171 research outputs found

    Cryptanalysis of Block Ciphers

    Get PDF
    The block cipher is one of the most important primitives in modern cryptography, information and network security; one of the primary purposes of such ciphers is to provide confidentiality for data transmitted in insecure communication environments. To ensure that confidentiality is robustly provided, it is essential to investigate the security of a block cipher against a variety of cryptanalytic attacks. In this thesis, we propose a new extension of differential cryptanalysis, which we call the impossible boomerang attack. We describe the early abort technique for (related-key) impossible differential cryptanalysis and rectangle attacks. Finally, we analyse the security of a number of block ciphers that are currently being widely used or have recently been proposed for use in emerging cryptographic applications; our main cryptanalytic results are as follows. An impossible differential attack on 7-round AES when used with 128 or 192 key bits, and an impossible differential attack on 8-round AES when used with 256 key bits. An impossible boomerang attack on 6-round AES when used with 128 key bits, and an impossible boomerang attack on 7-round AES when used with 192 or 256 key bits. A related-key impossible boomerang attack on 8-round AES when used with 192 key bits, and a related-key impossible boomerang attack on 9-round AES when used with 256 key bits, both using two keys. An impossible differential attack on 11-round reduced Camellia when used with 128 key bits, an impossible differential attack on 12-round reduced Camellia when used with 192 key bits, and an impossible differential attack on 13-round reduced Camellia when used with 256 key bits. A related-key rectangle attack on the full Cobra-F64a, and a related-key differential attack on the full Cobra-F64b. A related-key rectangle attack on 44-round SHACAL-2. A related-key rectangle attack on 36-round XTEA. An impossible differential attack on 25-round reduced HIGHT, a related-key rectangle attack on 26-round reduced HIGHT, and a related-key impossible differential attack on 28-round reduced HIGHT. In terms of either the attack complexity or the numbers of attacked rounds, the attacks presented in the thesis are better than any previously published cryptanalytic results for the block ciphers concerned, except in the case of AES; for AES, the presented impossible differential attacks on 7-round AES used with 128 key bits and 8-round AES used with 256 key bits are the best currently published results on AES in a single key attack scenario, and the presented related-key impossible boomerang attacks on 8-round AES used with 192 key bits and 9-round AES used with 256 key bits are the best currently published results on AES in a related-key attack scenario involving two keys

    Survey and Benchmark of Block Ciphers for Wireless Sensor Networks

    Get PDF
    Cryptographic algorithms play an important role in the security architecture of wireless sensor networks (WSNs). Choosing the most storage- and energy-efficient block cipher is essential, due to the facts that these networks are meant to operate without human intervention for a long period of time with little energy supply, and that available storage is scarce on these sensor nodes. However, to our knowledge, no systematic work has been done in this area so far.We construct an evaluation framework in which we first identify the candidates of block ciphers suitable for WSNs, based on existing literature and authoritative recommendations. For evaluating and assessing these candidates, we not only consider the security properties but also the storage- and energy-efficiency of the candidates. Finally, based on the evaluation results, we select the most suitable ciphers for WSNs, namely Skipjack, MISTY1, and Rijndael, depending on the combination of available memory and required security (energy efficiency being implicit). In terms of operation mode, we recommend Output Feedback Mode for pairwise links but Cipher Block Chaining for group communications

    Multidimensional Zero-Correlation Linear Cryptanalysis of the Block Cipher KASUMI

    Full text link
    The block cipher KASUMI is widely used for security in many synchronous wireless standards. It was proposed by ETSI SAGE for usage in 3GPP (3rd Generation Partnership Project) ciphering algorthms in 2001. There are a great deal of cryptanalytic results on KASUMI, however, its security evaluation against the recent zero-correlation linear attacks is still lacking so far. In this paper, we select some special input masks to refine the general 5-round zero-correlation linear approximations combining with some observations on the FLFL functions and then propose the 6-round zero-correlation linear attack on KASUMI. Moreover, zero-correlation linear attacks on the last 7-round KASUMI are also introduced under some weak keys conditions. These weak keys take 2142^{-14} of the whole key space. The new zero-correlation linear attack on the 6-round needs about 2852^{85} encryptions with 262.82^{62.8} known plaintexts. For the attack under weak keys conditions on the last 7 round, the data complexity is about 262.12^{62.1} known plaintexts and the time complexity 2110.52^{110.5} encryptions

    Improved Results on Impossible Differential Cryptanalysis of Reduced-Round Camellia-192/256

