A MAC Mode for Lightweight Block Ciphers

status: accepte

A hybrid modified lightweight algorithm for achieving data integrity and confidentiality

Encryption algorithms aim to make data secure enough to be decrypted by an attacker. This paper combines the Speck and the Salsa20 to make it difficult for an attacker to exploit any weaknesses in these two algorithms and create a new lightweight hybrid algorithm called Speck-Salsa20 algorithm for data integrity and confidentiality (SSDIC). SSDIC uses less energy and has an efficient throughput. It works well in both hardware and software and can handle a variety of explicit plaintext and key sizes. SSDIC solves the difficulties of the Speck algorithm. The sequence generated by Speck is not random and fails to meet an acceptable success rate when tested in statistical tests. It is processed by generating a random key using the Salsa20 algorithm. Salsa20 is a high-speed secure algorithm that is faster than advanced encryption standard (AES) and can be used on devices with low resources. It uses a 256-bit key hash function. The recovery of the right half of the original key of the Speck algorithm is also handled by modifying the Speck round function and the key schedule. Simulation results show, according to a National Institute of Standards and Technology (NIST) test, the performance achieved by the SSDIC is increased by nearly 66% more than that achieved from the Speck in terms of data integrity and confidentiality

HARPOCRATES: An Approach Towards Efficient Encryption of Data-at-rest

This paper proposes a new block cipher called HARPOCRATES, which is different from traditional SPN, Feistel, or ARX designs. The new design structure that we use is called the substitution convolution network. The novelty of the approach lies in that the substitution function does not use fixed S-boxes. Instead, it uses a key-driven lookup table storing a permutation of all 8-bit values. If the lookup table is sufficiently randomly shuffled, the round sub-operations achieve good confusion and diffusion to the cipher. While designing the cipher, the security, cost, and performances are balanced, keeping the requirements of encryption of data-at-rest in mind. The round sub-operations are massively parallelizable and designed such that a single active bit may make the entire state (an 8 × 16 binary matrix) active in one round. We analyze the security of the cipher against linear, differential, and impossible differential cryptanalysis. The cipher’s resistance against many other attacks like algebraic attacks, structural attacks, and weak keys are also shown. We implemented the cipher in software and hardware; found that the software implementation of the cipher results in better throughput than many well-known ciphers. Although HARPOCRATES is appropriate for the encryption of data-at-rest, it is also well-suited in data-in-transit environments

RoadRunneR: A Small And Fast Bitslice Block Cipher For Low Cost 8-bit Processors

Designing block ciphers targeting resource constrained 8-bit CPUs is a challenging problem. There are many recent lightweight ciphers designed for better performance in hardware. On the other hand, most software efficient lightweight ciphers either lack a security proof or have a low security margin. To fill the gap, we present RoadRunneR which is an efficient block cipher in 8-bit software, and its security is provable against differential and linear attacks. RoadRunneR has lowest code size in Atmel’s ATtiny45, except NSA’s design SPECK, which has no security proof. Moreover, we propose a new metric for the fair comparison of block ciphers. This metric, called ST/A, is the first metric to use key length as a parameter to rank ciphers of different key length in a fair way. By using ST/A and other metrics in the literature, we show that RoadRunneR is competitive among existing ciphers on ATtiny45

Block Ciphers - Focus On The Linear Layer (feat. PRIDE): Full Version

The linear layer is a core component in any substitution-permutation network block cipher. Its design significantly influences both the security and the efficiency of the resulting block cipher. Surprisingly, not many general constructions are known that allow to choose trade-offs between security and efficiency. Especially, when compared to Sboxes, it seems that the linear layer is crucially understudied. In this paper, we propose a general methodology to construct good, sometimes optimal, linear layers allowing for a large variety of trade-offs. We give several instances of our construction and on top underline its value by presenting a new block cipher. PRIDE is optimized for 8-bit micro-controllers and significantly outperforms all academic solutions both in terms of code size and cycle count

State of the Art in Lightweight Symmetric Cryptography

Lightweight cryptography has been one of the hot topics in symmetric cryptography in the recent years. A huge number of lightweight algorithms have been published, standardized and/or used in commercial products. In this paper, we discuss the different implementation constraints that a lightweight algorithm is usually designed to satisfy in both the software and the hardware case. We also present an extensive survey of all lightweight symmetric primitives we are aware of. It covers designs from the academic community, from government agencies and proprietary algorithms which were reverse-engineered or leaked. Relevant national (NIST...) and international (ISO/IEC...) standards are listed. We identified several trends in the design of lightweight algorithms, such as the designers\u27 preference for ARX-based and bitsliced-S-Box-based designs or simpler key schedules. We also discuss more general trade-offs facing the authors of such algorithms and suggest a clearer distinction between two subsets of lightweight cryptography. The first, ultra-lightweight cryptography, deals with primitives fulfilling a unique purpose while satisfying specific and narrow constraints. The second is ubiquitous cryptography and it encompasses more versatile algorithms both in terms of functionality and in terms of implementation trade-offs

