Extension Field Cancellation: a New Central Trapdoor for Multivariate Quadratic Systems

This paper introduces a new central trapdoor for multivariate quadratic (MQ) public-key cryptosystems that allows for encryption, in contrast to time-tested MQ primitives such as Unbalanced Oil and Vinegar or Hidden Field Equations which only allow for signatures. Our construction is a mixed-field scheme that exploits the commutativity of the extension field to dramatically reduce the complexity of the extension field polynomial implicitly present in the public key. However, this reduction can only be performed by the user who knows concise descriptions of two simple polynomials, which constitute the private key. After applying this transformation, the plaintext can be recovered by solving a linear system. We use the minus and projection modifiers to inoculate our scheme against known attacks. A straightforward C++ implementation confirms the efficient operation of the public key algorithms

RoadRunneR: A Small And Fast Bitslice Block Cipher For Low Cost 8-bit Processors

Designing block ciphers targeting resource constrained 8-bit CPUs is a challenging problem. There are many recent lightweight ciphers designed for better performance in hardware. On the other hand, most software efficient lightweight ciphers either lack a security proof or have a low security margin. To fill the gap, we present RoadRunneR which is an efficient block cipher in 8-bit software, and its security is provable against differential and linear attacks. RoadRunneR has lowest code size in Atmel’s ATtiny45, except NSA’s design SPECK, which has no security proof. Moreover, we propose a new metric for the fair comparison of block ciphers. This metric, called ST/A, is the first metric to use key length as a parameter to rank ciphers of different key length in a fair way. By using ST/A and other metrics in the literature, we show that RoadRunneR is competitive among existing ciphers on ATtiny45

Spectral characterization of iterating lossy mappings

In this paper we study what happens to sets when we iteratively apply lossy (round) mappings to them. We describe the information loss as imbalances of parities of intermediate distributions and show that their evolution is governed by the correlation matrices of the mappings. At the macroscopic level we show that iterating lossy mappings results in an increase of a quantity we call total imbalance . We quantify the increase in total imbalance as a function of the number of iterations and of round mapping characteristics. At the microscopic level we show that the imbalance of a parity located in some round, dubbed final , is the sum of distinct terms. Each of these terms consists of the imbalance of a parity located at the output of a round, multiplied by the sum of the correlation contributions of all linear trails between that parity and the final parity. We illustrate our theory with experimental data. The developed theory can be applied whenever lossy mappings are repeatedly applied to a state. This is the case in many modes of block ciphers and permutations for, e.g., iterated hashing or self-synchronizing stream encryption. The main reason why we have developed it however, is for applying it to study the security implications of using non-uniform threshold schemes as countermeasure against differential power and electromagnetic analysis

Fully Invisible Protean Signatures Schemes

Protean Signatures (PS), recently introduced by Krenn et al. (CANS \u2718), allow a semi-trusted third party, named the sanitizer, to modify a signed message in a controlled way. The sanitizer can edit signer-chosen parts to arbitrary bitstrings, while the sanitizer can also redact admissible parts, which are also chosen by the signer. Thus, PSs generalize both redactable signature (RSS) and sanitizable signature (SSS) into a single notion. However, the current definition of invisibility does not prohibit that an outsider can decide which parts of a message are redactable - only which parts can be edited are hidden. This negatively impacts on the privacy guarantees provided by the state-of-the-art definition. We extend PSs to be fully invisible. This strengthened notion guarantees that an outsider can neither decide which parts of a message can be edited nor which parts can be redacted. To achieve our goal, we introduce the new notions of Invisible RSSs and Invisible Non-Accountable SSSs (SSS\u27), along with a consolidated framework for aggregate signatures. Using those building blocks, our resulting construction is significantly more efficient than the original scheme by Krenn et al., which we demonstrate in a prototypical implementation

Policy-Based Sanitizable Signatures

Sanitizable signatures are a variant of signatures which allow a single, and signer-defined, sanitizer to modify signed messages in a controlled way without invalidating the respective signature. They turned out to be a versatile primitive, proven by different variants and extensions, e.g., allowing multiple sanitizers or adding new sanitizers one-by-one. However, existing constructions are very restricted regarding their flexibility in specifying potential sanitizers. We propose a different and more powerful approach: Instead of using sanitizers\u27 public keys directly, we assign attributes to them. Sanitizing is then based on policies, i.e., access structures defined over attributes. A sanitizer can sanitize, if, and only if, it holds a secret key to attributes satisfying the policy associated to a signature, while offering full-scale accountability

