77 research outputs found
Classification of 4-bit S-boxes for BOGI-permutation
In this paper, we present all 4-bit S-boxes which are able to support BOGI logic. We exhaustively show that only 2,413 PXE classes of 4-bit S-box are BOGI-applicable among the 142,090,700 PXE classes. We evaluate the whole BOGI-applicable S-boxes in terms of the security and implementation costs. The security evaluation includes security strength of the S-boxes themselves, and how they affect the resistance of GIFT-64 against differential and linear cryptanalysis (DC and LC). The security evaluation shows that all the BOGI-applicable S-boxes fulfill the security criteria of GIFT designers as long as they have the differential uniformity and linearity as 6 and 8, respectively. It will also be shown that the security of GIFT-64 against DC and LC can be improved only by changing the S-box. Moreover, we evaluate the implementation costs of the BOGI-applicable S-boxes by finding their optimal implementation. The results show that GIFT S-box is well-chosen considering existence of fixed-points, and suggest a set of S-boxes providing the same implementation cost as GIFT S-box. Finally, we suggest a set of potentially better S-boxes for GIFT-64 based on our investigations
Improving Non-Profiled Side-Channel Attacks using Autoencoder based Preprocessing
In recent years, deep learning-based side-channel attacks have established their position as mainstream. However, most deep learning techniques for cryptanalysis mainly focused on classifying side-channel information in a profiled scenario where attackers can obtain a label of training data. In this paper, we introduce a novel approach with deep learning for improving side-channel attacks, especially in a non-profiling scenario. We also propose a new principle of training that trains an autoencoder through the noise from real data using noise-reduced labels. It notably diminishes the noise in measurements by modifying the autoencoder framework to the signal preprocessing. We present convincing comparisons on our custom dataset, captured from ChipWhisperer-Lite board, that demonstrate our approach outperforms conventional preprocessing methods such as principal component analysis and linear discriminant analysis. Furthermore, we apply the proposed methodology to realign de-synchronized traces that applied hiding countermeasures, and we experimentally validate the performance of the proposal. Finally, we experimentally show that we can improve the performance of higher-order side-channel attacks by using the proposed technique with domain knowledge for masking countermeasures
Linear and Differential Cryptanalysis of Reduced SMS4 Block Cipher
SMS4 is a 128-bit block cipher with a 128-bit user key and 32 rounds, which is used in WAPI, the Chinese WLAN national standard. In this paper, we present a linear attack and a differential attack on a 22-round reduced SMS4; our 22-round linear attack has a data complexity of 2^{117} known plaintexts, a memory complexity of 2^{109} bytes and a time complexity of 2^{109.86} 22-round SMS4 encryptions and 2^{120.39} arithmetic operations, while our 22-round differential attack requires 2^{118} chosen plaintexts, 2^{123} memory bytes and 2^{125.71} 22-round SMS4 encryptions. Both of our attacks are better than any previously known cryptanalytic results on SMS4 in terms of the number of attacked rounds. Furthermore, we present a boomerang and a rectangle attacks on a 18-round reduced SMS4. These results are better than previously known rectangle attacks on reduced SMS4. The methods presented to attack SMS4 can be applied to other unbalanced Feistel ciphers with incomplete diffusion
New Impossible Differential Characteristic of SPECK64 using MILP
Impossible differential attack is one of powerful methods for analyzing block
ciphers. When designing block ciphers, it must be safe for impossible differential
attacks. In case of impossible differential attack, the attack starts from finding the
impossible differential characteristic. However, in the case of the ARX-based block
cipher, these analyzes were difficult due to the addition of modulus. In this paper,
we introduce 157 new six-round impossible differential characteristics of
ARX-basef block cipher, SPECK64, using Mixed Integer Linear Programming
(MILP) base impossible differential characteristic search proposed by Cui [3] etc
Efficient Differential Trail Searching Algorithm for ARX Block Ciphers
In this paper, we suggest an advanced method searching for differential trails of block cipher with ARX structure. We use two techniques to optimize the automatic search algorithm of differential trails suggested by Biryukov et al. and obtain 2~3 times faster results than the previous one when implemented in block cipher SPECK
TinyECCK: Efficient Elliptic Curve Cryptography Implementation over on 8-bit MICAz Mote
In this paper, we revisit a generally accepted opinion:
implementing Elliptic Curve Cryptosystem (ECC) over on
sensor motes using small word size is not appropriate because XOR
multiplication over is not efficiently supported by
current low-powered microprocessors. Although there are some
implementations over on sensor motes, their performances
are not satisfactory enough to be used for wireless sensor networks (WSNs).
We have found that a field multiplication over are involved
in a number of redundant memory accesses and its inefficiency
is originated from this problem. Moreover, the field reduction process
also requires many redundant memory accesses.
Therefore, we propose some techniques for reducing unnecessary
memory accesses. With the proposed strategies, the
running time of field multiplication and reduction over
can be decreased by 21.1\% and 24.7\%, respectively.
