Further Cryptographic Properties of the Multiplicative Inverse Function

Differential analysis is an important cryptanalytic technique on block ciphers. In one form, this measures the probability of occurrence of the differences between certain inputs vectors and the corresponding outputs vectors. For this analysis, the constituent S-boxes of Block cipher need to be studied carefully. In this direction, we derive further cryptographic properties of inverse function, especially higher-order differential properties here. This improves certain results of Boukerrou et al [ToSC 2020(1)]. We prove that inverse function defined over $\mathbb F_{2^n}$ has an error (bias) in its second-oder differential spectrum with probability $\frac{1}{2^{n-2}}$, and that error occurs in more than one places. To the best of our knowledge, this result was not known earlier. Further, for the first time, we analyze the Gowers uniformity norm of S-boxes which is also a measure of resistance to higher order approximations. Finally, the bounds related to the nonlinearity profile of multiplicative inverse function are derived using both Gowers $U_3$ norm and Walsh--Hadamard spectrum. Some of our findings provide slightly improved bounds over the work of Carlet [IEEE-IT, 2008]. All our results might have implications towards non-randomness of a block cipher where the inverse function is used as a primitive

Two BCH error correcting codes for optical communications : implementation in FPGA and comparisons

Orientador: Max Henrique Machado CostaDissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de ComputaçãoResumo: Atualmente as redes de transporte óptico têm papel fundamental nas telecomunicações mundiais graças às características das fibras ópticas, tais como baixa perda e alta banda passante. Com a evolução desse tipo de tecnologia, grandes quantidades de dados são transmitidos ao redor do globo terrestre através de enlaces de dimensões intercontinentais. O recente aumento do tráfego de informação nas redes de telecomunicações, causado principalmente por fatores como a popularização dos dispositivos móveis inteligentes e também pela transmissão de vídeo, gera a necessidade de se pesquisar alternativas que concedam ainda mais capacidade e robustez às redes ópticas existentes. Nesse sentido, este trabalho apresenta dados e comparações entre duas implementações em FPGA de um código corretor de erro para comunicações ópticas com alto ganho de codificação, que utiliza dois códigos BCH(1020,988) entrelaçados: a primeira segue estritamente o esquema proposto no anexo I.9 da recomendação do ITU-T G.975.1, enquanto a segunda, derivada da primeira, se vale de um aumento da redundância (paridade) e da reorganização das estruturas de quadro para produzir um ganho de codificação superior ao do código originalAbstract: Currently, optical transport networks play a fundamental role in global telecommunications thanks to the characteristics of optical fibers, such as low loss and high bandwidth. With the evolution of this type of technology, large amounts of data can be transmitted around the globe through links of intercontinental dimensions. The recent increase in data traffic on telecommunication networks, mainly caused by factors such as the popularity of smart mobile devices and also by video transmission, generates the need to investigate alternatives that provide even more capacity and robustness to existing optical networks. In this sense, this dissertation presents data and comparisons between two implementations in FPGA of an error correction code for optical communications with high coding gain, which uses two interleaved BCH(1020.988) codes: the first one strictly follows the arrangements proposed in annex I. 9 of ITU-T recommendation G.975.1, while the second one, deriving from the first, relies on increasing redundancy (parity) and reorganizing the frame structures to produce a coding gain superior to that of the original codeMestradoTelecomunicações e TelemáticaMestre em Engenharia Elétric

On Fault-based Attacks and Countermeasures for Elliptic Curve Cryptosystems

For some applications, elliptic curve cryptography (ECC) is an attractive choice because it achieves the same level of security with a much smaller key size in comparison with other schemes such as those that are based on integer factorization or discrete logarithm. Unfortunately, cryptosystems including those based on elliptic curves have been subject to attacks. For example, fault-based attacks have been shown to be a real threat in today’s cryptographic implementations. In this thesis, we consider fault-based attacks and countermeasures for ECC. We propose a new fault-based attack against the Montgomery ladder elliptic curve scalar multiplication (ECSM) algorithm. For security reasons, especially to provide resistance against fault-based attacks, it is very important to verify the correctness of computations in ECC applications. We deal with protections to fault attacks against ECSM at two levels: module and algorithm. For protections at the module level, where the underlying scalar multiplication algorithm is not changed, a number of schemes and hardware structures are presented based on re-computation or parallel computation. It is shown that these structures can be used for detecting errors with a very high probability during the computation of ECSM. For protections at the algorithm level, we use the concepts of point verification (PV) and coherency check (CC). We investigate the error detection coverage of PV and CC for the Montgomery ladder ECSM algorithm. Additionally, we propose two algorithms based on the double-and-add-always method that are resistant to the safe error (SE) attack. We demonstrate that one of these algorithms also resists the sign change fault (SCF) attack

Fault attacks and countermeasures for elliptic curve cryptosystems

In this thesis we have developed a new algorithmic countermeasures that protect elliptic curve computation by protecting computation of the finite binary extension field, against fault attacks. Firstly, we have proposed schemes, i.e., a Chinese Remainder Theorem based fault tolerant computation in finite field for use in ECCs, as well as Lagrange Interpolation based fault tolerant computation. Our approach is based on the error correcting codes, i.e., redundant residue polynomial codes and the use of first original approach of Reed-Solomon codes. Computation of the field elements is decomposed into parallel, mutually independent, modular/identical channels, so that in case of faults at one channel, errors will not distribute to other channels. Based on these schemes we have developed new algorithms, namely fault tolerant residue representation modular multiplication algorithm and fault tolerant Lagrange representation modular multiplication algorithm, which are immune against error propagation under the fault models that we propose: Random Fault Model, Arbitrary Fault Model, and Single Bit Fault Model. These algorithms provide fault tolerant computation in GF (2k) for use in ECCs. Our new developed algorithms where inputs, i.e., field elements, are represented by the redundant residue representation/ redundant lagrange representation enables us to overcome the problem if during computation one, or both coordinates x, y GF (2k) of the point P E/GF (2k) /Fk are corrupted. We assume that during each run of an attacked algorithm, in one single attack, an adversary can apply any of the proposed fault models, i.e., either Random Fault Model, or Arbitrary Fault Model, or Single Bit Fault Model. In this way more channels can be targeted, i.e., different fault models can be used on different channels. Also, our proposed algorithms can have masked errors and will not be immune against attacks which can create those kind of errors, but it is a difficult problem to counter masked errors, since any anti-fault attack scheme will have some masked errors. Moreover, we have derived conditions that inflicted error needs to have in order to yield undetectable faulty point on non-supersingular elliptic curve over GF(2k). Our algorithmic countermeasures can be applied to any public key cryptosystem that performs computation over the finite field GF (2k)