Optimization of SM4 Encryption Algorithm for Power Metering Data Transmission

This study focuses on enhancing the security of the SM4 encryption algorithm for power metering data transmission by employing hybrid algorithms to optimize its substitution box (S-box). A multi-objective fitness function is constructed to evaluate the S-box structure, aiming to identify design solutions that satisfy differential probability, linear probability, and non-linearity balance. To achieve global optimization and local search for the S-box, a hybrid algorithm model that combines genetic algorithm and simulated annealing is introduced. This approach yields significant improvements in optimization effects and increased non-linearity. Experimental results demonstrate that the optimized S-box significantly reduces differential probability and linear probability while increasing non-linearity to 112. Furthermore, a comparison of the ciphertext entropy demonstrates enhanced encryption security with the optimized S-box. This research provides an effective method for improving the performance of the SM4 encryption algorithm

Optimization of SM4 Encryption Algorithm for Power Metering Data Transmission

This study focuses on enhancing the security of the SM4 encryption algorithm for power metering data transmission by employing hybrid algorithms to optimize its substitution box (S-box). A multi-objective fitness function is constructed to evaluate the S-box structure, aiming to identify design solutions that satisfy differential probability, linear probability, and non-linearity balance. To achieve global optimization and local search for the S-box, a hybrid algorithm model that combines genetic algorithm and simulated annealing is introduced. This approach yields significant improvements in optimization effects and increased non-linearity. Experimental results demonstrate that the optimized S-box significantly reduces differential probability and linear probability while increasing non-linearity to 112. Furthermore, a comparison of the ciphertext entropy demonstrates enhanced encryption security with the optimized S-box. This research provides an effective method for improving the performance of the SM4 encryption algorithm

SPAE un schéma opératoire pour l'AES sur du matériel bas-coût.

We propose SPAE, a single pass, patent free, authenticated encryption with associated data (AEAD) for AES. The algorithm has been developped to address the needs of a growing trend in IoT systems: storing code and data on a low cost flash memory external to the main SOC. Existing AEAD algorithms such as OCB, GCM, CCM, EAX , SIV, provide the required functionality however in practice each of them suffer from various drawbacks for this particular use case. Academic contributions such as ASCON and AEGIS-128 are suitable and efficient however they require the development of new hardware accelerators and they use primitives which are not 'approved' by governemental institutions such as NIST, BSI, ANSSI. From a silicon manufacturer point of view, an efficient AEAD which use existing AES hardware is much more enticing: the AES is required already by most industry standards invovling symmetric encryption (GSMA, EMVco, FIDO, Bluetooth, ZigBee to name few). This paper expose the properties of an ideal AEAD for external memory encryption, present the SPAE algorithm and analyze various security aspects. Performances of SPAE on actual hardware are better than OCB, GCM and CCM.Nous présentons SPAE, un schéma en une passe, libre de droit, d'encryption authentifiée avec données associées (AEAD) appliqué à l'AES. Cet algorithme a été développé afin de répondre à une tendance grandissante dans l'internet des objets: stocker du code et des données sur une mémoire flash à bas coût externe au système sur puce (SOC). Des algorithmes AEAD existent déjà tels que OCB, GCM, CCM, EAX, SIV, ils répondent à l'usage demandé cependant en pratique chacun de ces algorithmes présente des désavantages pour cet usage particulier. Les contributions académique telles que ASCON et AEGIS-128 sont appropriés et efficaces cependant ils nécessitent le développement de nouveaux accélérateurs matériels et ils utilisent des primitives qui ne sont pas approuvés par les instituions gouvernementales telles que le NIST, BSI ANSSI. Du point de vue du fabricant de silicone, un AEAD efficace qui utilise du matériel AES existant est beaucoup plus attirant: l'AES est déjà requis par la plupart des standards industriels utilisant de l’encryption symétrique (GSMA, EMVco, FIDO, Bluetooth, ZigBee par exemple). Cet article montre les propriétés d'un AEAD idéal pour de la mémoire encryptée externe, présente l'algorithme SPAE et analyse plusieurs aspects de sécurité. Les performances de SPAE sur du matériel actuel sont meilleures que sur OCB, GCM, et CCM

C-DIFFERENTIALS AND GENERALIZED CRYPTOGRAPHIC PROPERTIES OF VECTORIAL BOOLEAN AND P-ARY FUNCTIONS

This dissertation investigates a newly defined cryptographic differential, called a c-differential, and its relevance to the nonlinear substitution boxes of modern symmetric block ciphers. We generalize the notions of perfect nonlinearity, bentness, and avalanche characteristics of vectorial Boolean and p-ary functions using the c-derivative and a new autocorrelation function, while capturing the original definitions as special cases (i.e., when c=1). We investigate the c-differential uniformity property of the inverse function over finite fields under several extended affine transformations. We demonstrate that c-differential properties do not hold in general across equivalence classes typically used in Boolean function analysis, and in some cases change significantly under slight perturbations. Thus, choosing certain affine equivalent functions that are easy to implement in hardware or software without checking their c-differential properties could potentially expose an encryption scheme to risk if a c-differential attack method is ever realized. We also extend the c-derivative and c-differential uniformity into higher order, investigate some of their properties, and analyze the behavior of the inverse function's second order c-differential uniformity. Finally, we analyze the substitution boxes of some recognizable ciphers along with certain extended affine equivalent variations and document their performance under c-differential uniformity.Commander, United States NavyApproved for public release. Distribution is unlimited

