184 research outputs found
Security on Generalized Feistel Scheme with SP Round Function
This paper studies the security against differential/linear
cryptanalysis and the pseudorandomness for a class of generalized
Feistel scheme with SP round function called . We consider
the minimum number of active s-boxes in some consecutive rounds of
,i.e., in four, eight and sixteen consecutive rounds, which
provide the upper bound of the maximum differential/linear
probabilities of 16-round scheme, in order to evaluate the
strength against differential/linear cryptanalysis. Furthermore,
We investigate the pseudorandomness of , point out 7-round
is not pseudorandom for non-adaptive adversary, by using
some distinguishers, and prove that 8-round is pseudorandom
for any adversaries
An Algebraic System for Constructing Cryptographic Permutations over Finite Fields
In this paper we identify polynomial dynamical systems over finite fields as
the central component of almost all iterative block cipher design strategies
over finite fields. We propose a generalized triangular polynomial dynamical
system (GTDS), and give a generic algebraic definition of iterative (keyed)
permutation using GTDS. Our GTDS-based generic definition is able to describe
widely used and well-known design strategies such as substitution permutation
network (SPN), Feistel network and their variants among others. We show that
the Lai-Massey design strategy for (keyed) permutations is also described by
the GTDS. Our generic algebraic definition of iterative permutation is
particularly useful for instantiating and systematically studying block ciphers
and hash functions over aimed for multiparty computation and
zero-knowledge based cryptographic protocols. Finally, we provide the
discrepancy analysis a technique used to measure the (pseudo-)randomness of a
sequence, for analyzing the randomness of the sequence generated by the generic
permutation or block cipher described by GTDS
Collision Attack on 4-branch, Type-2 GFN based Hash Functions using Sliced Biclique Cryptanalysis Technique
In this work, we apply the sliced biclique cryptanalysis
technique to show 8-round collision attack on a hash function H
based on 4-branch, Type-2 Generalized Feistel Network (Type-2 GFN).
This attack is generic and works on 4-branch, Type-2 GFN with any
parameters including the block size, type of round function, the number of S-boxes in each round and the number of SP layers inside the round function. We first construct a 8-round distinguisher on 4-branch, Type-2 GFN and then use this distinguisher to launch 8-round collision attack on compression functions based on Matyas-Meyer-Oseas (MMO) and Miyaguchi-Preneel (MP) modes. The complexity of the attack on 128-bit compression function is 2^56. The attack can be directly translated to collision attack on MP and MMO based hash functions and pseudo-collision attack on Davies-Meyer (DM) based hash functions. When the round function F is instantiated with double SP layer, we show the first 8-round collision attack on 4-branch, Type-2 GFN with double SP layer based compression function. The previous best attack on this structure was a 6-round near collision attack shown by Sasaki at Indocrypt\u2712. His attack cannot be used to generate full collisions on 6-rounds and hence our result can be regarded the best so far in literature on this structure
General Diffusion Analysis: How to Find Optimal Permutations for Generalized Type-II Feistel Schemes
Type-II Generalized Feistel Schemes are one of the most popular versions of Generalized Feistel Schemes. Their round function consists in applying a classical Feistel transformation to p sub-blocks of two consecutive words and then shifting the k = 2p words cyclically. The low implementation costs it offers are balanced by a low diffusion, limiting its efficiency. Diffusion of such structures may however be improved by replacing the cyclic shift with a different permutation without any additional implementation cost. In this paper, we study ways to determine permutations with the fastest diffusion called optimal permutations.
To do so, two ideas are used. First, we study the natural equivalence classes of permutations that preserve cryptographic properties; second, we use the representation of permutations as coloured trees.
For both heuristic and historical reasons, we focus first on even-odd permutations, that is, those permutations for which images of even numbers are odd. We derive from their structure an upper bound on the number of their equivalence classes together with a strategy to perform exhaustive searches on classes. We performed those exhaustive searches for sizes k ≤ 24, while previous exhaustive searches on all permutations were limited to k ≤ 16. For sizes beyond the reach of this method, we use tree representations to find permutations with good intermediate diffusion properties. This heuristic leads to an optimal even-odd permutation for k = 26 and best-known results for sizes k = 64 and k = 128.
