Improving Integral Cryptanalysis against Rijndael with Large Blocks

This report presents new four-round integral properties against the Rijndael cipher with block sizes larger than 128 bits. Using higher-order multiset distinguishers and other well-known extensions of those properties, the deduced attacks reach up to 7 and 8 rounds of Rijndael variants with 160 up to 256-bit blocks. For example, a 7-rounds attack against Rijndael-224 has a time complexity equal to $2^{80}$

Revisiting LFSMs

Linear Finite State Machines (LFSMs) are particular primitives widely used in information theory, coding theory and cryptography. Among those linear automata, a particular case of study is Linear Feedback Shift Registers (LFSRs) used in many cryptographic applications such as design of stream ciphers or pseudo-random generation. LFSRs could be seen as particular LFSMs without inputs. In this paper, we first recall the description of LFSMs using traditional matrices representation. Then, we introduce a new matrices representation with polynomial fractional coefficients. This new representation leads to sparse representations and implementations. As direct applications, we focus our work on the Windmill LFSRs case, used for example in the E0 stream cipher and on other general applications that use this new representation. In a second part, a new design criterion called diffusion delay for LFSRs is introduced and well compared with existing related notions. This criterion represents the diffusion capacity of an LFSR. Thus, using the matrices representation, we present a new algorithm to randomly pick LFSRs with good properties (including the new one) and sparse descriptions dedicated to hardware and software designs. We present some examples of LFSRs generated using our algorithm to show the relevance of our approach.Comment: Submitted to IEEE-I

Resilient networking in wireless sensor networks

This report deals with security in wireless sensor networks (WSNs), especially in network layer. Multiple secure routing protocols have been proposed in the literature. However, they often use the cryptography to secure routing functionalities. The cryptography alone is not enough to defend against multiple attacks due to the node compromise. Therefore, we need more algorithmic solutions. In this report, we focus on the behavior of routing protocols to determine which properties make them more resilient to attacks. Our aim is to find some answers to the following questions. Are there any existing protocols, not designed initially for security, but which already contain some inherently resilient properties against attacks under which some portion of the network nodes is compromised? If yes, which specific behaviors are making these protocols more resilient? We propose in this report an overview of security strategies for WSNs in general, including existing attacks and defensive measures. In this report we focus at the network layer in particular, and an analysis of the behavior of four particular routing protocols is provided to determine their inherent resiliency to insider attacks. The protocols considered are: Dynamic Source Routing (DSR), Gradient-Based Routing (GBR), Greedy Forwarding (GF) and Random Walk Routing (RWR)

A Bottleneck Attack on Crypton

Crypton is a 12-round blockcipher proposed as an AES candidate by C.H. Lim in 1998. In this paper, we present two bottleneck attacks on reduced round version of Crypton v0.5 and Crypton v1.0. Those cryptanalyses are built upon a four-round distinguisher based on a three-round property due to a restricted dependency of the one byte to one byte permutation transformation as made for the AES in [GM00].We present an attack on a six round version of Crypton. We also present a marginal speed up of the 128-bits key exhaustive search for a seven-round version of Crypton. This attack does not endanger the practical security offered by Crypton but shows an other example where the bottleneck property could be used with an S-box level composed of at least two S-boxes

Constraint Programming Models for Chosen Key Differential Cryptanalysis

International audienceIn this paper, we introduce Constraint Programming (CP) models to solve a cryptanalytic problem: the chosen key differential attack against the standard block cipher AES. The problem is solved in two steps: In Step 1, bytes are abstracted by binary values; In Step 2, byte values are searched. We introduce two CP models for Step 1: Model 1 is derived from AES rules in a straightforward way; Model 2 contains new constraints that remove invalid solutions filtered out in Step 2. We also introduce a CP model for Step 2. We evaluate scale-up properties of two classical CP solvers (Gecode and Choco) and a hybrid SAT/CP solver (Chuffed). We show that Model 2 is much more efficient than Model 1, and that Chuffed is faster than Choco which is faster than Gecode on the hardest instances of this problem. Furthermore, we prove that a solution claimed to be optimal in two recent cryptanalysis papers is not optimal by providing a better solution

The Gain of Network Coding in Wireless Sensor Networking

Wireless Sensor Networks have some well known features such as low battery consumption, changing topology awareness, open environment, non reliable radio links, etc.In this paper, we investigate the benefits of Network Coding Wireless Sensor networking, especially resiliency.One of our main concern is the resiliency in Wireless Sensor Networks.We have seen that resiliency could be described as a multi dimensional metric \cite{5478822,erdene2011enhancing,6423640} taking parameters such as Average Delivery Ratio, Delay Efficiency, Energy Efficiency, Average Throughput and Delivery Fairness into account.Resiliency can then be graphically represented as a kiviat diagram created by the previous weighted parameters.In order to introduce these metrics, previous works have been leaded on the Random Gradient Based Routing, which proved good resiliency in malicious environment.We look for seeing the improvements in term of resiliency, when adding network coding in the Random Gradient Based Routing with malicious nodes

Analysis of Impossible, Integral and Zero-Correlation Attacks on Type-II Generalized Feistel Networks using the Matrix Method

While some recent publications have shown some strong relations between impossible differential and zero-correlation distinguishers as well as between zero-correlation and integral distinguishers, we analyze in this paper some relation between the underlying key-recovery attacks against Type-II Feistel networks. The results of this paper are build on the relation presented at ACNS 2013. In particular, using a matrix representation of the round function, we show that we can not only find impossible, integral and multidimensional zero-correlation distinguishers but also find the key-words involved in the underlined key-recovery attacks. Based on this representation, for matrix-method-derived strongly-related zero-correlation and impossible distinguishers, we show that the key-words involved in the zero-correlation attack is a subset of the key-words involved in the impossible differential attack. Other relations between the key-words involved in zero-correlation, impossible and integral attacks are also extracted. Also we show that in this context the data complexity of the multidimensional zero-correlation attack is larger than that of the other two attacks

A Mathematical Analysis of Prophet Dynamic Address Allocation

Prophet is a dynamic address allocation protocol described at INFOCOM 2003. This protocol is based upon a family of pseudo-random generators. The goal of Prophet is to establish an addresses scheme free of conflict. The addressing capabilities of Prophet depend on the underlying properties of the pseudo-random generators. The different pseudo-random generators proposed in Prophet are analyzed and the limits of the scheme are exhibited. Most notably, the periods of the generators limit the addressing capabilities of a node and the fact that Prophet is collision-free. In this research report, we show that the underlying assumptions made in Prophet can not be met by pseudo-random generators

Tuple Cryptanalysis: Slicing and Fusing Multisets

International audienceIn this paper, we revisit the notions of Square, saturation, integrals, multisets, bit patterns and tuples, and propose a new Slice & Fuse paradigm to better exploit multiset type properties of block ciphers, as well as relations between multisets and constituent bitslice tuples. With this refined analysis, we are able to improve the best bounds proposed in such contexts against the following block ciphers: Threefish, Prince, Present and Rectangle

The KAA project: a trust policy point of view

In the context of ambient networks where each small device must trust its neighborhood rather than a fixed network, we propose in this paper a \textit{trust management framework} inspired by known social patterns and based on the following statements: each mobile constructs itself a local level of trust what means that it does not accept recommendation by other peers, and the only relevant parameter, beyond some special cases discussed later, to evaluate the level of trust is the number of common trusted mobiles. These trusted mobiles are considered as entries in a local database called history for each device and we use identity-based cryptography to ensure strong security: history must be a non-tansferable object