126 research outputs found
Rediscovery of Time Memory Tradeoffs
Some of the existing time memory tradeoff attacks (TMTO) on specific systems can be reinterpreted as methods for inverting general oneway functions. We apply these methods back to specific systems in ways not considered before. This provides the following startling results.
No streamcipher can provide security equal to its key length; some important blockcipher modes of operations are vulnerable to TMTO; and no hash function can provide preimage resistance equal to its digest length
Efficient Large-scale Trace Checking Using MapReduce
The problem of checking a logged event trace against a temporal logic
specification arises in many practical cases. Unfortunately, known algorithms
for an expressive logic like MTL (Metric Temporal Logic) do not scale with
respect to two crucial dimensions: the length of the trace and the size of the
time interval for which logged events must be buffered to check satisfaction of
the specification. The former issue can be addressed by distributed and
parallel trace checking algorithms that can take advantage of modern cloud
computing and programming frameworks like MapReduce. Still, the latter issue
remains open with current state-of-the-art approaches.
In this paper we address this memory scalability issue by proposing a new
semantics for MTL, called lazy semantics. This semantics can evaluate temporal
formulae and boolean combinations of temporal-only formulae at any arbitrary
time instant. We prove that lazy semantics is more expressive than standard
point-based semantics and that it can be used as a basis for a correct
parametric decomposition of any MTL formula into an equivalent one with
smaller, bounded time intervals. We use lazy semantics to extend our previous
distributed trace checking algorithm for MTL. We evaluate the proposed
algorithm in terms of memory scalability and time/memory tradeoffs.Comment: 13 pages, 8 figure
Decoding Hidden Markov Models Faster Than Viterbi Via Online Matrix-Vector (max, +)-Multiplication
In this paper, we present a novel algorithm for the maximum a posteriori
decoding (MAPD) of time-homogeneous Hidden Markov Models (HMM), improving the
worst-case running time of the classical Viterbi algorithm by a logarithmic
factor. In our approach, we interpret the Viterbi algorithm as a repeated
computation of matrix-vector -multiplications. On time-homogeneous
HMMs, this computation is online: a matrix, known in advance, has to be
multiplied with several vectors revealed one at a time. Our main contribution
is an algorithm solving this version of matrix-vector -multiplication
in subquadratic time, by performing a polynomial preprocessing of the matrix.
Employing this fast multiplication algorithm, we solve the MAPD problem in
time for any time-homogeneous HMM of size and observation
sequence of length , with an extra polynomial preprocessing cost negligible
for . To the best of our knowledge, this is the first algorithm for the
MAPD problem requiring subquadratic time per observation, under the only
assumption -- usually verified in practice -- that the transition probability
matrix does not change with time.Comment: AAAI 2016, to appea
Refinements of the k-tree Algorithm for the Generalized Birthday Problem
We study two open problems proposed by Wagner in his seminal work on the generalized birthday problem. First, with the use of multicollisions, we improve Wagner\u27s -tree algorithm. The new 3-tree only slightly outperforms Wagner\u27s 3-tree, however, in some applications this suffices, and as a proof of concept, we apply the new algorithm to slightly reduce the security of two CAESAR proposals.
Next, with the use of multiple collisions based on Hellman\u27s table, we give improvements to the best known time-memory tradeoffs for the k-tree. As a result, we obtain the a new tradeoff curve T^2 \cdot M^{\lg k -1} = k \cdot N. For instance, when k=4, the tradeoff has the form T^2 M = 4 \cdot N
Low Memory Attacks on Small Key CSIDH
Despite recent breakthrough results in attacking SIDH, the CSIDH protocol remains a secure post-quantum key exchange protocol with appealing properties. However, for obtaining efficient CSIDH instantiations one has to resort to small secret keys. In this work, we provide novel methods to analyze small key CSIDH, thereby introducing the representation method ---that has been successfully applied for attacking small secret keys in code- and lattice-based schemes--- also to the isogeny-based world.
We use the recently introduced Restricted Effective Group Actions () to illustrate the analogy between CSIDH and Diffie-Hellman key exchange. This framework allows us to introduce a problem as a level of abstraction to computing isogenies between elliptic curves, analogous to the classic discrete logarithm problem. This in turn allows us to study with ternary key spaces such as and , which lead to especially efficient, recently proposed CSIDH instantiations. The best classic attack on these key spaces is a Meet-in-the-Middle algorithm that runs in time , using also memory.
We first show that with ternary key spaces or can be reduced to the ternary key space .
We further provide a heuristic time-memory tradeoff for with keyspace based on Parallel Collision Search with memory requirement that under standard heuristics runs in time for all . We then use the representation technique to heuristically improve to for all , and further provide more efficient time-memory tradeoffs for all .
