19 research outputs found

    Optimization of SM4 Encryption Algorithm for Power Metering Data Transmission

    Get PDF
    This study focuses on enhancing the security of the SM4 encryption algorithm for power metering data transmission by employing hybrid algorithms to optimize its substitution box (S-box). A multi-objective fitness function is constructed to evaluate the S-box structure, aiming to identify design solutions that satisfy differential probability, linear probability, and non-linearity balance. To achieve global optimization and local search for the S-box, a hybrid algorithm model that combines genetic algorithm and simulated annealing is introduced. This approach yields significant improvements in optimization effects and increased non-linearity. Experimental results demonstrate that the optimized S-box significantly reduces differential probability and linear probability while increasing non-linearity to 112. Furthermore, a comparison of the ciphertext entropy demonstrates enhanced encryption security with the optimized S-box. This research provides an effective method for improving the performance of the SM4 encryption algorithm

    Optimization of SM4 Encryption Algorithm for Power Metering Data Transmission

    Get PDF
    This study focuses on enhancing the security of the SM4 encryption algorithm for power metering data transmission by employing hybrid algorithms to optimize its substitution box (S-box). A multi-objective fitness function is constructed to evaluate the S-box structure, aiming to identify design solutions that satisfy differential probability, linear probability, and non-linearity balance. To achieve global optimization and local search for the S-box, a hybrid algorithm model that combines genetic algorithm and simulated annealing is introduced. This approach yields significant improvements in optimization effects and increased non-linearity. Experimental results demonstrate that the optimized S-box significantly reduces differential probability and linear probability while increasing non-linearity to 112. Furthermore, a comparison of the ciphertext entropy demonstrates enhanced encryption security with the optimized S-box. This research provides an effective method for improving the performance of the SM4 encryption algorithm

    STP Models of Optimal Differential and Linear Trail for S-box Based Ciphers

    Get PDF
    Automatic tools have played an important role in designing new cryptographic primitives and evaluating the security of ciphers. Simple Theorem Prover constraint solver (STP) has been used to search for differential/linear trails of ciphers. This paper proposes general STP-based models searching for differential and linear trails with the optimal probability and correlation for S-box based ciphers. In order to get trails with the best probability or correlation for ciphers with arbitrary S-box, we give an efficient algorithm to describe probability or correlation of S-Box. Based on the algorithm we present a search model for optimal differential and linear trails, which is efficient for ciphers with S-Boxes whose DDTs/LATs contain entities not equal to the power of two. Meanwhile, the STP-based model for single-key impossible differentials considering key schedule is proposed, which traces the propagation of values from plaintext to ciphertext instead of propagations of differences. And we found that there is no 5-round AES-128 single-key truncated impossible differential considering key schedule, where input and output differences have only one active byte respectively. Finally, our proposed models are utilized to search for trails of bit-wise ciphers GIFT-128, DES, DESL and ICEBERG and word-wise ciphers ARIA, SM4 and SKINNY-128. As a result, improved results are presented in terms of the number of rounds or probabilities/correlations

    Cryptanalysis of a Type of White-Box Implementations of the SM4 Block Cipher

    Get PDF
    The SM4 block cipher was first released in 2006 as SMS4 used in the Chinese national standard WAPI, and became a Chinese national standard in 2016 and an ISO international standard in 2021. White-box cryptography aims primarily to protect the secret key used in a cryptographic software implementation in the white-box scenario that assumes an attacker to have full access to the execution environment and execution details of an implementation. Since white-box cryptography has many real-life applications nowadays, a few white-box implementations of the SM4 block cipher has been proposed with its increasingly wide use, among which a type of constructions is dominated, that use an affine diagonal block encoding to protect the original XOR sum of the three branches entering the S-box layer of a round and use its inverse to protect the original input of the S-box layer, such as Xiao and Lai\u27s implementation in 2009, Shang\u27s implementation in 2016 and Yao and Chen\u27s implementation in 2020. In this paper, we show that this type of white-box SM4 constructions can be somewhat equivalent to a plain implementation mostly with Boolean masks from a security viewpoint, by devising collision-based attacks on Xiao and Lai\u27s, Shang\u27s and Yao and Chen\u27s implementations with a time complexity of respectively about 2222^{22}, 2392^{39} and 2222^{22} to peel off most white-box operations until only Boolean masks remain. Besides, we present a collision-based attack on a white-box SM4 implementation with a time complexity of about 217.12^{17.1} to recover an original round key, which uses a linear diagonal block encoding instead of an affine diagonal block encoding. Our results show that generating such a white-box SM4 implementation with affine encodings can be simplified into generating a plain implementation with Boolean masks (if its security expectation is beyond the above-mentioned complexity), and the effect of an affine encoding is significantly better than the effect of a linear encoding in the sense of our cryptanalysis results

    Quantum Cryptanalysis on Contracting Feistel Structures and Observation on Related-key Settings

    Get PDF
    In this paper we show several quantum chosen-plaintext attacks (qCPAs) on contracting Feistel structures. In the classical setting, a dd-branch rr-round contracting Feistel structure can be shown to be PRP-secure when dd is even and r≥2d−1r \geq 2d-1, meaning it is secure against polynomial-time chosen-plaintext attacks. We propose a polynomial-time qCPA distinguisher on the dd-branch (2d−1)(2d-1)-round contracting Feistel structure, which solves an open problem by Dong et al. In addition, we show a polynomial-time qCPA that recovers the keys of the dd-branch rr-round contracting Feistel structure when each round function Fki(i)F^{(i)}_{k_i} has the form Fki(i)(x)=Fi(x⊕ki)F^{(i)}_{k_i}(x) = F_i(x \oplus k_i) for a public random function FiF_i. This is applicable to the Chinese block cipher standard {\texttt{SM4}}, which is a special case where d=4d=4. Finally, in addition to quantum attacks under single-key setting, we also show related-key quantum attacks on balanced Feistel structures in the model that adversaries can only control part of the key difference in quantum superposition. Our related-key attacks on balanced Feistel structures can easily be extended to ones on contracting Feistel structures