These savings noticeably decrease execution times spent in
Elliptic Curve Digital Signature Algorithm (ECDSA) operations
(signing and verification) by around . We present
TinyECCK (Tiny Elliptic Curve Cryptosystem with Koblitz curve -- a
kind of TinyOS package supporting elliptic curve operations) which
is the fastest ECC implementation over on 8-bit sensor motes
using ATmega128L as far as we know. Through comparisons with existing software
implementations of ECC built in C or hybrid of C and inline
assembly on sensor motes, we show that TinyECCK outperforms
them in terms of running time, code size and supporting services.
Furthermore, we show that a field multiplication over
can be faster than that over on 8-bit ATmega128L processor
by comparing TinyECCK with TinyECC, a well-known ECC implementation
over . TinyECCK with sect163k1 can compute a scalar multiplication
within 1.14 secs on a MICAz mote at the expense of 5,592-byte of ROM and
618-byte of RAM. Furthermore, it can also generate a signature and verify
it in 1.37 and 2.32 secs with 13,748-byte of ROM and 1,004-byte of RAM
Toffoli gate count Optimized Space-Efficient Quantum Circuit for Binary Field Multiplication
Shor\u27s algorithm solves Elliptic Curve Discrete Logarithm Problem(ECDLP) in polynomial time. To optimize Shor\u27s algorithm for binary elliptic curve, reducing the cost for binary field multiplication is essential because it is most cost-critical basic arithmetic. In this paper, we propose Toffoli gate count optimized space-efficient quantum circuits for binary field multiplication. To do so, we take advantage of Karatsuba-like formula and show that its application can be provided without ancillary qubits and optimized them in terms of CNOT gate and depth. Based on the Karatsuba-like formula, we drive a space-efficient CRT-based multiplication with two types of out-of-place multiplication algorithm to reduce CNOT gate cost. Our quantum circuits do not use ancillary qubits and have extremely low TOF gates count where is a function named iterative logarithm that grows very slowly. Compared to recent Karatsuba-based space-efficient quantum circuit, our circuit requires only of Toffoli gate count with comparable depth for cryptographic field sizes . To the best of our knowledge, this is the first result that utilizes Karatsuba-like formula and CRT-based multiplication in quantum circuits
On the Security of HMAC and NMAC Based on HAVAL, MD4, MD5, SHA-0 and SHA-1
HMAC is a widely used message authentication code and a
pseudorandom function generator based on cryptographic hash
functions such as MD5 and SHA-1. It has been standardized by ANSI,
IETF, ISO and NIST. HMAC is proved to be secure as long as the
compression function of the underlying hash function is a
pseudorandom function. In this paper we devise two new
distinguishers of the structure of HMAC, called {\em differential}
and {\em rectangle distinguishers}, and use them to discuss the
security of HMAC based on HAVAL, MD4, MD5, SHA-0 and SHA-1. We
show how to distinguish HMAC with reduced or full versions of
these cryptographic hash functions from a random function or from
HMAC with a random function. We also show how to use our
differential distinguisher to devise a forgery attack on HMAC. Our
distinguishing and forgery attacks can also be mounted on NMAC
based on HAVAL, MD4, MD5, SHA-0 and SHA-1. Furthermore, we show
that our differential and rectangle distinguishers can lead to
second-preimage attacks on HMAC and NMAC
Improved Differential Fault Analysis on ARIA using Small Number of Faults
In [15], Li et al. firstly proposed a differential fault analysis on ARIA-128. This attack requires average 45 random byte fault injections. In 2012, Park et al. proposed the improve DFA by using 33 random byte fault injection. Also Kim proposed differential fault analysis based on multi byte fault model. In this model, the number of fault injections is reduce to 13 and If access to the decryption oracle is allowed, only 7 faults are required. In this paper, we propose improved differential fault analysis on ARIA. Based on random byte fault model, the proposed attacks can recover the secret key of ARIA-128/192/256 by using 6 fault injections within a few minutes. Moreover, in cases of ARIA-128 and ARIA-256, it is possible to recover the secret key using only 4 fault injections under a fault assumption where an attacker can induce some faults during both encryption and decryption process, respectively.
Our results on ARIA-192/256 are the first known DFA results on them
Various Security Analysis of a pfCM-MD Hash Domain Extension and Applications based on the Extension
We propose a new hash domain extension \textit{a prefix-free-Counter-Masking-MD (pfCM-MD)}. And, among security notions for the hash function, we focus on the indifferentiable security notion by which we can check whether the structure of a given hash function has any weakness or not. Next, we consider the security of HMAC, two new prf constructions, NIST SP 800-56A key derivation function, and the randomized hashing in NIST SP 800-106, where all of them are based on the pfCM-MD. Especially, due to the counter of the pfCM-MD, the pfCM-MD are secure against all of generic second-preimage attacks such as Kelsey-Schneier attack \cite{KeSc05} and Elena {\em et al.}\u27 attck \cite{AnBoFoHoKeShZi08}. Our proof technique and most of notations follow those in \cite{BeDaPeAs08,Bellare06,BeCaKr96a}
- …