333 research outputs found
Extended Generalized Feistel Networks using Matrix Representation
International audienceWhile Generalized Feistel Networks have been widely studied in the literature as a building block of a block cipher, we propose in this paper a unified vision to easily represent them through a matrix representation. We then propose a new class of such schemes called Extended Generalized Feistel Networks well suited for cryptographic applications. We instantiate those proposals into two particular constructions and we finally analyze their security
Interpolation Cryptanalysis of Unbalanced Feistel Networks with Low Degree Round Functions
Arithmetisierungs-Orientierte Symmetrische Primitive (AOSPs) sprechen das bestehende Optimierungspotential bei der Auswertung von Blockchiffren und Hashfunktionen als Bestandteil von sicherer Mehrparteienberechnung, voll-homomorpher VerschlĂŒsselung und Zero-Knowledge-Beweisen an. Die Konstruktionsweise von AOSPs unterscheidet sich von traditionellen Primitiven durch die Verwendung von algebraisch simplen Elementen. ZusĂ€tzlich sind viele EntwĂŒrfe ĂŒber Primkörpern statt ĂŒber Bits definiert. Aufgrund der Neuheit der VorschlĂ€ge sind eingehendes VerstĂ€ndnis und ausgiebige Analyse erforderlich um ihre Sicherheit zu etablieren. Algebraische Analysetechniken wie zum Beispiel Interpolationsangriffe sind die erfolgreichsten Angriffsvektoren gegen AOSPs. In dieser Arbeit generalisieren wir eine existierende Analyse, die einen Interpolationsangriff mit geringer SpeicherkomplexitĂ€t verwendet, um das Entwurfsmuster der neuen Chiffre GMiMC und ihrer zugehörigen Hashfunktion GMiMCHash zu untersuchen. Wir stellen eine neue Methode zur Berechnung des SchlĂŒssels basierend auf Nullstellen eines Polynoms vor, demonstrieren Verbesserungen fĂŒr die KomplexitĂ€t des Angriffs durch Kombinierung mehrere Ausgaben, und wenden manche der entwickelten Techniken in einem algebraischen Korrigierender-Letzter-Block
Angriff der Schwamm-Konstruktion an. Wir beantworten die offene Frage einer frĂŒheren Arbeit, ob die verwendete Art von Interpolationsangriffen generalisierbar ist, positiv. Wir nennen konkrete empfohlene untere Schranken fĂŒr Parameter in den betrachteten Szenarien. AuĂerdem kommen wir zu dem Schluss dass GMiMC und GMiMCHash gegen die in dieser Arbeit betrachteten Interpolationsangriffe sicher sind. Weitere kryptanalytische Anstrengungen sind erforderlich um die Sicherheitsgarantien von AOSPs zu festigen
Algebraic Insights into the Secret Feistel Network
We introduce the high-degree indicator matrix (HDIM), an object closely related with both the linear approximation table and the algebraic normal form (ANF) of a permutation. We show that the HDIM of a Feistel Network contains very specific patterns depending on the degree of the Feistel functions, the number of rounds and whether the Feistel functions are 1-to-1 or not. We exploit these patterns to distinguish Feistel Networks, even if the Feistel Network is whitened using unknown affine layers.
We also present a new type of structural attack exploiting monomials that cannot be present at round r-1 to recover the ANF of the last Feistel function of a r-round Feistel Network. Finally, we discuss the relations between our findings, integral attacks, cube attacks, Todo's division property and the congruence modulo 4 of the Linear Approximation Table
Algebraic Insights into the Secret Feistel Network (Full version)
We introduce the high-degree indicator matrix (HDIM), an object closely related with both the linear approximation table and the algebraic normal form (ANF) of a permutation. We show that the HDIM of a Feistel Network contains very specific patterns depending on the degree of the Feistel functions, the number of rounds and whether the Feistel functions are 1-to-1 or not. We exploit these patterns to distinguish Feistel Networks, even if the Feistel Network is whitened using unknown affine layers.
