A MAC Mode for Lightweight Block Ciphers

status: accepte

Automatic Search of Bit-Based Division Property for ARX Ciphers and Word-Based Division Property

Division property is a generalized integral property proposed by Todo at Eurocrypt 2015. Previous tools for automatic searching are mainly based on the Mixed Integer Linear Programming (MILP) method and trace the division property propagation at the bit level. In this paper, we propose automatic tools to detect ARX ciphers\u27 division property at the bit level and some specific ciphers\u27 division property at the word level. For ARX ciphers, we construct the automatic searching tool relying on Boolean Satisfiability Problem (SAT) instead of MILP, since SAT method is more suitable in the search of ARX ciphers\u27 differential/linear characteristics. The propagation of division property is translated into a system of logical equations in Conjunctive Normal Form (CNF). Some logical equations can be dynamically adjusted according to different initial division properties and stopping rule, while the others corresponding to r-round propagations remain the same. Moreover, our approach can efficiently identify some optimized distinguishers with lower data complexity. As a result, we obtain a 17-round distinguisher for SHACAL-2, which gains four more rounds than previous work, and an 8-round distinguisher for LEA, which covers one more round than the former one. For word-based division property, we develop the automatic search based on Satisfiability Modulo Theories (SMT), which is a generalization of SAT. We model division property propagations of basic operations and S-boxes by logical formulas, and turn the searching problem into an SMT problem. With some available solvers, we achieve some new distinguishers. For CLEFIA, 10-round distinguishers are obtained, which cover one more round than the previous work. For the internal block cipher of Whirlpool, the data complexities of 4/5-round distinguishers are improved. For Rijndael-192 and Rijndael-256, 6-round distinguishers are presented, which attain two more rounds than the published ones. Besides, the integral attacks for CLEFIA are improved by one round with the newly obtained distinguishers

Information Entropy Based Leakage Certification

Side-channel attacks and evaluations typically utilize leakage models to extract sensitive information from measurements of cryptographic implementations. Efforts to establish a true leakage model is still an active area of research since Kocher proposed Differential Power Analysis (DPA) in 1999. Leakage certification plays an important role in this aspect to address the following question: how good is my leakage model? . However, existing leakage certification methods still need to tolerate assumption error and estimation error of unknown leakage models. There are many probability density distributions satisfying given moment constraints. As such, finding the most unbiased and most reasonable model still remains an unresolved problem. In this paper, we address a more fundamental question: what\u27s the true leakage model of a chip? . In particular, we propose Maximum Entropy Distribution (MED) to estimate the leakage model as MED is the most unbiased, objective and theoretically the most reasonable probability density distribution conditioned upon the available information. MED can theoretically use information on arbitrary higher-order moments to infinitely approximate the true leakage model. It well compensates the theory vacancy of model profiling and evaluation. Experimental results demonstrate the superiority of our proposed method for approximating the leakage model using MED estimation

The Security of SIMON-like Ciphers Against Linear Cryptanalysis

In the present paper, we analyze the security of SIMON-like ciphers against linear cryptanalysis. First, an upper bound is derived on the squared correlation of SIMON-like round function. It is shown that the upper bound on the squared correlation of SIMON-like round function decreases with the Hamming weight of output mask increasing. Based on this, we derive an upper bound on the squared correlation of linear trails for SIMON and SIMECK, which is $2^{-2R+2}$ for any $R$-round linear trail. We also extend this upper bound to SIMON-like ciphers. Meanwhile, an automatic search algorithm is proposed, which can find the optimal linear trails in SIMON-like ciphers under the Markov assumption. With the proposed algorithm, we find the provably optimal linear trails for $12$, $16$, $19$, $28$ and $37$ rounds of SIMON$32/48/64/96/128$. To the best of our knowledge, it is the first time that the provably optimal linear trails for SIMON$64$, SIMON$96$ and SIMON$128$ are reported. The provably optimal linear trails for $13$, $19$ and $25$ rounds of SIMECK$32/48/64$ are also found respectively. Besides the optimal linear trails, we also find the $23$, $31$ and $41$-round linear hulls for SIMON$64/96/128$, and $13$, $21$ and $27$-round linear hulls for SIMECK$32/48/64$. As far as we know, these are the best linear hull distinguishers for SIMON and SIMECK so far. Compared with the approach based on SAT/SMT solvers in \cite{KolblLT15}, our search algorithm is more efficient and practical to evaluate the security against linear cryptanalysis in the design of SIMON-like ciphers

