Improved Meet-in-the-Middle Attacks on Round-Reduced Crypton-256

The meet-in-the-middle (MITM) attack has prove to be efficient in analyzing the AES block cipher. Its efficiency has been increasing with the introduction of various techniques such as differential enumeration, key-dependent sieve, super-box etc. The recent MITM attack given by Li and Jin has successfully mounted to 10-round AES-256. Crypton is an AES-like block cipher. In this paper, we apply the MITM method to the cryptanalysis of Crypton-256. Following Li and Jin\u27s idea, we give the first 6-round distinguisher for Crypton. Based on the distinguisher as well as the properties of Crypton\u27s simple key schedule, we successfully launch MITM attacks on Crypton-256 reduced to 9 and 10 rounds. For 9-round Crypton-256, our MITM attack can recover the 256-bit key with a time complexity $2^{173.05}$, a memory complexity $2^{241.17}$. For the 10-round version, we give two MITM attacks. The basic attack requires a time complexity $2^{240.01}$ and memory complexity $2^{241.59}$. The time/memory complexity of the advanced MITM attack on 10-round Crypton is $2^{245.05}/2^{209.59}$. Our MITM attacks share the same data complexity $2^{113}$ and their error rates are negligible

Survey and Benchmark of Block Ciphers for Wireless Sensor Networks

Cryptographic algorithms play an important role in the security architecture of wireless sensor networks (WSNs). Choosing the most storage- and energy-efficient block cipher is essential, due to the facts that these networks are meant to operate without human intervention for a long period of time with little energy supply, and that available storage is scarce on these sensor nodes. However, to our knowledge, no systematic work has been done in this area so far.We construct an evaluation framework in which we first identify the candidates of block ciphers suitable for WSNs, based on existing literature and authoritative recommendations. For evaluating and assessing these candidates, we not only consider the security properties but also the storage- and energy-efficiency of the candidates. Finally, based on the evaluation results, we select the most suitable ciphers for WSNs, namely Skipjack, MISTY1, and Rijndael, depending on the combination of available memory and required security (energy efficiency being implicit). In terms of operation mode, we recommend Output Feedback Mode for pairwise links but Cipher Block Chaining for group communications

Multi-operation data encryption mechanism using dynamic data blocking and randomized substitution

Existing cryptosystems deal with static design features such as fixed sized data blocks, static substitution and apply identical set of known encryption operations in each encryption round. Fixed sized blocks associate several issues such as ineffective permutations, padding issues, deterministic brute force strength and known-length of bits which support the cracker in formulating of modern cryptanalysis. Existing static substitution policies are either not optimally fit for dynamic sized data blocks or contain known S-box transformation and fixed lookup tables. Moreover, static substitution does not directly correlate with secret key due to which it has not been shown safer especially for Advanced Encryption Standard (AES) and Data Encryption Standard (DES). Presently, entire cryptosystems encrypt each data block with identical set of known operations in each iteration, thereby lacked to offer dynamic selection of encryption operation. These discussed, static design features are fully known to the cracker, therefore caused the practical cracking of DES and undesirable security pitfalls against AES as witnessed in earlier studies. Various studies have reported the mathematical cryptanalysis of AES up to full of its 14 rounds. Thus, this situation completely demands the proposal of dynamic design features in symmetric cryptosystems. Firstly, as a substitute to fixed sized data blocks, the Dynamic Data Blocking Mechanism (DDBM) has been proposed to provide the facility of dynamic sized data blocks. Secondly, as an alternative of static substitution approach, a Randomized Substitution Mechanism (RSM) has been proposed which can randomly modify session-keys and plaintext blocks. Finally, Multi-operation Data Encryption Mechanism (MoDEM) has been proposed to tackle the issue of static and identical set of known encryption operations on each data block in each round. With MoDEM, the encryption operation can dynamically be selected against the desired data block from the list of multiple operations bundled with several sub-operations. The methods or operations such as exclusive-OR, 8-bit permutation, random substitution, cyclic-shift and logical operations are used. Results show that DDBM can provide dynamic sized data blocks comparatively to existing approaches. Both RSM and MoDEM fulfill dynamicity and randomness properties as tested and validated under recommended statistical analysis with standard tool. The proposed method not only contains randomness and avalanche properties but it also has passed recommended statistical tests within five encryption rounds (significant than existing). Moreover, mathematical testing shows that common security attacks are not applicable on MoDEM and brute force attack is significantly resistive

