4,184 research outputs found
A Meet-in-the-Middle Attack on ARIA
In this paper, we study the meet-in-the-middle attack against
block cipher ARIA. We find some new 3-round and 4-round distinguish-
ing properties of ARIA. Based on the 3-round distinguishing property,
we can apply the meet-in-the-middle attack with up to 6 rounds for
all versions of ARIA. Based on the 4-round distinguishing property, we can mount a successful attack on 8-round ARIA-256. Furthermore, the 4-round distinguishing property could be improved which leads to a 7-round attack on ARIA-192. The data and time complexities of 7-round attack are 2^120 and 2^185:3, respectively. The data and time complexities of 8-round attack are 2^56 and 2^251:6, respectively. Compared with the existing cryptanalytic results on ARIA, our 5-round attack has the lowest data and time complexities and the 6-round attack has the lowest data complexity. Moreover, it is shown that 8-round ARIA-256 is not immune to the meet-in-the-middle attack
Biclique Attack of the Full ARIA-256
In this paper, combining the biclique cryptanalysis with the MITM attack, we present the first key recovery method for the full ARIA-256 faster than brute-force. The attack requires chosen plaintexts, and the time complexity is about full-round ARIA encryptions in the processing phase
An overview of memristive cryptography
Smaller, smarter and faster edge devices in the Internet of things era
demands secure data analysis and transmission under resource constraints of
hardware architecture. Lightweight cryptography on edge hardware is an emerging
topic that is essential to ensure data security in near-sensor computing
systems such as mobiles, drones, smart cameras, and wearables. In this article,
the current state of memristive cryptography is placed in the context of
lightweight hardware cryptography. The paper provides a brief overview of the
traditional hardware lightweight cryptography and cryptanalysis approaches. The
contrast for memristive cryptography with respect to traditional approaches is
evident through this article, and need to develop a more concrete approach to
developing memristive cryptanalysis to test memristive cryptographic approaches
is highlighted.Comment: European Physical Journal: Special Topics, Special Issue on
"Memristor-based systems: Nonlinearity, dynamics and applicatio
Programming the Demirci-Selçuk Meet-in-the-Middle Attack with Constraints
International audienceCryptanalysis with SAT/SMT, MILP and CP has increased in popularity among symmetric-key cryptanalysts and designers due to its high degree of automation. So far, this approach covers differential, linear, impossible differential, zero-correlation, and integral cryptanaly-sis. However, the Demirci-Selçuk meet-in-the-middle (DS-MITM) attack is one of the most sophisticated techniques that has not been automated with this approach. By an in-depth study of Derbez and Fouque's work on DS-MITM analysis with dedicated search algorithms, we identify the crux of the problem and present a method for automatic DS-MITM attack based on general constraint programming, which allows the crypt-analysts to state the problem at a high level without having to say how it should be solved. Our method is not only able to enumerate distin-guishers but can also partly automate the key-recovery process. This approach makes the DS-MITM cryptanalysis more straightforward and easier to follow, since the resolution of the problem is delegated to off-the-shelf constraint solvers and therefore decoupled from its formulation. We apply the method to SKINNY, TWINE, and LBlock, and we get the currently known best DS-MITM attacks on these ciphers. Moreover, to demonstrate the usefulness of our tool for the block cipher designers, we exhaustively evaluate the security of 8! = 40320 versions of LBlock instantiated with different words permutations in the F functions. It turns out that the permutation used in the original LBlock is one of the 64 permutations showing the strongest resistance against the DS-MITM attack. The whole process is accomplished on a PC in less than 2 hours. The same process is applied to TWINE, and similar results are obtained
New Insights on AES-like SPN Ciphers
It has been proved in Eurocrypt 2016 that if the details of the S-boxes are not exploited, an impossible differential and a zero-correlation hull can extend over at most 4 rounds of the AES. This paper concentrates on distinguishing attacks on AES-like SPN ciphers by investigating the details of both the S-boxes and the MDS matrices and illustrates some new insights on the security of these schemes. Firstly, we construct several types of -round zero-correlation linear hulls for AES-like ciphers that adopt identical S-boxes to construct the round function and that
have two identical elements in a column of the inverse of their MDS matrices. We then use these linear hulls to construct 5-round integrals provided that the difference of two sub-key bytes is known. Furthermore, we prove that we can always distinguish 5 rounds of such ciphers from random permutations even when the difference of the sub-keys is unknown. Secondly, the constraints for the S-boxes and special property of the MDS matrices can be removed if the cipher is used as a building block of the Miyaguchi-Preneel hash function. As an example, we construct two types of 5-round distinguishers for the hash function Whirlpool. Finally, we show that, in the chosen-ciphertext mode, there exist some nontrivial distinguishers for 5-round AES. To the best of our knowledge, this is the longest distinguishing attack for the round-reduced AES in the secret-key setting. Since the 5-round distinguisher for the AES can only be constructed in the chosen-ciphertext mode, the security margin for the round-reduced AES under the chosen-plaintext attack may be different from that under the chosen-ciphertext attack
