Cryptoraptor : high throughput reconfigurable cryptographic processor for symmetric key encryption and cryptographic hash functions

textIn cryptographic processor design, the selection of functional primitives and connection structures between these primitives are extremely crucial to maximize throughput and flexibility. Hence, detailed analysis on the specifications and requirements of existing crypto-systems plays a crucial role in cryptographic processor design. This thesis provides the most comprehensive literature review that we are aware of on the widest range of existing cryptographic algorithms, their specifications, requirements, and hardware structures. In the light of this analysis, it also describes a high performance, low power, and highly flexible cryptographic processor, Cryptoraptor, that is designed to support both today's and tomorrow's encryption standards. To the best of our knowledge, the proposed cryptographic processor supports the widest range of cryptographic algorithms compared to other solutions in the literature and is the only crypto-specific processor targeting the future standards as well. Unlike previous work, we aim for maximum throughput for all known encryption standards, and to support future standards as well. Our 1GHz design achieves a peak throughput of 128Gbps for AES-128 which is competitive with ASIC designs and has 25X and 160X higher throughput per area than CPU and GPU solutions, respectively.Electrical and Computer Engineerin

Удосконалена функція хешування MD4

Today information is seen as a strategic resource. Modification of the information or it’s illegal dissemination can lead to serious consequences.  The process of ensuring information protection get’s complicated with the development of computing machines. The integrity of important operating system files, programs or data controled of hash function. Hashing is used to construct associative arrays and duplicate in a series of datasets, build unique identifiers for a set of data, with a view to determining the Checksumming accidental or deliberate errors in you save or transfer, to save passwords on systems of protection, in the formulation of an electronic signature. More recently, industry related cryptographic hash faced a significant challenge-sustainability to multikolizijam that use attack Zhuks. In his work Zhuks has shown that sustainability, calculates the hash value by cascading these functions, not much more than the stability of one of them. In addition, the known hash algorithms do not allow to fully address the issues of ensuring the durability and performance of cryptographic algorithms. Therefore, developing new and improving existing hash functions with a view to enhancing the effectiveness of cryptographic protection will not lose its relevance. With this in mind, in the work of the proposed hash function newMD4, which was developed on the basis of the original hash function MD4. Designed hash function newMD4 has several innovations compared to MD4: if you are compressing instead of four 32-bit variables proposed using five 64-bit variable  increased the length of the hash value to 256-bits; replaced by additional functions  added additional operations at each stage. In the work of the experimental research on the evaluation of Expressway and the statistical characteristics of the proposed hash function. Under the same conditions, conducted pilot studies to assess mental speed characteristics, which showed that the hash function newMD4 faster than the original MD4 in 1,43 times. For research of statistical characteristics of NIST tests were used in the STS, at the same hash function used to generate sequences, statistical characteristics of teristiki which tested the specified tests. According to the research results, consistency, using the hash function sgenerirovanye newMD4 showed better statistical characteristics compared to the original.Сегодня информация рассматривается как стратегический ресурс. Модификация информации или её незаконное распространение может привести к серьезным последствиям.  Процесс обеспечения защиты информации усложняется с развитием вычислительных машин. Целостность важных файлов операционной системы, программ или данных контролируется функцией хеширования. Хеширование используется для построения ассоциативных массивов, поиска дубликатов в сериях наборов данных, построения уникальных идентификаторов для набора данных, контрольного суммирования с целью определения случайных или преднамеренных ошибок при сохранении или передаче, для сохранения паролей в системах защиты, при выработке электронной подписи. Совсем недавно отрасль криптографии, связанная с хешированием столкнулась с весомой проблемой - обеспечением устойчивости к мультиколизиям, которые используют атаку Жукс. В своей работе Жукс показал, что устойчивость хеш-значение, вычисляют путем каскадирования этих функций ненамного больше, чем устойчивость одной из них. Кроме того, известные алгоритмы хеширования не позволяют в полной мере решать вопросы обеспечения криптографической стойкости и высокого быстродействия алгоритмов. Поэтому разработка новых и усовершенствование существующих функций хеширования с целью повышения эффективности криптографической защиты не потеряет своей актуальности. Учитывая это, в работе предложено функцию хеширования newMD4, которая была разработана на основе оригинальной функции хеширования MD4. Разработана функция хеширования newMD4 имеет несколько нововведений по сравнению с MD4: при сжатии вместо четырех 32-битных переменных предложено использование пяти 64-битных переменных увеличена длина хеш-значения до 256-бит; заменены дополнительные функции добавлены дополнительные операции на каждом этапе. В работе проведены экспериментальные исследования по оценке скоростных и статистических характеристик предложенной функции хеширования. При одинаковых условиях, проведенные экспериментальным исследования по оценке скоростных характеристик, которые показали, что функция хеширования newMD4 быстрее, чем оригинальный MD4 в 1,43 раз. Для исследования статистических характеристик были использованы тесты NIST STS, при этом функции хеширования использовались для генерации последовательностей, статистические характеристики которых проверялись указанными тестами. Согласно результатам исследования, последовательности, которые были сгенерированы с помощью функции хеширования newMD4 показали лучшие статистические характеристики по сравнению с оригиналом.Цілісніть важливих файлів операційної системи, програм чи даних контролюється функціями хешування. Відомі алгоритми хешування не дозволяють у повній мірі вирішувати питання забезпечення криптографічної стійкості та високої швидкодії алгоритмів. Тому розробка нових та удосконалення існуючих функцій хешування все ще актуальна задача. З огляду на це, у роботі запропоновано удосконалену функцію хешування newMD4, на основі оригінальної функції хешування MD4. Розроблена функція хешування newMD4 має декілька покращень, таких як, збільшення довжини хеш-коду, зміну додаткових функцій ,,, збільшення кількості етапів стиснення. Отримані результаті було підтверджено експериментальними дослідженнями. За однакових умов, проведені експериментальні дослідження з оцінки швидкісних характеристик, які показали, що шифр newMD4 перевершив свого попередника на 1,47 разів. Для дослідження статистичних характеристик використано тести NIST, так як при незначній модифікації newMD4 можна застосовувати для генерації псевдовипадкових послідовностей. Кількість тестів, які пройшли тестування ≥99% послідовностей, у 1,22 разів більша ніж у MD4

