Improved distinguishers for HC-128

HC-128 is an eSTREAM final portfolio stream cipher. Several authors have investigated its security and, in particular, distinguishing attacks have been considered. Still, no one has been able to provide a distinguisher stronger than the one presented by Wu in the original HC-128 paper. In this paper we first argue that the keystream requirement in Wu’s original attack is underestimated by a factor of almost 2^8. Our revised analysis shows that the keystream complexity of Wu’s original attack is 2^160.471 32-bit keystream blocks. We then go on to investigate two new types of distinguishers on HC-128. One of them, a distinguisher counting the number of zeros in created blocks of bits, gives a biased distribution that requires 2^143.537 such constructed block samples (2^152.537 32-bit keystream blocks). For fairness, the same metric is used to compare our attack to Wu’s, and our improvement is significant compared to Wu’s original result. Furthermore, the vector-based methodology used is general and can be applied to any cryptographic primitive that reveals a suitable probability distribution

RC4 Encryption-A Literature Survey

AbstractA chronological survey demonstrating the cryptanalysis of RC4 stream cipher is presented in this paper. We have summarized the various weaknesses of RC4 algorithm followed by the recently proposed enhancements available in the literature. It is established that innovative research efforts are required to develop secure RC4 algorithm, which can remove the weaknesses of RC4, such as biased bytes, key collisions, and key recovery attacks on WPA. These flaws in RC4 are still offering an open challenge for developers. Hence our chronological survey corroborates the fact that even though researchers are working on RC4 stream cipher since last two decades, it still offers a plethora of research issues. The attraction of community towards RC4 is still alive

SAFE-NET: Secure and Fast Encryption using Network of Pseudo-Random Number Generators

We propose a general framework to design a general class of random number generators suit- able for both computer simulation and computer security applications. It can include newly pro- posed generators SAFE (Secure And Fast Encryption) and ChaCha, a variant of Salsa, one of the four finalists of the eSTREAM ciphers. Two requirements for ciphers to be considered se- cure is that they must be unpredictable with a nice distributional property. Proposed SAFE-NET is a network of n nodes with external pseudo-random number generators as inputs nodes, several inner layers of nodes with a sequence of random variates through ARX (Addition, Rotation, XOR) transformations to diffuse the components of the initial state vector. After several rounds of transformations (with complex inner connections) are done, the output layer with n nodes are outputted via additional transformations. By utilizing random number generators with desirable empirical properties, SAFE-NET injects randomness into the keystream generation process and constantly updates the cipher’s state with external pseudo-random numbers during each iteration. Through the integration of shuffle tables and advanced output functions, extra layers of security are provided, making it harder for attackers to exploit weaknesses in the cipher. Empirical results demonstrate that SAFE-NET requires fewer operations than ChaCha while still producing a sequence of uniformly distributed random numbers

A New Stream Cipher HC-256

HC-256 is a software-efficient stream cipher. It generates keystream from a 256-bit secret key and a 256-bit initialization vector. The encryption speed of the C implementation of HC-256 is about 1.9 bits per clock cycle (4.2 cycle/byte) on the Intel Pentium 4 processor. A variant of HC-256 is also introduced in this paper

LNCS

HMAC and its variant NMAC are the most popular approaches to deriving a MAC (and more generally, a PRF) from a cryptographic hash function. Despite nearly two decades of research, their exact security still remains far from understood in many different contexts. Indeed, recent works have re-surfaced interest for {\em generic} attacks, i.e., attacks that treat the compression function of the underlying hash function as a black box. Generic security can be proved in a model where the underlying compression function is modeled as a random function -- yet, to date, the question of proving tight, non-trivial bounds on the generic security of HMAC/NMAC even as a PRF remains a challenging open question. In this paper, we ask the question of whether a small modification to HMAC and NMAC can allow us to exactly characterize the security of the resulting constructions, while only incurring little penalty with respect to efficiency. To this end, we present simple variants of NMAC and HMAC, for which we prove tight bounds on the generic PRF security, expressed in terms of numbers of construction and compression function queries necessary to break the construction. All of our constructions are obtained via a (near) {\em black-box} modification of NMAC and HMAC, which can be interpreted as an initial step of key-dependent message pre-processing. While our focus is on PRF security, a further attractive feature of our new constructions is that they clearly defeat all recent generic attacks against properties such as state recovery and universal forgery. These exploit properties of the so-called ``functional graph'' which are not directly accessible in our new constructions

Some Words on Cryptanalysis of Stream Ciphers

In the world of cryptography, stream ciphers are known as primitives used to ensure privacy over a communication channel. One common way to build a stream cipher is to use a keystream generator to produce a pseudo-random sequence of symbols. In such algorithms, the ciphertext is the sum of the keystream and the plaintext, resembling the one-time pad principal. Although the idea behind stream ciphers is simple, serious investigation of these primitives has started only in the late 20th century. Therefore, cryptanalysis and design of stream ciphers are important. In recent years, many designs of stream ciphers have been proposed in an effort to find a proper candidate to be chosen as a world standard for data encryption. That potential candidate should be proven good by time and by the results of cryptanalysis. Different methods of analysis, in fact, explain how a stream cipher should be constructed. Thus, techniques for cryptanalysis are also important. This thesis starts with an overview of cryptography in general, and introduces the reader to modern cryptography. Later, we focus on basic principles of design and analysis of stream ciphers. Since statistical methods are the most important cryptanalysis techniques, they will be described in detail. The practice of statistical methods reveals several bottlenecks when implementing various analysis algorithms. For example, a common property of a cipher to produce n-bit words instead of just bits makes it more natural to perform a multidimensional analysis of such a design. However, in practice, one often has to truncate the words simply because the tools needed for analysis are missing. We propose a set of algorithms and data structures for multidimensional cryptanalysis when distributions over a large probability space have to be constructed. This thesis also includes results of cryptanalysis for various cryptographic primitives, such as A5/1, Grain, SNOW 2.0, Scream, Dragon, VMPC, RC4, and RC4A. Most of these results were achieved with the help of intensive use of the proposed tools for cryptanalysis

Resting-state magnetoencephalographic oscillatory connectivity to identify patients with chronic migraine using machine learning

To identify and validate the neural signatures of resting-state oscillatory connectivity for chronic migraine (CM), we used machine learning techniques to classify patients with CM from healthy controls (HC) and patients with other pain disorders. The cross-sectional study obtained resting-state magnetoencephalographic data from 240 participants (70 HC, 100 CM, 35 episodic migraine [EM], and 35 fibromyalgia [FM]). Source-based oscillatory connectivity of relevant cortical regions was calculated to determine intrinsic connectivity at 1–40 Hz. A classification model that employed a support vector machine was developed using the magnetoencephalographic data to assess the reliability and generalizability of CM identification. In the findings, the discriminative features that differentiate CM from HC were principally observed from the functional interactions between salience, sensorimotor, and part of the default mode networks. The classification model with these features exhibited excellent performance in distinguishing patients with CM from HC (accuracy ≥ 86.8%, area under the curve (AUC) ≥ 0.9) and from those with EM (accuracy: 94.5%, AUC: 0.96). The model also achieved high performance (accuracy: 89.1%, AUC: 0.91) in classifying CM from other pain disorders (FM in this study). These resting-state magnetoencephalographic electrophysiological features yield oscillatory connectivity to identify patients with CM from those with a different type of migraine and pain disorder, with adequate reliability and generalizability