Improved Meet-in-the-Middle Attacks on AES-192 and PRINCE

This paper studies key-recovery attacks on AES-192 and PRINCE under single-key model by methodology of meet-in-the-middle attack. A new technique named key-dependent sieve is proposed to further reduce the memory complexity of Demirci et al.\u27s attack at EUROCRYPT 2013, which helps us to achieve 9-round attack on AES-192 by using a 5-round distinguisher; the data, time and memory complexities are 2^{121} chosen plaintexts, 2^{185} encryptions and 2^{185} 128- bit memories, respectively. The new technique is also applied to attack block cipher PRINCE. Instead of 6-round results in the previous cryptanalysis, we rst present attacks on 8-round (out of 12) PRINCEcore and PRINCE with about 2^{53} and 2^{60} encryptions, respectively. Furthermore, we construct an interesting 7-round distinguisher and extend the attack to 9-round PRINCE; the attack needs about 2^{57} chosen plaintexts, 2^{64} encryptions and 2^{57.3} 64-bit memories

Practical Low Data-Complexity Subspace-Trail Cryptanalysis of Round-Reduced PRINCE

Subspace trail cryptanalysis is a very recent new cryptanalysis technique, and includes differential, truncated differential, impossible differential, and integral attacks as special cases. In this paper, we consider PRINCE, a widely analyzed block cipher proposed in 2012. After the identification of a 2.5 rounds subspace trail of PRINCE, we present several (truncated differential) attacks up to 6 rounds of PRINCE. This includes a very practical attack with the lowest data complexity of only 8 plaintexts for 4 rounds, which co-won the final round of the PRINCE challenge in the 4-round chosen-plaintext category. The attacks have been verified using a C implementation. Of independent interest, we consider a variant of PRINCE in which ShiftRows and MixLayer operations are exchanged in position. In particular, our result shows that the position of ShiftRows and MixLayer operations influences the security of PRINCE. The same analysis applies to follow-up designs inspired by PRINCE

The QARMAv2 Family of Tweakable Block Ciphers

We introduce the QARMAv2 family of tweakable block ciphers. It is a redesign of QARMA (from FSE 2017) to improve its security bounds and allow for longer tweaks, while keeping similar latency and area. The wider tweak input caters to both specific use cases and the design of modes of operation with higher security bounds. This is achieved through new key and tweak schedules, revised S-Box and linear layer choices, and a more comprehensive security analysis. QARMAv2 offers competitive latency and area in fully unrolled hardware implementations. Some of our results may be of independent interest. These include: new MILP models of certain classes of diffusion matrices; the comparative analysis of a full reflection cipher against an iterative half-cipher; our boomerang attack framework; and an improved approach to doubling the width of a block cipher

Stream ciphers: A Practical Solution for Efficient Homomorphic-Ciphertext Compression

International audienceIn typical applications of homomorphic encryption, the first step consists for Alice to encrypt some plaintext m under Bob’s public key pk and to send the ciphertext c = HEpk(m) to some third-party evaluator Charlie. This paper specifically considers that first step, i.e. the problem of transmitting c as efficiently as possible from Alice to Charlie. As previously noted, a form of compression is achieved using hybrid encryption. Given a symmetric encryption scheme E, Alice picks a random key k and sends a much smaller ciphertext c′ = (HEpk(k), Ek(m)) that Charlie decompresses homomorphically into the original c using a decryption circuit CE−1 .In this paper, we revisit that paradigm in light of its concrete implemen- tation constraints; in particular E is chosen to be an additive IV-based stream cipher. We investigate the performances offered in this context by Trivium, which belongs to the eSTREAM portfolio, and we also pro- pose a variant with 128-bit security: Kreyvium. We show that Trivium, whose security has been firmly established for over a decade, and the new variant Kreyvium have an excellent performance

A survey on wireless body area networks: architecture, security challenges and research opportunities.

In the era of communication technologies, wireless healthcare networks enable innovative applications to enhance the quality of patients’ lives, provide useful monitoring tools for caregivers, and allows timely intervention. However, due to the sensitive information within the Wireless Body Area Networks (WBANs), insecure data violates the patients’ privacy and may consequently lead to improper medical diagnosis and/or treatment. Achieving a high level of security and privacy in WBAN involves various challenges due to its resource limitations and critical applications. In this paper, a comprehensive survey of the WBAN technology is provided, with a particular focus on the security and privacy concerns along with their countermeasures, followed by proposed research directions and open issues

Meet-in-the-Middle Attacks and Structural Analysis of Round-Reduced PRINCE

NXP Semiconductors and its academic partners challenged the cryptographic community with finding practical attacks on the block cipher they designed, PRINCE. Instead of trying to attack as many rounds as possible using attacks which are usually impractical despite being faster than brute-force, the challenge invites cryptographers to find practical attacks and encourages them to actually implement them. In this paper, we present new attacks on round-reduced PRINCE including the ones which won the challenge in the 4, 6 and 8-round categories --- the highest for which winners were identified. Our first attacks rely on a meet-in-the-middle approach and break up to 10 rounds of the cipher. We also describe heuristic methods we used to find practical SAT-based and differential attacks. Finally, we also present an analysis of the cycle structure of the internal rounds of PRINCE leading both to a low complexity distinguisher for 4-round PRINCE-core and an alternative representation of the cipher valid in particular contexts and which highlights, in this cases, a poor diffusion

PRINCEv2 - More Security for (Almost) No Overhead

In this work, we propose tweaks to the PRINCE block cipher that help us to increase its security without changing the number of rounds or round operations. We get substantially higher security for the same complexity. From an implementation perspective, PRINCEv2 comes at an extremely low overhead compared to PRINCE in all key categories, such as area, latency and energy. We expect, as it is already the case for PRINCE, that the new cipher PRINCEv2 will be deployed in various settings