A new method for Searching Optimal Differential and Linear Trails in ARX Ciphers

In this paper, we propose an automatic tool to search for optimal differential and linear trails in ARX ciphers. It\u27s shown that a modulo addition can be divided into sequential small modulo additions with carry bit, which turns an ARX cipher into an S-box-like cipher. From this insight, we introduce the concepts of carry-bit-dependent difference distribution table (CDDT) and carry-bit-dependent linear approximation table (CLAT). Based on them, we give efficient methods to trace all possible output differences and linear masks of a big modulo addition, with returning their differential probabilities and linear correlations simultaneously. Then an adapted Matsui\u27s algorithm is introduced, which can find the optimal differential and linear trails in ARX ciphers. Besides, the superiority of our tool\u27s potency is also confirmed by experimental results for round-reduced versions of HIGHT and SPECK. More specifically, we find the optimal differential trails for up to 10 rounds of HIGHT, reported for the first time. We also find the optimal differential trails for 10, 12, 16, 8 and 8 rounds of SPECK32/48/64/96/128, and report the provably optimal differential trails for SPECK48 and SPECK64 for the first time. The optimal linear trails for up to 9 rounds of HIGHT are reported for the first time, and the optimal linear trails for 22, 13, 15, 9 and 9 rounds of SPECK32/48/64/96/128 are also found respectively. These results evaluate the security of HIGHT and SPECK against differential and linear cryptanalysis. Also, our tool is useful to estimate the security in the design of ARX ciphers

Secure Context Switching of Masked Software Implementations

Cryptographic software running on embedded devices requires protection against physical side-channel attacks such as power analysis. Masking is a widely deployed countermeasure against these attacksand is directly implemented on algorithmic level. Many works study the security of masked cryptographic software on CPUs, pointing out potential problems on algorithmic/microarchitecture-level, as well as corresponding solutions, and even show masked software can be implemented efficiently and with strong (formal) security guarantees. However, these works also make the implicit assumption that software is executed directly on the CPU without any abstraction layers in-between, i.e., they focus exclusively on the bare-metal case. Many practical applications, including IoT and automotive/industrial environments, require multitasking embedded OSs on which masked software runs as one out of many concurrent tasks. For such applications, the potential impact of events like context switches on the secure execution of masked software has not been studied so far at all. In this paper, we provide the first security analysis of masked cryptographic software spanning all three layers (SW, OS, CPU). First, we apply a formal verification approach to identify leaks within the execution of masked software that are caused by the embedded OS itself, rather than on algorithmic or microarchitecture level. After showing that these leaks are primarily caused by context switching, we propose several different strategies to harden a context switching routine against such leakage, ultimately allowing masked software from previous works to remain secure when being executed on embedded OSs. Finally, we present a case study focusing on FreeRTOS, a popular embedded OS for embedded devices, running on a RISC-V core, allowing us to evaluate the practicality and ease of integration of each strategy

CoTree: Push the Limits of Conquerable Space in Collision-Optimized Side-Channel Attacks

By introducing collision information into side-channel distinguishers, the existing collision-optimized attacks exploit collision detection algorithm to transform the original candidate space under consideration into a significantly smaller collision chain space, thus achieving more efficient key recovery. However, collision information is detected very repeatedly since collision chains are created from the same sub-chains, i.e., with the same candidates on their first several sub-keys. This aggravates when exploiting more collision information. The existing collision detection algorithms try to alleviate this, but the problem is still very serious. In this paper, we propose a highly-efficient detection algorithm named Collision Tree (CoTree) for collision-optimized attacks. CoTree exploits tree structure to store the chains creating from the same sub-chain on the same branch. It then exploits a top-down tree building procedure and traverses each node only once when detecting their collisions with a candidate of the sub-key currently under consideration. Finally, it launches a bottom-up branch removal procedure to remove the chains unsatisfying the collision conditions from the tree after traversing all candidates (within given threshold) of this sub-key, thus avoiding the traversal of the branches satisfying the collision condition. These strategies make our CoTree significantly alleviate the repetitive collision detection, and our experiments verify that it significantly outperforms the existing works

