Design, Cryptanalysis and Protection of Symmetric Encryption Algorithms

This thesis covers results from several areas related to symmetric cryptography, secure and efficient implementation and is divided into four main parts: In Part II, Benchmarking of AEAD, two articles will be presented, showing the results of the FELICS framework for Authenticated encryption algorithms, and multiarchitecture benchmarking of permutations used as construction block of AEAD algorithms. The Sparkle family of Hash and AEAD algorithms will be shown in Part III. Sparkle is currently a finalist of the NIST call for standardization of lightweight hash and AEAD algorithms. In Part IV, Cryptanalysis of ARX ciphers, it is discussed two cryptanalysis techniques based on differential trails, applied to ARX ciphers. The first technique, called Meet-in-the-Filter uses an offline trail record, combined with a fixed trail and a reverse differential search to propose long differential trails that are useful for key recovery. The second technique is an extension of ARX analyzing tools, that can automate the generation of truncated trails from existing non-truncated ones, and compute the exact probability of those truncated trails. In Part V, Masked AES for Microcontrollers, is shown a new method to efficiently compute a side-channel protected AES, based on the masking scheme described by Rivain and Prouff. This method introduces table and execution-order optimizations, as well as practical security proofs

Implementação em software de cifradores autenticados para processadores ARM

Orientador: Julio César López HernándezDissertação (mestrado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: Algoritmos de cifração autenticada são ferramentas usadas para proteger dados, de forma a garantir tanto sigilo quanto autenticidade e integridade. Implementações criptográficas não possuem apenas exatidão e eficiência como seus principais objetivos: sistemas computacionais podem vazar informação sobre seu com- portamento interno, de forma que uma má implementação pode comprometer a segu- rança de um bom algoritmo. Dessa forma, esta dissertação tem o objetivo de estudar as formas de implementar corretamente algoritmos criptográficos e os métodos para optimizá-los sem que percam suas características de segurança. Um aspecto impor- tante a ser levado em consideração quando implementando algoritmos é a arquitetura alvo. Nesta dissertação concentra-se na família de processadores ARM. ARM é uma das arquiteturas mais utilizadas no mundo, com mais de 100 bilhões de chips vendidos. Esta dissertação foca em estudar e implementar duas famílias de cifradores auten- ticados: NORX e Ascon, especificamente para processadores ARM Cortex-A de 32 e 64 bits. Descrevemos uma técnica de optimização orientada a pipeline para NORX que possui desempenho melhor que o atual estado da arte, e discutimos técnicas utilizadas em uma implementação vetorial do NORX. Também analisamos as características de uma implementação vetorial do Ascon, assim como uma implementação vetorial de múltiplas mensagensAbstract: Authenticated encryption algorithms are tools used to protect data, in a way that guar- antees both its secrecy, authenticity, and integrity. Cryptographic implementations do not have only correctness and efficiency as its main goals: computer systems can leak information about their internal behavior, and a bad implementation can compromise the security of a good algorithm. Therefore, this dissertation aims to study the forms of correctly and efficiently implementing crypto- graphic algorithms and the methods of optimizing them without losing security char- acteristics. One important aspect to take into account during implementation and opti- mization is the target architecture. In this dissertation, the focus is on the ARM family of processors. ARM is one of the most widespread architectures in the world, with more than 100 billion chips deployed. This dissertation focus on studying and implementing two different families of au- thenticated encryption algorithms: NORX and Ascon, targeting 32-bits and 64-bits ARM Cortex-A processors. We show a pipeline oriented technique to implement NORX that¿s faster than the current state-of-art; and we also discuss the techniques used on a vectorial implementation of NORX. We also describe and analyze the characteristics of a vectorial implementation of Ascon, as well as a multiple message vectorial imple- mentationMestradoCiência da ComputaçãoMestre em Ciência da Computaçã

An Evaluation of the Multi-Platform Efficiency of Lightweight Cryptographic Permutations

Permutation-based symmetric cryptography has become increasingly popular over the past ten years, especially in the lightweight domain. More than half of the 32 second-round candidates of NIST's lightweight cryptography standardization project are permutation-based designs or can be instantiated with a permutation. The performance of a permutation-based construction depends, among other aspects, on the rate (i.e. the number of bytes processed per call of the permutation function) and the execution time of the permutation. In this paper we analyze the execution time and code size of assembler implementations of the permutation of Ascon, Gimli, Schwaemm, and Xoodyak on an 8-bit AVR and a 32-bit ARM Cortex-M3 microcontroller. Our aim is to ascertain how well these four permutations perform on microcontrollers with very different architectural and micro-architectural characteristics such as the available register capacity or the latency of multi-bit shifts and rotations. We also determine the impact of flash wait states on the execution time of the permutations on Cortex-M3 development boards with 0, 2, and 4 wait states. Our results show that the throughput (in terms of permutation time divided by rate when the capacity is fixed to 256 bits) of the permutation of Ascon, Schwaemm, and Xoodyak is similar on ARM Cortex-M3 and lies in the range of 41.1 to 48.6 cycles per rate-byte. However, on an 8-bit AVR ATmega128, the permutation of Schwaemm outperforms its counterparts of Ascon and Xoodyak by a factor of 1.20 and 1.59, respectively