Finally, we transpose these methods to all permutations. Using a new strategy to exhaust equivalence classes, we perform exhaustive searches on classes for sizes k ≤ 20 whose results confirmed the initial heuristic: there always exist optimal permutations that are even-odd and furthermore for k = 18 all optimal permutations are even-odd permutations
Revisiting Lightweight Block Ciphers: Review, Taxonomy and Future directions
Block ciphers have been extremely predominant in the area of cryptography and due to the paradigm shift towards devices of resource constrained nature, lightweight block ciphers have totally influenced the field and has been a go-to option ever since. The growth of resource constrained devices have put forth a dire need for the security solutions that are feasible in terms of resources without taking a toll on the security that they offer. As the world is starting to move towards Internet of Things (IoT), data security and privacy in this environment is a major concern. This is due to the reason that a huge number of devices that operate in this environment are resource constrained. Because of their resource-constrained nature, advanced mainstream cryptographic ciphers and techniques do not perform as efficiently on such devices. This has led to the boom in the field of \u27lightweight cryptography\u27 which aims at developing cryptographic techniques that perform efficiently in a resource constrained environment. Over the period of past two decades or so, a bulk of lightweight block ciphers have been proposed due to the
growing need and demand in lightweight cryptography. In this paper, we review the state-of-the-art lightweight block ciphers, present a comprehensive design niche, give a detailed taxonomy with multiple classifications and present future research directions
Interpolation Cryptanalysis of Unbalanced Feistel Networks with Low Degree Round Functions
Arithmetisierungs-Orientierte Symmetrische Primitive (AOSPs) sprechen das bestehende Optimierungspotential bei der Auswertung von Blockchiffren und Hashfunktionen als Bestandteil von sicherer Mehrparteienberechnung, voll-homomorpher Verschlüsselung und Zero-Knowledge-Beweisen an. Die Konstruktionsweise von AOSPs unterscheidet sich von traditionellen Primitiven durch die Verwendung von algebraisch simplen Elementen. Zusätzlich sind viele Entwürfe über Primkörpern statt über Bits definiert. Aufgrund der Neuheit der Vorschläge sind eingehendes Verständnis und ausgiebige Analyse erforderlich um ihre Sicherheit zu etablieren. Algebraische Analysetechniken wie zum Beispiel Interpolationsangriffe sind die erfolgreichsten Angriffsvektoren gegen AOSPs. In dieser Arbeit generalisieren wir eine existierende Analyse, die einen Interpolationsangriff mit geringer Speicherkomplexität verwendet, um das Entwurfsmuster der neuen Chiffre GMiMC und ihrer zugehörigen Hashfunktion GMiMCHash zu untersuchen. Wir stellen eine neue Methode zur Berechnung des Schlüssels basierend auf Nullstellen eines Polynoms vor, demonstrieren Verbesserungen für die Komplexität des Angriffs durch Kombinierung mehrere Ausgaben, und wenden manche der entwickelten Techniken in einem algebraischen Korrigierender-Letzter-Block
Angriff der Schwamm-Konstruktion an. Wir beantworten die offene Frage einer frĂĽheren Arbeit, ob die verwendete Art von Interpolationsangriffen generalisierbar ist, positiv. Wir nennen konkrete empfohlene untere Schranken fĂĽr Parameter in den betrachteten Szenarien. AuĂźerdem kommen wir zu dem Schluss dass GMiMC und GMiMCHash gegen die in dieser Arbeit betrachteten Interpolationsangriffe sicher sind. Weitere kryptanalytische Anstrengungen sind erforderlich um die Sicherheitsgarantien von AOSPs zu festigen
Where's Crypto?: Automated Identification and Classification of Proprietary Cryptographic Primitives in Binary Code
The continuing use of proprietary cryptography in embedded systems across
many industry verticals, from physical access control systems and
telecommunications to machine-to-machine authentication, presents a significant
obstacle to black-box security-evaluation efforts. In-depth security analysis
requires locating and classifying the algorithm in often very large binary
images, thus rendering manual inspection, even when aided by heuristics, time
consuming.
In this paper, we present a novel approach to automate the identification and
classification of (proprietary) cryptographic primitives within binary code.
Our approach is based on Data Flow Graph (DFG) isomorphism, previously proposed
by Lestringant et al. Unfortunately, their DFG isomorphism approach is limited
to known primitives only, and relies on heuristics for selecting code fragments
for analysis. By combining the said approach with symbolic execution, we
overcome all limitations of their work, and are able to extend the analysis
into the domain of unknown, proprietary cryptographic primitives. To
demonstrate that our proposal is practical, we develop various signatures, each
targeted at a distinct class of cryptographic primitives, and present
experimental evaluations for each of them on a set of binaries, both publicly
available (and thus providing reproducible results), and proprietary ones.
Lastly, we provide a free and open-source implementation of our approach,
called Where's Crypto?, in the form of a plug-in for the popular IDA
disassembler.Comment: A proof-of-concept implementation can be found at
https://github.com/wheres-crypto/wheres-crypt
Security Evaluation against Differential Cryptanalysis for Block Cipher Structures
Estimating immunity against differential and linear cryptanalysis is essential in designing secure block ciphers. A practical measure to achieve it is to find the minimal number of active S-boxes, or a lower bound for this minimal number. In this paper, we provide a general algorithm using integer programming, which not only can estimate a good lower bound of the minimal differential active S-boxes for various block cipher structures, but also provides an efficient way to select new structures with good properties against differential cryptanalysis. Experimental results for the Feistel, CAST256, SMS4, CLEFIA and Generalized Feistel structures indicate that bounds obtained by our algorithm are the tightest except for a few rounds of the SMS4 structure. Then, for the first time, bounds of the differential active S-boxes number for the MISTY1, Skipjack, MARS and Four-cell structures are illustrated with the application of our algorithm. Finally, our algorithm is used to find four new structures with good properties against differential cryptanalysis. Security evaluation against liner cryptanalysis can be processed with our algorithm similarly by considering dual structures
- …