improved impossible differential attacks on large-block rijndael

Chinese Cryptol & Informat Security Assoc, Taiwan Informat Security Ctr, Ctr IT Innovat Acad Sinica, Natl Taiwan Univ Sci & Tedhnol, NTU Ctr Informat & Elect Technol, Acad Sinica, Natl Sci Council, Minist Educ, IEEE Comp Soc, Taipei Chapter, BIn this paper, we present, some improved impossible differential attacks on large-block Rijndael whose block sizes are larger than 128 bits. First of all, we present some important observations which help us to significantly improve the impos

Saturnin: a suite of lightweight symmetric algorithms for post-quantum security

International audienceThe cryptographic algorithms needed to ensure the security of our communications have a cost. For devices with little computing power, whose number is expected to grow significantly with the spread of the Internet of Things (IoT), this cost can be a problem. A simple answer to this problem is a compromise on the security level: through a weaker round function or a smaller number of rounds, the security level can be decreased in order to cheapen the implementation of the cipher. At the same time, quantum computers are expected to disrupt the state of the art in cryptography in the near future. For public-key cryptography, the NIST has organized a dedicated process to standardize new algorithms. The impact of quantum computing is harder to assess in the symmetric case but its study is an active research area.In this paper, we specify a new block cipher, Saturnin, and its usage in different modes to provide hashing and authenticated encryption in such a way that we can rigorously argue its security in the post-quantum setting. Its security analysis follows naturally from that of the AES, while our use of components that are easily implemented in a bitsliced fashion ensures a low cost for our primitives. Our aim is to provide a new lightweight suite of algorithms that performs well on small devices, in particular micro-controllers, while providing a high security level even in the presence of quantum computers. Saturnin is a 256-bit block cipher with a 256-bit key and an additional 9-bit parameter for domain separation. Using it, we built two authenticated ciphers and a hash function.• Saturnin-CTR-Cascade is an authenticated cipher using the counter mode and a separate MAC. It requires two passes over the data but its implementation does not require the inverse block cipher.• Saturnin-Short is an authenticated cipher intended for messages with a length strictly smaller than 128 bits which uses only one call to Saturnin to providenconfidentiality and integrity.• Saturnin-Hash is a 256-bit hash function.In this paper, we specify this suite of algorithms and argue about their security in both the classical and the post-quantum setting

Saturnin: a suite of lightweight symmetric algorithms for post-quantum security

Soumission à la compétition "Lightweight Cryptography" du NISTThe cryptographic algorithms needed to ensure the security of our communications have a cost. For devices with little computing power, whose number is expected to grow significantly with the spread of the Internet of Things (IoT), this cost can be a problem. A simple answer to this problem is a compromise on the security level: through a weaker round function or a smaller number of rounds, the security level can be decreased in order to cheapen the implementation of the cipher. At the same time, quantum computers are expected to disrupt the state of the art in cryptography in the near future. For public key cryptography, the NIST has organized a dedicated process to standardize new algorithms. The impact of quantum computing is harder to assess in the symmetric case but its study is an active research area. In this document, we specify a new block cipher, Saturnin, and its usage in different modes to provide hashing and authenticated encryption in such a way that we can rigorously argue its security in the post-quantum setting. Its security analysis follows naturally from that of the AES, while our use of components that are easily implemented in a bitsliced fashion ensures a low cost for our primitives. Our aim is to provide a new lightweight suite of algorithms that performs well on small devices, in particular micro-controllers, while providing a high security level even in the presence of quantum computers. Saturnin is a 256-bit block cipher with a 256-bit key and an additional 9-bit parameter for domain separation. Using it, we built two authenticated ciphers and a hash function. • Saturnin-CTR-Cascade is an authenticated cipher using the counter mode and a separate MAC. It requires two passes over the data but its implementation does not require the inverse block cipher. • Saturnin-Short is an authenticated cipher intended for messages with a length strictly smaller than 128 bits which uses only one call to Saturnin to provide confidentiality and integrity. • Saturnin-Hash is a 256-bit hash function. In this document, we specify this suite of algorithms and argue about their security in both the classical and the post-quantum setting

Algorithmes quantiques pour la cryptanalyse et cryptographie symétrique post-quantique

Modern cryptography relies on the notion of computational security. The level of security given by a cryptosystem is expressed as an amount of computational resources required to break it. The goal of cryptanalysis is to find attacks, that is, algorithms with lower complexities than the conjectural bounds.With the advent of quantum computing devices, these levels of security have to be updated to take a whole new notion of algorithms into account. At the same time, cryptography is becoming widely used in small devices (smart cards, sensors), with new cost constraints.In this thesis, we study the security of secret-key cryptosystems against quantum adversaries.We first build new quantum algorithms for k-list (k-XOR or k-SUM) problems, by composing exhaustive search procedures. Next, we present dedicated cryptanalysis results, starting with a new quantum cryptanalysis tool, the offline Simon's algorithm. We describe new attacks against the lightweight algorithms Spook and Gimli and we perform the first quantum security analysis of the standard cipher AES.Finally, we specify Saturnin, a family of lightweight cryptosystems oriented towards post-quantum security. Thanks to a very similar structure, its security relies largely on the analysis of AES.La cryptographie moderne est fondée sur la notion de sécurité computationnelle. Les niveaux de sécurité attendus des cryptosystèmes sont exprimés en nombre d'opérations ; une attaque est un algorithme d'une complexité inférieure à la borne attendue. Mais ces niveaux de sécurité doivent aujourd'hui prendre en compte une nouvelle notion d'algorithme : le paradigme du calcul quantique. Dans le même temps,la délégation grandissante du chiffrement à des puces RFID, objets connectés ou matériels embarqués pose de nouvelles contraintes de coût.Dans cette thèse, nous étudions la sécurité des cryptosystèmes à clé secrète face à un adversaire quantique.Nous introduisons tout d'abord de nouveaux algorithmes quantiques pour les problèmes génériques de k-listes (k-XOR ou k-SUM), construits en composant des procédures de recherche exhaustive.Nous présentons ensuite des résultats de cryptanalyse dédiée, en commençant par un nouvel outil de cryptanalyse quantique, l'algorithme de Simon hors-ligne. Nous décrivons de nouvelles attaques contre les algorithmes Spook et Gimli et nous effectuons la première étude de sécurité quantique du chiffrement AES. Dans un troisième temps, nous spécifions Saturnin, une famille de cryptosystèmes à bas coût orientés vers la sécurité post-quantique. La structure de Saturnin est proche de celle de l'AES et sa sécurité en tire largement parti