Global Linear Complexity Analysis of Filter Keystream Generators

An efficient algorithm for computing lower bounds on the global linear complexity of nonlinearly filtered PN-sequences is presented. The technique here developed is based exclusively on the realization of bit wise logic operations, which makes it appropriate for both software simulation and hardware implementation. The present algorithm can be applied to any arbitrary nonlinear function with a unique term of maximum order. Thus, the extent of its application for different types of filter generators is quite broad. Furthermore, emphasis is on the large lower bounds obtained that confirm the exponential growth of the global linear complexity for the class of nonlinearly filtered sequences

Some Results on Distinguishing Attacks on Stream Ciphers

Stream ciphers are cryptographic primitives that are used to ensure the privacy of a message that is sent over a digital communication channel. In this thesis we will present new cryptanalytic results for several stream ciphers. The thesis provides a general introduction to cryptology, explains the basic concepts, gives an overview of various cryptographic primitives and discusses a number of different attack models. The first new attack given is a linear correlation attack in the form of a distinguishing attack. In this attack a specific class of weak feedback polynomials for LFSRs is identified. If the feedback polynomial is of a particular form the attack will be efficient. Two new distinguishing attacks are given on classical stream cipher constructions, namely the filter generator and the irregularly clocked filter generator. It is also demonstrated how these attacks can be applied to modern constructions. A key recovery attack is described for LILI-128 and a distinguishing attack for LILI-II is given. The European network of excellence, called eSTREAM, is an effort to find new efficient and secure stream ciphers. We analyze a number of the eSTREAM candidates. Firstly, distinguishing attacks are described for the candidate Dragon and a family of candidates called Pomaranch. Secondly, we describe resynchronization attacks on eSTREAM candidates. A general square root resynchronization attack which can be used to recover parts of a message is given. The attack is demonstrated on the candidates LEX and Pomaranch. A chosen IV distinguishing attack is then presented which can be used to evaluate the initialization procedure of stream ciphers. The technique is demonstrated on four candidates: Grain, Trivium, Decim and LEX

Improving algebraic attacks on stream ciphers based on linear feedback shifter registers over F2kF_{2^k}

In this paper we investigate univariate algebraic attacks on filter generators over extension fields $F_q=F_{2^n}$ with focus on the Welch-Gong (WG) family of stream ciphers. Our main contribution is to break WG-5, WG-7, WG-8 and WG-16 by combining results on the so-called spectral immunity (minimum distance of certain cyclic codes) with properties of the WG type stream cipher construction. The spectral immunity is the univariate analog of algebraic immunity and instead of measuring degree of multiples of a multivariate polynomial, it measures the minimum number of nonzero coefficients of a multiple of a univariate polynomial. Based on the structure of the general WG-construction, we deduce better bounds for the spectral immunity and the univariate analog of algebraic attacks

Contributions to Confidentiality and Integrity Algorithms for 5G

The confidentiality and integrity algorithms in cellular networks protect the transmission of user and signaling data over the air between users and the network, e.g., the base stations. There are three standardised cryptographic suites for confidentiality and integrity protection in 4G, which are based on the AES, SNOW 3G, and ZUC primitives, respectively. These primitives are used for providing a 128-bit security level and are usually implemented in hardware, e.g., using IP (intellectual property) cores, thus can be quite efficient. When we come to 5G, the innovative network architecture and high-performance demands pose new challenges to security. For the confidentiality and integrity protection, there are some new requirements on the underlying cryptographic algorithms. Specifically, these algorithms should: 1) provide 256 bits of security to protect against attackers equipped with quantum computing capabilities; and 2) provide at least 20 Gbps (Gigabits per second) speed in pure software environments, which is the downlink peak data rate in 5G. The reason for considering software environments is that the encryption in 5G will likely be moved to the cloud and implemented in software. Therefore, it is crucial to investigate existing algorithms in 4G, checking if they can satisfy the 5G requirements in terms of security and speed, and possibly propose new dedicated algorithms targeting these goals. This is the motivation of this thesis, which focuses on the confidentiality and integrity algorithms for 5G. The results can be summarised as follows.1. We investigate the security of SNOW 3G under 256-bit keys and propose two linear attacks against it with complexities 2172 and 2177, respectively. These cryptanalysis results indicate that SNOW 3G cannot provide the full 256-bit security level. 2. We design some spectral tools for linear cryptanalysis and apply these tools to investigate the security of ZUC-256, the 256-bit version of ZUC. We propose a distinguishing attack against ZUC-256 with complexity 2236, which is 220 faster than exhaustive key search. 3. We design a new stream cipher called SNOW-V in response to the new requirements for 5G confidentiality and integrity protection, in terms of security and speed. SNOW-V can provide a 256-bit security level and achieve a speed as high as 58 Gbps in software based on our extensive evaluation. The cipher is currently under evaluation in ETSI SAGE (Security Algorithms Group of Experts) as a promising candidate for 5G confidentiality and integrity algorithms. 4. We perform deeper cryptanalysis of SNOW-V to ensure that two common cryptanalysis techniques, guess-and-determine attacks and linear cryptanalysis, do not apply to SNOW-V faster than exhaustive key search. 5. We introduce two minor modifications in SNOW-V and propose an extreme performance variant, called SNOW-Vi, in response to the feedback about SNOW-V that some use cases are not fully covered. SNOW-Vi covers more use cases, especially some platforms with less capabilities. The speeds in software are increased by 50% in average over SNOW-V and can be up to 92 Gbps.Besides these works on 5G confidentiality and integrity algorithms, the thesis is also devoted to local pseudorandom generators (PRGs). 6. We investigate the security of local PRGs and propose two attacks against some constructions instantiated on the P5 predicate. The attacks improve existing results with a large gap and narrow down the secure parameter regime. We also extend the attacks to other local PRGs instantiated on general XOR-AND and XOR-MAJ predicates and provide some insight in the choice of safe parameters