Automated Truncation of Differential Trails and Trail Clustering in ARX

We propose a tool for automated truncation of differential trails in ciphers using modular addition, bitwise rotation, and XOR (ARX). The tool takes as input a differential trail and produces as output a set of truncated differential trails. The set represents all possible truncations of the input trail according to certain predefined rules. A linear-time algorithm for the exact computation of the differential probability of a truncated trail that follows the truncation rules is proposed. We further describe a method to merge the set of truncated trails into a compact set of non-overlapping truncated trails with associated probability and we demonstrate the application of the tool on block cipher Speck64. We have also investigated the effect of clustering of differential trails around a fixed input trail. The best cluster that we have found for 15 rounds has probability 2^−55.03 (consisting of 389 unique output differences) which allows us to build a distinguisher using 128 times less data than the one based on just the single best trail, which has probability 2^−62. Moreover, we show examples for Speck64 where a cluster of trails around a suboptimal (in terms of probability) input trail results in higher overall probability compared to a cluster obtained around the best differential trail

Automated Truncation of Differential Trails and Trail Clustering in ARX

We propose a tool for automated truncation of differential trails in ciphers using modular addition, bitwise rotation, and XOR (ARX). The tool takes as input a differential trail and produces as output a set of truncated differential trails. The set represents all possible truncations of the input trail according to certain predefined rules. A linear-time algorithm for the exact computation of the differential probability of a truncated trail that follows the truncation rules is proposed. We further describe a method to merge the set of truncated trails into a compact set of non-overlapping truncated trails with associated probability and we demonstrate the application of the tool on block cipher Speck64. We have also investigated the effect of clustering of differential trails around a fixed input trail. The best cluster that we have found for 15 rounds has probability 2^−55.03 (consisting of 389 unique output differences) which allows us to build a distinguisher using 128 times less data than the one based on just the single best trail, which has probability 2^−62. Moreover, we show examples for Speck64 where a cluster of trails around a suboptimal (in terms of probability) input trail results in higher overall probability compared to a cluster obtained around the best differential trail

Lightweight AEAD and Hashing using the Sparkle Permutation Family

We introduce the Sparkle family of permutations operating on 256, 384 and 512 bits. These are combined with the Beetle mode to construct a family of authenticated ciphers, Schwaemm, with security levels ranging from 120 to 250 bits. We also use them to build new sponge-based hash functions, Esch256 and Esch384. Our permutations are among those with the lowest footprint in software, without sacrificing throughput. These properties are allowed by our use of an ARX component (the Alzette S-box) as well as a carefully chosen number of rounds. The corresponding analysis is enabled by the long trail strategy which gives us the tools we need to efficiently bound the probability of all the differential and linear trails for an arbitrary number of rounds. We also present a new application of this approach where the only trails considered are those mapping the rate to the outer part of the internal state, such trails being the only relevant trails for instance in a differential collision attack. To further decrease the number of rounds without compromising security, we modify the message injection in the classical sponge construction to break the alignment between the rate and our S-box layer

Gastos públicos com internações hospitalares para tratamento da covid-19 no Brasil em 2020