Overview of attacks on AES-128: to the 15th anniversary of AES

Представлен обзор работ, опубликованных до 2016 г. и посвящённых криптоанализу алгоритма AES-128 (Advanced Encryption Standard). Перечислены основные криптографические методы, используемые при анализе AES. Приведены сложностные характеристики 88 атак на редуцированные варианты алгоритма AES-128. Указано необходимое для проведения атак количество известных пар шифрованных и открытых текстов с условиями на них. В поле зрения не попали атаки по побочным каналам и атаки с ограничением на используемые ключи

Differential cryptanalysis of substitution permutation networks and Rijndael-like ciphers

A block cipher, in general, consist of several repetitions of a round transformation. A round transformation is a weak block cipher which consists of a nonlinear substitution transformation, a linear diffusion transformation and a key mixing. Differential cryptanalysis is a well known chosen plaintext attack on block ciphers. In this project, differential cryptanalysis is performed on two kinds of block ciphers: Substitution Permutation Networks(SPN) and Rijndael-like Ciphers. In order to strengthen a block cipher against differential attack, care should be taken in the design of both substitution and diffusion components and in the choice of number of rounds. In this context, most of the researches has been focused on the design of substitution component. In this project, differential cryptanalysis is carried out on several SPNs to find the role of permutation. Differential analysis on Rijndael-like ciphers is done to find the strength of the cipher as a whole. Tools are developed to configure and to perform differential analysis on these ciphers. In the context of SPN, the importance of permutation, the effect of bad permutation, no permutation and sequentially chosen plaintext pairs are discussed. The diffusion strength of SPN and Rijndael-like ciphers are discussed and compared

Основные принципы проектирования, оценка стойкости и перспективы использования в Украине алгоритма шифрования AES

Представлені основні принципи проектування алгоритму шифрування AES, оцінка їх обгрунтованості та прозорості. Зроблений огляд найбільш ефективних методів криптоаналізу FIPS-197. Розглянуті проблемні питання безпеки, котрі у перспективі можуть бути використані для реалізації ефективної аналітичної атаки на шифр. Наведені дані про продуктивність програмних і апаратних реалізацій AES.Designing principles of AES, their validity and clearness are given. The review of the most effective cryptanalytical attacks of Rijndael is given. Potential weaknesses in security of FIPS-197 leading to possible implementation of effective analytical attacks on the cipher in the future are considered. Performance of software and hardware implementation of FIPS-197 is given

Dial C for Cipher

We introduce C, a practical provably secure block cipher with a slow key schedule. C is based on the same structure as AES but uses independent random substitution boxes instead of a fixed one. Its key schedule is based on the Blum-Blum-Shub pseudo-random generator, which allows us to prove that all obtained security results are still valid when taking into account the dependencies between the round keys. C is provably secure against several general classes of attacks. Strong evidence is given that it resists an even wider variety of attacks. We also propose a variant of C with simpler substitution boxes which is suitable for most applications, and for which security proofs still hold

Aes Algorithm Using 512 Bit Key Implemented For Secure Communication

The main aim of this paper is to provide stronger security for communication over the Internet by enhancing the strength of the AES algorithm. Rijndael’s algorithm was selected as the Advanced Encryption Standard. The AES algorithm was believed to provide much more security without any limitations. But, recently some breaking methods on the AES have been found by cryptanalysts. In AES algorithm, the number of rounds involved in the encryption and decryption depends on the length of the key and the number of block columns. So, the number of rounds is increased to improve the strength of the AES. The strength of the AES algorithm is enhanced by increasing the key length to 512 bit and thereby the number of rounds is increased in order to provide a stronger encryption method for secure communication. Code optimization is done in order to improve the speed of encryption and decryption using the 512 bit AES

New Impossible Differential Cryptanalysis of ARIA

This paper studies the security of ARIA against impossible differential cryptanalysis. Firstly an algorithm is given to find many new 4-round impossible differentials of ARIA. Followed by such impossible differentials, we improve the previous impossible differential attack on 5/6-round ARIA. We also point out that the existence of such impossible differentials are due to the bad properties of the binary matrix employed in the diffusion layer