESENT is a block cipher that promises to be adequate for IoT devices, and is expected to be used commercially in the future. In an effort to fill in this research gap, this work examines the capabilities of a correlation EM side-channel attack against the PRESENT. For that, Substitution box (S-box) of the PRESENT was targeted for its 1st round with the use of a minimum number of EM waveforms compared to other work in literature, which was 256. The attack indicates the possibility of retrieving 8 bytes of the secret key out of 10 bytes. The experimental process started from a Simple EMA (SEMA) and gradually enhanced up to a CEMA. The thesis presents the methodology of the attack modelling and the observations followed by a critical analysis. Also, a technical review of the IoT technology and a comprehensive literature review on lightweight cryptology are included

    Security of Ubiquitous Computing Systems

    Get PDF
    The chapters in this open access book arise out of the EU Cost Action project Cryptacus, the objective of which was to improve and adapt existent cryptanalysis methodologies and tools to the ubiquitous computing framework. The cryptanalysis implemented lies along four axes: cryptographic models, cryptanalysis of building blocks, hardware and software security engineering, and security assessment of real-world systems. The authors are top-class researchers in security and cryptography, and the contributions are of value to researchers and practitioners in these domains. This book is open access under a CC BY license

    Security of lightweight cryptographic algorithms

    Get PDF
    Η διπλωματική εργασία μελετά τους lightweight κρυπτογραφικούς αλγορίθμους, εστιάζοντας σε συγκεκριμένα χαρακτηριστικά ασφάλειας. Πιο συγκεκριμένα, θα αναλυθούν, θα αξιολογηθούν και θα ταξινομηθούν σε διάφορες κατηγορίες, όπως αν είναι block ή stream ciphers και αν είναι authenticated ή όχι, κάποιοι lightweight αλγόριθμοι. Αυτή η ταξινόμηση αφορά αλγόριθμους που βρίσκονται σε διαδικασία προτυποποίησης και συμμετέχουν στο διαγωνισμό του NIST (National Institution of Standards and Technology), Lightweight Crypto. Στη συνέχεια, θα δοθεί έμφαση στις Boolean Functions που χρησιμοποιούν αυτοί οι lightweight κρυπτογραφικοί αλγόριθμοι, με σκοπό να υπολογιστούν οι κρυπτογραφικές ιδιότητες των συναρτήσεων αυτών και να αξιολογηθεί η ανθεκτικότητα αυτών των αλγορίθμων ενάντια σε κρυπταναλυτικές επιθέσεις. Η ανάλυσή μας δείχνει πως δεν υπάρχει καμία Boolean function που να ικανοποιεί όλες τις κρυπτογραφικές ιδιότητες και έτσι απαιτείται περαιτέρω έρευνα για να διευκρινιστεί αν οι ευπάθειες αυτές των Boolean functions μπορούν να χρησιμοποιηθούν για την διεξαγωγή κρυπταναλυτικής επίθεσης.This thesis studies the lightweight cryptographic algorithms, focusing on specific security features. In particular, many lightweight algorithms are being analyzed, evaluated and classified into several categories including but not limited to block/stream ciphers, either being authenticated or not. This categorization consists of algorithms that are in the progress of standardization, competing in the NIST (National Institution of Standards and Technology) Lightweight Crypto Standardization process. Next, emphasis will be given on the Boolean functions that these Lightweight cryptographic algorithms utilize, with the aim to calculate the cryptographic properties of such functions towards evaluating the resistance of these algorithms against several cryptanalytic attacks. Our analysis illustrates that there is no cryptographic Boolean function satisfying all the cryptographic properties and, thus, further research is needed in order to evaluate whether such vulnerabilities of underlying Boolean functions can actually be exploited in order to mount a cryptanalytic attac

    Cryptanalysis, Reverse-Engineering and Design of Symmetric Cryptographic Algorithms

    Get PDF
    In this thesis, I present the research I did with my co-authors on several aspects of symmetric cryptography from May 2013 to December 2016, that is, when I was a PhD student at the university of Luxembourg under the supervision of Alex Biryukov. My research has spanned three different areas of symmetric cryptography. In Part I of this thesis, I present my work on lightweight cryptography. This field of study investigates the cryptographic algorithms that are suitable for very constrained devices with little computing power such as RFID tags and small embedded processors such as those used in sensor networks. Many such algorithms have been proposed recently, as evidenced by the survey I co-authored on this topic. I present this survey along with attacks against three of those algorithms, namely GLUON, PRINCE and TWINE. I also introduce a new lightweight block cipher called SPARX which was designed using a new method to justify its security: the Long Trail Strategy. Part II is devoted to S-Box reverse-engineering, a field of study investigating the methods recovering the hidden structure or the design criteria used to build an S-Box. I co-invented several such methods: a statistical analysis of the differential and linear properties which was applied successfully to the S-Box of the NSA block cipher Skipjack, a structural attack against Feistel networks called the yoyo game and the TU-decomposition. This last technique allowed us to decompose the S-Box of the last Russian standard block cipher and hash function as well as the only known solution to the APN problem, a long-standing open question in mathematics. Finally, Part III presents a unifying view of several fields of symmetric cryptography by interpreting them as purposefully hard. Indeed, several cryptographic algorithms are designed so as to maximize the code size, RAM consumption or time taken by their implementations. By providing a unique framework describing all such design goals, we could design modes of operations for building any symmetric primitive with any form of hardness by combining secure cryptographic building blocks with simple functions with the desired form of hardness called plugs. Alex Biryukov and I also showed that it is possible to build plugs with an asymmetric hardness whereby the knowledge of a secret key allows the privileged user to bypass the hardness of the primitive
    corecore