206 research outputs found
Impossible Differential Cryptanalysis of FOX
Block ciphers are the very foundation of computer and information
security. FOX, also known as IDEA NXT, is a family of block ciphers
published in 2004 and is famous for its provable security to
cryptanalysis. In this paper, we apply impossible differential
cryptanalysis on FOX cipher. We find a 4-round impossible
difference, by using which adversaries can attack 5, 6 and 7-round
FOX64 with , and one-round encryptions
respectively. Compared to the previous best attack with ,
and full-round encryptions to 5, 6 and
7-round FOX64, the method in this paper is the best attack to FOX
cipher. This attack can also be applied to 5-round FOX128 with
one-round encryptions
A Limit Theorem in Cryptography.
Cryptography is the study of encryptying and decrypting messages and deciphering encrypted messages when the code is unknown. We consider ÎÏ(Îx, Îy) which is a count of how many ways a permutation satisfies a certain property. According to Hawkes and O\u27Connor, the distribution of ÎÏ(Îx, Îy) tends to a Poisson distribution with parameter Âœ as m â â for all Îx,Îy â (Z/qZ)m - 0. We give a proof of this theorem using the Stein-Chen method: As qm approaches infinity, the distribution of ÎÏ(Îx, Îy) is approximately Poisson with parameter Âœ. Error bounds for this approximation are provided
FOX: a new family of block ciphers
In this paper, we describe the design of a new family of block ciphers based on a Lai-Massey scheme, named FOX. The main features of this design, besides a very high security level, are a large implementation flexibility on various platforms as well as high performances. In addition, we propose a new design of strong and efficient key-schedule algorithms. We provide evidence that FOX is immune to linear and differential cryptanalysis, and we discuss its security towards integral cryptanalysis, algebraic attacks, and other attack
Improved Integral Cryptanalysis of FOX Block Cipher
FOX is a new family of block ciphers presented recently, which is
based upon some results on proven security and has high
performances on various platforms. In this paper, we construct
some distinguishers between 3-round FOX and a random permutation
of the blocks space. By using integral attack and
collision-searching techniques, the distinguishers are used to
attack on 4, 5, 6 and 7-round of FOX64, 4 and 5-round FOX128. The
attack is more efficient than previous integral attack on FOX. The
complexity of improved integral attack is on 4-round
FOX128, against 5-round FOX128 respectively. For
FOX64, the complexity of improved integral attack is on
4-round FOX64, against 5-round FOX64,
against 6-round FOX64, against 7-round FOX64
respectively. Therefore, 4-round FOX64/64, 5-round FOX64/128,
6-round FOX64/192, 7-round FOX64/256 and 5-round FOX128/256 are
not immune to the attack in this paper
Dial C for Cipher
We introduce C, a practical provably secure block cipher with a slow key schedule. C is based on the same structure as AES but uses independent random substitution boxes instead of a fixed one. Its key schedule is based on the Blum-Blum-Shub pseudo-random generator, which allows us to prove that all obtained security results are still valid when taking into account the dependencies between the round keys. C is provably secure against several general classes of attacks. Strong evidence is given that it resists an even wider variety of attacks. We also propose a variant of C with simpler substitution boxes which is suitable for most applications, and for which security proofs still hold
FOX Specifications Version 1.2
In this document, we describe the design of a new family of block ciphers, named FOX. The main goals of this design, besides a very high security level, are a large implementation flexibility on various platforms as well as high performances. The high-level structure is based on a Lai-Massey scheme, while the round functions are substitution-permutation networks. In addition, we propose a new design of strong and efficient key-schedule algorithms
Related-Key Differential Attack on Round Reduced RECTANGLE-80
RECTANGLE is a newly proposed lightweight block cipher which allows fast implementations for multiple platforms by using bit-slice techniques. It is an iterative 25-round SPN block cipher with a 64-bit block size and a 80-bit or 128-bit key size. Until now, the results on analyzing the cipher are not too much, which includes an attack on the 18-round reduced version proposed by the designers themselves. In this paper, we find all 15-round differential characteristics with 26--30 active S-boxes for given input, output and round subkey differences, which have a total probability . Based on these differential characteristics, we extend the corresponding distinguisher to 2 rounds backward and forward respectively, and propose an attack on the 19-round reduced RECTANGLE-80 with data complexity of plaintexts, time complexity of about encryptions and memory complexity of . TThese data and time complexities are much lower than that of the designers for the 18-round reduced RECTANGLE-80
