Self-synchronizing stream ciphers and dynamical systems: state of the art and open issues

International audienceDynamical systems play a central role in the design of symmetric cryptosystems. Their use has been widely investigated both in ''chaos-based'' private communications and in stream ciphers over finite fields. In the former case, they get the form of automata named as Moore or Mealy machines. The main charateristic of stream ciphers lies in that they require synchronization of complex sequences generated by the dynamical systems involved at the transmitter and the receiver part. In this paper, we focus on a special class of symmetric ciphers, namely the Self-Synchronizing Stream Ciphers. Indeed, such ciphers have not been seriously explored so far although they get interesting properties of synchronization which could make them very appealing in practice. We review and compare different design approaches which have been proposed in the open literature and fully-specified algorithms are detailed for illustration purpose. Open issues related to the validation and the implementation of Self-Synchronizing Stream Ciphers are developped. We highlight the reason why some concepts borrowed from control theory appear to be useful to this end

Security proof of the canonical form of self-synchronizing stream ciphers

International audienceThis paper studies the security level expected by the canon-ical form of the Self-Synchronizing Stream Cipher (SSSC). A SSSC can be viewed as the combination of a shift register together with a filtering function. The maximum security of such a cipher is reached when the filtering function is random. However, in practice, Pseudo Random Functions (PRF) are used as filtering functions. In this case, we show that the security against chosen ciphertext attacks (IND-CCA security) cannot be reached for the canonical form of the SSSC, but it is however secure against chosen plaintext attacks (IND-CPA secure). Then, a weaker property than pseudo-randomness is introduced in order to characterize the security of the canonical SSSC from its filtering function. A connection with the left-or-right indistinguishability (LOR-IND) is made. This property provides a necessary and sufficient condition to characterize the indistinguishablity of SSSC

Towards a spectral approach for the design of self-synchronizing stream ciphers

International audienceThis paper addresses the problem of characterizing the func- tions that can be used in the design of self-synchronizing stream ciphers. We propose a general framework based on a spectral characterization through correlation matrices or equivalently through Walsh matrices. Two modes of self-synchronization are discussed: the finite time one and the statistical one

Self-synchronizing stream ciphers and dynamical systems: state of the art and open issues

Dynamical systems play a central role in the design of symmetric cryptosystems. Their use has been widely investigated both in "chaos-based" private communications and in stream ciphers over finite fields. In the former case, they get the form of automata named as Moore or Mealy machines. The main charateristic of stream ciphers lies in that they require synchronization of complex sequences generated by the dynamical systems involved at the transmitter and the receiver part. In this paper, we focus on a special class of symmetric ciphers, namely the SelfSynchronizing Stream Ciphers. Indeed, such ciphers have not been seriously explored so far although they get interesting properties of synchronization which could make them very appealing in practice. We review and compare different design approaches which have been proposed in the open literature and fully-specified algorithms are detailed for illustration purpose. Open issues related to the validation and the implementation of Self-Synchronizing Stream Ciphers are developped. We highlight the reason why some concepts borrowed from control theory appear to be useful to this end

On the Design and Analysis of Stream Ciphers

This thesis presents new cryptanalysis results for several different stream cipher constructions. In addition, it also presents two new stream ciphers, both based on the same design principle. The first attack is a general attack targeting a nonlinear combiner. A new class of weak feedback polynomials for linear feedback shift registers is identified. By taking samples corresponding to the linear recurrence relation, it is shown that if the feedback polynomial has taps close together an adversary to take advantage of this by considering the samples in a vector form. Next, the self-shrinking generator and the bit-search generator are analyzed. Both designs are based on irregular decimation. For the self-shrinking generator, it is shown how to recover the internal state knowing only a few keystream bits. The complexity of the attack is similar to the previously best known but uses a negligible amount of memory. An attack requiring a large keystream segment is also presented. It is shown to be asymptotically better than all previously known attacks. For the bit-search generator, an algorithm that recovers the internal state is given as well as a distinguishing attack that can be very efficient if the feedback polynomial is not carefully chosen. Following this, two recently proposed stream cipher designs, Pomaranch and Achterbahn, are analyzed. Both stream ciphers are designed with small hardware complexity in mind. For Pomaranch Version 2, based on an improvement of previous analysis of the design idea, a key recovery attack is given. Also, for all three versions of Pomaranch, a distinguishing attack is given. For Achterbahn, it is shown how to recover the key of the latest version, known as Achterbahn-128/80. The last part of the thesis introduces two new stream cipher designs, namely Grain and Grain-128. The ciphers are designed to be very small in hardware. They also have the distinguishing feature of allowing users to increase the speed of the ciphers by adding extra hardware

