On Algebraic Immunity of Trace Inverse Functions over Finite Fields with Characteristic Two

The trace inverse function \Tr(\lambda x^{-1}) over the finite field $\mathbb{F}_{2^n}$ is a class of very important Boolean functions and has be used in many stream ciphers, for example, SFINKS, RAKAPOSHI, the simple counter stream cipher presented by W. Si and C.S. Ding, etc. In order to evaluate the security of those algorithms in assistance to (fast) algebraic attacks, it is essential to algebraic properties of \Tr(\lambda x^{-1}). However, currently only some bounds on algebraic immunity of \Tr(\lambda x^{-1}) are given in public literature. In this work we give the exact value of \Tr(\lambda x^{-1}) over finite fields $\mathbb{F}_{2^n}$, that is, \AI(\Tr(\lambda x^{-1}))=\floor{\sqrt{n}}+\ceil{\frac{n}{\floor{\sqrt{n}}}}-2=\ceil{2\sqrt{n}}-2, where $n\ge2$, $\lambda\in \mathbb{F}_{2^n}$ and $\lambda\ne0$, which is just the upper bound given by Y. Nawaz et al. And at the same time our result shows that D.K. Dalai\u27 conjecture on the algebraic immunity of \Tr(\lambda x^{-1}) is correct. What is more, we further demonstrate some weak properties of \Tr(\lambda x^{-1}) in resistance to fast algebraic attacks

Security of Ubiquitous Computing Systems

The chapters in this open access book arise out of the EU Cost Action project Cryptacus, the objective of which was to improve and adapt existent cryptanalysis methodologies and tools to the ubiquitous computing framework. The cryptanalysis implemented lies along four axes: cryptographic models, cryptanalysis of building blocks, hardware and software security engineering, and security assessment of real-world systems. The authors are top-class researchers in security and cryptography, and the contributions are of value to researchers and practitioners in these domains. This book is open access under a CC BY license

Security of Ubiquitous Computing Systems

The chapters in this open access book arise out of the EU Cost Action project Cryptacus, the objective of which was to improve and adapt existent cryptanalysis methodologies and tools to the ubiquitous computing framework. The cryptanalysis implemented lies along four axes: cryptographic models, cryptanalysis of building blocks, hardware and software security engineering, and security assessment of real-world systems. The authors are top-class researchers in security and cryptography, and the contributions are of value to researchers and practitioners in these domains. This book is open access under a CC BY license

Actas de la XIII Reunión Española sobre Criptología y Seguridad de la Información RECSI XIII : Alicante, 2-5 de septiembre de 2014

Si tuviéramos que elegir un conjunto de palabras clave para definir la sociedad actual, sin duda el término información sería uno de los más representativos. Vivimos en un mundo caracterizado por un continuo flujo de información en el que las Tecnologías de la Información y Comunicación (TIC) y las Redes Sociales desempeñan un papel relevante. En la Sociedad de la Información se generan gran variedad de datos en formato digital, siendo la protección de los mismos frente a accesos y usos no autorizados el objetivo principal de lo que conocemos como Seguridad de la Información. Si bien la Criptología es una herramienta tecnológica básica, dedicada al desarrollo y análisis de sistemas y protocolos que garanticen la seguridad de los datos, el espectro de tecnologías que intervienen en la protección de la información es amplio y abarca diferentes disciplinas. Una de las características de esta ciencia es su rápida y constante evolución, motivada en parte por los continuos avances que se producen en el terreno de la computación, especialmente en las últimas décadas. Sistemas, protocolos y herramientas en general considerados seguros en la actualidad dejarán de serlo en un futuro más o menos cercano, lo que hace imprescindible el desarrollo de nuevas herramientas que garanticen, de forma eficiente, los necesarios niveles de seguridad. La Reunión Española sobre Criptología y Seguridad de la Información (RECSI) es el congreso científico español de referencia en el ámbito de la Criptología y la Seguridad en las TIC, en el que se dan cita periódicamente los principales investigadores españoles y de otras nacionalidades en esta disciplina, con el fin de compartir los resultados más recientes de su investigación. Del 2 al 5 de septiembre de 2014 se celebrará la decimotercera edición en la ciudad de Alicante, organizada por el grupo de Criptología y Seguridad Computacional de la Universidad de Alicante. Las anteriores ediciones tuvieron lugar en Palma de Mallorca (1991), Madrid (1992), Barcelona (1994), Valladolid (1996), Torremolinos (1998), Santa Cruz de Tenerife (2000), Oviedo (2002), Leganés (2004), Barcelona (2006), Salamanca (2008), Tarragona (2010) y San Sebastián (2012)

Cryptanalysis of RAKAPOSHI Stream Cipher

RAKAPOSHI is a hardware oriented stream cipher designed by Carlos Cid et al. in 2009. The stream cipher is based on Dynamic Linear Feedback Shift Registers, with a simple and potentially scalable design, and is particularly suitable for hardware applications with restricted resources. The RAKAPOSHI stream cipher offers 128-bit security. In this paper, we point out some weaknesses in the cipher. Firstly, it shows that there are weak (key, IV) pairs in RAKAPOSHI stream cipher. Secondly, for weak (key, IV) pairs of RAKAPOSHI, they are vulnerable to linear distinguishing attack and algebraic attack. Finally, we propose a real time related key chosen IV attack on RAKAPOSHI. The attack on RAKAPOSHI recovers th

construction of dynamic linear feedback shift registers in rakaposhi stream cipher

