Physical-Layer Security: Combining Error Control Coding and Cryptography

In this paper we consider tandem error control coding and cryptography in the setting of the {\em wiretap channel} due to Wyner. In a typical communications system a cryptographic application is run at a layer above the physical layer and assumes the channel is error free. However, in any real application the channels for friendly users and passive eavesdroppers are not error free and Wyner's wiretap model addresses this scenario. Using this model, we show the security of a common cryptographic primitive, i.e. a keystream generator based on linear feedback shift registers (LFSR), can be strengthened by exploiting properties of the physical layer. A passive eavesdropper can be made to experience greater difficulty in cracking an LFSR-based cryptographic system insomuch that the computational complexity of discovering the secret key increases by orders of magnitude, or is altogether infeasible. This result is shown for two fast correlation attacks originally presented by Meier and Staffelbach, in the context of channel errors due to the wiretap channel model.Comment: 12 pages, 5 figures. Submitted and accepted to the International Conference on Communications (ICC) 2009. v2: equivalent to the version that will be published in the conference proceedings. Has some altered notation from version 1 as well as slight changes in the wording to make the paper more readable and easier to understan

A Secure Random Number Generator with Immunity and Propagation Characteristics for Cryptography Functions

Cryptographic algorithms and functions should possess some of the important functional requirements such as: non-linearity, resiliency, propagation and immunity. Several previous studies were executed to analyze these characteristics of the cryptographic functions specifically for Boolean and symmetric functions. Randomness is a requirement in present cryptographic algorithms and therefore, Symmetric Random Function Generator (SRFG) has been developed. In this paper, we have analysed SRFG based on propagation feature and immunity. Moreover, NIST recommended statistical suite has been tested on SRFG outputs. The test values show that SRFG possess some of the useful randomness properties for cryptographic applications such as individual frequency in a sequence and block-based frequency, long run of sequences, oscillations from 0 to 1 or vice-versa, patterns of bits, gap bits between two patterns, and overlapping block bits. We also analyze the comparison of SRFG and some existing random number generators. We observe that SRFG is efficient for cryptographic operations in terms of propagation and immunity features

Cryptanalysis of LFSR-based Pseudorandom Generators - a Survey

Pseudorandom generators based on linear feedback shift registers (LFSR) are a traditional building block for cryptographic stream ciphers. In this report, we review the general idea for such generators, as well as the most important techniques of cryptanalysis

Primitive Specification for SOBER-128

SOBER-128 joins the SOBER family of stream ciphers, with the added functionality of incorporating a Message Authentication Code generator if required. SOBER-128 draws on the research into the previous SOBER ciphers: the design does not differ significantly from its predecessor SOBER-t32. The biggest change is the replacement of the stuttering with a strengthened non-linear function. SOBER-128 is faster and more secure than SOBER-t32

Comparing Large-unit and Bitwise Linear Approximations of SNOW 2.0 and SNOW 3G and Related Attacks

In this paper, we study and compare the byte-wise and bitwise linear approximations of SNOW 2.0 and SNOW 3G, and present a fast correlation attack on SNOW 3G by using our newly found bitwise linear approximations. On one side, we reconsider the relation between the large-unit linear approximation and the smallerunit/ bitwise ones derived from the large-unit one, showing that approximations on large-unit alphabets have advantages over all the smaller-unit/bitwise ones in linear attacks. But then on the other side, by comparing the byte-wise and bitwise linear approximations of SNOW 2.0 and SNOW 3G respectively, we have found many concrete examples of 8-bit linear approximations whose certain 1-dimensional/bitwise linear approximations have almost the same SEI (Squared Euclidean Imbalance) as that of the original 8-bit ones. That is, each of these byte-wise linear approximations is dominated by a single bitwise approximation, and thus the whole SEI is not essentially larger than the SEI of the dominating single bitwise approximation. Since correlation attacks can be more efficiently implemented using bitwise approximations rather than large-unit approximations, improvements over the large-unit linear approximation attacks are possible for SNOW 2.0 and SNOW 3G. For SNOW 3G, we make a careful search of the bitwise masks for the linear approximations of the FSM and obtain many mask tuples which yield high correlations. By using these bitwise linear approximations, we mount a fast correlation attack to recover the initial state of the LFSR with the time/memory/data/pre-computation complexities all upper bounded by 2174.16, improving slightly the previous best one which used an 8-bit (vectorized) linear approximation in a correlation attack with all the complexities upper bounded by 2176.56. Though not a significant improvement, our research results illustrate that we have an opportunity to achieve improvement over the large-unit attacks by using bitwise linear approximations in a linear approximation attack, and provide a new insight on the relation between large-unit and bitwise linear approximations