    Design of a Scan Chain for Side Channel Attacks on AES Cryptosystem for Improved Security

    Get PDF
    Scan chain-based attacks are side-channel attacks focusing on one of the most significant features of hardware test circuitry. A technique called Design for Testability (DfT) involves integrating certain testability components into a hardware design. However, this creates a side channel for cryptanalysis, providing crypto devices vulnerable to scan-based attacks. Advanced Encryption Standard (AES) has been proven as the most powerful and secure symmetric encryption algorithm announced by USA Government and it outperforms all other existing cryptographic algorithms. Furthermore, the on-chip implementation of private key algorithms like AES has faced scan-based side-channel attacks. With the aim of protecting the data for secure communication, a new hybrid pipelined AES algorithm with enhanced security features is implemented. This paper proposes testing an AES core with unpredictable response compaction and bit level-masking throughout the scan chain process. A bit-level scan flipflop focused on masking as a scan protection solution for secure testing. The experimental results show that the best security is provided by the randomized addition of masked scan flipflop through the scan chain and also provides minimal design difficulty and power expansion overhead with some negligible delay measures. Thus, the proposed technique outperforms the state-of-the-art LUT-based S-box and the composite sub-byte transformation model regarding throughput rate 2 times and 15 times respectively. And security measured in the avalanche effect for the sub-pipelined model has been increased up to 95 per cent with reduced computational complexity. Also, the proposed sub-pipelined S-box utilizing a composite field arithmetic scheme achieves 7 per cent area effectiveness and 2.5 times the hardware complexity compared to the LUT-based model

    C-DIFFERENTIALS AND GENERALIZED CRYPTOGRAPHIC PROPERTIES OF VECTORIAL BOOLEAN AND P-ARY FUNCTIONS

    Get PDF
    This dissertation investigates a newly defined cryptographic differential, called a c-differential, and its relevance to the nonlinear substitution boxes of modern symmetric block ciphers. We generalize the notions of perfect nonlinearity, bentness, and avalanche characteristics of vectorial Boolean and p-ary functions using the c-derivative and a new autocorrelation function, while capturing the original definitions as special cases (i.e., when c=1). We investigate the c-differential uniformity property of the inverse function over finite fields under several extended affine transformations. We demonstrate that c-differential properties do not hold in general across equivalence classes typically used in Boolean function analysis, and in some cases change significantly under slight perturbations. Thus, choosing certain affine equivalent functions that are easy to implement in hardware or software without checking their c-differential properties could potentially expose an encryption scheme to risk if a c-differential attack method is ever realized. We also extend the c-derivative and c-differential uniformity into higher order, investigate some of their properties, and analyze the behavior of the inverse function's second order c-differential uniformity. Finally, we analyze the substitution boxes of some recognizable ciphers along with certain extended affine equivalent variations and document their performance under c-differential uniformity.Commander, United States NavyApproved for public release. Distribution is unlimited

    SPAE un schéma opératoire pour l'AES sur du matériel bas-coût.

    Get PDF
    We propose SPAE, a single pass, patent free, authenticated encryption with associated data (AEAD) for AES. The algorithm has been developped to address the needs of a growing trend in IoT systems: storing code and data on a low cost flash memory external to the main SOC. Existing AEAD algorithms such as OCB, GCM, CCM, EAX , SIV, provide the required functionality however in practice each of them suffer from various drawbacks for this particular use case. Academic contributions such as ASCON and AEGIS-128 are suitable and efficient however they require the development of new hardware accelerators and they use primitives which are not 'approved' by governemental institutions such as NIST, BSI, ANSSI. From a silicon manufacturer point of view, an efficient AEAD which use existing AES hardware is much more enticing: the AES is required already by most industry standards invovling symmetric encryption (GSMA, EMVco, FIDO, Bluetooth, ZigBee to name few). This paper expose the properties of an ideal AEAD for external memory encryption, present the SPAE algorithm and analyze various security aspects. Performances of SPAE on actual hardware are better than OCB, GCM and CCM.Nous présentons SPAE, un schéma en une passe, libre de droit, d'encryption authentifiée avec données associées (AEAD) appliqué à l'AES. Cet algorithme a été développé afin de répondre à une tendance grandissante dans l'internet des objets: stocker du code et des données sur une mémoire flash à bas coût externe au système sur puce (SOC). Des algorithmes AEAD existent déjà tels que OCB, GCM, CCM, EAX, SIV, ils répondent à l'usage demandé cependant en pratique chacun de ces algorithmes présente des désavantages pour cet usage particulier. Les contributions académique telles que ASCON et AEGIS-128 sont appropriés et efficaces cependant ils nécessitent le développement de nouveaux accélérateurs matériels et ils utilisent des primitives qui ne sont pas approuvés par les instituions gouvernementales telles que le NIST, BSI ANSSI. Du point de vue du fabricant de silicone, un AEAD efficace qui utilise du matériel AES existant est beaucoup plus attirant: l'AES est déjà requis par la plupart des standards industriels utilisant de l’encryption symétrique (GSMA, EMVco, FIDO, Bluetooth, ZigBee par exemple). Cet article montre les propriétés d'un AEAD idéal pour de la mémoire encryptée externe, présente l'algorithme SPAE et analyse plusieurs aspects de sécurité. Les performances de SPAE sur du matériel actuel sont meilleures que sur OCB, GCM, et CCM
    corecore