Dynamic linear feedback shift register (DLFSR) was a popular way to irregular clocking the linear feedback shift registers, which had a better tradeoff between the security and efficiency. Through analysis of the DLFSR in stream cipher RAKAPOSHI, a RAKAPOSHI-like DLFSE model was presented, and the sufficient and necessary condition was analyzedfor its output sequence being periodic. Furthermore, the relationship of the period between controlled sequence and output one was explicie, and finally the condition for the output sequence to be the maximal sequence was obtained. Based on these results, a naive search algorithm was given for finding maximal period RAKAPOSHI-like DLFSE.Dynamic linear feedback shift register (DLFSR) was a popular way to irregular clocking the linear feedback shift registers, which had a better tradeoff between the security and efficiency. Through analysis of the DLFSR in stream cipher RAKAPOSHI, a RAKAPOSHI-like DLFSE model was presented, and the sufficient and necessary condition was analyzedfor its output sequence being periodic. Furthermore, the relationship of the period between controlled sequence and output one was explicie, and finally the condition for the output sequence to be the maximal sequence was obtained. Based on these results, a naive search algorithm was given for finding maximal period RAKAPOSHI-like DLFSE

Cryptanalysis of lightweight cryptographic algorithms

Empirical thesis.Bibliography: pages 111-124.1. Introduction -- 2. Stream ciphers -- 3. Cryptanalysis of WG-7 stream cipher -- 4. Security evaluation of Rakaposhi stream cipher -- 5. Security analysis of linearly filtered NLFSRs -- 6. Practical attack on NLM generators -- 7. Cryptanalysis of RC4(n,m) stream cipher -- 8. Cryptanalysis of a hash function based on RC4 -- 9. Conclusion.Stream ciphers are symmetric cipher systems which provide confidentiality in many applications ranging from mobile phone communication to virtual private networks. They may be implemented effciently in software and hardware and are a preferred choice when dealing with resource-constrained environments, such as smart cards, RFID tags,and sensor networks. This dissertation addresses cryptanalysis of several stream ciphers, and a hash function based on stream cipher. Also, the thesis investigates the design principles and security of stream ciphers built from nonlinear feedback shift registers. In a design view, any cryptographic attack shows a weak point in the design and immediately can be converted into an appropriate design criterion. Firstly, this thesis focuses on the WG-7, a lightweight stream cipher. It is shown that thekey stream generated by WG-7 can be distinguished from a random sequence with a negligible error probability. In addition, a key-recovery attack on the cipher has been successfully proposed. Then, a security evaluation of the Rakaposhi stream cipher identifies weaknesses of the cipher. The main observation shows that the initialisation procedure has a sliding property. This property can be used to launch distinguishing and key-recovery attacks. Further, the cipher is studied when the registers enter short cycles. In this case, the internal state can be recovered with less complexity than exhaustive search. New security features of a specific design based on nonlinear feedback shift registers have been explored. The idea applies a distinguishing attack on linearly filtered nonlinear feedback shift registers. The attack extends the idea on linear combinations of linearly filtered nonlinear feedback shift registers as well. The proposed attacks allow the attacker to mount linear attacks to distinguish the output of the cipher and recover its internal state. The next topic analyses a new lightweight communication framework called NLM-MAC. Several critical cryptographic weaknesses leading to key-recovery and forgery attack have been indicated. It is shown that the adversary can recover the internal state of the NLM generator. The attacker also is able to forge any MAC tag in real time. The proposed attacks are completely practical and break the scheme. Another part demonstrates some new cryptographic attacks on RC4(n,m) stream cipher. The investigations have revealed several weaknesses of the cipher. Firstly, a distinguisher for the cipher is proposed. Secondly, a key-recovery attack uses a method to find the secret key in real time. Finally, the RC4-BHF hash function that is based on the well-known RC4 stream cipher is analysed. Two attacks on RC4-BHF have been developed. In the first attack, the adversary is able to find collisions for two different messages. The second attack shows how to design a distinguisher that can tell apart the sequence generated by RC4-BHF from a random one.Mode of access: World wide web1 online resource (xviii, 124 pages) table

Security evaluation of Rakaposhi stream cipher

Rakaposhi is a synchronous stream cipher, which uses three main components: a non-linear feedback shift register (NLFSR), a dynamic linear feedback shift register (DLFSR) and a non-linear filtering function (NLF). NLFSR consists of 128 bits and is initialised by the secret key K. DLFSR holds 192 bits and is initialised by an initial vector (IV). NLF takes 8-bit inputs and returns a single output bit. The work identifies weaknesses and properties of the cipher. The main observation is that the initialisation procedure has the so-called sliding property. The property can be used to launch distinguishing and key recovery attacks. The distinguisher needs four observations of the related (K,IV) pairs. The key recovery algorithm allows to discover the secret key K after observing 29 pairs of (K,IV). Based on the proposed related-key attack, the number of related (K,IV) pairs is 2(128 + 192)/4 pairs. Further the cipher is studied when the registers enter short cycles. When NLFSR is set to all ones, then the cipher degenerates to a linear feedback shift register with a non-linear filter. Consequently, the initial state (and Secret Key and IV) can be recovered with complexity 263.87. If DLFSR is set to all zeros, then NLF reduces to a low non-linearity filter function. As the result, the cipher is insecure allowing the adversary to distinguish it from a random cipher after 217 observations of keystream bits. There is also the key recovery algorithm that allows to find the secret key with complexity 2 54