Differential cryptanalysis of new Qamal encryption algorithm

Currently, the Republic of Kazakhstan is developing a new standard for symmetric data encryption. One of the candidates for the role of the standard is the Qamal encryption algorithm developed by the Institute of Information and Computer Technologies (Almaty, Republic of Kazakhstan). The article describes the algorithm. Differential properties of the main operations that make up the Qamal cypher are considered in the questions of stability. We have shown that for a version with a 128-bit data block and the same secret key size for three rounds of encryption it is difficult to find the right pairs of texts with a probability of 2–120, which makes differential cryptanalysis not applicable to the Qamal cyphe

ПРИНЦИПИ ПОБУДОВИ І ОСНОВНІ ВЛАСТИВОСТІ НОВОГО НАЦІОНАЛЬНОГО СТАНДАРТУ БЛОКОВОГО ШИФРУВАННЯ УКРАЇНИ

On the 1st of July, 2015 Ukraine adopts new cryptographicstandard of symmetric block transformation DSTU7624:2014 which defines “Kalyna” cipher and its confidentialityand integrity modes of operation. The nationalstandard is developed as collaboration result of State Serviceof Special Communication of Ukraine and leadingUkrainian scientists based on the public cryptographicalgorithms competition. In comparison to well-knownstandard AES, DSTU 7624:2014 provides higher level ofcryptographic strength (with possibility of application ofblock and key length up to 512 bits) and comparable orhigher performance on modern software or softwarehardwareplatforms, essentially exceeding rates of DSTUGOST 28147:2009 (GOST 28147-89) which have beenused over 25 years. It is considered modern problems ofblock cipher development and their solutions implementedby the developers in the new national standard of Ukraine.С 1-го июля 2015 г. в Украине вводится в действие криптографический стандарт блочного симметрич-ного преобразования ДСТУ 7624:2014, определяющий шифр «Калина» и режимы его работы для обеспечения конфиденциальности и целостности. Наци-ональный стандарт разработан как результат сотруд-ничества Государственной службой специальнойсвязи и защиты информации Украины и ведущихукраинских ученых на основе проведения открытогоконкурса криптографических алгоритмов. В сравнении с известным международным стандартом AES,алгоритм ДСТУ 7624:2014 обеспечивает более высокий уровень криптографической стойкости (с возмо-жностью применения блока и ключа шифрования до512 битов включительно) и сравнимое или болеевысокое быстродействие на современных и перспективных программных и программно-аппаратных платформах, существенно превышая показатели ДСТУГОСТ 28147:2009 (ГОСТ 28147-89), используемыйуже более 25 лет. В статье рассмотрены современныепроблемы разработки блочных шифров и их реше-ния, внедренные разработчиками в новом национальном стандарте Украины.З 1-го липня 2015 р. в Україні вводиться в дію криптографічний стандарт блокового симетричного перетворенняДСТУ 7624:2014 [3], що визначає шифр “Калина” та режими його роботи для забезпечення конфіденційності і цілісності. Національний стандарт розроблений у співпраці Державної служби спеціального зв’язку та захисту інфор-мації України і провідних українських науковців на основі проведення відкритого конкурсу криптографічних алгоритмів. Порівняно із відомим міжнародним стандартом AES, алгоритм ДСТУ 7624:2014 забезпечує вищий рівенькриптографічної стійкості (із можливістю застосування блока та ключа шифрування включно до 512 бітів) і порі-вняну або вищу швидкодію на сучасних і перспективних програмних і програмно-апаратних платформах, суттєво перевершуючи показники ДСТУ ГОСТ 28147:2009 (ГОСТ 28147-89), який застосовується вже більше 25 років. У статтірозглянуті сучасні проблеми розробки блокових шифрів та їхні вирішення, впроваджені розробниками у новому національномустандарті України

Advanced truncated differential cryptanalysis of GOST block cipher

n this paper, we use the ideas presented by Courtois and Mourouzis to study the security of two variants of GOST, which are considered as the simpler and most secure variants [9]; the one with the S-boxes replaced by the Identity Map and the ISO version which is assumed to be the strongest one. The advanced differential attacks we present are of the form of Depth-First Key search, which uses a 20 round distinguisher in the middle (or equivalently 26-round distinguisher for the simpler version of GOST with Identity Map) [11]. The main idea is that we consider a partition of the 32 rounds by placing in the middle the constructed distinguisher. Then, based on the weak diffusion we can extend these very strong statistical distinguishers to efficiently good filters for some external rounds. Then, by guessing some key bits for external rounds and determining some plaintext and ciphertext pairs of specified input-output differences we can extend the construction to an attack against the full block cipher. Thus, the technique we apply is a generic cryptanalytic framework of First-Search key search type which involves several optimization tasks obtained from the specific structure of the given encryption algorithm

A Better Key Schedule for DES-like Ciphers

Several DES-like ciphers aren't utilizing their full potential strength, because of the short key and linear or otherwise easily tractable algorithms they use to generate their key schedules. Using DES as example, we show a way to generate round subkeys to increase the cipher strength substantially by making relations between the round subkeys practically intractable

Plaintext Recovery in DES-like Cryptosystems Based on S-boxes with Embedded Parity Check