An encryption package for UNIX

Cryptography has a much wider application than secrecy, such as authentication and digital signature. There are two common types of cryptographic algoritlims - symmetric and asymmetric. The Data Encryption Standaid (DES) is the first and only, publicly available cryptographic algoritlim tliat has been widely used in commercial conmiunication. The DES is a block cipher symmetric algoritlim and its design is based on the Shannon\u27s two general principles - diffusion and confusion. With the decreased cost of hardware and a better understanding of block ciphers and cryptanalysis techniques, a number of DES-like ciphers have been proposed as the replacement for DES. One-way hashing functions are useful in implementing any digital signature schemes. A hashing function accepts a vai\u27iable size message M as input and outputs a fixed size representation of tlie message H(M). A number of hashing functions of fixed size or variable size message digest have been proposed. The cryptographic primitives (des, feal, loki, kliufu, and kliafre), block cipher based hashing algorithms (sbh and dbh), and key-less hashing algorithms (md4, md4x, md5 and haval) have been implemented as standard commands and C library calls for the UNIX Operating System

The design of a secure data communication system

The recent results of using a new type of chosen-plaintext attack, which is called differential cryptanalysis, makes most published conventional secret-key block cipher systems vulnerable. The need for a new conventional cipher which resists all known attacks was the main inspiration of this work. The design of a secret-key block cipher algorithm called DCU-Cipher, that resists all known cryptanalysis methods is proposed in this dissertation. The proposed method is workable for either 64-bit plaintext/64-bit ciphertext blocks, or 128-bit plaintext/128-bit ciphertext blocks. The secret key in both styles is 128-bit long. This method has only four rounds and the main transformation function in this cipher algorithm is based on four mixed operations. The proposed method is suitable for both hardware and software implementation. It is also suitable for cryptographic hash function implementations. Two techniques for file and/or data communication encryption are also proposed here. These modes are modified versions of the Cipher-Block Chaining mode, by which the threat of the known-plaintext differential cyptanalytical attack is averted. An intensive investigation of the best known Identity-based key exchange schemes is also presented. The idea behind using such protocols, is providing an authenticated secret-key by using the users identification tockens. These kind of protocols appeared recently and are not standardized as yet. None of these protocols have been compared with previous proposals. Therefore one can not realize the efficiency and the advantages of a new proposed protocol without comparing it with other existing schemes of the same type. The aim of this investigation is to clarify the advantages and the disadvantages of each of the best known schemes and compare these schemes from the complixity and the speed viewpoint

A Review of Existing 4-bit Crypto S-box cryptanalysis Techniques and Two New Techniques with 4-bit Boolean Functions for Cryptanalysis of 4-bit Crypto S-boxes.

