MixColumns Coefficient Property and Security of the AES with A Secret S-Box

The MixColumns operation is an important component providing diffusion for the AES. The branch number of it ensures that any continuous four rounds of the AES have at least 25 active S-Boxes, which makes the AES secure against the differential and linear cryptanalysis. However, the choices of the coefficients of the MixColumns matrix may undermine the AES security against some novel-type attacks. A particular property of the AES MixColumns matrix coefficient has been noticed in recent papers that \emph{each row or column of the matrix has elements that sum to zero}. Several attacks have been developed taking advantage of the coefficient property. In this paper we investigate further the influence of the specific coefficient property on the AES security. Our target, which is also one of the targets of the previous works, is a 5-round AES variant with a secret S-Box. We will show how we take advantage of the coefficient property to extract the secret key directly without any assistance of the S-Box information. Compared with the previous similar attacks, the present attacks here are the best in terms of the complexity under the chosen-plaintext scenario

ASSESSING AND IMPROVING THE RELIABILITY AND SECURITY OF CIRCUITS AFFECTED BY NATURAL AND INTENTIONAL FAULTS

The reliability and security vulnerability of modern electronic systems have emerged as concerns due to the increasing natural and intentional interferences. Radiation of high-energy charged particles generated from space environment or packaging materials on the substrate of integrated circuits results in natural faults. As the technology scales down, factors such as critical charge, voltage supply, and frequency change tremendously that increase the sensitivity of integrated circuits to natural faults even for systems operating at sea level. An attacker is able to simulate the impact of natural faults and compromise the circuit or cause denial of service. Therefore, instead of utilizing different approaches to counteract the effect of natural and intentional faults, a unified countermeasure is introduced. The unified countermeasure thwarts the impact of both reliability and security threats without paying the price of more area overhead, power consumption, and required time. This thesis first proposes a systematic analysis method to assess the probability of natural faults propagating the circuit and eventually being latched. The second part of this work focuses on the methods to thwart the impact of intentional faults in cryptosystems. We exploit a power-based side-channel analysis method to analyze the effect of the existing fault detection methods for natural faults on fault attack. Countermeasures for different security threats on cryptosystems are investigated separately. Furthermore, a new micro-architecture is proposed to thwart the combination of fault attacks and side-channel attacks, reducing the fault bypass rate and slowing down the key retrieval speed. The third contribution of this thesis is a unified countermeasure to thwart the impact of both natural faults and attacks. The unified countermeasure utilizes dynamically alternated multiple generator polynomials for the cyclic redundancy check (CRC) codec to resist the reverse engineering attack

Balanced Encoding of Near-Zero Correlation for an AES Implementation

Power analysis poses a significant threat to the security of cryptographic algorithms, as it can be leveraged to recover secret keys. While various software-based countermeasures exist to mitigate this non-invasive attack, they often involve a trade-off between time and space constraints. Techniques such as masking and shuffling, while effective, can noticeably impact execution speed and rely heavily on run-time random number generators. On the contrary, internally encoded implementations of block ciphers offer an alternative approach that does not rely on run-time random sources, but it comes with the drawback of requiring substantial memory space to accommodate lookup tables. Internal encoding, commonly employed in white-box cryptography, suffers from a security limitation as it does not effectively protect the secret key against statistical analysis. To overcome this weakness, this paper introduces a secure internal encoding method for an AES implementation. By addressing the root cause of vulnerabilities found in previous encoding methods, we propose a balanced encoding technique that aims to minimize the problematic correlation with key-dependent intermediate values. We analyze the potential weaknesses associated with the balanced encoding and present a method that utilizes complementary sets of lookup tables. In this approach, the size of the lookup tables is approximately 512KB, and the number of table lookups is 1,024. This is comparable to the table size of non-protected white-box AES-128 implementations, while requiring only half the number of lookups. By adopting this method, our aim is to introduce a non-masking technique that mitigates the vulnerability to statistical analysis present in current internally-encoded AES implementations.Comment: 36 pages, 17 figures, submitte

Practical Low Data-Complexity Subspace-Trail Cryptanalysis of Round-Reduced PRINCE

Subspace trail cryptanalysis is a very recent new cryptanalysis technique, and includes differential, truncated differential, impossible differential, and integral attacks as special cases. In this paper, we consider PRINCE, a widely analyzed block cipher proposed in 2012. After the identification of a 2.5 rounds subspace trail of PRINCE, we present several (truncated differential) attacks up to 6 rounds of PRINCE. This includes a very practical attack with the lowest data complexity of only 8 plaintexts for 4 rounds, which co-won the final round of the PRINCE challenge in the 4-round chosen-plaintext category. The attacks have been verified using a C implementation. Of independent interest, we consider a variant of PRINCE in which ShiftRows and MixLayer operations are exchanged in position. In particular, our result shows that the position of ShiftRows and MixLayer operations influences the security of PRINCE. The same analysis applies to follow-up designs inspired by PRINCE