OBJECTIVE Describe the expenditure resulting from hospitalizations for clinical treatment of users diagnosed with COVID-19 in the Unified Health System (SUS) between February and December 2020. METHODS This is a descriptive study based on data from the Hospital Information System about government expenditure on hospitalizations for clinical treatment of users diagnosed with COVID-19 and causes included in the ICD-10 chapters. We obtained the number of hospitalizations, average length of stay, lethality rate, and total expenditure considering hospital services, professional services and average expenditure per hospitalization. RESULTS In the period evaluated, SUS registered 462,149 hospitalizations, 4.9% of them for COVID-19 treatment. Total expenditure exceeded R$ 2.2 billion, with 85% allocated to hospital services and 15% to professional services. Expenditure for treating COVID-19 was distributed differently between the country’s regions. The Southeast region had the highest number of hospitalizations, highest total amount spent, highest average length of stay in days, and highest lethality rate; the South region, in turn, recorded the highest percentage of spending on non-profit hospitals (58%) and corporate hospitals (15%). CONCLUSIONS Hospitalizations for clinical treatment of coronavirus infection were more costly compared to those for treatment of acute respiratory failure and pneumonia or influenza. Our results show the disparities in hospitalization expenditure for similar procedures between the regions of Brazil, underlining the vulnerability and the need for strategies to reduce the differences in access, use, and distribution of SUS resources, ensuring equanimity, and considering the unfair inequalities between the country’s regions.OBJETIVO Descrever os gastos decorrentes das internações para tratamento clínico de usuários diagnosticados com Covid-19 no Sistema Único de Saúde (SUS) entre fevereiro e dezembro de 2020. MÉTODOS Estudo descritivo, elaborado a partir de dados do Sistema de Informações Hospitalares sobre gastos governamentais com internações hospitalares para tratamento clínico de usuários diagnosticados com Covid-19 e das causas incluídas nos capítulos do CID-10. Obteve-se o número de internações, tempo médio de permanência, taxa de letalidade e os gastos totais considerando serviços hospitalares, serviços profissionais e gasto médio por internação. RESULTADOS No período avaliado, ocorreram 462.149 internações hospitalares no SUS, sendo 4,9% delas para tratamento de usuários com coronavírus. O gasto total foi superior a 2,2 bilhões de reais, sendo 85% destinados a serviços hospitalares e 15% a serviços profissionais. Os gastos para o tratamento da covid-19 se distribuíram de forma distinta entre as regiões do país. A região Sudeste teve o maior número de internações, maior valor total gasto, maior média de permanência em dias e maior taxa de letalidade, enquanto a região Sul registrou maior porcentagem de gastos com hospitais sem fins lucrativos (58%) e hospitais empresariais (15%). CONCLUSÕES As internações para tratamento clínico da infecção pelo coronavírus foram mais onerosas se comparadas às internações para tratamento de insuficiências respiratórias agudas e pneumonias ou influenza. Os resultados demonstraram as disparidades frente aos gastos de internação para procedimentos similares entre as regiões do país, evidenciando a vulnerabilidade e a necessidade de estratégias para diminuir as diferenças no acesso, uso e distribuição de recursos do SUS, garantindo equanimidade, e considerando as injustas desigualdades entre as regiões do país

Lightweight Permutation-Based Cryptography for the Ultra-Low-Power Internet of Things

The U.S. National Institute of Standards and Technology is currently undertaking a process to evaluate and eventually standardize one or more "lightweight" algorithms for authenticated encryption and hashing that are suitable for resource-restricted devices. In addition to security, this process takes into account the efficiency of the candidate algorithms in various hardware environments (e.g. FPGAs, ASICs) and software platforms (e.g. 8, 16, 32-bit microcontrollers). However, while there exist numerous detailed benchmarking results for 8-bit AVR and 32-bit ARM/RISC-V/ESP32 microcontrollers, relatively little is known about the candidates' efficiency on 16-bit platforms. In order to fill this gap, we present a performance evaluation of the final-round candidates Ascon, Schwaemm, TinyJambu, and Xoodyak on the MSP430 series of ultra-low-power 16-bit microcontrollers from Texas Instruments. All four algorithms were explicitly designed to achieve high performance in software and have further in common that the underlying primitive is a permutation. We discuss how these permutations can be implemented efficiently in Assembly language and analyze how basic design decisions impact their execution time on the MSP430 architecture. Our results show that, overall, Schwaemm is the fastest algorithm across various lengths of data and associated data, respectively. Xoodyak has benefits when a large amount of associated data is to be authenticated, whereas TinyJambu is very efficient for the authentication of short messages

