PICO : An Ultra Lightweight and Low Power Encryption Design for Ubiquitous Computing

An ultra-lightweight, a very compact block cipher ‘PICO’ is proposed. PICO is a substitution and permutation based network, which operates on a 64 bit plain text and supports a key length of 128 bits. It has a compact structure and requires 1877 GEs. Its innovative design helps to generate a large number of active S - boxes in fewer rounds which can thwart the linear and differential attacks on the cipher. PICO shows good performance on both the hardware and the software platforms. PICO consumes only 2504 bytes of Flash memory which is less than the ultra-lightweight cipher PRESENT. PICO has a very strong substitution layer (S-box) which not only makes the design robust but also introduces a great avalanche effect. PICO has a strong and compact key scheduling which is motivated by the latest cipher SPECK designed by NSA. PICO consumes 28 mW of dynamic power which is less than the PRESENT cipher (38 mW). The security analysis of PICO and its performance as an ultra-lightweight cipher are presented.

An overview of memristive cryptography

Smaller, smarter and faster edge devices in the Internet of things era demands secure data analysis and transmission under resource constraints of hardware architecture. Lightweight cryptography on edge hardware is an emerging topic that is essential to ensure data security in near-sensor computing systems such as mobiles, drones, smart cameras, and wearables. In this article, the current state of memristive cryptography is placed in the context of lightweight hardware cryptography. The paper provides a brief overview of the traditional hardware lightweight cryptography and cryptanalysis approaches. The contrast for memristive cryptography with respect to traditional approaches is evident through this article, and need to develop a more concrete approach to developing memristive cryptanalysis to test memristive cryptographic approaches is highlighted.Comment: European Physical Journal: Special Topics, Special Issue on "Memristor-based systems: Nonlinearity, dynamics and applicatio

Cryptanalysis of Block Ciphers with New Design Strategies

Block ciphers are among the mostly widely used symmetric-key cryptographic primitives, which are fundamental building blocks in cryptographic/security systems. Most of the public-key primitives are based on hard mathematical problems such as the integer factorization in the RSA algorithm and discrete logarithm problem in the DiffieHellman. Therefore, their security are mathematically proven. In contrast, symmetric-key primitives are usually not constructed based on well-defined hard mathematical problems. Hence, in order to get some assurance in their claimed security properties, they must be studied against different types of cryptanalytic techniques. Our research is dedicated to the cryptanalysis of block ciphers. In particular, throughout this thesis, we investigate the security of some block ciphers constructed with new design strategies. These new strategies include (i) employing simple round function, and modest key schedule, (ii) using another input called tweak rather than the usual two inputs of the block ciphers, the plaintext and the key, to instantiate different permutations for the same key. This type of block ciphers is called a tweakable block cipher, (iii) employing linear and non-linear components that are energy efficient to provide low energy consumption block ciphers, (iv) employing optimal diffusion linear transformation layer while following the AES-based construction to provide faster diffusion rate, and (v) using rather weak but larger S-boxes in addition to simple linear transformation layers to provide provable security of ARX-based block ciphers against single characteristic differential and linear cryptanalysis. The results presented in this thesis can be summarized as follows: Initially, we analyze the security of two lightweight block ciphers, namely, Khudra and Piccolo against Meet-in-the-Middle (MitM) attack based on the Demirci and Selcuk approach exploiting the simple design of the key schedule and round function. Next, we investigate the security of two tweakable block ciphers, namely, Kiasu-BC and SKINNY. According to the designers, the best attack on Kiasu-BC covers 7 rounds. However, we exploited the tweak to present 8-round attack using MitM with efficient enumeration cryptanalysis. Then, we improve the previous results of the impossible differential cryptanalysis on SKINNY exploiting the tweakey schedule and linear transformation layer. Afterwards, we study the security of new low energy consumption block cipher, namely, Midori128 where we present the longest impossible differential distinguishers that cover complete 7 rounds. Then, we utilized 4 of these distinguishers to launch key recovery attack against 11 rounds of Midori128 to improve the previous results on this cipher using the impossible differential cryptanalysis. Then, using the truncated differential cryptanalysis, we are able to attack 13 rounds of Midori128 utilizing a 10-round differential distinguisher. We also analyze Kuznyechik, the standard Russian federation block cipher, against MitM with efficient enumeration cryptanalysis where we improve the previous results on Kuznyechik, using MitM attack with efficient enumeration, by presenting 6-round attack. Unlike the previous attack, our attack exploits the exact values of the coefficients of the MDS transformation that is used in the cipher. Finally, we present key recovery attacks using the multidimensional zero-correlation cryptanalysis against SPARX-128, which follows the long trail design strategy, to provide provable security of ARX-based block ciphers against single characteristic differential and linear cryptanalysis