Cryptanalysis and Design of Symmetric Primitives
Der Schwerpunkt dieser Dissertation liegt in der Analyse und dem Design von Block- chiffren und Hashfunktionen. Die Arbeit beginnt mit einer EinfĂŒhrung in Techniken zur Kryptoanalyse von Blockchiffren. Wir beschreiben diese Methoden und zeigen wie man daraus neue Techniken entwickeln kann, welche zu staerkeren Angriffen fuehren. Im zweiten Teil der Arbeit stellen wir eine Reihe von Angriffen auf eine Vielzahl von Blockchiffren dar. Wir haben dabei Angriffe auf reduzierte Versionen von ARIA und dem AES entwickelt. Darueber hinaus praesentieren wir im dritten Teil Angriffe auf interne Blockchiffren von Hashfunktionen. Wir entwickeln Angriffe, welche die inter- nen Blockchiffren von Tiger und HAS-160 auf volle Rundenanzahl brechen. Die hier vorgestellten Angriffe sind die ersten dieser Art. Ein Angriff auf eine reduzierte Ver- sion von SHACAL-2 welcher fast keinen Speicherbedarf hat, wird ebenfalls vorgestellt. Der vierte Teil der Arbeit befasst sich mit den Design und der Analyse von kryp- tographischen Hashfunktionen. Wir habe einen Slide Angriff, eine Technik welche aus der Analyse von Blockchiffren bekannt ist, im Kontext von Hashfunktionen zur Anwendung gebracht. Dabei praesentieren wir verschiedene Angriffe auf GRINDAHL und RADIOGATUN. Aufbauend auf den Angriffen des zweiten und dritten Teils dieser Arbeit stellen wir eine neue Hashfunktion vor, welche wir TWISTER nennen. TWISTER wurde fuer den SHA-3 Wettbewerb entwickelt und ist bereits zur ersten Runde angenommen.This thesis focuses on the cryptanalysis and the design of block ciphers and hash func- tions. The thesis starts with an overview of methods for cryptanalysis of block ciphers which are based on differential cryptanalysis. We explain these concepts and also sev- eral combinations of these attacks. We propose new attacks on reduced versions of ARIA and AES. Furthermore, we analyze the strength of the internal block ciphers of hash functions. We propose the first attacks that break the internal block ciphers of Tiger, HAS-160, and a reduced round version of SHACAL-2. The last part of the thesis is concerned with the analysis and the design of cryptographic hash functions. We adopt a block cipher attack called slide attack into the scenario of hash function cryptanalysis. We then use this new method to attack different variants of GRINDAHL and RADIOGATUN. Finally, we propose a new hash function called TWISTER which was designed and pro- posed for the SHA-3 competition. TWISTER was accepted for round one of this com- petition. Our approach follows a new strategy to design a cryptographic hash function. We also describe several attacks on TWISTER and discuss the security issues concern- ing these attack on TWISTER
Depth-Optimized Quantum Implementation of ARIA
The advancement of large-scale quantum computers poses a threat to the security of current encryption systems.
In particular, symmetric-key cryptography significantly is impacted by general attacks using the Grover\u27s search algorithm.
In recent years, studies have been presented to estimate the complexity of Grover\u27s key search for symmetric-key ciphers and assess post-quantum security.
In this paper, we propose a depth-optimized quantum circuit implementation for ARIA, which is a symmetric key cipher included as a validation target the Korean Cryptographic Module Validation Program (KCMVP).
Our quantum circuit implementation for ARIA improves the depth by more than 88.2% and Toffoli depth by more than 98.7% compared to the implementation presented in Chauhan et al.\u27s SPACE\u2720 paper.
Finally, we present the cost of Grover\u27s key search for our circuit and evaluate the post-quantum security strength of ARIA according to relevant evaluation criteria provided NIST
Automatic Search of Truncated Impossible Differentials for Word-Oriented Block Ciphers (Full Version)
Impossible differential cryptanalysis is a powerful technique to recover the secret key of block ciphers by
exploiting the fact that in block ciphers specific input and output
differences are not compatible.
This paper introduces a novel tool to search truncated impossible differentials for
word-oriented block ciphers with bijective Sboxes. Our tool generalizes the earlier
-method and the UID-method. It allows to reduce
the gap between the best impossible differentials found by these methods and the best known
differentials found by ad hoc methods that rely on cryptanalytic insights.
The time and space complexities of our tool in judging an -round truncated impossible differential are about and respectively,
where is the number of words in the plaintext and , are constants depending on the machine and the block cipher.
In order to demonstrate the strength of our tool, we show that it does not only allow to automatically rediscover the
longest truncated impossible differentials of many word-oriented block ciphers, but also finds new
results. It independently rediscovers all 72 known truncated impossible differentials on 9-round CLEFIA.
In addition, finds new truncated impossible differentials for AES, ARIA, Camellia without
FL and FL layers, E2, LBlock, MIBS and Piccolo.
Although our tool does
not improve the lengths of impossible differentials for existing block ciphers, it helps to
close the gap between the best known results of previous tools and those of manual cryptanalysis
Spartan Daily, April 30, 1979
Volume 72, Issue 56https://scholarworks.sjsu.edu/spartandaily/6484/thumbnail.jp
The Western Mistic, January 17, 1936
https://red.mnstate.edu/western-mistic/1157/thumbnail.jp
- âŠ