We describe an approach for recovering the plaintext in block ciphers having a design structure similar to the Data Encryption Standard but with improperly constructed S-boxes. The experiments with a backtracking search algorithm performing this kind of attack against modified DES/Triple-DES in ECB mode show that the unknown plaintext can be recovered with a small amount of uncertainty and this algorithm is highly efficient both in time and memory costs for plaintext sources with relatively low entropy. Our investigations demonstrate once again that modifications resulting to S-boxes which still satisfy some design criteria may lead to very weak ciphers. ACM Computing Classification System (1998): E.3, I.2.7, I.2.8.This work was presented in part at the 1-st International Conference Bulgarian Cryptography Days 2012, Sofia, Bulgaria, 20–21 September 2012

Decryption oracle slide attacks on T-310

T-310 is an important Cold War cipher (Schmeh 2006). It was the principal encryption algorithm used to protect various state communication lines in Eastern Germany throughout the 1980s. The cipher seems to be quite robust, and until now no researcher has proposed an attack on T-310. This article studies decryption oracle and slide attacks on T-310

An Improved Differential Attack on Full GOST (extended version)

GOST 28147-89 is a well-known block cipher and the official encryption standard of the Russian Federation. A 256-bit block cipher considered as an alternative for AES-256 and triple DES, having an amazingly low implementation cost and it is becoming increasingly popular. Until 2010 researchers unanimously agreed that: “despite considerable cryptanalytic efforts spent in the past 20 years, GOST is still not broken”, and in 2010 it was submitted to ISO 18033 to become a worldwide industrial encryption standard. In 2011 it was suddenly discovered that GOST can be broken and it is insecure on more than one account. There is a substantial variety of recent innovative attacks on GOST. We have reflection attacks, attacks with double, triple and even quadruple reflections, a large variety of self-similarity and black-box reduction attacks, some of which do not use any reflections whatsoever and few other. The final key recovery step in various attacks is in many cases a software algebraic attack or/and a Meet-In-The-Middle attack. In differential attacks key bits are guessed and confirmed by the differential properties and there have already been quite a few papers about advanced differential attacks on GOST. There is also several even more advanced “combination” attacks which combine the complexity reduction approach based on high-level self-similarity of with various advanced differential properties with 2,3 or 4 points. In this paper we consider some recent differential attacks on GOST and show how to further improve them. We present a single-key attack against full 32-round 256-bit GOST with time complexity of 2^179 which is substantially faster than any previous single key attack on GOST

Побудова криптографiчно стiйкої схеми генерування раундових ключiв

У ходi написання роботи було проведено огляд опублiкованих джерел за тематикою дослiдження, зокрема формулювання критерiїв криптографiчної стiйкостi схем генерування раундових ключiв блокових шифрiв. Було проведено аналiз декiлькох популярних шифрiв за сформульованими критерiями. Множина критерiїв виявилась недостатньо формалiзованою, проте навiть за такої слабкої формалiзацiї багато шифрiв не відповідали наведеним критерiям. Також було розглянуто конструкцiю Наора-Рейнгольда, що реалiзує супер-псевдовипадкову пiдстановку. На її основi запропоновано нову схему NR-1 для генерування раундових ключiв для шифру з Фейстель-подiбною структурою. Було проаналiзовано NR-1 за ранiше сформульованими критерiями криптографiчної стiйкостi. Оскiльки схема NR-1 також реалiзує супер-псевдовипадкову пiдстановку на множинi двiйкових векторiв, вона потенцiйно зможе гарантувати виконання критерiїв, незалежних вiд структури шифру.In the course of writing the qualification work, a review of published sources on the research topic of formulation of cryptographic strength criteria for block cipher key schedules was conducted. An analysis of several popular ciphers by the formulated criteria was carried out. It turned out that the criteria were not formalized enough, however, even with such a weak formalization, many ciphers did not meet the above criteria. The Naor-Reingold construction, which implements a super pseudorandom permutation, was also considered. Based on it, there has been proposed a new key schedule algorithm NR-1 for Feistel-based ciphers. NR-1 has been analyzed by the previously formulated cryptographic strength criteria. Since the NR-1 implements a super pseudorandom permutation on a set of bit strings, it can potentially guarantee the fulfillment of criteria that do not depend on structure of main cipher

Using Local Reduction for the Experimental Evaluation of the Cipher Security

Evaluating the strength of block ciphers against algebraic attacks can be difficult. The attack methods often use different metrics, and experiments do not scale well in practice. We propose a methodology that splits the algebraic attack into a polynomial part (local reduction), and an exponential part (guessing), respectively. The evaluator uses instances with known solutions to estimate the complexity of the attacks, and the response to changing parameters of the problem (e.g. the number of rounds). Although the methodology does not provide a positive answer ("the cipher is secure"), it can be used to construct a negative test (reject weak ciphers), or as a tool of qualitative comparison of cipher designs. Potential applications in other areas of computer science are discussed in the concluding parts of the article

An Overview of Cryptography (Updated Version, 3 March 2016)

There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography...While cryptography is necessary for secure communications, it is not by itself sufficient. This paper describes the first of many steps necessary for better security in any number of situations. A much shorter, edited version of this paper appears in the 1999 edition of Handbook on Local Area Networks published by Auerbach in September 1998