Efficient FPGA Implementations of High-Dimensional Cube Testers on the Stream Cipher Grain-128

Cube testers are a generic class of methods for building disstinguishers, based on cube attacks and on algebraic property-testers. In this paper, we report on an efficient FPGA implementation of cube testers on the stream cipher Grain-128. Our best result (a distinguisher on Grain-128 reduced to 237 rounds, out of 256) was achieved after a computation involving 2^54 clockings of Grain-128, with a 256×32 parallelization. An extrapolation of our results with standard methods suggests the possibility of a distinguishing attack on the full Grain-128 in time 2^83, which is well below the 2^128 complexity of exhaustive search. We also describe the method used for finding good cubes (a simple evolutionary algorithm), and report preliminary results on Grain-v1 obtained with a bitsliced C implementation

Links between Division Property and Other Cube Attack Variants

A theoretically reliable key-recovery attack should evaluate not only the non-randomness for the correct key guess but also the randomness for the wrong ones as well. The former has always been the main focus but the absence of the latter can also cause self-contradicted results. In fact, the theoretic discussion of wrong key guesses is overlooked in quite some existing key-recovery attacks, especially the previous cube attack variants based on pure experiments. In this paper, we draw links between the division property and several variants of the cube attack. In addition to the zero-sum property, we further prove that the bias phenomenon, the non-randomness widely utilized in dynamic cube attacks and cube testers, can also be reflected by the division property. Based on such links, we are able to provide several results: Firstly, we give a dynamic cube key-recovery attack on full Grain-128. Compared with Dinur et al.’s original one, this attack is supported by a theoretical analysis of the bias based on a more elaborate assumption. Our attack can recover 3 key bits with a complexity 297.86 and evaluated success probability 99.83%. Thus, the overall complexity for recovering full 128 key bits is 2125. Secondly, now that the bias phenomenon can be efficiently and elaborately evaluated, we further derive new secure bounds for Grain-like primitives (namely Grain-128, Grain-128a, Grain-V1, Plantlet) against both the zero-sum and bias cube testers. Our secure bounds indicate that 256 initialization rounds are not able to guarantee Grain-128 to resist bias-based cube testers. This is an efficient tool for newly designed stream ciphers for determining the number of initialization rounds. Thirdly, we improve Wang et al.’s relaxed term enumeration technique proposed in CRYPTO 2018 and extend their results on Kreyvium and ACORN by 1 and 13 rounds (reaching 892 and 763 rounds) with complexities 2121.19 and 2125.54 respectively. To our knowledge, our results are the current best key-recovery attacks on these two primitives

УЗАГАЛЬНЕНА СТАТИСТИЧНА АТАКА НА СИНХРОННІ ПОТОКОВІ ШИФРИ

Nowadays chosen IV attacks on synchronous streamciphers are the most powerful. These include Dinur-Shamir cube attack, statistical Fisher-Khazaei-Meier(FKM) attack, and their different modifications and improvements.The FKM attack is based on statistical approximations(depended only on some key bits) of Booleanfunctions associated with encryption algorithms. Attack’developers suggested a method for finding theseapproximations but didn’t provide a theoretical justificationof such method’ efficiency. Also there is an openquestion: is it possible to increase attack’ efficiency bychoosing approximations from a wider class of Booleanfunctions. We propose a generalization of cube attack andstatistical attack FKM on synchronous stream ciphers.This attack is based on algebraic degenerate approximationsof Boolean functions that provides more opportunitiesfor implementation of FKM attack’ basic idea. Wealso propose a polynomial probabilistic algorithm forconstruction of such approximations from known subspacesacceptable for defined Boolean function. We showthat the proposed algorithm allows us to construct muchmore efficient attacks on synchronous stream cipherscompared with exhaustive search.В настоящее время наиболее мощными атаками на синхронные поточные шифры являются атаки на основе подобранных векторов инициализации. К ним относятся кубическая атака Динура-Шамира, статистическая атака Фишера-Хазаи-Майера (FKM), а также их различные модификации и усовершенствования. Атака FKM строится на основе статистических приближений булевых функций, связанных с алгоритмами шифрования, функциями, зависящими лишь от некоторых разрядов ключа. Разработчиками атаки предложен способ нахождения указанных приближений, однако недано теоретического обоснования эффективности этого способа. Кроме того, остается открытым вопрос о том, можноли повысить эффективность атаки FKM, выбирая приближения из более широкого класса булевых функций. В настоящей статье предлагается атака на синхронные поточные шифры, обобщающая как кубическую атаку, так и атакуFKM. Эта атака базируется на алгебраически вырожденных приближениях булевых функций, что предоставляет больше возможностей для реализации основной идеи атаки FKM. Предложен полиномиальный вероятностный алгоритм построения указанных приближений по известным подпространствам, допустимым для заданной булевой функции. Показано, что, выбирая определенным образом параметры этого алгоритма, можно строить атаки на синхронные поточные шифры, заметно более эффективные по сравнению с полным перебором ключей.На сьогодні найбільш потужними атаками на синхронні потокові шифри є атаки на основі підібраних векторів ініціалізації. До них відносяться кубічна атака Дінура-Шаміра, статистична атака Фішера-Хазаї-Майєра (FKM), а також їх різні модифікації та вдоско-налення. Атака FKM будується на основі статистичних наближень булевих функцій, пов’язаних з алгоритмами шифрування, функціями, які залежать лишевід деяких розрядів ключа. Розробниками атаки запропоновано спосіб знаходження зазначених наближень, але не надано теоретичного обґрунтування ефективності цього способу. Крім того, залишається відкритим питання про те, чи можливо підвищити ефективність атаки FKM, вибираючи наближення збільш широкого класу булевих функцій. В даній статті пропонується атака на синхронні потокові шифри, яка узагальнює як кубічну атаку, так і атаку FKM. Ця атака базується на алгебраїчно вироджених наближеннях булевих функцій, що надає більше можливостей для реалізації основної ідеї атаки FKM. Запропоновано поліноміальний ймовірнісний алгоритм побудови зазначених наближень за відомими підпросторами, що є допустимими для заданої булевої функції. Показано, що вибираючи певним чином параметрицього алгоритму, можна будувати атаки на синхронні потокові шифри, значно більш ефективні в порівнянні з повним перебором ключів