Prevalência de recidiva após a correção de hérnia

Introdução: A hérnia é definida como uma protrusão anormal de um órgão ou tecido por um defeito em suas partes circundantes. Podem ocorrer emvários locais do corpo, porém esses defeitos mais comumente envolvem a parede abdominal, em particular a região inguinal. O reparo das hérnias inguinais é o procedimento mais frequente nos serviços de cirurgia geral e embora seja considerada segura e tenha resultados satisfatórios, elas são motivo de preocupação entre os cirurgiões pelo índice de recidivas e por suas complicações. Estima-se que no pós-operatório, cerca de 10% das hérnias recidivam, admitindo como principais causas a falha técnica, a ausência de boa estrutura músculo-aponeurótica e esforço físico do paciente no pósoperatório. Objetivo: Demonstrar a prevalência de recidivas após a correção de hérnia inguinal. Material e método: Análise de artigos e relatos de caso nas plataformas Scielo, Pubmed e Google Acadêmico sobre a recidiva de hérnia inguinal após a sua correção. Resultados: O tratamento cirúrgico das hérnias, ao contrário do que se pensa, está longe de um consenso. Atualmente existem diferentes técnicas cirúrgicas dentre elas Bassini, Shouldice, Mac Vay e Lichtenstein. Entretanto, para a escolha e avaliação do melhor método a ser adotado faz-se necessária uma classificação rigorosa, a fim de evitar a aplicação de técnicas inadequadas ao tipo de defeito. Partindo desse conceito é evidente que o número de recidivas aumente substancialmente a partir da aplicação de técnicas inapropriadas para a hérnia encontrada. Em um estudo de Paul et al. comparando as técnicas de Bassini e Shouldice após um seguimento de 3,3 anos temos que a técnica de Shouldice sobressai à técnica de Bassini, pois apresentou 1,7% de recidivas contra 9,6%. Em outro estudo publicado por Mittelstaedt et al. que operou 136 hérnias utilizando e comparando as técnicas de Bassini, Shouldice e Mc Vay foi possível observar que a técnica de Mc Vay se mostrou como a melhor técnica para herniorrafia apresentando apenas 8,5% de recidivas, contra 23,7% para Shouldice e Bassini em primeiro lugar disparado com 35,7%. Já Minossi et al. ao comparar as técnicas de Mc Vay e Lichtenstein encontrou que 9,5% das cirurgias realizadas pela técnica de Mc Vay recidivaram e apenas 2,1% com a técnica de Lichtenstein. Conclusão: A prevalência de recidiva nas cirurgias para correção de hérnia varia de acordo com a técnica utilizada. A técnica que mais apresenta recidiva é a de Bassini, seguida da técnica de Shouldice, seguida pela técnica de Mc Vay e por fim, a técnica com menor prevalência de recidivas no pós operatório foi a técnica de Lichtenstein. Sendo portanto a técnica que deve ser recomendada quando quer se evitar herniação após a cirurgi

PRODUÇÃO DE BIOMASSA E CONTEÚDO DE FENÓIS E FLAVONOIDES DE Schinus terebinthifolius CULTIVADA EM FILEIRA SIMPLES E DUPLA COM CAMA DE FRANGO

The aim of this study was to evaluate the influence of the addition of poultry litter on growth, biomass yield, flavonoid and phenol content, and antioxidant activity in leaves of pink pepper. The experiment was carried out at the Federal University of Grande Dourados, in Dourados, Mato Grosso do Sul state, from October 2009 to May 2010. Pink pepper was grown in single or double row in soil with incorporated poultry litter at doses of 0, 5, 10, 15 and 20 t ha-1. Treatments were arranged as 2 x 5 factorial in a randomized block design with four replications. There was a significant interaction between the doses of poultry litter and evaluation times for plant height and chlorophyll content. A linear increase in leaf area, fresh and dry weight of leaves and diameter of main stems with increasing doses of poultry litter was observed. Plants grown in single row showed higher fresh weight of stem with increasing doses of poultry litter. Poultry litter at 15 and 20 t ha-1 promoted an increase in flavonoid and phenolic contents in the leaves. No significant effect on the antioxidant activity was observed by the chemical method using DPPH. Therefore, it is recommended the cultivation of pink pepper plants with double row and 20 t ha-1 of poultry litter to higher growth, biomass yield, and flavonoid and phenol content.O objetivo deste estudo foi avaliar a influência da adição da cama de frango ao solo sobre o crescimento, produção de biomassa, conteúdo de fenóis e flavonoides e atividade antioxidante em folhas de pimenta-rosa. O experimento foi realizado na Universidade Federal da Grande Dourados, em Dourados-MS, de outubro de 2009 a maio de 2010. A pimenta-rosa foi cultivada em fileira simples e dupla com cama de frango incorporada nas doses de 0, 5, 10, 15 e 20 t ha-1. Os tratamentos foram arranjados em fatorial 2 x 5 em blocos casualizados com quatro repetições. Houve uma interação significativa entre doses de cama de frango e épocas de avaliação para altura de plantas e conteúdo de clorofila. Foi observado um aumento linear na área foliar, massa fresca e seca de folhas e diâmetro dos ramos principais com o aumento das doses de cama de frango. As plantas cultivadas em fileira simples apresentaram maior massa fresca de caules com o aumento das doses de cama de frango. A cama de frango nas doses de 15 e 20 t ha-1 promoveu um incremento no conteúdo de fenóis e flavonoides nas folhas. Nenhum efeito significativo na atividade antioxidante foi observado com o método químico utilizando DPPH. Portanto, recomenda-se o cultivo de plantas de pimenta-rosa em fileira dupla e 20 t ha-1 de cama de frango para maior crescimento, produção de biomassa, e conteúdo de fenóis e flavonoides