On the Efficiency of Software Implementations of Lightweight Block Ciphers from the Perspective of Programming Languages

Lightweight block ciphers are primarily designed for resource constrained devices. However, due to service requirements of large-scale IoT networks and systems, the need for efficient software implementations can not be ruled out. A number of studies have compared software implementations of different lightweight block ciphers on a specific platform but to the best of our knowledge, this is the first attempt to benchmark various software implementations of a single lightweight block cipher across different programming languages and platforms in the cloud architecture. In this paper, we defined six lookup-table based software implementations for lightweight block ciphers with their characteristics ranging from memory to throughput optimized variants. We carried out a thorough analysis of the two costs associated with each implementation (memory and operations) and discussed possible trade-offs in detail. We coded all six types of implementations for three key settings (64, 80, 128 bits) of LED (a lightweight block cipher) in four programming languages (Java, C#, C++, Python). We highlighted the impact of choice relating to implementation type, programming language, and platform by benchmarking the seventy-two implementations for throughput and software efficiency on 32 & 64-bit platforms for two major operating systems (Windows & Linux) on Amazon Web Services Cloud. The results showed that these choices can affect the efficiency of a cryptographic primitive by a factor as high as 400

Anahtarlı Boole geri besleme fonksiyonu olan kayan anahtar üreteçleri için gelişmiş saldırı yöntemi