Probabilistic Related-Key Statistical Saturation Cryptanalysis

The related-key statistical saturation (RKSS) attack is a cryptanalysis method proposed by Li et al. at FSE 2019. It can be seen as the extension of previous statistical saturation attacks under the related-key setting. The attack takes advantage of a set of plaintexts with some bits fixed, while the other bits take all possible values, and considers the relation between the value distributions of a part of the ciphertext bits generated under related keys. Usually, RKSS distinguishers exploit the property that the value distribution stays invariant under the modification of the key. However, this property can only be deterministically verified if the plaintexts cover all possible values of a selection of bits. In this paper, we propose the probabilistic RKSS cryptanalysis which avoids iterating over all non-fixed plaintext bits by applying a statistical method on top of the original RKSS distinguisher. Compared to the RKSS attack, this newly proposed attack has a significantly lower data complexity and has the potential of attacking more rounds. As an illustration, for reduced-round Piccolo, we obtain the best key recovery attacks (considering both pre- and post-whitening keys) on both versions in terms of the number of rounds. Note that these attacks do not threaten the full-round security of Piccolo

Improved Biclique Cryptanalysis of the Lightweight Block Cipher Piccolo

Biclique cryptanalysis is a typical attack through finding a biclique which is a type of bipartite diagram to reduce the computational complexity. By investigating the subkey distribution and the encryption structure, we find out a weakness in the key schedule of Piccolo-80. A 6-round biclique is constructed for Piccolo-80 and a 7-round biclique for Piccolo-128. Then a full round biclique cryptanalysis of Piccolo is presented. The results of the attacks are with data complexity of 240 and 224 chosen ciphertexts and with computational complexity of 279.22 and 2127.14, respectively. They are superior to other known results of biclique cryptanalytic on Piccolo

Low Data Complexity Biclique Cryptanalysis of Block Ciphers with Application to Piccolo and HIGHT

In this paper, we present a framework for biclique cryptanalysis of block ciphers with an extremely low data complexity. To that end, we enjoy a new representation of biclique attack. Then an algorithm for choosing two dierential characteristics is also presented to simultaneously minimize the data complexity and control the computational complexity. Then we characterize those block ciphers that are vulnerable to this technique and among them, we apply this attack on lightweight block ciphers Piccolo-80, Piccolo-128 and HIGHT. The data complexities of these attacks are considerably less than the existing results. For full-round Piccolo-80 and 128, the data complexity of the attacks are only 16 plaintext-ciphertext pairs and for full-round HIGHT our attack requires 256 pairs. In all attacks the computational complexity remains the same as the previous ones or even it is slightly improved

GRANULE: An Ultra lightweight cipher design for embedded security

In this paper we proposed an ultra-lightweight cipher GRANULE. It is based on Feistel network which encrypts 64 bits of data with 80/128 bits of key. GRANULE needs very less memory space as compared to existing lightweight ciphers .GRANULE needs 1288 GEs for 80 bit and 1577 GEs for 128 bit key size. It also shows good resistance against linear and differential cryptanalysis. GRANULE needs very small footprint area and provides robust secure design which thwart attacks like biclique attack, zero correlation attack, meet in the middle attack ,key schedule attack and key collision attack. GRANULE is having a strong S-box which is the key designing aspect in any cipher design. In this paper GRANULE is proposed with 32 rounds which are enough to provide resistance against all possible types of attacks. GRANULE consumes very less power as compared to other modern lightweight ciphers. We believe GRANULE cipher is the best suited cipher for providing robust security in applications like IoT