Mind the Gap - A Closer Look at the Security of Block Ciphers against Differential Cryptanalysis

Resistance against differential cryptanalysis is an important design criteria for any modern block cipher and most designs rely on finding some upper bound on probability of single differential characteristics. However, already at EUROCRYPT'91, Lai et al. comprehended that differential cryptanalysis rather uses differentials instead of single characteristics. In this paper, we consider exactly the gap between these two approaches and investigate this gap in the context of recent lightweight cryptographic primitives. This shows that for many recent designs like Midori, Skinny or Sparx one has to be careful as bounds from counting the number of active S-boxes only give an inaccurate evaluation of the best differential distinguishers. For several designs we found new differential distinguishers and show how this gap evolves. We found an 8-round differential distinguisher for Skinny-64 with a probability of 2−56.932−56.93, while the best single characteristic only suggests a probability of 2−722−72. Our approach is integrated into publicly available tools and can easily be used when developing new cryptographic primitives. Moreover, as differential cryptanalysis is critically dependent on the distribution over the keys for the probability of differentials, we provide experiments for some of these new differentials found, in order to confirm that our estimates for the probability are correct. While for Skinny-64 the distribution over the keys follows a Poisson distribution, as one would expect, we noticed that Speck-64 follows a bimodal distribution, and the distribution of Midori-64 suggests a large class of weak keys

Forkcipher: A New Primitive for Authenticated Encryption of Very Short Messages

This is an extended version of the article with the same title accepted at Asiacrypt 2019.International audienceHighly efficient encryption and authentication of short messages is an essential requirement for enabling security in constrained scenarios such as the CAN FD in automotive systems (max. message size 64 bytes), massive IoT, critical communication domains of 5G, and Narrowband IoT, to mention a few. In addition, one of the NIST lightweight cryptography project requirements is that AEAD schemes shall be “optimized to be efficient for short messages (e.g., as short as 8 bytes)”. In this work we introduce and formalize a novel primitive in symmetric cryptography called a forkcipher. A forkcipher is a keyed function expanding a fixed-length input to a fixed-length output. We define its security as indistinguishability under chosen ciphertext attack. We give a generic construction validation via the new iterate-fork-iterate design paradigm. We then propose ForkSkinny as a concrete forkcipher instance with a public tweak and based on SKINNY: a tweakable lightweight block cipher constructed using the TWEAKEY framework. We conduct extensive cryptanalysis of ForkSkinny against classical and structure-specific attacks. We demonstrate the applicability of forkciphers by designing three new provably-secure, nonce-based AEAD modes which offer performance and security tradeoffs and are optimized for efficiency of very short messages. Considering a reference block size of 16 bytes, and ignoring possible hardware optimizations, our new AEAD schemes beat the best SKINNY-based AEAD modes. More generally, we show forkciphers are suited for lightweight applications dealing with predominantly short messages, while at the same time allowing handling arbitrary messages sizes. Furthermore, our hardware implementation results show that when we exploit the inherent parallelism of ForkSkinny we achieve the best performance when directly compared with the most efficient mode instantiated with the SKINNY block cipher

Integration of light and circadian signals that regulate chloroplast transcription by a nuclear-encoded sigma factor

We investigated the signalling pathways that regulate chloroplast transcription in response to environmental signals. One mechanism controlling plastid transcription involves nuclear‐encoded sigma subunits of plastid‐encoded plastid RNA polymerase. Transcripts encoding the sigma factor SIG5 are regulated by light and the circadian clock. However, the extent to which a chloroplast target of SIG5 is regulated by light‐induced changes in SIG5 expression is unknown. Moreover, the photoreceptor signalling pathways underlying the circadian regulation of chloroplast transcription by SIG5 are unidentified. We monitored the regulation of chloroplast transcription in photoreceptor and sigma factor mutants under controlled light regimes in Arabidopsis thaliana. We established that a chloroplast transcriptional response to light intensity was mediated by SIG5; a chloroplast transcriptional response to the relative proportions of red and far red light was regulated by SIG5 through phytochrome and photosynthetic signals; and the circadian regulation of chloroplast transcription by SIG5 was predominantly dependent on blue light and cryptochrome. Our experiments reveal the extensive integration of signals concerning the light environment by a single sigma factor to regulate chloroplast transcription. This may originate from an evolutionarily ancient mechanism that protects photosynthetic bacteria from high light stress, which subsequently became integrated with higher plant phototransduction networks

Downregulation of Chloroplast RPS1 Negatively Modulates Nuclear Heat-Responsive Expression of HsfA2 and Its Target Genes in Arabidopsis

Heat stress commonly leads to inhibition of photosynthesis in higher plants. The transcriptional induction of heat stress-responsive genes represents the first line of inducible defense against imbalances in cellular homeostasis. Although heat stress transcription factor HsfA2 and its downstream target genes are well studied, the regulatory mechanisms by which HsfA2 is activated in response to heat stress remain elusive. Here, we show that chloroplast ribosomal protein S1 (RPS1) is a heat-responsive protein and functions in protein biosynthesis in chloroplast. Knockdown of RPS1 expression in the rps1 mutant nearly eliminates the heat stress-activated expression of HsfA2 and its target genes, leading to a considerable loss of heat tolerance. We further confirm the relationship existed between the downregulation of RPS1 expression and the loss of heat tolerance by generating RNA interference-transgenic lines of RPS1. Consistent with the notion that the inhibited activation of HsfA2 in response to heat stress in the rps1 mutant causes heat-susceptibility, we further demonstrate that overexpression of HsfA2 with a viral promoter leads to constitutive expressions of its target genes in the rps1 mutant, which is sufficient to reestablish lost heat tolerance and recovers heat-susceptible thylakoid stability to wild-type levels. Our findings reveal a heat-responsive retrograde pathway in which chloroplast translation capacity is a critical factor in heat-responsive activation of HsfA2 and its target genes required for cellular homeostasis under heat stress. Thus, RPS1 is an essential yet previously unknown determinant involved in retrograde activation of heat stress responses in higher plants