Synchronization of Boolean Dynamical Systems: a Spectral Characterization

International audienceIn this paper a spectral characterization of the synchronization property of Boolean dynamical systems is provided. Conditions on the spectrum of the next-state function are derived for two systems coupled in a unidirectional way - also called master-slave configuration - to guarantee self-synchronization. Two kinds of self-synchronization are discussed: the statistical one and the finite one. Next, some conditions are stated for a specific input sequence to allow the system to be self-synchronizing. Some of the results are based on the notion of influence of variables, a notion that is extended to vectorial Boolean functions for the purpose of the paper. A potential application to cryptography is finally given

Self-synchronized Encryption for Physical Layer in 10Gbps Optical Links

In this work a new self-synchronized encryption method for 10 Gigabit optical links is proposed and developed. Necessary modifications to introduce this kind of encryption in physical layers based on 64b/66b encoding, such as 10GBase-R, have been considered. The proposed scheme encrypts directly the 64b/66b blocks by using a symmetric stream cipher based on an FPE (Format Preserving Encryption) block cipher operating in PSCFB (Pipelined Statistical Cipher Feedback) mode. One of the main novelties in this paper is the security analysis done for this mode. For the first time, an expression for the IND-CPA (Indistinguishability under Chosen-Plaintext Attack) advantage of any adversary over this scheme has been derived. Moreover, it has been concluded that this mode can be considered secure in the same way of traditional modes are. In addition, the overall system has been simulated and implemented in an FPGA (Field Programmable Gate Array). An encrypted optical link has been tested with Ethernet data frames, concluding that it is possible to cipher traffic at this level, getting maximum throughput and hiding traffic pattern from passive eavesdroppers

09031 Abstracts Collection -- Symmetric Cryptography

From 11.01.09 to 16.01.09, the Seminar 09031 in ``Symmetric Cryptography \u27\u27 was held in Schloss Dagstuhl~--~Leibniz Center for Informatics. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available

Analysis and hardware implementation of synchronization methods for stream ciphers

In this thesis, we investigate two synchronization methods for stream ciphers. The first is statistical cipher feedback (SCFB) mode, which is a recently proposed mode of operation for block ciphers. The other is the marker-based mode, which is the synchronous stream cipher using "marker" to regain synchronization. SCFB mode is a hybrid of OFB mode and CFB mode; hence, it has a high throughput and the capability of self-synchronizing. The marker-based synchronous stream cipher is also able to obtain synchronization under limited circumstances. -- In this thesis, SCFB mode and the marker-based mode are both implemented in digital hardware targeting the FPGA technology. The device we have used is the Xilinx Spartan-3E FPGA. Commonly, SCFB mode is implemented by using the block cipher, AES, as the keystream generator; however, in our research, we use the stream cipher, Grain-128, as the keystream generator for SCFB mode implementation. The designed system structure and synthesis results of the two modes are given in this thesis. Throughout our research, VHDL code and Modelsim PE Student Edition 6.5d are used to design and simulate the functionality of our systems. The behavior level description is synthesized by using Xilinx ISE Webpack 10.1 tool and the .bit stream which is used to configure FPGA board is generated. The designed system is run on the Digilent Nexys II FPGA board and tested. To download the .bit stream on to the FPGA board and transfer data between the computer and FPGA, the Digilent Adept Suite tool is used. -- Through the FPGA hardware implementation, we obtain that SCFB mode configured for a stream cipher, Grain-128, can run at the speed of 89Mbps on a real FPGA and an efficiency of SCFB mode is 100%. The marker-based mode can reach the speed of 113 Mbps and has an efficiency of 94%. Although the system of marker-based mode is a little faster and has less hardware complexity than SCFB mode, it is limited in its synchronization recovery. In contrast, SCFB mode can regain synchronization for any number of bit slips. Hence, SCFB mode is more suitable for high speed physical layer security. -- The performance analysis of SCFB mode and marker-based mode is also provided with respect to characteristics of synchronization recovery delay (SRD) and error propagation factor (EPF). In particular, through the simulation of SRD and EPF versus varying sync patterns, we have found the best sync pattern format for SCFB mode. The best sync patterns are uncorrelated, that is, the shifted version of the sync pattern do not match the bits from the original sync pattern. In our research, we have used the sequence "10000000" as the sync pattern for SCFB mode implementation and as the marker for marker-based synchronous stream cipher implementation