463 research outputs found
Integral Cryptanalysis on reduced-round Safer++
In this paper we describe an integral distinguisher over 2 rounds of Safer++. It allows a practical attack against 3 rounds of Safer++128, as well as attacks on 4 rounds of Safer++128 and Safer++256, under the chosen-plaintext hypothesis. These results achieve much lower
complexity than the currently known best attacks on Safer++, namely
weak-key linear cryptanalysis by Nakahara. As a side result, we prove that the byte-branch number of the linear transform of Safer++ is 5.
We also discuss a way for further research in order to extend integral
cryptanalysis
On Polynomial Systems Arising from a Weil Descent
In the last two decades, many computational problems arising in cryptography
have been successfully reduced to various systems of polynomial equations. In
this paper, we revisit a class of polynomial systems introduced by FaugĂšre,
Perret, Petit and Renault.
%
Seeing these systems as natural generalizations of HFE systems, we provide
experimental and theoretical evidence that their degrees of regularity are
only slightly larger than the original degre of the equations, resulting in a
very low complexity compared to generic systems.
%
We then revisit the applications of these systems to the elliptic curve
discrete logarithm problem (ECDLP) for binary curves, to the factorization
problem in and to other discrete logarithm problems.
As a main consequence, we provide a heuristic analysis showing that Diem\u27s
variant of index calculus for
ECDLP
requires a \emph{subexponential} number of bit operations over the binary field , where is a constant smaller
than .
%
According to our estimations, generic discrete logarithm methods are
outperformed for any where , but elliptic curves of
currently recommended key sizes () are not immediately
threatened.
%
The analysis can be easily generalized to other extension fields
Hardware Implementations of a Variant of the ZĂ©mor-Tillich Hash Function: Can a Provably Secure Hash Function be very efficient ?
Hash functions are widely used in Cryptography, and hardware implementations of hash functions are of interest in a variety of contexts such as speeding up the computations of a network server or providing authentication in small electronic devices such as RFID tags. Provably secure hash functions, the security of which relies
on the hardness of a mathematical problem, are particularly appealing for security, but they used to be too inefficient in practice. In this paper, we study the efficiency
in hardware of ZT\u27, a provably secure hash function based on the ZĂ©mor-Tillich hash function. We consider three kinds of implementations targeting a high throughput and a low area in different ways. We first present a high-speed implementation of ZT\u27 on
FPGA that is nearly half as efficient as state-of-the-art SHA implementations in terms of throughput per area. We then focus on area reduction and present an ASIC implementation of ZT\u27 with much smaller area costs than SHA-1 and even than SQUASH, which was specially designed for low-cost RFID tags. Between these two extreme implementations, we show that the throughput and area can be traded with a lot of flexibility. Finally, we show that the inherent parallelism of ZT\u27 makes it particularly suitable for applications requiring high speed hashing of very long messages. Our work,
together with existing reasonably efficient software implementations, shows that this variant of the ZĂ©mor-Tillich hash function is in fact very practical for a wide range of applications, while having a security related to the hardness of a mathematical problem
and significant additional advantages such as scalability and parallelism
Information Theoretic Evaluation of Side-Channel Resistant Logic Styles
We propose to apply an information theoretic metric to the evaluation of side-channel resistant logic styles. Due to the long design and development time required for the physical evaluation of such hardware countermeasures, our analysis is based on simulations. Although they do not aim to replace the need of actual measurements, we show that simulations can be used as a meaningful first step in the validation chain of a cryptographic product. For illustration purposes, we apply our methodology to gate-level simulations of different logic styles and stress that it allows a significant improvement of the previously considered evaluation methods. In particular, our results allow putting forward the respective strengths and weaknesses of actual countermeasures and determining to which extent they can practically lead to secure implementations (with respect to a noise parameter), if adversaries were provided with simulation-based side-channel traces. Most importantly, the proposed methodology can be straightforwardly adapted to adversaries provided with any other kind of leakage traces (including physical ones)
Parallel FPGA Implementation of RSA with Residue Number Systems - Can side-channel threats be avoided? - Extended version
In this paper, we present a new parallel architecture to avoid
side-channel analyses such as: timing attack, simple/differential
power analysis, fault induction attack and simple/differential
electromagnetic analysis. We use a Montgomery Multiplication based
on Residue Number Systems. Thanks to RNS, we develop a design able
to perform an RSA signature in parallel on a set of identical and
independent coprocessors. Of independent interest, we propose a
new DPA countermeasure in the framework of RNS. It is only
(slightly) memory consuming (1.5 KBytes). Finally, we synthesized
our new architecture on FPGA and it presents promising performance
results. Even if our aim is to sketch a secure architecture, the
RSA signature is performed in less than 160 ms, with competitive
hardware resources. To our knowledge, this is the first proposal
of an architecture counteracting electromagnetic analysis apart
from hardware countermeasures reducing electromagnetic radiations
Towards Security Limits in Side-Channel Attacks
This paper considers a recently introduced framework for the analysis of physically observable cryptographic devices. It exploits
a model of computation that allows quantifying the effect of practically relevant leakage functions with a combination of security and information theoretic metrics. As a result of these metrics, a unified evaluation methodology for side-channel attacks was derived that we illustrate by applying it to an exemplary block cipher implementation. We first consider a Hamming weight leakage function and evaluate the efficiency of two commonly investigated countermeasures, namely noise addition and masking. Then, we show that the proposed methodology allows capturing certain non-trivial intuitions about the respective effectiveness of these countermeasures Finally, we justify the need of combined metrics for the evaluation, comparison and understanding of side-channel attacks
Authenticated wireless roaming via tunnels : making mobile guests feel at home
In wireless roaming a mobile device obtains a service from some foreign network while being registered for the similar service at its own home network. However, recent proposals try to keep the service provider role behind the home network and let the foreign network create a tunnel connection through which all service requests of the mobile device are sent to and answered directly by the home network. Such Wireless Roaming via Tunnels (WRT) others several (security) benefits but states also new security challenges on authentication and key establishment, as the goal is not only to protect the end-to-end communication between the tunnel peers but also the tunnel itself. In this paper we formally specify mutual authentication and key establishment goals for WRT and propose an efficient and provably secure protocol that can be used to secure such roaming session. Additionally, we describe some modular protocol extensions to address resistance against DoS attacks, anonymity of the mobile device and unlinkability of its roaming sessions, as well as the accounting claims of the foreign network in commercial scenarios
- âŠ