Security of Ubiquitous Computing Systems

The chapters in this open access book arise out of the EU Cost Action project Cryptacus, the objective of which was to improve and adapt existent cryptanalysis methodologies and tools to the ubiquitous computing framework. The cryptanalysis implemented lies along four axes: cryptographic models, cryptanalysis of building blocks, hardware and software security engineering, and security assessment of real-world systems. The authors are top-class researchers in security and cryptography, and the contributions are of value to researchers and practitioners in these domains. This book is open access under a CC BY license

Security of Ubiquitous Computing Systems

The chapters in this open access book arise out of the EU Cost Action project Cryptacus, the objective of which was to improve and adapt existent cryptanalysis methodologies and tools to the ubiquitous computing framework. The cryptanalysis implemented lies along four axes: cryptographic models, cryptanalysis of building blocks, hardware and software security engineering, and security assessment of real-world systems. The authors are top-class researchers in security and cryptography, and the contributions are of value to researchers and practitioners in these domains. This book is open access under a CC BY license

Algoritmos criptográficos e o seu desempenho no Arduíno

O Arduíno é uma plataforma muito robusta e multifacetada utilizada em diversas situações e, cada vez mais, um elemento relevante na arquitetura da Internet das Coisas. Ao disponibilizar várias interfaces de comunicação sem fios, pode ser utilizado para controlar eletrodomésticos, portas, sensores de temperatura, etc. permitindo implementar facilmente a comunicação entre estas “coisas”. Nesta tese foram estudadas as principais redes sem fios utilizadas pelo Arduíno (Bluetooth Low Energy [BLE], Wi-Fi e ZigBee) para tentar perceber qual a que tem o melhor desempenho, vantagens e desvantagens de cada uma, quais os módulos necessários para permitir ao Arduíno utilizar esse tipo de rede sem fios, quais as principais funções para que foram projetadas quando criadas e qual o sistema de segurança utilizado nestas redes. Estas diferentes tecnologias sem fios permitem uma maior mobilidade e uma maior flexibilidade no desenho das estruturas de rede do que as redes com fios convencionais. Porém, este tipo de redes têm uma grande desvantagem já que qualquer um dentro do alcance da rede sem fios consegue intercetar o sinal que está a ser transmitido. Para solucionar e proteger a informação que é transmitida por estas redes foram desenvolvidos vários algoritmos de criptografia. Estes dados encriptados só podem ser lidos por dispositivos que tenham uma determinada chave. Os algoritmos de criptografia Data Encryption Standard (DES), Triple DES (TDES), Advanced Encryption Standard (AES), eXtended TEA (XTEA) Corrected Block TEA (XXTEA) estão entre as técnicas mais conhecidos e usadas tualmente. Nesta tese foram analisados estes algoritmos e as suas vulnerabilidades, tendo também sido feito um levantamento dos principais ataques existentes para avaliar se ainda são seguros atualmente. De forma a avaliar a possibilidade de utilizar o Arduíno em aplicações que utilizem comunicações sem fios com segurança, foram realizados testes de desempenho com os algoritmos de criptografia estudados, usando bibliotecas já existentes. Nos testes de desempenho implementados verificou-se que o AES é bastante mais rápido do que as outras soluções, oferecendo ainda uma maior segurança. Já o TDES verificou-se ser bastante lento, justificando o porquê de o algoritmo ser pouco usado, sendo ao longo dos anos substituído pelo AES. O XXTEA ficou em posição intermédia no teste de desempenho, tendo uma relação segurança/desempenho interessante e revelando-se assim uma escolha melhor do que o TDES.The Arduino is a very robust and multifaceted platform used in many situations and, increasingly, a relevant element in the Internet of Things. By providing several wireless communication interfaces, it can be used to control household appliances, doors, temperature sensors, etc. Allowing easy implementation of communication between these "things". In this thesis the main wireless networks used by Arduino (Bluetooth Low Energy [BLE], Wi-Fi and ZigBee) were studied to try to understand which one has the best performance, the advantages and disadvantages of each one, the modules needed to implement each wireless network and what security system are used. These different wireless technologies allow for greater mobility and greater flexibility in the design of network structures than conventional wired networks. However, such networks have a major disadvantage since anyone within the range of the wireless network can intercept the signal being transmitted. Several cryptographic algorithms have been developed to solve and protect the information that is transmitted by these networks. This encrypted data can only be read by devices that have a certain key. Triple Encryption Standard (DES), Advanced Encryption Standard (AES), eXtended TEA (XTEA) and Corrected Block TEA (XXTEA) encryption algorithms are among the best known and currently used algorithms. In this thesis these algorithms have been analyzed to compare their vulnerabilities and to identify the main existing attacks. In order to evaluate the possibility of using Arduino in applications that use wireless communications with security, performance tests were implemented using existing libraries. The results show that the AES is much faster than the other algorithms, offering even greater security. TDES was found to be quite slow, justifying why the algorithm has little used, and why over the years has been replaced by AES. The XXTEA was ranked in the middle of the performance test, having an interesting safety/performance ratio proving it to be a better choice than TDES