Side Channel Leakage Analysis - Detection, Exploitation and Quantification

Nearly twenty years ago the discovery of side channel attacks has warned the world that security is more than just a mathematical problem. Serious considerations need to be placed on the implementation and its physical media. Nowadays the ever-growing ubiquitous computing calls for in-pace development of security solutions. Although the physical security has attracted increasing public attention, side channel security remains as a problem that is far from being completely solved. An important problem is how much expertise is required by a side channel adversary. The essential interest is to explore whether detailed knowledge about implementation and leakage model are indispensable for a successful side channel attack. If such knowledge is not a prerequisite, attacks can be mounted by even inexperienced adversaries. Hence the threat from physical observables may be underestimated. Another urgent problem is how to secure a cryptographic system in the exposure of unavoidable leakage. Although many countermeasures have been developed, their effectiveness pends empirical verification and the side channel security needs to be evaluated systematically. The research in this dissertation focuses on two topics, leakage-model independent side channel analysis and security evaluation, which are described from three perspectives: leakage detection, exploitation and quantification. To free side channel analysis from the complicated procedure of leakage modeling, an observation to observation comparison approach is proposed. Several attacks presented in this work follow this approach. They exhibit efficient leakage detection and exploitation under various leakage models and implementations. More importantly, this achievement no longer relies on or even requires precise leakage modeling. For the security evaluation, a weak maximum likelihood approach is proposed. It provides a quantification of the loss of full key security due to the presence of side channel leakage. A constructive algorithm is developed following this approach. The algorithm can be used by security lab to measure the leakage resilience. It can also be used by a side channel adversary to determine whether limited side channel information suffices the full key recovery at affordable expense

An Efficient Image Encryption Using a Dynamic, Nonlinear and Secret Diffusion Scheme

تقدم هذه الورقة مخطط نشر سري جديد يسمى نظام التشفير بالمجموعة (RKP) والذي يرتكز على أساس التقليب غير الخطي، الديناميكي والعشوائي لتشفير الصور حسب الكتلة، حيث تعتبر الصور بيانات معينة بسبب حجمها ومعلوماتها، والتي هي ذات طبيعة ثنائية الأبعاد وتتميز بالتكرار العالي والارتباط القوي. أولاً، يتم حساب جدول التقليب وفقًا للمفتاح الرئيسي والمفاتيح الفرعية. ثانيًا، سيتم إجراء خلط وحدات البكسل لكل كتلة سيتم تشفيرها وفقًا لجدول التقليب. بعد ذلك، نستخدم خوارزمية تشفير AES في نظام التشفير عن طريق استبدال التقليب الخطي لمرحلة تحول الصفوف، بالتناوب غير الخطي والسري لمخطط RKP؛ هذا التغيير يجعل نظام التشفير يعتمد على المفتاح السري ويسمح لكلاهما باحترام نظرية شانون الثانية ومبدأ كيرشوف. يوضح تحليل الأمان لنظام التشفير أن مخطط الانتشار المقترح لـ RKP يعزز حصن خوارزمية التشفير، كما يمكن ملاحظته في الانتروبيا والقيم الأخرى التي تم الحصول عليها. النتائج التجريبية التي تحصلنا عليها من خلال التحليل المفصل اثبتت أن التعديل الذي تم إجراؤه عن طريق استخدام التقنية المقترحة يعزز حصن خوارزمية التشفير، كما يمكن ملاحظته في إنتروبيا والقيم الأخرى التي تم الحصول عليها.The growing use of tele This paper presents a new secret diffusion scheme called Round Key Permutation (RKP) based on the nonlinear, dynamic and pseudorandom permutation for encrypting images by block, since images are considered particular data because of their size and their information, which are two-dimensional nature and characterized by high redundancy and strong correlation. Firstly, the permutation table is calculated according to the master key and sub-keys. Secondly, scrambling pixels for each block to be encrypted will be done according the permutation table. Thereafter the AES encryption algorithm is used in the proposed cryptosystem by replacing the linear permutation of ShiftRows step with the nonlinear and secret permutation of RKP scheme; this change makes the encryption system depend on the secret key and allows both to respect the second Shannon’s theory and the Kerckhoff principle. Security analysis of cryptosystem demonstrates that the proposed diffusion scheme of RKP enhances the fortress of encryption algorithm, as can be observed in the entropy and other obtained values. communications implementing electronic transfers of personal data, require reliable techniques and secure. In fact, the use of a communication network exposes exchanges to certain risks, which require the existence of adequate security measures. The data encryption is often the only effective way to meet these requirements. This paper present a cryptosystem by block for encrypting images, as images are considered particular data because of their size and their information, which are two dimensional nature and characterized by high redundancy and strong correlation. In this cryptosystem, we used a new dynamic diffusion technique called round key permutation, which consists to permute pixels of each bloc in a manner nonlinear, dynamic and random using permutation table calculated according to the master key and sub-keys. We use thereafter the AES encryption algorithm in our cryptosystem by replacing the linear permutation of ShiftRows with round key permutation technique; this changing makes the encryption scheme depend on encryption key. Security analysis of cryptosystem demonstrate that the modification made on using the proposed technique of Round Key Permutation enhances the fortress of encryption  algorithm,  as can be observed in the entropy and other obtained values