    Get PDF
    As an international standard adopted by ISO/IEC, the block cipher Camellia has been used in various cryptographic applications. In this paper, we reevaluate the security of Camellia against impossible differential cryptanalysis. Specifically, we propose several 7-round impossible differentials with the FL/FL1FL/FL^{-1} layers. Based on them, we mount impossible differential attacks on 11-round Camellia-192 and 12-round Camellia-256. The data complexities of our attacks on 11-round Camellia-192 and 12-round Camellia-256 are about 21202^{120} chosen plaintexts and 2119.82^{119.8} chosen plaintexts, respectively. The corresponding time complexities are approximately 2167.12^{167.1} 11-round encryptions and 2220.872^{220.87} 12-round encryptions. As far as we know, our attacks are 216.92^{16.9} times and 219.132^{19.13} times faster than the previously best known ones but have slightly more data

    Multidimensional zero-correlation attacks on lightweight block cipher HIGHT: Improved cryptanalysis of an ISO standard

    Get PDF
    AbstractHIGHT is a block cipher designed in Korea with the involvement of Korea Information Security Agency. It was proposed at CHES 2006 for usage in lightweight applications such as sensor networks and RFID tags. Lately, it has been adopted as ISO standard. Though there is a great deal of cryptanalytic results on HIGHT, its security evaluation against the recent zero-correlation linear attacks is still lacking. At the same time, the Feistel-type structure of HIGHT suggests that it might be susceptible to this type of cryptanalysis. In this paper, we aim to bridge this gap.We identify zero-correlation linear approximations over 16 rounds of HIGHT. Based upon those, we attack 27-round HIGHT (round 4 to round 30) with improved time complexity and practical memory requirements. This attack of ours is the best result on HIGHT to date in the classical single-key setting. We also provide the first attack on 26-round HIGHT (round 4 to round 29) with the full whitening key

    New Impossible Differential Attacks on Camellia

    Get PDF
    Camellia is one of the most worldwide used block ciphers, which has been selected as a standard by ISO/IEC. In this paper, we propose several new 7-round impossible differentials of Camellia with 2 FL/FL1FL/FL^{-1} layers, which turn out to be the first 7-round impossible differentials with 2 FL/FL1FL/FL^{-1} layers. Combined with some basic techniques including the early abort approach and the key schedule consideration, we achieve the impossible differential attacks on 11-round Camellia-128, 11-round Camellia-192, 12-round Camellia-192, and 14-round Camellia-256, and the time complexity are 2123.62^{123.6}, 2121.72^{121.7}, 2171.42^{171.4} and 2238.22^{238.2} respectively. As far as we know, these are the best results against the reduced-round variants of Camellia. Especially, we give the first attack on 11-round Camellia-128 reduced version with FL/FL1FL/FL^{-1} layers

    Improved Meet-in-the-Middle Attacks on Reduced-Round Camellia-192/256

    Get PDF
    Camellia is one of the widely used block ciphers, which has been selected as an international standard by ISO/IEC. In this paper, we focus on the key-recovery attacks on reduced-round Camellia-192/256 with meet-in-the-middle methods. We utilize multiset and the differential enumeration methods which are popular to analyse AES in the recent to attack Camellia-192/256. We propose a 7-round property for Camellia-192, and achieve a 12-round attack with 21802^{180} encryptions, 21132^{113} chosen plaintexts and 21302^{130} 128-bit memories. Furthermore, we present an 8-round property for Camellia-256, and apply it to break the 13-round Camellia-256 with 2232.72^{232.7} encryptions, 21132^{113} chosen ciphertexts and 22272^{227} 128-bit memories

    SoK: Security Evaluation of SBox-Based Block Ciphers

    Get PDF
    Cryptanalysis of block ciphers is an active and important research area with an extensive volume of literature. For this work, we focus on SBox-based ciphers, as they are widely used and cover a large class of block ciphers. While there have been prior works that have consolidated attacks on block ciphers, they usually focus on describing and listing the attacks. Moreover, the methods for evaluating a cipher\u27s security are often ad hoc, differing from cipher to cipher, as attacks and evaluation techniques are developed along the way. As such, we aim to organise the attack literature, as well as the work on security evaluation. In this work, we present a systematization of cryptanalysis of SBox-based block ciphers focusing on three main areas: (1) Evaluation of block ciphers against standard cryptanalytic attacks; (2) Organisation and relationships between various attacks; (3) Comparison of the evaluation and attacks on existing ciphers
    corecore