Applications of the Galois Model LFSR in Cryptography

The linear feedback shift-register is a widely used tool for generating cryptographic sequences. The properties of the Galois model discussed here offer many opportunities to improve the implementations that already exist. We explore the overall properties of the phases of the Galois model and conjecture a relation with modular Golomb rulers. This conjecture points to an efficient method for constructing non-linear filtering generators which fulfil Golic s design criteria in order to maximise protection against his inversion attack. We also produce a number of methods which can improve the rate of output of sequences by combining particular distinct phases of smaller elementary sequences

D.STVL.9 - Ongoing Research Areas in Symmetric Cryptography

This report gives a brief summary of some of the research trends in symmetric cryptography at the time of writing (2008). The following aspects of symmetric cryptography are investigated in this report: • the status of work with regards to different types of symmetric algorithms, including block ciphers, stream ciphers, hash functions and MAC algorithms (Section 1); • the algebraic attacks on symmetric primitives (Section 2); • the design criteria for symmetric ciphers (Section 3); • the provable properties of symmetric primitives (Section 4); • the major industrial needs in the area of symmetric cryptography (Section 5)

Ongoing Research Areas in Symmetric Cryptography

This report is a deliverable for the ECRYPT European network of excellence in cryptology. It gives a brief summary of some of the research trends in symmetric cryptography at the time of writing. The following aspects of symmetric cryptography are investigated in this report: • the status of work with regards to different types of symmetric algorithms, including block ciphers, stream ciphers, hash functions and MAC algorithms (Section 1); • the recently proposed algebraic attacks on symmetric primitives (Section 2); • the design criteria for symmetric ciphers (Section 3); • the provable properties of symmetric primitives (Section 4); • the major industrial needs in the area of symmetric cryptography (Section 5)

Role of Cryptographic Welch-Gong (WG-5) Stream Cipher in RFID Security

The purpose of this thesis is to design a secure and optimized cryptographic stream cipher for passive type Radio Frequency Identification (RFID) tags. RFID technology is a wireless automatic tracking and identification device. It has become an integral part of our daily life and it is used in many applications such as electronic passports, contactless payment systems, supply chain management and so on. But the information carried on RFID tags are vulnerable to unauthorized access (or various threats) which raises the security and privacy concern over RFID devices. One of the possible solutions to protect the confidentiality, integrity and to provide authentication is, to use a cryptographic stream cipher which encrypts the original information with a pseudo-random bit sequence. Besides that RFID tags require a resource constrained environment such as efficient area, power and high performance cryptographic systems with large security margins. Therefore, the architecture of stream cipher provides the best trade-off between the cryptographic security and the hardware efficiency. In this thesis, we first described the RFID technology and explain the design requirements for passive type RFID tags. The hardware design for passive tags is more challenging due to its stringent requirements like power consumption and the silicon area. We presented different design measures and some of the optimization techniques required to achieve low-resource cryptographic hardware implementation for passive tags. Secondly, we propose and implement a lightweight WG-5 stream cipher, which has good proven cryptographic mathematical properties. Based on these properties we measured the security analysis of WG-5 and showed that the WG-5 is immune to different types of attacks such as algebraic attack, correlation attack, cube attack, differential attack, Discrete Fourier Transform attack (DFT), Time-Memory-Data trade-off attack. The implementation of WG-5 was carried out using 65 nm and 130 nm CMOS technologies. We achieved promising results of WG-5 implementation in terms of area, power, speed and optimality. Our results outperforms most of the other stream ciphers which are selected in eSTREAM project. Finally, we proposed RFID mutual authentication protocol based on WG-5. The security and privacy analysis of the proposed protocol showed that it is resistant to various RFID attacks such as replay attacks, Denial-of-service (DoS) attack, ensures forward privacy and impersonation attack