Although we focus in this work on with ternary key spaces for showing its efficacy in providing attractive time-memory tradeoffs, we also show how to use our framework to analyze larger key spaces with
MV3: A new word based stream cipher using rapid mixing and revolving buffers
MV3 is a new word based stream cipher for encrypting long streams of data. A
direct adaptation of a byte based cipher such as RC4 into a 32- or 64-bit word
version will obviously need vast amounts of memory. This scaling issue
necessitates a look for new components and principles, as well as mathematical
analysis to justify their use. Our approach, like RC4's, is based on rapidly
mixing random walks on directed graphs (that is, walks which reach a random
state quickly, from any starting point). We begin with some well understood
walks, and then introduce nonlinearity in their steps in order to improve
security and show long term statistical correlations are negligible. To
minimize the short term correlations, as well as to deter attacks using
equations involving successive outputs, we provide a method for sequencing the
outputs derived from the walk using three revolving buffers. The cipher is fast
-- it runs at a speed of less than 5 cycles per byte on a Pentium IV processor.
A word based cipher needs to output more bits per step, which exposes more
correlations for attacks. Moreover we seek simplicity of construction and
transparent analysis. To meet these requirements, we use a larger state and
claim security corresponding to only a fraction of it. Our design is for an
adequately secure word-based cipher; our very preliminary estimate puts the
security close to exhaustive search for keys of size < 256 bits.Comment: 27 pages, shortened version will appear in "Topics in Cryptology -
CT-RSA 2007
ПРИНЦИПИ ПОБУДОВИ І ОСНОВНІ ВЛАСТИВОСТІ НОВОГО НАЦІОНАЛЬНОГО СТАНДАРТУ БЛОКОВОГО ШИФРУВАННЯ УКРАЇНИ
On the 1st of July, 2015 Ukraine adopts new cryptographicstandard of symmetric block transformation DSTU7624:2014 which defines “Kalyna” cipher and its confidentialityand integrity modes of operation. The nationalstandard is developed as collaboration result of State Serviceof Special Communication of Ukraine and leadingUkrainian scientists based on the public cryptographicalgorithms competition. In comparison to well-knownstandard AES, DSTU 7624:2014 provides higher level ofcryptographic strength (with possibility of application ofblock and key length up to 512 bits) and comparable orhigher performance on modern software or softwarehardwareplatforms, essentially exceeding rates of DSTUGOST 28147:2009 (GOST 28147-89) which have beenused over 25 years. It is considered modern problems ofblock cipher development and their solutions implementedby the developers in the new national standard of Ukraine.С 1-го июля 2015 г. в Украине вводится в действие криптографический стандарт блочного симметрич-ного преобразования ДСТУ 7624:2014, определяющий шифр «Калина» и режимы его работы для обеспечения конфиденциальности и целостности. Наци-ональный стандарт разработан как результат сотруд-ничества Государственной службой специальнойсвязи и защиты информации Украины и ведущихукраинских ученых на основе проведения открытогоконкурса криптографических алгоритмов. В сравнении с известным международным стандартом AES,алгоритм ДСТУ 7624:2014 обеспечивает более высокий уровень криптографической стойкости (с возмо-жностью применения блока и ключа шифрования до512 битов включительно) и сравнимое или болеевысокое быстродействие на современных и перспективных программных и программно-аппаратных платформах, существенно превышая показатели ДСТУГОСТ 28147:2009 (ГОСТ 28147-89), используемыйуже более 25 лет. В статье рассмотрены современныепроблемы разработки блочных шифров и их реше-ния, внедренные разработчиками в новом национальном стандарте Украины.З 1-го липня 2015 р. в Україні вводиться в дію криптографічний стандарт блокового симетричного перетворенняДСТУ 7624:2014 [3], що визначає шифр “Калина” та режими його роботи для забезпечення конфіденційності і цілісності. Національний стандарт розроблений у співпраці Державної служби спеціального зв’язку та захисту інфор-мації України і провідних українських науковців на основі проведення відкритого конкурсу криптографічних алгоритмів. Порівняно із відомим міжнародним стандартом AES, алгоритм ДСТУ 7624:2014 забезпечує вищий рівенькриптографічної стійкості (із можливістю застосування блока та ключа шифрування включно до 512 бітів) і порі-вняну або вищу швидкодію на сучасних і перспективних програмних і програмно-апаратних платформах, суттєво перевершуючи показники ДСТУ ГОСТ 28147:2009 (ГОСТ 28147-89), який застосовується вже більше 25 років. У статтірозглянуті сучасні проблеми розробки блокових шифрів та їхні вирішення, впроваджені розробниками у новому національномустандарті України
Block and Stream Ciphers and the Creatures in Between
In this paper we define a notion of leak extraction from a block cipher. We demonstrate this new concept on an example of AES. A result is LEX: a simple AES-based stream cipher which is at least 2.5 times faster than AES both in software and in hardware
Comparing WCET and Resource Demands of Trigonometric Functions Implemented as Iterative Calculations vs. Table-Lookup
Trigonometric functions are often needed in embedded real-time software. To fulfill concrete resource demands, different implementation strategies of trigonometric functions are possible.
In this paper we analyze the resource demands of iterative calculations compared to other implementation strategies, using the trigonometric functions as a case study. By analyzing the worst-case execution time (WCET) of the different calculation techniques of trigonometric functions we got the surprising result that the WCET of iterative calculations is quite competitive to alternative calculation techniques, while their economics on memory demand is far superior. Finally, a discussion of the general applicability of the obtained results is given as a design guide for embedded software
- …