2,012 research outputs found
Linear cryptanalysis of pseudorandom functions
Relatório de projeto de pesquisa.In this paper, we study linear relations propagating across block ciphers from the key input to the ciphertext (for a fixed plaintext block). This is a usual setting of a one-way function, used for instance in modes of operation such as KFB (key feedback). We instantiate the block cipher with the full 16-round DES and -DES, 10-round LOKI91 and 24-round Khufu, for which linear relations with high bias are well known. Other interesting targets include the full 8.5-round IDEA and PES ciphers for which high bias linear relations exist under the assumption of weak keys. Consequences of these findings impact the security of modes of operation such as KFB and of pseudorandom number/bit generators. These analyses were possible due to the linear structure and the poor diffusion of the key schedule algorithms. These findings shall motivate carefull (re)design of current and future key schedule algorithms
Multidimensional linear cryptanalysis
Linear cryptanalysis is an important tool for studying the security of symmetric ciphers. In 1993 Matsui proposed two algorithms, called Algorithm 1 and Algorithm 2, for recovering information about the secret key of a block cipher. The algorithms exploit a biased probabilistic relation between the input and output of the cipher. This relation is called the (one-dimensional) linear approximation of the cipher. Mathematically, the problem of key recovery is a binary hypothesis testing problem that can be solved with appropriate statistical tools.
The same mathematical tools can be used for realising a distinguishing attack against a stream cipher. The distinguisher outputs whether the given sequence of keystream bits is derived from a cipher or a random source. Sometimes, it is even possible to recover a part of the initial state of the LFSR used in a key stream generator.
Several authors considered using many one-dimensional linear approximations simultaneously in a key recovery attack and various solutions have been proposed. In this thesis a unified methodology for using multiple linear approximations in distinguishing and key recovery attacks is presented. This methodology, which we call multidimensional linear cryptanalysis, allows removing unnecessary and restrictive assumptions. We model the key recovery problems mathematically as hypothesis testing problems and show how to use standard statistical tools for solving them. We also show how the data complexity of linear cryptanalysis on stream ciphers and block ciphers can be reduced by using multiple approximations.
We use well-known mathematical theory for comparing different statistical methods for solving the key recovery problems. We also test the theory in practice with reduced round Serpent. Based on our results, we give recommendations on how multidimensional linear cryptanalysis should be used
A Study on the Linear Cryptanalysis of AES Cipher
We have investigated the linear cryptanalysis of AES cipher in this article. As the previous encryption standard DES could be broken by the linear cryptanalysis, NIST decided a new encryption standard AES in 2000. We try to analyze one and two rounds AES cipher by the method of the linear cryptanalysis and learn the limits of this mehtod. AES cipher provides a conspicuous difficulty in breaking its keys because of small bias of its S-box. We report the experimental results of success rate and are led to conclusion that this method would not work well on more than 3 rounds to break keys
Multidimensional Zero-Correlation Linear Cryptanalysis of the Block Cipher KASUMI
The block cipher KASUMI is widely used for security in many synchronous
wireless standards. It was proposed by ETSI SAGE for usage in 3GPP (3rd
Generation Partnership Project) ciphering algorthms in 2001. There are a great
deal of cryptanalytic results on KASUMI, however, its security evaluation
against the recent zero-correlation linear attacks is still lacking so far. In
this paper, we select some special input masks to refine the general 5-round
zero-correlation linear approximations combining with some observations on the
functions and then propose the 6-round zero-correlation linear attack on
KASUMI. Moreover, zero-correlation linear attacks on the last 7-round KASUMI
are also introduced under some weak keys conditions. These weak keys take
of the whole key space.
The new zero-correlation linear attack on the 6-round needs about
encryptions with known plaintexts. For the attack under weak keys
conditions on the last 7 round, the data complexity is about known
plaintexts and the time complexity encryptions
Enhancement of Secrecy of Block Ciphered Systems by Deliberate Noise
This paper considers the problem of end-end security enhancement by resorting
to deliberate noise injected in ciphertexts. The main goal is to generate a
degraded wiretap channel in application layer over which Wyner-type secrecy
encoding is invoked to deliver additional secure information. More
specifically, we study secrecy enhancement of DES block cipher working in
cipher feedback model (CFB) when adjustable and intentional noise is introduced
into encrypted data in application layer. A verification strategy in exhaustive
search step of linear attack is designed to allow Eve to mount a successful
attack in the noisy environment. Thus, a controllable wiretap channel is
created over multiple frames by taking advantage of errors in Eve's
cryptanalysis, whose secrecy capacity is found for the case of known channel
states at receivers. As a result, additional secure information can be
delivered by performing Wyner type secrecy encoding over super-frames ahead of
encryption, namely, our proposed secrecy encoding-then-encryption scheme. These
secrecy bits could be taken as symmetric keys for upcoming frames. Numerical
results indicate that a sufficiently large secrecy rate can be achieved by
selective noise addition.Comment: 11 pages, 8 figures, journa
Recommended from our members
System approach to disparity estimation
A system approach to disparity estimation using dynamic programming is presented. The four step system can calculate a dense correspondence map between a stereo pair with parallel or
nonparallel camera geometry. Results are presented with CCIR 601 format stereo images
Wave-Shaped Round Functions and Primitive Groups
Round functions used as building blocks for iterated block ciphers, both in
the case of Substitution-Permutation Networks and Feistel Networks, are often
obtained as the composition of different layers which provide confusion and
diffusion, and key additions. The bijectivity of any encryption function,
crucial in order to make the decryption possible, is guaranteed by the use of
invertible layers or by the Feistel structure. In this work a new family of
ciphers, called wave ciphers, is introduced. In wave ciphers, round functions
feature wave functions, which are vectorial Boolean functions obtained as the
composition of non-invertible layers, where the confusion layer enlarges the
message which returns to its original size after the diffusion layer is
applied. This is motivated by the fact that relaxing the requirement that all
the layers are invertible allows to consider more functions which are optimal
with regard to non-linearity. In particular it allows to consider injective APN
S-boxes. In order to guarantee efficient decryption we propose to use wave
functions in Feistel Networks. With regard to security, the immunity from some
group-theoretical attacks is investigated. In particular, it is shown how to
avoid that the group generated by the round functions acts imprimitively, which
represent a serious flaw for the cipher
- …