Efficient and Secure Implementations of Lightweight Symmetric Cryptographic Primitives

This thesis is devoted to efficient and secure implementations of lightweight symmetric cryptographic primitives for resource-constrained devices such as wireless sensors and actuators that are typically deployed in remote locations. In this setting, cryptographic algorithms must consume few computational resources and withstand a large variety of attacks, including side-channel attacks. The first part of this thesis is concerned with efficient software implementations of lightweight symmetric algorithms on 8, 16, and 32-bit microcontrollers. A first contribution of this part is the development of FELICS, an open-source benchmarking framework that facilitates the extraction of comparative performance figures from implementations of lightweight ciphers. Using FELICS, we conducted a fair evaluation of the implementation properties of 19 lightweight block ciphers in the context of two different usage scenarios, which are representatives for common security services in the Internet of Things (IoT). This study gives new insights into the link between the structure of a cryptographic algorithm and the performance it can achieve on embedded microcontrollers. Then, we present the SPARX family of lightweight ciphers and describe the impact of software efficiency in the process of shaping three instances of the family. Finally, we evaluate the cost of the main building blocks of symmetric algorithms to determine which are the most efficient ones. The contributions of this part are particularly valuable for designers of lightweight ciphers, software and security engineers, as well as standardization organizations. In the second part of this work, we focus on side-channel attacks that exploit the power consumption or the electromagnetic emanations of embedded devices executing unprotected implementations of lightweight algorithms. First, we evaluate different selection functions in the context of Correlation Power Analysis (CPA) to infer which operations are easy to attack. Second, we show that most implementations of the AES present in popular open-source cryptographic libraries are vulnerable to side-channel attacks such as CPA, even in a network protocol scenario where the attacker has limited control of the input. Moreover, we describe an optimal algorithm for recovery of the master key using CPA attacks. Third, we perform the first electromagnetic vulnerability analysis of Thread, a networking stack designed to facilitate secure communication between IoT devices. The third part of this thesis lies in the area of side-channel countermeasures against power and electromagnetic analysis attacks. We study efficient and secure expressions that compute simple bitwise functions on Boolean shares. To this end, we describe an algorithm for efficient search of expressions that have an optimal cost in number of elementary operations. Then, we introduce optimal expressions for first-order Boolean masking of bitwise AND and OR operations. Finally, we analyze the performance of three lightweight block ciphers protected using the optimal expressions

A Salad of Block Ciphers

This book is a survey on the state of the art in block cipher design and analysis. It is work in progress, and it has been for the good part of the last three years -- sadly, for various reasons no significant change has been made during the last twelve months. However, it is also in a self-contained, useable, and relatively polished state, and for this reason I have decided to release this \textit{snapshot} onto the public as a service to the cryptographic community, both in order to obtain feedback, and also as a means to give something back to the community from which I have learned much. At some point I will produce a final version -- whatever being a ``final version\u27\u27 means in the constantly evolving field of block cipher design -- and I will publish it. In the meantime I hope the material contained here will be useful to other people