Impossible Differential Cryptanalysis of ARIA and Camellia

This paper studies the security of the block ciphers ARIA and Camellia against impossible differential cryptanalysis. Our work improves the best impossible differential cryptanalysis of ARIA and Camellia known so far. The designers of ARIA expected no impossible differentials exist for 4-round ARIA. However, we found some nontrivial 4-round impossible differentials, which may lead to a possible attack on 6-round ARIA. Moreover, we found some nontrivial 8-round impossible differentials for Camellia, whereas only 7-round impossible differentials were previously known. By using the 8-round impossible differentials, we presented an attack on 12-round Camellia without $FL/FL^{-1}$ layers

Cryptanalysis of the MEM Mode of Operation

The MEM mode is a nonce-based enciphering mode of operation proposed by Chakraborty and Sarkar, which was claimed to be secure against symmetric nonce respecting adversaries. We show that this is not correct by using two very simple attcks. One attack need one decryption and one decryption queries, and the other only need one encryption query

Improved Integral Cryptanalysis of FOX Block Cipher

FOX is a new family of block ciphers presented recently, which is based upon some results on proven security and has high performances on various platforms. In this paper, we construct some distinguishers between 3-round FOX and a random permutation of the blocks space. By using integral attack and collision-searching techniques, the distinguishers are used to attack on 4, 5, 6 and 7-round of FOX64, 4 and 5-round FOX128. The attack is more efficient than previous integral attack on FOX. The complexity of improved integral attack is $2^{77.6}$ on 4-round FOX128, $2^{205.6}$ against 5-round FOX128 respectively. For FOX64, the complexity of improved integral attack is $2^{45.4}$ on 4-round FOX64, $2^{109.4}$ against 5-round FOX64, $2^{173.4}$ against 6-round FOX64, $2^{237.4}$ against 7-round FOX64 respectively. Therefore, 4-round FOX64/64, 5-round FOX64/128, 6-round FOX64/192, 7-round FOX64/256 and 5-round FOX128/256 are not immune to the attack in this paper

Cryptanalysis of the Hash Function LUX-256

LUX is a new hash function submitted to NIST\u27s SHA-3 competition. In this paper, we found some non-random properties of LUX due to the weakness of origin shift vector. We also give reduced blank round collision attack, free-start collision attack and free-start preimage attack on LUX-256. The two collision attacks are trivial. The free-start preimage attack has complexity of about 2^80 and requires negligible memory

On the Correctness of An Approach Against Side-channel attacks

Side-channel attacks are a very powerful cryptanalytic technique. Li and Gu [ProvSec\u2707] proposed an approach against side-channel attacks, which states that a symmetric encryption scheme is IND-secure in side-channel model, if it is IND-secure in black-box model and there is no adversary who can recover the whole key of the scheme computationally in side-channel model, i.e. WKR-SCA ^ IND -> IND-SCA. Our researches show that it is not the case. We analyze notions of security against key recovery attacks and security against distinguishing attacks, and then construct a scheme which is WKR-SCA-secure and IND-secure, but not IND-SCA-secure in the same side-channel environment. Furthermore, even if the scheme is secure again partial key recovery attacks in side-channel model, this approach still does not hold true

Lattice-based Fault Attacks against ECMQV

ECMQV is a standardized key agreement protocol based on ECC with an additional implicit signature authentication. In this paper we investigate the vulnerability of ECMQV against fault attacks and propose two efficient lattice-based fault attacks. In our attacks, by inducing a storage fault to the ECC parameter $a$ before the execution of ECMQV, we can construct two kinds of weak curves and successfully pass the public-key validation step in the protocol. Then, by solving ECDLP and using a guess-and-determine method, some information of the victim\u27s temporary private key and the implicit-signature result can be deduced. Based on the retrieved information, we build two new lattice-attack models and recover the upper half of the static private key. Compared with the previous lattice-attack models, our models relax the attack conditions and do not require the exact partial knowledge of the nonces. The validity of the attacks is proven by experimental simulations, which show our attacks pose real threats to the unprotected ECMQV implementations since only one permanent fault is sufficient to retrieve half bits of the secret key

(Pseudo) Preimage Attack on Round-Reduced Grøstl Hash Function and Others (Extended Version)