Efficient and expressive keyword search over encrypted data in the cloud

National Research Foundation (NRF) Singapor

L’EFFICACIA DEL NUOVO REGOLAMENTO UE 2016/679 (GDPR) SULLA PROTEZIONE DEI DATI PERSONALI NELLA REPUBBLICA DI CROAZIA

Nakon više od sedam godina od početne inicijative i četiri godine pregovora, novi europski okvir za zaštitu osobnih podataka konačno je usvojen u travnju 2016. godine. Opća EU uredba o zaštiti osobnih podataka 2016/679 ili GDPR (General Data Protection Regulation) zamjenjuje trenutnu EU direktivu i izravno se primjenjuje u svim državama članicama Europske unije. Mogućnost prilagodbe određenih dijelova ipak je ostavljena u nacionalnom zakonodavstvu zaključno s 25. svibnja 2018. kada se GDPR počinje primjenjivati! Ključna pretpostavka razvoja suvremene digitalne ekonomije temelji se na ubrzanom razvoju informacijskih i komunikacijskih tehnologija, istodobno stvarajući nove izazove i ugroze privatnosti i zaštite osobnih podataka. Obrada podataka, osobito obrada osobnih podataka, novi IT alati i digitalno tržište, razvilo je potrebu za povećanjem zaštite privatnosti novih digitalnih proizvoda i usluga. Rješenje je navedeno u novoj reformi EU okviru zaštite osobnih podataka koja unosi velike promjene u načine upravljanja osobnim podacima i izravno se primjenjuje na sve organizacije koje raspolažu osobnim podacima građana Europske unije. Također, GDPR sa sobom donosi bitne promjene u pravilima koja definiraju osobne podatke te uvoodi nove pojmove kao i usklađenost, planiranje, implementaciju, održavanje usklađenosti te procjenu učinka. U nekim slučajevima organizacije će trebati imenovati i kvalificiranog službenika za zaštitu osobnih podataka (DPO – Data Protection Officer) koji će odgovarati izravno Upravi. Ustanove i tvrtke dužne su usklađivanje završiti do 25. svibnja 2018., kada se GDPR počinje primjenjivati u cijeloj Europskoj uniji. U ovom radu autori će predstaviti odredbe i primjenu nove EU Uredbe o zaštiti podataka i odredbama javnog i privatnog sektora u provedbi GDPR-a, s posebnim naglaskom na procjenu učinka koja će osigurati modernizirani okvir za zaštitu podataka u Europi. Nova će pravila uspostaviti europski zakon o zaštiti podataka, uvodeći novu definiciju osobnih podataka i zamjenjujući trenutne nedosljedne nacionalne zakone u svrhu u povećanja razine zašite podataka kao i povećanja pravne sigurnosti u rastućoj digitalnoj ekonomiji.After more than seven years from the initial initiative and four years of negotiations, the new EU General Protection Regulation was finally adopted in April 2016. In full name Regulation (EU) 2016/679 of the European parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (here and after GDPR) replaces the current EU Directive 95/46/ EZ and comes into force on the date of adoption and is directly applicable in all EU Member States. The ability to adapt certain parts is still left in national legislation as of May 25, 2018, when GDPR starts to apply!The key assumption of the development of the contemporary digital economy is based on the accelerated development of information and communication technologies, at the same time creating new challenges and threats to privacy and the protection of personal data. Data processing, especially personal data processing, new information and communication tools and the digital market, have developed the need to increase privacy protection of new digital products and services. The solution is mentioned in the new EU data protection framework called GDPR. The Regulation introduces major changes in personal data management and applies directly to all organizations that have personal data of EU citizens. Also, GDPR brings significant changes to the rules that define personal information and defines new concepts as well as compliance, planning, implementation and compliance compliance, as well as performance appraisal. In some cases the organization will also need to appoint a qualified Data Protection Officer who will be directly responsible to the Administration. Institutions and companies are required to complete alignment by May 25, 2018 - then the GDPR will come into force throughout the European Union. In this paper, authors will present the impact assessment of the new EU Data Protection Regulation and the legal remedies obligatory to the public and private sector in the implementation of GDPR, which will provide the modernized data protection framework in Europe. The new rules will establish the new European Data Protection framework introducing a new definition of personal data and replacing current inconsistent national laws with a view to increasing the level of data protection and increasing legal certainty in the growing digital economy.Nach mehr als sieben Jahren seit der Initiative dazu und nach vier Jahren von Verhandlungen wurde im April 2016 endlich der neue europäische Datenschutzrahmen verabschiedet. Die allgemeine Verordnung (EU) 