Optimizations in Algebraic and Differential Cryptanalysis

In this thesis, we study how to enhance current cryptanalytic techniques, especially in Differential Cryptanalysis (DC) and to some degree in Algebraic Cryptanalysis (AC), by considering and solving some underlying optimization problems based on the general structure of the algorithm. In the first part, we study techniques for optimizing arbitrary algebraic computations in the general non-commutative setting with respect to several metrics [42, 44]. We apply our techniques to combinatorial circuit optimization and Matrix Multiplication (MM) problems [30, 44]. Obtaining exact bounds for such problems is very challenging. We have developed a 2- step technique, where firstly we algebraically encode the problem and then we solve the corresponding CNF-SAT problem using a SAT solver. We apply this methodology to optimize small circuits such as S-boxes with respect to a given metric and to discover new bilinear algorithms for multiplying sufficiently small matrices. We have obtained the best bit-slice implementation of PRESENT S-box currently known [6]. Furthermore, this technique allows us to compute the Multiplicative Complexity (MC) of whole ciphers [23], a very important measure of the non-linearity of a cipher [20, 44]. Another major theme in this thesis is the study of advanced differential attacks on block ciphers. We suggest a general framework, which enhances current differential cryptanalytic techniques and we apply it to evaluate the security of GOST block cipher [63, 102, 107]. We introduce a new type of differential sets based on the connections be- tween the S-boxes, named “general open sets” [50, 51], which can be seen as a refinement of Knudsen’s truncated differentials [84]. Using this notion, we construct 20-round statistical distinguishers and then based on this construction we develop attacks against full 32-rounds. Our attacks are in the form of Depth-First key search with many technical steps subject to optimization. We validate and analyze in detail each of these steps in an attempt to provide a solid formulation for our advanced differential attacks

Hypothesis testing and advanced distinguishers in differential cryptanalysis of block ciphers

Distinguishing distributions is a major part during cryptanalysis of symmetric block ciphers. The goal of the cryptanalyst is to distinguish two distributions; one that characterizes the number of certain events which occur totally at random and another one that characterizes same type of events but due to propagation inside the cipher. This can be realized as a hypothesis testing problem, where a source is used to generate independent random samples in some given finite set with some distribution P, which is either R or W, corresponding to propagation inside the cipher or a random permutation respectively. Distinguisher’s goal is to determine which one is most likely the one which was used to generate the sample. In this paper, we study a general hypothesis-testing based approach to construct statistical distinguishers using truncated differential properties. The observable variable in our case is the expected number of pairs that follow a certain truncated differential property of the form ΔX → ΔY after a certain number of rounds. As a proof of concept, we apply this methodology to GOST and SIMON 64/128 block ciphers and present distinguishers on 20 and 22 rounds respectivel

Advanced truncated differential cryptanalysis of GOST block cipher

n this paper, we use the ideas presented by Courtois and Mourouzis to study the security of two variants of GOST, which are considered as the simpler and most secure variants [9]; the one with the S-boxes replaced by the Identity Map and the ISO version which is assumed to be the strongest one. The advanced differential attacks we present are of the form of Depth-First Key search, which uses a 20 round distinguisher in the middle (or equivalently 26-round distinguisher for the simpler version of GOST with Identity Map) [11]. The main idea is that we consider a partition of the 32 rounds by placing in the middle the constructed distinguisher. Then, based on the weak diffusion we can extend these very strong statistical distinguishers to efficiently good filters for some external rounds. Then, by guessing some key bits for external rounds and determining some plaintext and ciphertext pairs of specified input-output differences we can extend the construction to an attack against the full block cipher. Thus, the technique we apply is a generic cryptanalytic framework of First-Search key search type which involves several optimization tasks obtained from the specific structure of the given encryption algorithm