The Grøstl hash function is one of the 5 final round candidates of the SHA-3 competition hosted by NIST. In this paper, we study the preimage resistance of the Grøstl hash function. We propose pseudo preimage attacks on Grøstl hash function for both 256-bit and 512-bit versions, i.e. we need to choose the initial value in order to invert the hash function. Pseudo preimage attack on 5(out of 10)-round Grøstl-256 has a complexity of $(2^{244.85},2^{230.13})$ (in time and memory) and pseudo preimage attack on 8(out of 14)-round Grøstl-512 has a complexity of $(2^{507.32},2^{507.00})$. To the best of our knowledge, our attacks are the first (pseudo) preimage attacks on round-reduced Grøstl hash function, including its compression function and output transformation. These results are obtained by a variant of meet-in-the-middle preimage attack framework by Aoki and Sasaki. We also improve the time complexities of the preimage attacks against 5-round Whirlpool and 7-round AES hashes by Sasaki in FSE~2011

LOL: A Highly Flexible Framework for Designing Stream Ciphers

In this paper, we propose LOL, a general framework for designing blockwise stream ciphers, to achieve ultrafast software implementations for the ubiquitous virtual networks in 5G/6G environments and high-security level for post-quantum cryptography. The LOL framework is structurally strong, and all its components as well as the LOL framework itself enjoy high flexibility with various extensions. Following the LOL framework, we propose new stream cipher designs named LOL-MINI and LOL-DOUBLE with the support of the AES-NI and SIMD instructions: the former applies the basic LOL single mode while the latter uses the extended parallel-dual mode. Both LOL-MINI and LOL-DOUBLE support 256-bit key length and, according to our thorough evaluations, have 256-bit security margins against all existing cryptanalysis methods including differential, linear, integral, etc. The software performances of LOL-MINI and LOL-DOUBLE can reach 89 Gbps and 135 Gbps. In addition to pure encryptions, the LOL-MINI and LOL-DOUBLE stream ciphers can also be applied in a stream-cipher-then-MAC strategy to make an AEAD scheme

practical rebound attack on 12-round cheetah-256

Natl Secur Res Inst, Elect Telecommunicat Res Inst, Natl Inst Math Sci, Korea Internet & Secur Agcy, Korea Univ BK21 Info Secur Ubiquitous Environm, Seoul Natl Univ Res Inst Math, Korean Federat Sci & Technol Soc, Chungnam Natl Univ, Internet Intrus ResponseTechnol Res Ctr, MarkAny, SG Advantech, AhnLab, LG CNS, Korea UnivIn this paper, we propose cryptanalysis of the hash function Cheetah-256. Cheetah is accepted as a first round candidate of SHA-3 competition hosted by NIST 1, but it is not in the second round. First, we discuss relation between degrees of freedom injected from round message blocks and round number of a pseudo-collision attack on hash functions with S boxes and MDS diffusion. A pseudo-collision attack on 8-round Cheetah-256 can be derived by trivially applying original rebound techniques. Then, we propose a rebound differential path for semi-free start collision attack on 12-round Cheetah-256 and an observation of the neutral bytes influence on state values. Based on this observation, algebraic message modifications are designed using the neutral bytes and total complexity is reduced to 2(24). This is a practical rebound attack

Politicization of the Hydropower Dams in the Lancang-Mekong Basin: A Review of Contemporary Environmental Challenges

To date, hydropower dams raise numerous interpretations about their impact on the Lancang-Mekong River. While most research studies analyze the negative aspects of hydropower development on people’s livelihoods and local environments, the hydropower sector was historically one of the most iconic economic segments facilitating transboundary water cooperation for decades. By using the constructive discourse analysis and critical political ecology approach, the presented text (1) outlines the current environmental narratives over the Lancang-Mekong hydropower development and (2) explores the politicization of the Chinese mainstream dams. The data were collected upon the multi-level content analysis of relevant sources and double-checked with the Lancang-Mekong Cooperation and Conflict Database (LMCCD) monitoring over 4000 water-related events among six riparian countries between 1990 and 2021. Our data show that (i) there is a stark contrast in positive and negative narratives over the rapid hydropower development, (ii) the impact of mainstream dams on the river is more often discussed than that of tributary dams, (iii) implications of the hydropower dams are often interpreted upon the non-traditional research inputs rather than widely accepted studies, and (iv) developing the contradictory arguments through social and public media contributes to greater polarization of the multi-stakeholders’ viewpoints in the accountable research dialogue