A Security Comparison between AES-128 and AES-256 FPGA implementations against DPA attacks

As the AES is the standard symmetric cipher selected by NIST, is the best-known and the most widely used block cipher. Consequently, security threats are constantly rising and increasingly powerful. With the addition of the upcoming scenario of quantum computing, these threats have become a front-line concern in the crypto-community. Although is claimed that using larger key sizes in symmetric key algorithms for implementing quantum-resistant implementations is enough to counteract brute force attacks, this paper shows that both AES-128 and AES-256 are vulnerable to Power Analysis attacks. This paper presents a security comparison against Differential Power Analysis (DPA) attacks over both AES 128-256. Through experimental attacks in FPGA AES implementations, results show that although AES-256 reaches a greater level of security than AES-128, is still vulnerable to this kind of attack. Specifically, we have obtained 75% of the bytes needed to find the original key for AES-128 while only 28.125% for AES-256 by performing the same attack

A Study on Secret Key Rate in Wideband Rice Channel

Standard cryptography is expected to poorly fit IoT applications and services, as IoT devices can hardly cope with the computational complexity often required to run encryption algorithms. In this framework, physical layer security is often claimed as an effective solution to enforce secrecy in IoT systems. It relies on wireless channel characteristics to provide a mechanism for secure communications, with or even without cryptography. Among the different possibilities, an interesting solution aims at exploiting the random-like nature of the wireless channel to let the legitimate users agree on a secret key, simultaneously limiting the eavesdropping threat thanks to the spatial decorrelation properties of the wireless channel. The actual reliability of the channel-based key generation process depends on several parameters, as the actual correlation between the channel samples gathered by the users and the noise always affecting the wireless communications. The sensitivity of the key generation process can be expressed by the secrecy key rate, which represents the maximum number of secret bits that can be achieved from each channel observation. In this work, the secrecy key rate value is computed by means of simulations carried out under different working conditions in order to investigate the impact of major channel parameters on the SKR values. In contrast to previous works, the secrecy key rate is computed under a line-of-sight wireless channel and considering different correlation levels between the legitimate users and the eavesdropper

QUARC: Quantum Research Cubesat—A Constellation for Quantum Communication

Quantum key distribution (QKD) offers future proof security based on fundamental laws of physics. Long distance QKD spanning regions such as the United Kingdom (UK) may employ a constellation of satellites. Small satellites, CubeSats in particular, in low earth orbit (LEO) are a relatively low cost alternative to traditional, large platforms. They allow the deployment of a large number of spacecraft ensuring greater coverage and mitigating some of the risk associated with availability due to cloud cover. We present our mission analysis showing how a constellation of low cost 6U CubeSats can be used to form a secure communication backbone for ground based and metropolitan networks across the UK. We have estimated the monthly key rates at 43 sites across the UK incorporating local meteorological data, atmospheric channel modelling and orbital parameters. We have optimized the constellation topology for rapid revisit and thus low latency key distribution

Quantum Attacks on HCTR and its Variants

Recently, in Asiacrypt 2019, Bonnetain et. al have shown attacks by quantum adversaries on FX construction and Even-Mansour Cipher without using superposition queries to the encryption oracle. In this work, we use a similar approach to mount new attacks on HCTR and HCH construction. In addition, we mount attacks on HCTR, Tweakable-HCTR and HCH using the superposition queries to the encryption oracle using strategies proposed by Leander and May in Asiacrypt 2017 and Kaplan et. al in Crypto 2016

Improved Classical and Quantum Algorithms for Subset-Sum

We present new classical and quantum algorithms for solving random subset-sum instances. First, we improve over the Becker-Coron-Joux algorithm (EUROCRYPT 2011) from $\tilde{\mathcal{O}}(2^{0.291 n})$ downto $\tilde{\mathcal{O}}(2^{0.283 n})$, using more general representations with values in $\{-1,0,1,2\}$. Next, we improve the state of the art of quantum algorithms for this problem in several directions. By combining the Howgrave-Graham-Joux algorithm (EUROCRYPT 2010) and quantum search, we devise an algorithm with asymptotic cost $\tilde{\mathcal{O}}(2^{0.236 n})$, lower than the cost of the quantum walk based on the same classical algorithm proposed by Bernstein, Jeffery, Lange and Meurer (PQCRYPTO 2013). This algorithm has the advantage of using \emph{classical} memory with quantum random access, while the previously known algorithms used the quantum walk framework, and required \emph{quantum} memory with quantum random access. We also propose new quantum walks for subset-sum, performing better than the previous best time complexity of $\tilde{\mathcal{O}}(2^{0.226 n})$ given by Helm and May (TQC 2018). We combine our new techniques to reach a time $\tilde{\mathcal{O}}(2^{0.216 n})$. This time is dependent on a heuristic on quantum walk updates, formalized by Helm and May, that is also required by the previous algorithms. We show how to partially overcome this heuristic, and we obtain an algorithm with quantum time $\tilde{\mathcal{O}}(2^{0.218 n})$ requiring only the standard classical subset-sum heuristics

Active Implementation of End-to-End Post-Quantum Encryption

Constant advancements in quantum computing bring closer the reality of current public key encryption schemes becoming computationally feasible to be broken. Many developers working in the industry are just finding out about this and will be rapid to look into changing their web applications to be secure in the quantum era. This paper documents a tried and tested construction for a quantum-resistant, end-to-end encryption scheme which has been implemented in a real-life online web application. The implementation is shown to work well without significant impact on the performance time in comparison to its pre-quantum counterpart

Quantum impossible differential attack. Applications to CLEFIA, AES and SKINNY

International audienceThe general context Cryptography is a computer discipline that aims to protect messages through encryption systems. In symmetric cryptography, a secret parameter, called a key, is used both to encrypt and to decrypt messages. The security provided by a symmetric encryption system is evaluated using cryptanalysis techniques which aim, for example, to find the secret key. Quantum computer arrival could impact the cryptographic field. Indeed, in 1994, Shor exhibited that quantum computers could be used to improve assymetric cryptanalysis [17]. With the recent breakthrough in quantum computer, the security of cryptographic primitives against quantum adversary can not be taken as guaranteed. The NIST launched a competition for new primitives that are safe even against adversaries that has access to a quantum computer. To estimate the quantum security of a cryptographic scheme, it is necessary to perform its quantum cryptanalysis. Quantum cryptanalysis techniques sometimes are quantum adaptation of classical cryptanalysis techniques. This transformation is called quantizing. Let's note that an attack is valid if and only if it is more efficient than the naive attack. In the classical setting, the naive attack is the generic exhaustive search, in the quantum setting, it is the Grover search algorithm [14]

(Quantum) Collision Attacks on Reduced Simpira v2

Simpira v2 is an AES-based permutation proposed by Gueron and Mouha at ASIACRYPT 2016. In this paper, we build an improved MILP model to count the differential and linear active Sboxes for Simpira v2, which achieves tighter bounds of the minimum number of active Sboxes for a few versions of Simpira v2. Then, based on the new model, we find some new truncated differentials for Simpira v2 and give a series (quantum) collision attacks on two versions of reduced Simpira v2