Towards a combined Rotational-Differential Cryptanalytic Framework

In this report, we suggest a new cryptanalytic framework of constructing distinguishers which can be eventually extended to full attacks in the related-key scenario. We name this new paradigm as ”Relational Cryptanalysis”. The main idea is to exhibit the non-randomness of a given encryption algorithm by observing the propagation of specific sets of plaintexts of the form (P,P′) such that these pairs satisfy some rotational and differential properties of the form R1(P) = P′ and P ⊕ P′ ∈ ∆P, for some rotational symmetry R1 and fixed set of differences ∆P . Except of rotational and differential properties, we can add any other relation which seems to hold for a reduced number of rounds of the cryptographic primitive we study. Intuitively, we expect that by adding more relations we increase the observed probability of the propagation and this result to stronger statistical distinguishers

On The Security Evaluation of Partial Password Implementations

A partial password is a mode of password-based authentication that is widely used, especially in the financial sector. It is based on a challenge-response protocol, where at each login attempt, a challenge requesting characters from randomly selected positions of a pre-shared secret is presented to the user. This mode could be seen as a “cheap way” of preventing for example a malware or a keylogger installed on a user’s device to learn the full password in a single step. Despite of the widespread adoption of this mechanism, especially by many UK banks, there is limited material in the open literature. Questions like how the security of the scheme varies with the sampling method employed to form the challenges or what are the existing server-side implementations are left unaddressed. In this paper, we study questions like how the security of this mechanism varies in relation to the number of challenge-response pairs available to an attacker under different ways of generating challenges. In addition, we discuss possible server-side implementations as (unofficially) listed in different online forums by information security experts. To the best of our knowledge there is no formal academic literature in this direction and one of the aims of this paper is to motivate other researchers to study this topic

Thyroid Hormone and Cardiac Disease: From Basic Concepts to Clinical Application

Nature's models of regeneration provide substantial evidence that a natural healing process may exist in the heart. Analogies existing between the damaged myocardium and the developing heart strongly indicate that regulatory factors which drive embryonic heart development may also control aspects of heart regeneration. In this context, thyroid hormone (TH) which is critical in heart maturation during development appears to have a reparative role in adult life. Thus, changes in TH -thyroid hormone receptor (TR) homeostasis are shown to govern the return of the damaged myocardium to the fetal phenotype. Accordingly, thyroid hormone treatment preferentially rebuilds the injured myocardium by reactivating developmental gene programming. Clinical data provide further support to this experimental evidence and changes in TH levels and in particular a reduction of biologically active triiodothyronine (T3) in plasma after myocardial infarction or during evolution of heart failure, are strongly correlated with patients morbidity and mortality. The potential of TH to regenerate a diseased heart has now been testing in patients with acute myocardial infarction in a phase II, randomized, double blind, placebo-controlled study (the THiRST study)

Incorporating Accessibility in Web-Based Work Environments: Two Alternative Approaches and Issues Involved

The development of online work and collaboration environments presents a number of opportunities as well as challenges, especially for diverse user populations. They can enhance the mobility of workers and, subject to their design, offer access to people with disability and contribute significantly to tackling existing barriers in employment and social inclusion. At present, a number of web-based work environments have been developed; nonetheless, they hardly reach people with disability due to their low conformance with Web accessibility principles. One of the reasons why incorporating accessibility in online environments remains elusive for most Web service providers is that it is difficult for them to choose among the alternative approaches. This paper examines two different approaches of Web accessibility engineering from a provider’s perceptive and in relation to the resources required in each case. In the first approach, interfaces are made accessible by design, whereas the second approach involves the use of “filter and transformation tools” as a means to transform existing non-accessible interfaces into ones that comply with de facto Web accessibility recommendations. Based on the authors’ experience and hands-on practice on both approaches gained in the context of several European and national projects and through the development of fifteen accessible online tools in total, a study was conducted to examine the cost effectiveness of each approach. As a result, a set of practical guidelines are offered here for assisting web service providers in identifying the most appropriate approach with regards to the different needs of any given project