LLTI: Low-Latency Threshold Implementations

With the enormous increase in portable cryptographic devices, physical attacks are becoming similarly popular. One of the most common physical attacks is Side-Channel Analysis (SCA), extremely dangerous due to its non-invasive nature. Threshold Implementations (TI) was proposed as the first countermeasure to provide provable security in masked hardware implementations. While most works on hardware masking are focused on optimizing the area requirements, with the newer and smaller technologies area is taking a backseat, and low-latency is gaining importance. In this work, we revisit the scheme proposed by Arribas et al. in TCHES 2018 to secure unrolled implementations. We formalize and expand this methodology, to devise a masking scheme, derived from TI, designed to secure hardware implementations optimized for latency named Low-Latency Threshold Implementations (LLTI). By applying the distributive property and leveraging a divide-and-conquer strategy, we split a non-linear operation in layers which are masked separately. The result is a more efficient scheme than the former TI for any operation of algebraic degree greater than two, achieving great optimizations both in terms of speed and area. We compare the performance of first-order LLTI with first-order TI in securing a cubic gate and a degree-7 AND gate without using any registers in between. We achieve a 137% increase in maximum frequency and a 60% reduction in area for the cubic gate, and 3131 times reduction in area in the case of a degree-7 AND gate compared to TI. To further illustrate the power of our scheme we take a low-latency PRINCE implementation from the literature and, by simply changing the secure S-box with the LLTI version, we achieve a 46% max. frequency improvement and a 38% area reduction. Moreover, we apply LLTI to a secure a low-latency AES implementation and compare it with the TI version, achieving a 6.9 times max. freq. increase and a 47.2% area reduction

Deep Learning Method for Power Side-Channel Analysis on Chip Leakages

Power side channel analysis signal analysis is automated using deep learning. Signal processing and cryptanalytic techniques are necessary components of power side channel analysis. Chip leakages can be found using a classification approach called deep learning. In addition to this, we do this so that the deep learning network can automatically tackle signal processing difficulties such as re-alignment and noise reduction. We were able to break minimally protected Advanced Encryption Standard (AES), as well as masking-countermeasure AES and protected elliptic-curve cryptography (ECC). These results demonstrate that the attacker knowledge required for side channel analysis, which had previously placed a significant emphasis on human abilities, is decreasing. This research will appeal to individuals with a technical background who have an interest in deep learning, side channel analysis, and security

An Intelligent Multiple Sieve Method Based on Genetic Algorithm and Correlation Power Analysis

Correlation power analysis (CPA) is widely used in side-channel attacks on cryptographic devices. Its efficiency mostly depends on the noise produced by the devices. For parallel implementations, the power consumption during the S-box operation contains information of the whole intermediate state. When one S-box is analyzed by CPA, the others are regarded as noise. Apparently, the information of the remained S-boxes not only is wasted, but also increases the complexity of analysis. If two or more S-boxes are considered simultaneously, the complexity of exhaustive search on the corresponding key words grows exponentially. An optimal solution is to process all the S-boxes simultaneously and avoid traversing the whole candidate key space. Simple genetic algorithm was used by Zhang et al. to achieve this purpose. While, premature convergence causes failure in recovering the whole key, especially when plenty large S-boxes are employed in the target primitive, such as AES. In this paper, we study the reason of premature convergence, and propose the multiple sieve method which overcomes it and reduces the number of traces required in correlation power attacks. Operators and the corresponding parameters are chosen experimentally with respect to a parallel implementation of AES-128. Simulation experimental results show that our method reduces the number of traces by $63.7\%$ and $30.77\%$ compared to classic CPA and the simple genetic algorithm based CPA (SGA-CPA) respectively when the success rate is fixed to $90\%$. Real experiments performed on SAKURA-G confirm that the number of traces required to recover the correct key in our method is almost equal to the minimum number that makes the correlation coefficients of correct keys outstanding from the wrong ones, and is much less than classic CPA and SGA-CPA

Performance-efficient cryptographic primitives in constrained devices

PhD ThesisResource-constrained devices are small, low-cost, usually fixed function and very limitedresource devices. They are constrained in terms of memory, computational capabilities, communication bandwidth and power. In the last decade, we have seen widespread use of these devices in health care, smart homes and cities, sensor networks, wearables, automotive systems, and other fields. Consequently, there has been an increase in the research activities in the security of these devices, especially in how to design and implement cryptography that meets the devices’ extreme resource constraints. Cryptographic primitives are low-level cryptographic algorithms used to construct security protocols that provide security, authenticity, and integrity of the messages. The building blocks of the primitives, which are built heavily on mathematical theories, are computationally complex and demands considerable computing resources. As a result, most of these primitives are either too large to fit on resource-constrained devices or highly inefficient when implemented on them. There have been many attempts to address this problem in the literature where cryptography engineers modify conventional primitives into lightweight versions or build new lightweight primitives from scratch. Unfortunately, both solutions suffer from either reduced security, low performance, or high implementation cost. This thesis investigates the performance of the conventional cryptographic primitives and explores the effect of their different building blocks and design choices on their performance. It also studies the impact of the various implementations approaches and optimisation techniques on their performance. Moreover, it investigates the limitations imposed by the tight processing and storage capabilities in constrained devices in implementing cryptography. Furthermore, it evaluates the performance of many newly designed lightweight cryptographic primitives and investigates the resources required to run them with acceptable performance. The thesis aims to provide an insight into the performance of the cryptographic primitives and the resource needed to run them with acceptable performance. This will help in providing solutions that balance performance, security, and resource requirements for these devices.The Institute of Public Administration in Riyadh, and the Saudi Arabian Cultural Bureau in Londo