Ultra-lightweight stream ciphers are highly optimized variation of stream ciphers for miniscule hardwares with limited power and calculation resources such as RFID product tags used in retail marketing and Wireless Sensor Network components that are indispensable part of modern SCADA systems. In FSE 2015, Armknecht and Mikhalev presented a unique ultra-lightweight stream cipher design approach defined as Keystream Generators with Keyed Update Function (KSG with KUF) along with a concrete cipher Sprout [1]. This design approach used by recent stream ciphers such as Fruit [2] and Plantlet [3], promises to make use of secret key during state updates in order to maintain security level as well as shorten internal state size to reduce hardware area in conjunction with power consumption. In 2018, definition of KSG with KUF is narrowed by Kara and Esgin [4], with new definition Keystream Generators with Boolean Keyed Feedback Function (KSG with Boolean KFF), on which a generic scope trade-off attack is also mounted. This attack relies on guess capacity definition given in the same article, to eliminate wrong states during exhaustive search operation. In this thesis, we examined this generic Kara and Esgin attack in-depth and accelerated by a factor up to about 60 times. In order to accomplish this speedup, a new guess capacity definition and sieving method are introduced in addition to the improved algorithm which contributes efficiency of the attack in both performance and stability. Improvements are validated with intense performance tests comprising nearly twenty sample feedback functions, including Sprout, with diverse existence of guess capacities.Yazarlık Beyanı ii Abstract iv Öz v Teşekkür vii Şekil Listesi xi Tablo Listesi xii Kısaltmalar xiii Sözlükçe xiv 1 Giriş 1 1.1 Motivasyon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 İlişkin Çalışmalar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.3 Katkılarımız . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.4 Tezin Bölümleri (Ana Hatları) . . . . . . . . . . . . . . . . . . . . . . . . . 7 2 Temel Kavramlar 10 2.1 Kriptografinin Kısa Geçmişi . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.1.1 İletişim Yöntemlerinin Gelişimi . . . . . . . . . . . . . . . . . . . . 10 2.1.2 Kriptografi Nedir? . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.2 Kriptografik Algoritmaların Sınıflandırılması . . . . . . . . . . . . . . . . . 11 2.2.1 Antik Dönem Teknikleri . . . . . . . . . . . . . . . . . . . . . . . . 11 2.2.2 Elektronik Dünyaya Geçiş . . . . . . . . . . . . . . . . . . . . . . . 12 3 Dizi Şifreleme 14 3.1 Giriş & Kullanım Alanları . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 3.1.1 GSM (2G), UMTS(3G) ve LTE(4G) Güvenliği . . . . . . . . . . . 15 3.1.2 Kablosuz Ağ Güvenliği (WEP and WPA) . . . . . . . . . . . . . . 15 3.1.3 RFID Uygulamaları . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.1.4 Kablosuz Sensör Ağları (WSN) . . . . . . . . . . . . . . . . . . . . 16 3.1.5 ZigBee Protokolü . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 3.2 Dizi Şifrelemenin Temel Kavramları . . . . . . . . . . . . . . . . . . . . . . 19 3.3 Tek Seferlik Şifre (One Time Pad) . . . . . . . . . . . . . . . . . . . . . . 19 3.4 Donanımsal Nitelikler ve Performans Ölçütleri . . . . . . . . . . . . . . . . 20 3.4.1 Donanım Boyutu (Kapı Eşdeğeri) . . . . . . . . . . . . . . . . . . . 20 3.4.2 Çıktı Hızı . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 3.4.3 Yayılım Gecikmesi . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 3.4.4 Operasyonel Saat Frekansı . . . . . . . . . . . . . . . . . . . . . . . 21 3.5 Lineer Geri Beslemeli Ötelemeli Saklayıcı (LFSR) . . . . . . . . . . . . . . 22 3.6 Lineer Olmayan Geri Beslemeli Ötelemeli Saklayıcı (NLFSR) . . . . . . . 23 3.7 A5/1 Algoritmasına Hızlı Bakış . . . . . . . . . . . . . . . . . . . . . . . . 23 3.7.1 Kayan Anahtar Üretecinin Tasarımı . . . . . . . . . . . . . . . . . 24 3.7.2 İlklendirme Fazı . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 3.8 Trivium Algoritmasına Hızlı Bakış . . . . . . . . . . . . . . . . . . . . . . 26 3.9 Espresso Algoritmasına Hızlı Bakış . . . . . . . . . . . . . . . . . . . . . . 26 4 Anahtarlı Güncelleme Fonksiyonu olan Kayan Anahtar Üreteçleri 28 4.1 Tanımlar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 4.2 Sprout Algoritması . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 4.2.1 Çıkış Noktası . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 4.2.2 Tasarım . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 4.2.3 İlklendirme Fazı . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 4.2.4 Gerçekleştirilen Saldırılar . . . . . . . . . . . . . . . . . . . . . . . 35 5 ABGBF-KAÜ Ailesine Yönelik Genel Kapsamlı Saldırı 36 5.1 Saldırının Açıklaması . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 5.1.1 Tahmin Kapasitesi (Prg) . . . . . . . . . . . . . . . . . . . . . . . 37 5.1.2 Çıktı Kapasitesi (θ) . . . . . . . . . . . . . . . . . . . . . . . . . . 37 5.1.3 Karavana İhtimali () . . . . . . . . . . . . . . . . . . . . . . . . . 38 5.1.4 Sonlandırma Değeri (αter) . . . . . . . . . . . . . . . . . . . . . . 38 5.1.5 Eşik Değeri (αthr) . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 5.1.6 İç Durum Zaafiyet Göstergesi (d) . . . . . . . . . . . . . . . . . . . 38 5.2 İç Durum Geri Kazanım Algoritması . . . . . . . . . . . . . . . . . . . . . 38 5.2.1 İDGK Sözde Kodu . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 5.3 Determine Algoritması . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 5.4 Check & Guess Algoritması . . . . . . . . . . . . . . . . . . . . . . . . . . 41 5.5 Anahtar Geri Kazanım Fazı . . . . . . . . . . . . . . . . . . . . . . . . . . 42 6 Geliştirilmiş Saldırı Algoritması 44 6.1 Mevcut Algoritmadaki Darboğaz Noktaları . . . . . . . . . . . . . . . . . . 44 6.2 Hata Düzeltmesi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 6.2.1 Sözde Kodlar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 6.3 İyileştirme No:1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 6.3.1 İyileştirilmiş Algoritma . . . . . . . . . . . . . . . . . . . . . . . . . 46 6.3.2 Sözde Kodlar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 6.3.3 İyileştirmenin Performansa Etkisi . . . . . . . . . . . . . . . . . . . 47 6.4 İyileştirme No:3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 6.4.1 Sözde Kodlar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 6.5 Geliştirilmiş Algoritmanın Nihai Tasarımı . . . . . . . . . . . . . . . . . . 51 6.5.1 Sözde Kodlar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 7 Geliştirilmiş Algoritmanın Performans Analizi 53 7.1 Ön Bilgiler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 7.1.1 Benzetimin Bilgisayar Ortamında Gerçeklenmesi . . . . . . . . . . 53 7.1.2 Test Sistemi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 7.1.3 Test Senaryosu ve Test Fonksiyonları . . . . . . . . . . . . . . . . . 54 7.1.4 Performans Metrikleri . . . . . . . . . . . . . . . . . . . . . . . . . 56 7.2 Test Sonuçları . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 7.2.1 Grafiklerin Yorumlanması . . . . . . . . . . . . . . . . . . . . . . . 60 8 Sonuç 64 8.1 Yeni Algoritmanın Tasarımı . . . . . . . . . . . . . . . . . . . . . . . . . . 64 8.2 Bulgular . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 8.3 Bilinen Kısıtlar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 8.4 İleriye Yönelik Araştırma Konuları . . . . . . . . . . . . . . . . . . . . . . 65 8.5 Son Yorumlar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 A KE Algoritması Bellek Kullanımı Raporu 67 B Benzetim Uygulaması Kaynak Kodları 69 B.1 Geliştirme Süreci . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 B.2 Proje Yapısı . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 B.3 Proje 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 B.4 Proje 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 Kaynaklar 7