2016/679 zum Schutz personenbezogener Daten oder GDPR (General Data Protection Regulation) hebt die Richtlinie 95/46/EG auf und wird direkt in alllen EU-Mitgliedstaaten angewandt. EUMitgliedstaaten andererseits dürfen Änderungen mancher Vorschriften vorschlagen und sie bis zum 25. Mai 2018 (Inkrafttreten der GDPR) der Kommission mitteilen. Die Entwicklung moderner digitaler Ökonomie beruht auf schneller Entwicklung der Informations- und Kommunikationstechnologie, aber gleichzeitig schafft sie neue Herausforderungen und Gefahren für den Schutz personenbezogener Daten. Die Datenverarbeitung, insbesondere die Verarbeitung personenbezogener Daten, neue IT-Tools und digitale Märkte haben das Bedürfnis nach Erhöhung des Schutzes personenbezogener Daten bei neuen digitalen Produkten und Diensten geweckt. Die Lösung dazu wurde in der neuen Reform des europäischen Datenschutzrahmens angeboten, welcher groβe Änderungen im Bereich der Verarbeitung personenbezogener Daten einführt und wird direkt an alle mit personenbezogenen Daten der EU-Bürger verfügenden Vereinigungen angewandt. Ebenfalls führt die GDPR wesentliche Änderungen in den Regeln zur Definierung personenbezogener Daten ein und definiert sowohl neue Begriffe als auch die schon bekannten Begriffe der Angleichung, Planung, Umsetzung, Aufrechterhaltung der Angleichung und Auswirkungsbewertung. In manchen Fällen sollten die Vereinigungen den Datenschutzbeauftragten (DPO – Data Protection Officer) ernennen, der direkt den höchsten Managementebene berichtet. Stiftungen und Unternehmen müssen die Angleichung bis zum 25. Mai 2018 beenden, wenn die GDPR in allen EU-Mitgliedstaaten in Kraft tritt. Diese Arbeit stellt die Bestimmungen und die Anwendung der neuen Verordnung (EU) zum Schutz personenbezogener Daten sowie auch die Bestimmungen des öffentlichen und privaten Sektors zur GDPR-Umsetzung unter besonderer Berücksichtigung der Bewertung ihrer Auswirkung dar. Neue Regeln werden zum europäischen Datenschutzrahmen beitragen, indem sie die neue Definition personenbezogener Daten einführen und uneinheitliche nationale Gesetze ersetzen, alles mit dem Ziel den Datenschutz und die Rechtssicherheit in der Zeit der ständig fortschreitenden Entwicklung digitaler Ökonomie zu erhöhen.Dopo più di sette anni dalla proposta iniziale e dopo quattro anni di trattative, finalmente nell’aprile del 2016 è stato emanato il nuovo quadro normativo in materia di protezione dei dati personali. Il Regolamento UE sulla protezione dei dati personali 2016/679 o anche noto come GDPR (General Data Protection Regulation) sostituisce l’attuale direttiva UE e si applica direttamente in tutti gli Stati Membri dell’UE. Tuttavia, viene lasciata ai singoli legislatori nazionali la possibilità di adeguamento di alcune parti fino al 25 maggio 2018, data in cui il GDPR entrerà in vigore! Il presupposto fondamentale dello sviluppo dell’economia digitale contemporanea si basa sullo sviluppo delle tecnologie dell’informazione e della comunicazione; al tempo stesso, ciò crea nuove sfide e nuove insidie per la privacy e per la protezione dei dati personali. Il trattamento dei dati, in particolare dei dati personali, come i nuovi strumenti IT ed il mercato digitale, impongono la necessità di un innalzamento della protezione della privacy nell’ambito dei nuovi prodotti e dei servizi digitali. La soluzione è indicata nella nuova riforma UE nell’ambito della protezione dei dati personali, la quale introduce grandi cambiamenti nel modo di amministrare i dati personali, applicandosi direttamente a tutte le organizzazioni che dispongono di dati personali dei cittadini dell’Unione europea. Altresì, il GDPR porta con sé significativi cambiamenti nelle regole che determinano i dati personali e definisce le nuove nozioni, come pure l’adeguamento ed il suo mantenimento, la pianificazione, l’attuazione e la valutazione degli effetti. In alcuni casi le organizzazioni dovranno nominare un responsabile qualificato per la protezione dei dati personali (DPO – Data Protection Officer) il quale risponderà direttamente all’amministrazione. Gli enti e le società hanno l’obbligo di concludere l’adeguamento entro il 25 maggio 2018, quando il GDPR entra in vigore nell’intera Unione europea. In questo lavoro gli autori presenteranno le disposizioni e l’applicazione del nuovo Regolamento UE sulla protezione dei dati personali ed illustreranno le disposizioni rilevanti tanto nel settore pubblico, che in quello privato in occasione dell’applicazione del GDPR, prestando attenzione alla valutazione dell’efficacia che garantirà un quadro moderno per la protezione dei dati in Europa. Le nuove regole porranno il fondamento per la legislazione europea sulla protezione dei dati personali, sostituendo le attuali contradditorie legislazioni nazionali al fine di innalzare la soglia della protezione dei dati personali, come anche di aumentare la certezza del diritto nella crescente economia digitale