On Cryptographic Properties of LFSR-based Pseudorandom Generators

Pseudorandom Generators (PRGs) werden in der modernen Kryptographie verwendet, um einen kleinen Startwert in eine lange Folge scheinbar zufälliger Bits umzuwandeln. Viele Designs für PRGs basieren auf linear feedback shift registers (LFSRs), die so gewählt sind, dass sie optimale statistische und periodische Eigenschaften besitzen. Diese Arbeit diskutiert Konstruktionsprinzipien und kryptanalytische Angriffe gegen LFSR-basierte PRGs. Nachdem wir einen vollständigen Überblick über existierende kryptanalytische Ergebnisse gegeben haben, führen wir den dynamic linear consistency test (DLCT) ein und analysieren ihn. Der DLCT ist eine suchbaum-basierte Methode, die den inneren Zustand eines PRGs rekonstruiert. Wir beschließen die Arbeit mit der Diskussion der erforderlichen Zustandsgröße für PRGs, geben untere Schranken an und Beispiele aus der Praxis, die veranschaulichen, welche Größe sichere PRGs haben müssen

Методи оцінювання та обґрунтування стійкості потокових шифрів відносно статистичних атак на основі алгебраїчно вироджених наближень булевих функцій

У дисертації розв’язано актуальну наукову задачу розробки методів по-будови науково обґрунтованих оцінок стійкості синхронних потокових шиф-рів (СПШ) відносно статистичних атак на основі алгебраїчно вироджених наближень булевих функцій. Отримані нові результати дозволяють на прак-тиці оцінювати і обґрунтовувати стійкість сучасних СПШ, що, зрештою, на-дає можливість суттєво скоротити час проведення експертних досліджень алгоритмів потокового шифрування, призначених для захисту державних інформаційних ресурсів України

Algebraic attacks on certain stream ciphers

To encrypt data streams of arbitrary lengths, keystream generators are used in modern cryptography which transform a secret initial value, called the key, into a long sequence of seemingly random bits. Many designs are based on linear feedback shift registers (LFSRs), which can be constructed in such a way that the output stream has optimal statistical and periodical properties and which can be efficiently implemented in hardware. Particularly prominent is a certain class of LFSR-based keystream generators, called (ι,m)-combiners or simply combiners. The maybe most famous example is the E0 keystream generator deployed in the Bluetooth standard for encryption. To evaluate the combiner’s security, cryptographers adopted an adversary model where the design and some parts of the input and output are known. An attack is a method to derive the key using the given knowledge. In the last decades, several kinds of attacks against LFSR-based keystream generators have been developed. In 2002 a new kind of attacks came up, named ”algebraic attacks”. The basic idea is to model the knowledge by a system of equation whose solution is the secret key. For several existing combiners, algebraic attacks represent the fastest theoretical attacks publicly known so far. This thesis discusses algebraic attacks against combiners. After providing the required mathematical fundament and a background on combiners, we describe algebraic attacks and explore the two main steps (generating the system of equations and computing the solution) in detail. The efficiency of algebraic attacks is closely connected to the degree of the equations. Thus, we examine the existence of low-degree equations in several situations and discuss multiple design principles to thwart their existence. Furthermore, we investigate ”fast algebraic attacks”, an extension of algebraic attacks.To encrypt data streams of arbitrary lengths, keystream generators are used in modern cryptography which transform a secret initial value, called the key, into a long sequence of seemingly random bits. Many designs are based on linear feedback shift registers (LFSRs), which can be constructed in such a way that the output stream has optimal statistical and periodical properties and which can be efficiently implemented in hardware. Particularly prominent is a certain class of LFSR-based keystream generators, called (ι,m)-combiners or simply combiners. The maybe most famous example is the E0 keystream generator deployed in the Bluetooth standard for encryption. To evaluate the combiner’s security, cryptographers adopted an adversary model where the design and some parts of the input and output are known. An attack is a method to derive the key using the given knowledge. In the last decades, several kinds of attacks against LFSR-based keystream generators have been developed. In 2002 a new kind of attacks came up, named ”algebraic attacks”. The basic idea is to model the knowledge by a system of equation whose solution is the secret key. For several existing combiners, algebraic attacks represent the fastest theoretical attacks publicly known so far. This thesis discusses algebraic attacks against combiners. After providing the required mathematical fundament and a background on combiners, we describe algebraic attacks and explore the two main steps (generating the system of equations and computing the solution) in detail. The efficiency of algebraic attacks is closely connected to the degree of the equations. Thus, we examine the existence of low-degree equations in several situations and discuss multiple design principles to thwart their existence. Furthermore, we investigate ”fast algebraic attacks”, an extension of algebraic attacks