Improved Impossible Differential Cryptanalysis of CLEFIA

This paper presents an improved impossible differential attack on the new block cipher CLEFIA which is proposed by Sony Corporation at FSE 2007. Combining some observations with new tricks, we can filter out the wrong keys more efficiently, and improve the impossible differential attack on 11-round CLEFIA-192/256, which also firstly works for CLEFIA-128. The complexity is about $2^{103.1}$ encryptions and $2^{103.1}$ chosen plaintexts. By putting more constraint conditions on plaintext pairs, we give the first attack on 12-round CLEFIA for all three key lengths with $2^{119.1}$ encryptions and $2^{119.1}$ chosen plaintexts. For CLEFIA-192/256, our attack is applicable to 13-round variant, of which the time complexity is about $2^{181}$, and the data complexity is $2^{120}$. We also extend our attack to 14-round CLEFIA-256, with about $2^{245.4}$ encryptions and $2^{120.4}$ chosen plaintexts. Moreover, a birthday sieve method is introduced to decrease the complexity of the core precomputation

Improved Integral and Zero-correlation Linear Cryptanalysis of Reduced-round CLEFIA Block Cipher

CLEFIA is a block cipher developed by Sony Corporation in 2007. It is a recommended cipher of CRYPTREC, and has been adopted as ISO/IEC international standard in lightweight cryptography. In this paper, some new 9-round zero-correlation linear distinguishers of CLEFIA are constructed with the input masks and output masks being independent, which allow multiple zero-correlation linear attacks on 14/15-rounds CLEAIA-192/256 with the partial sum technique. Furthermore, the relations between integral distinguishers and zero-correlation linear approximations are improved, and some new integral distinguishers over 9-round are deduced from zero-correlation linear approximations. By using these integral distinguishers and the partial sum technique, the previous integral results on CLEFIA are improved. The two results have either one more rounds or lower time complexity than previous attack results by means of integral and zero-correlation linear cryptanalysis

Linear Hulls with Correlation Zero and Linear Cryptanalysis of Block Ciphers

Linear cryptanalysis, along with differential cryptanalysis, is an important tool to evaluate the security of block ciphers. This work introduces a novel extension of linear cryptanalysis: zero-correlation linear cryptanalysis, a technique applicable to many block cipher constructions. It is based on linear approximations with a correlation value of exactly zero. For a permutation on $n$ bits, an algorithm of complexity $2^{n-1}$ is proposed for the exact evaluation of correlation. Non-trivial zero-correlation linear approximations are demonstrated for various block cipher structures including AES, balanced Feistel networks, Skipjack, CLEFIA, and CAST256. As an example, using the zero-correlation linear cryptanalysis, a key-recovery attack is shown on 6 rounds of AES-192 and AES-256 as well as 13 rounds of CLEFIA-256

An analysis and a comparative study of cryptographic algorithms used on the internet of things (IoT) based on avalanche effect

Ubiquitous computing is already weaving itself around us and it is connecting everything to the network of networks. This interconnection of objects to the internet is new computing paradigm called the Internet of Things (IoT) networks. Many capacity and non-capacity constrained devices, such as sensors are connecting to the Internet. These devices interact with each other through the network and provide a new experience to its users. In order to make full use of this ubiquitous paradigm, security on IoT is important. There are problems with privacy concerns regarding certain algorithms that are on IoT, particularly in the area that relates to their avalanche effect means that a small change in the plaintext or key should create a significant change in the ciphertext. The higher the significant change, the higher the security if that algorithm. If the avalanche effect of an algorithm is less than 50% then that algorithm is weak and can create security undesirability in any network. In this, case IoT. In this study, we propose to do the following: (1) Search and select existing block cryptographic algorithms (maximum of ten) used for authentication and encryption from different devices used on IoT. (2) Analyse the avalanche effect of select cryptographic algorithms and determine if they give efficient authentication on IoT. (3) Improve their avalanche effect by designing a mathematical model that improves their robustness against attacks. This is done through the usage of the initial vector XORed with plaintext and final vector XORed with cipher tect. (4) Test the new mathematical model for any enhancement on the avalanche effect of each algorithm as stated in the preceding sentences. (5) Propose future work on how to enhance security on IoT. Results show that when using the proposed method with variation of key, the avalanche effect significantly improved for seven out of ten algorithms. This means that we have managed to improve 70% of algorithms tested. Therefore indicating a substantial success rate for the proposed method as far as the avalanche effect is concerned. We propose that the seven algorithms be replaced by our improved versions in each of their implementation on IoT whenever the plaintext is varied.Electrical and Mining EngineeringM. Tech. (Electrical Engineering

Techniques améliorées pour la cryptanalyse des primitives symétriques

This thesis proposes improvements which can be applied to several techniques for the cryptanalysis of symmetric primitives. Special attention is given to linear cryptanalysis, for which a technique based on the fast Walsh transform was already known (Collard et al., ICISIC 2007). We introduce a generalised version of this attack, which allows us to apply it on key recovery attacks over multiple rounds, as well as to reduce the complexity of the problem using information extracted, for example, from the key schedule. We also propose a general technique for speeding key recovery attacks up which is based on the representation of Sboxes as binary decision trees. Finally, we showcase the construction of a linear approximation of the full version of the Gimli permutation using mixed-integer linear programming (MILP) optimisation.Dans cette thèse, on propose des améliorations qui peuvent être appliquées à plusieurs techniques de cryptanalyse de primitives symétriques. On dédie une attention spéciale à la cryptanalyse linéaire, pour laquelle une technique basée sur la transformée de Walsh rapide était déjà connue (Collard et al., ICISC 2007). On introduit une version généralisée de cette attaque, qui permet de l'appliquer pour la récupération de clé considerant plusieurs tours, ainsi que le réduction de la complexité du problème en utilisant par example des informations provénantes du key-schedule. On propose aussi une technique générale pour accélérer les attaques par récupération de clé qui est basée sur la représentation des boîtes S en tant que arbres binaires. Finalement, on montre comment on a obtenu une approximation linéaire sur la version complète de la permutation Gimli en utilisant l'optimisation par mixed-integer linear programming (MILP)

Improved Impossible Differential Cryptanalysis of CLEFIA ⋆

Abstract. This paper presents an improved impossible differential attack on the new block cipher CLEFIA which is proposed by Sony Corporation at FSE 2007. Combining some observations with new tricks, we can filter out the wrong keys more efficiently, and improve the impossible differential attack on 11-round CLEFIA-192/256, which also firstly works for CLEFIA-128. The complexity is about 2 98.1 encryptions and 2 103.1 chosen plaintexts. By putting more constraint conditions on plaintext pairs, we give the first attack on 12-round CLEFIA for all three key lengths with 2 114.3 encryptions and 2 119.3 chosen plaintexts. For CLEFIA-192/256, our attack is applicable to 13-round variant, of which the time complexity is about 2 181, and the data complexity is 2 120. We also extend our attack to 14-round CLEFIA-256, with about 2 245.4 encryptions and 2 120.4 chosen plaintexts. Moreover, a birthday sieve method is introduced to decrease the complexity of the core precomputation. Key words: Block ciphers, cryptanalysis, impossible differential attack, CLEFIA