We also present a new type of structural attack exploiting monomials that cannot be present at round to recover the ANF of the last Feistel function of a -round Feistel Network. Finally, we discuss the relations between our findings, integral attacks, cube attacks, Todo\u27s division property and the congruence modulo 4 of the Linear Approximation Table
Analyse et Conception d'Algorithmes de Chiffrement LĂ©gers
The work presented in this thesis has been completed as part of the FUI Paclido project, whose aim is to provide new security protocols and algorithms for the Internet of Things, and more specifically wireless sensor networks. As a result, this thesis investigates so-called lightweight authenticated encryption algorithms, which are designed to fit into the limited resources of constrained environments. The first main contribution focuses on the design of a lightweight cipher called Lilliput-AE, which is based on the extended generalized Feistel network (EGFN) structure and was submitted to the Lightweight Cryptography (LWC) standardization project initiated by NIST (National Institute of Standards and Technology). Another part of the work concerns theoretical attacks against existing solutions, including some candidates of the nist lwc standardization process. Therefore, some specific analyses of the Skinny and Spook algorithms are presented, along with a more general study of boomerang attacks against ciphers following a Feistel construction.Les travaux prĂ©sentĂ©s dans cette thĂšse sâinscrivent dans le cadre du projet FUI Paclido, qui a pour but de dĂ©finir de nouveaux protocoles et algorithmes de sĂ©curitĂ© pour lâInternet des Objets, et plus particuliĂšrement les rĂ©seaux de capteurs sans fil. Cette thĂšse sâintĂ©resse donc aux algorithmes de chiffrements authentifiĂ©s dits Ă bas coĂ»t ou Ă©galement, lĂ©gers, pouvant ĂȘtre implĂ©mentĂ©s sur des systĂšmes trĂšs limitĂ©s en ressources. Une premiĂšre partie des contributions porte sur la conception de lâalgorithme lĂ©ger Lilliput-AE, basĂ© sur un schĂ©ma de Feistel gĂ©nĂ©ralisĂ© Ă©tendu (EGFN) et soumis au projet de standardisation international Lightweight Cryptography (LWC) organisĂ© par le NIST (National Institute of Standards and Technology). Une autre partie des travaux se concentre sur des attaques thĂ©oriques menĂ©es contre des solutions dĂ©jĂ existantes, notamment un certain nombre de candidats Ă la compĂ©tition LWC du NIST. Elle prĂ©sente donc des analyses spĂ©cifiques des algorithmes Skinny et Spook ainsi quâune Ă©tude plus gĂ©nĂ©rale des attaques de type boomerang contre les schĂ©mas de Feistel
Measuring Performances of a White-Box Approach in the IoT Context
The internet of things (IoT) refers to all the smart objects that are connected to other objects, devices or servers and that are able to collect and share data, in order to "learn" and improve their functionalities. Smart objects suffer from lack of memory and computational power, since they are usually lightweight. Moreover, their security is weakened by the fact that smart objects can be placed in unprotected environments, where adversaries are able to play with the symmetric-key algorithm used and the device on which the cryptographic operations are executed. In this paper, we focus on a family of white-box symmetric ciphers substitution-permutation network (SPN)box, extending and improving our previous paper on the topic presented at WIDECOM2019. We highlight the importance of white-box cryptography in the IoT context, but also the need to have a fast black-box implementation (server-side) of the cipher. We show that, modifying an internal layer of SPNbox, we are able to increase the key length and to improve the performance of the implementation. We measure these improvements (a) on 32/64-bit architectures and (b) in the IoT context by encrypting/decrypting 10,000 payloads of lightweight messaging protocol Message Queuing Telemetry Transport (MQTT)
Simpira v2: A Family of Efficient Permutations Using the AES Round Function
International audienceThis paper introduces Simpira, a family of cryptographic permutations that supports inputs of 128*b bits, where b is a positive integer. Its design goal is to achieve high throughput on virtually all modern 64-bit processors, that nowadays already have native instructions for AES. To achieve this goal, Simpira uses only one building block: the AES round function. For b=1, Simpira corresponds to 12-round AES with fixed round keys, whereas for b>=2, Simpira is a Generalized Feistel Structure (GFS) with an F-function that consists of two rounds of AES. We claim that there are no structural distinguishers for Simpira with a complexity below 2^128, and analyze its security against a variety of attacks in this setting. The throughput of Simpira is close to the theoretical optimum, namely, the number of AES rounds in the construction. For example, on the Intel Skylake processor, Simpira has throughput below 1 cycle per byte for bâ€4 and b=6. For larger permutations, where moving data in memory has a more pronounced effect, Simpira with b=32 (512 byte inputs) evaluates 732 AES rounds, and performs at 824 cycles (1.61 cycles per byte), which is less than 13% off the theoretical optimum. If the data is stored in interleaved buffers, this overhead is reduced to less than 1%. The Simpira family offers an efficient solution when processing wide blocks, larger than 128 bits, is desired
Improvements for Finding Impossible Differentials of Block Cipher Structures
We improve Wu and Wangâs method for finding impossible differentials of block cipher structures. This improvement is more general than Wu and Wangâs method where it can find more impossible differentials with less time. We apply it on Gen-CAST256, Misty, Gen-Skipjack, Four-Cell, Gen-MARS, SMS4, MIBS, Camelliaâ, LBlock, E2, and SNAKE block ciphers. All impossible differentials discovered by the algorithm are the same as Wuâs method. Besides, for the 8-round MIBS block cipher, we find 4 new impossible differentials, which are not listed in Wu and Wangâs results. The experiment results show that the improved algorithm can not only find more impossible differentials, but also largely reduce the search time
- âŠ