Ten years of cube attacks

In 2009, Dinur and Shamir proposed the cube attack, an algebraic cryptanalysis technique that only requires black box access to a target cipher. Since then, this attack has received both many criticisms and endorsements from crypto community; this work aims at revising and collecting the many attacks that have been proposed starting from it. We categorise all of these attacks in five classes; for each class, we provide a brief summary description along with the state-of-the-art references and the most recent cryptanalysis results. Furthermore, we extend and refine the new notation we proposed in 2021 and we use it to provide a consistent definition for each attack family. Finally, in the appendix, we provide an in-depth description of the kite attack framework, a cipher independent tool we firstly proposed in 2018 that implements the kite attack on GPUs. To prove its effectiveness, we use Mickey2.0 as a use case, showing how to embed it in the framework

A Novel Approach to Communicate Secret Message Between Users Using Sponge Function Technique on NTRU

This paper presents a novel approach for a (key distribution) for secret message communication among a group (G). In order to increase security to distribute secret message (key), we introduce sponge functions using these at a specific permutation. We generate a key and distribute this key using (PKCS)(public key crypto systems), the absorbing, squeezing functions are used. In this paper an introduction part which briefs regarding sponge functions, key distribution centre, group communication and NTRU, key generation authentication, in literature review we describe about the research states of sponge functions, lightweight hash functions-KDC – NTRU. In proposed work we propose how the group communication establishes registration of users, entry and exit of a user. The encryption and decryption algorithm are used between sender and receiver. The entire proposed work is verified in VHDL and ‘MATLABS'. doi: http://dx.doi.org/10.12777/ijse.4.2.2013.44-51 [How to cite this article: Varaprasad, S., Rao, K. V., & Avadhani, P. S. (2013). A Novel Approach to Communicate Secret Message between Users Using Sponge Function Technique on NTRU. INTERNATIONAL JOURNAL OF SCIENCE AND ENGINEERING, 4(2), 44-51; doi: http://dx.doi.org/10.12777/ijse.4.2.2013.44-51

Necessary conditions for designing secure stream ciphers with the minimal internal states

After the introduction of some stream ciphers with the minimal internal state, the design idea of these ciphers (i.e. the design of stream ciphers by using a secret key, not only in the initialization but also permanently in the keystream generation) has been developed. The idea lets to design lighter stream ciphers that they are suitable for devices with limited resources such as RFID, WSN. We present necessary conditions for designing a secure stream cipher with the minimal internal state. Based on the conditions, we propose Fruit-128 stream cipher for 128-bit security against all types of attacks. Our implementations showed that the area size of Fruit-128 is about 25.2% smaller than that of Grain-128a. The discussions are presented that Fruit-128 is more resistant than Grain-128a to some attacks such as Related key chosen IV attack. Sprout, Fruit-v2 and Plantlet ciphers are vulnerable to time-memory-data trade-off (TMDTO) distinguishing attacks. For the first time, IV bits were permanently used to strengthen Fruit-128 against TMDTO attacks. We will show that if IV bits are not permanently available during the keystream production step, we can eliminate the IV mixing function from it. In this case, security level decreases to 69-bit against TMDTO distinguishing attacks (that based on the application might be tolerable). Dynamic initialization is another contribution of the paper (that it can strengthen initialization of all stream ciphers with low area cost)

New Configurations of Grain Ciphers: Security Against Slide Attacks

eSTREAM brought to the attention of the cryptographic community a number of stream ciphers including Grain v0 and its revised version Grain v1. The latter was selected as a finalist of the competition\u27s hardware-based portfolio. The Grain family includes two more instantiations, namely Grain 128 and Grain 128a. The scope our paper is to provide an insight on how to obtain secure configurations of the Grain family of stream ciphers. We propose different variants for Grain and analyze their security with respect to slide attacks. More precisely, as various attacks against initialization algorithms of Grain were discussed in the literature, we study the security impact of various parameters which may influence the LFSR\u27s initialization scheme

Security of Ubiquitous Computing Systems

The chapters in this open access book arise out of the EU Cost Action project Cryptacus, the objective of which was to improve and adapt existent cryptanalysis methodologies and tools to the ubiquitous computing framework. The cryptanalysis implemented lies along four axes: cryptographic models, cryptanalysis of building blocks, hardware and software security engineering, and security assessment of real-world systems. The authors are top-class researchers in security and cryptography, and the contributions are of value to researchers and practitioners in these domains. This book is open access under a CC BY license

Security of Ubiquitous Computing Systems

The chapters in this open access book arise out of the EU Cost Action project Cryptacus, the objective of which was to improve and adapt existent cryptanalysis methodologies and tools to the ubiquitous computing framework. The cryptanalysis implemented lies along four axes: cryptographic models, cryptanalysis of building blocks, hardware and software security engineering, and security assessment of real-world systems. The authors are top-class researchers in security and cryptography, and the contributions are of value to researchers and practitioners in these domains. This book is open access under a CC BY license