4-bit Linear Relations play an important role in Cryptanalysis of 4-bit Bijective Crypto S-boxes. 4-bit finite differences also a major part of cryptanalysis of 4-bit substitution boxes. Count of existence of all 4-bit linear relations, for all of 16 input and 16 output 4-bit bit patterns of 4-bit bijective crypto S-boxes said as S-boxes has been reported in Linear Cryptanalysis of 4-bit S-boxes. Count of existing finite differences from each element of output S-boxes to distant output S-boxes have been noted in Differential Cryptanalysis of S-boxes. In this paper a brief review of these cryptanalytic methods for 4-bit S-boxes has been introduced in a very lucid and conceptual manner. Two new Analysis Techniques, one to search for the existing Linear Approximations among the input Boolean Functions (BFs) and output BFs of a particular 4-bit S-Box has also been introduced in this paper. The search is limited to find the existing linear relations or approximations in the contrary to count the number existent linear relations among all 16 4-bit input and output bit patterns within all possible linear approximations. Another is to find number of balanced 4-bit BFs in difference output S-boxes. Better the number of Balanced BFs, Better the security

Generic Key Recovery Attack on Feistel Scheme

We propose new generic key recovery attacks on Feistel-type block ciphers. The proposed attack is based on the all subkeys recovery approach presented in SAC 2012, which determines all subkeys instead of the master key. This enables us to construct a key recovery attack without taking into account a key scheduling function. With our advanced techniques, we apply several key recovery attacks to Feistel-type block ciphers. For instance, we show 8-, 9- and 11-round key recovery attacks on n-bit Feistel ciphers with 2n-bit key employing random keyed F-functions, random F-functions, and SP-type F-functions, respectively. Moreover, thanks to the meet-in-the-middle approach, our attack leads to low-data complexity. To demonstrate the usefulness of our approach, we show a key recovery attack on the 8-round reduced CAST-128, which is the best attack with respect to the number of attacked rounds. Since our approach derives the lower bounds on the numbers of rounds to be secure under the single secret key setting, it can be considered that we unveil the limitation of designing an efficient block cipher by a Feistel scheme such as a low-latency cipher

Better Steady than Speedy: Full break of SPEEDY-7-192

Differential attacks are among the most important families of cryptanalysis against symmetric primitives. Since their introduction in 1990, several improvements to the basic technique as well as many dedicated attacks against symmetric primitives have been proposed. Most of the proposed improvements concern the key-recovery part. However, when designing a new primitive, the security analysis regarding differential attacks is often limited to finding the best trails over a limited number of rounds with branch and bound techniques, and a poor heuristic is then applied to deduce the total number of rounds a differential attack could reach. In this work we analyze the security of the SPEEDY family of block ciphers against differential cryptanalysis and show how to optimize many of the steps of the key-recovery procedure for this type of attacks. For this, we implemented a search for finding optimal trails for this cipher and their associated multiple probabilities under some constraints and applied non-trivial techniques to obtain optimal data and key-sieving. This permitted us to fully break SPEEDY-7-192, the 7-round variant of SPEEDY supposed to provide 192-bit security. Our work demonstrates among others the need to better understand the subtleties of differential cryptanalysis in order to get meaningful estimates on the security offered by a cipher against these attacks

Block Ciphers: Analysis, Design and Applications

In this thesis we study cryptanalysis, applications and design of secret key block ciphers. In particular, the important class of Feistel ciphers is studied, which has a number of rounds, where in each round one applies a cryptographically weak function

Indirect key derivation schemes for key management of access hierarchies

In this thesis, we study the problem of key management within an access hierarchy. Our contribution to the key management problem is an indirect key derivation approach we call the HMAC-method. It is called the HMAC-method, because it is based on hashed message authentication codes (HMACs) built from a fast, single, dedicated hash function (SHA-1). It is intended to provide an efficient indirect key management method for large access hierarchies resembling tree structures. We are able to achieve better tree traversals using a technique we created called path addressing. Our path addressing scheme allows us to efficiently calculate relationships between security classes, determine traversal paths, and improve the performance of indirect key derivation. We also present our cached key update scheme which is meant to improve the indirect key derivation schemes on tree hierarchies by delaying key updates when changes to the structure of the access hierarchy are necessary, but the re-calculation and re-assignment of keys would either be costly or inconvenient. For access hierarchies represented as weakly/strongly connected directed acyclic graphs, we suggest modifications to our path addressing and key derivation scheme which could allow our HMAC-method to be appplied to these types of hierarchies. Along the way, we discuss various current key management methods and discuss certain pragmatic issues that can arise which affect the applicability and implementation of a key management method