Fault Analysis Study of the Block Cipher FOX64
FOX is a family of symmetric block ciphers from MediaCrypt AG that helps to secure digital media, communications, and storage. The high-level structure of FOX is the so-called (extended) Lai-Massey scheme. This paper presents a detailed fault analysis of the block cipher FOX64, the 64-bit version of FOX, based on a differential property of tworound Lai-Massey scheme in a fault model. Previous fault attack on FOX64 shows that each round-key (resp. whole round-keys) could be recovered through 11.45 (resp. 183.20) faults on average. Our proposed fault attack, however, can deduce any round-key (except the first one) through 4.25 faults on average (4 in the best case), and retrieve the whole round-keys through 43.31 faults on average (38 in the best case). This implies that the number of needed faults in the fault attack on FOX64 can be significantly reduced. Furthermore, the technique introduced in this paper can be extended to other series of the block cipher family FOX
Automatic Search of Truncated Impossible Differentials for Word-Oriented Block Ciphers (Full Version)
Impossible differential cryptanalysis is a powerful technique to recover the secret key of block ciphers by
exploiting the fact that in block ciphers specific input and output
differences are not compatible.
This paper introduces a novel tool to search truncated impossible differentials for
word-oriented block ciphers with bijective Sboxes. Our tool generalizes the earlier
-method and the UID-method. It allows to reduce
the gap between the best impossible differentials found by these methods and the best known
differentials found by ad hoc methods that rely on cryptanalytic insights.
The time and space complexities of our tool in judging an -round truncated impossible differential are about and respectively,
where is the number of words in the plaintext and , are constants depending on the machine and the block cipher.
In order to demonstrate the strength of our tool, we show that it does not only allow to automatically rediscover the
longest truncated impossible differentials of many word-oriented block ciphers, but also finds new
results. It independently rediscovers all 72 known truncated impossible differentials on 9-round CLEFIA.
In addition, finds new truncated impossible differentials for AES, ARIA, Camellia without
FL and FL layers, E2, LBlock, MIBS and Piccolo.
Although our tool does
not improve the lengths of impossible differentials for existing block ciphers, it helps to
close the gap between the best known results of previous tools and those of manual cryptanalysis
Cryptographic Tools for Privacy Preservation
Data permeates every aspect of our daily life and it is the backbone of our digitalized society. Smartphones, smartwatches and many more smart devices measure, collect, modify and share data in what is known as the Internet of Things.Often, these devices donât have enough computation power/storage space thus out-sourcing some aspects of the data management to the Cloud. Outsourcing computation/storage to a third party poses natural questions regarding the security and privacy of the shared sensitive data.Intuitively, Cryptography is a toolset of primitives/protocols of which security prop- erties are formally proven while Privacy typically captures additional social/legislative requirements that relate more to the concept of âtrustâ between people, âhowâ data is used and/or âwhoâ has access to data. This thesis separates the concepts by introducing an abstract model that classifies data leaks into different types of breaches. Each class represents a specific requirement/goal related to cryptography, e.g. confidentiality or integrity, or related to privacy, e.g. liability, sensitive data management and more.The thesis contains cryptographic tools designed to provide privacy guarantees for different application scenarios. In more details, the thesis:(a) defines new encryption schemes that provide formal privacy guarantees such as theoretical privacy definitions like Differential Privacy (DP), or concrete privacy-oriented applications covered by existing regulations such as the European General Data Protection Regulation (GDPR);(b) proposes new tools and procedures for providing verifiable computationâs guarantees in concrete scenarios for post-quantum cryptography or generalisation of signature schemes;(c) proposes a methodology for utilising Machine Learning (ML) for analysing the effective security and privacy of a crypto-tool and, dually, proposes a secure primitive that allows computing specific ML algorithm in a privacy-preserving way;(d) provides an alternative protocol for secure communication between two parties, based on the idea of communicating in a periodically timed fashion
- âŠ