A Chaos-Based Authenticated Cipher with Associated Data

In recent years, there has been a rising interest in authenticated encryptionwith associated data (AEAD)which combines encryption and authentication into a unified scheme. AEAD schemes provide authentication for a message that is divided into two parts: associated data which is not encrypted and the plaintext which is encrypted. However, there is a lack of chaos-based AEAD schemes in recent literature. This paper introduces a new128-bit chaos-based AEAD scheme based on the single-key Even-Mansour and Type-II generalized Feistel structure. The proposed scheme provides both privacy and authentication in a single-pass using only one 128-bit secret key. The chaotic tent map is used to generate whitening keys for the Even-Mansour construction, round keys, and random s-boxes for the Feistel round function. In addition, the proposed AEAD scheme can be implemented with true randomnumber generators to map a message tomultiple possible ciphertexts in a nondeterministic manner. Security and statistical evaluation indicate that the proposed scheme is highly secure for both the ciphertext and the authentication tag. Furthermore, it has multiple advantages over AES-GCM which is the current standard for authenticated encryption

Differential Cryptanalysis of WARP

WARP is an energy-efficient lightweight block cipher that is currently the smallest 128-bit block cipher in terms of hardware. It was proposed by Banik et al. in SAC 2020 as a lightweight replacement for AES-128 without changing the mode of operation. This paper proposes key-recovery attacks on WARP based on differential cryptanalysis in single and related-key settings. We searched for differential trails for up to 20 rounds of WARP, with the first 19 having optimal differential probabilities. We also found that the cipher has a strong differential effect, whereby 16 to 20-round differentials have substantially higher probabilities than their corresponding individual trails. A 23-round key-recovery attack was then realized using an 18-round differential distinguisher. Next, we formulated an automatic boomerang search using SMT that relies on the Feistel Boomerang Connectivity Table to identify valid switches. We designed the search as an add-on to the CryptoSMT tool, making it applicable to other Feistel-like ciphers such as TWINE and LBlock-s. For WARP, we found a 21-round boomerang distinguisher which was used in a 24-round rectangle attack. In the related-key setting, we describe a family of 2-round iterative differential trails, which we used in a practical related-key attack on the full 41-round WARP

Automated enumeration of block cipher differentials: An optimized branch-and-bound GPU framework

Block ciphers are prevalent in various security protocols used daily such as TLS, OpenPGP, and SSH. Their primary purpose is the protection of user data, both in transit and at rest. One of the de facto methods to evaluate block cipher security is differential cryptanalysis. Differential cryptanalysis observes the propagation of input patterns (input differences) through the cipher to produce output patterns (output differences). This probabilistic propagation is known as a differential; the identification of which is a measure of a block cipher’s security margins. This paper introduces an optimized GPU-based branch-and-bound framework for differential search. We optimize search efficiency by parallelizing all branch-and-bound operations, completing the entire search on the GPU without communicating with the CPU. The meet-in-the-middle (MITM) approach is also adopted for further performance gains. We analyze the financial and computational costs of the proposed framework using Google Cloud VM to showcase its practicality. When optimized for performance, we can attain up to 90x speedup while saving up to 47% of the running cost as compared to a single CPU core. When optimized for cost, the proposed framework can save up to 83% of financial costs while retaining a speedup of up to 40x. As a proof of concept, the proposed framework was then applied on 128-bit TRIFLE-BC, 64-bit PRESENT, and 64-bit GIFT. Notably, we identified the best differentials for PRESENT (16 rounds) and 64-bit GIFT (13 rounds) to date, with estimated probabilities of $2^{-61.7964}$ and $2^{-60.66}$ respectively. Although the differential results for TRIFLE-BC were incremental, the proposed framework was able to construct differentials for 43 rounds that consisted of approximately 5.8x more individual trails than previous work, making it one of the most efficient approaches for larger block ciphers

New Differential Cryptanalysis Results for the Lightweight Block Cipher BORON

BORON is a 64-bit lightweight block cipher based on the substitution-permutation network that supports an 80-bit (BORON-80) and 128-bit (BORON-128) secret key. In this paper, we revisit the use of differential cryptanalysis on BORON in the single-key model. Using an SAT/SMT approach, we look for differentials that consist of multiple differential characteristics with the same input and output differences. Each characteristic that conforms to a given differential improves its overall probability. We also implemented the same search using Matsui\u27s algorithm for verification and performance comparison purposes. We identified high-probability differentials which were then used in key recovery attacks against BORON-80/128. We first show that the previous differential cryptanalysis attack against 9-round of BORON was at most an 8.5 round attack due to the omission of the final block XOR layer. Then, we used 8-round differentials with a probability of $2^{-58.156}$ and $2^{-62.415}$ in key recovery attacks against 9 and 10 rounds of BORON-80 and BORON-128 with time/data/memory complexities of {$2^{63.63}/2^{62}/2^{55}$ and $2^{100.28}/2^{64}/2^{71}$} respectively. Our key recovery framework provides a more accurate estimate of the attack complexity as compared to previous work. The attacks proposed in this paper are the best differential attacks against BORON-80/128 in the single-key model to date

Advancing the Meet-in-the-Filter Technique: Applications to CHAM and KATAN

Recently, Biryukov et al. presented a new technique for key recovery in differential cryptanalysis, called meet-in-the-filter (MiF). In this work, we develop theoretical and practical aspects of the technique, which helps understanding and simplifies application. In particular, we show bounds on MiF complexity and conditions when the MiF-enhanced attack may reach them. We present a method based on trail counting which allows to estimate filtering strength of involved rounds and perform consequent complexity analysis with pen and paper, compared to the computer-aided approach of the original work. Furthermore, we show how MiF can be combined with plaintext structures for linear key schedules, allowing to increase the number of attacked rounds or to reduce the data complexity. We illustrate our methods on block cipher families CHAM and KATAN and show best-to-date single-key differential attacks for these ciphers

A New Image Encryption Algorithm Based on DNA State Machine for UAV Data Encryption

Drone-based surveillance has become widespread due to its flexibility and ability to access hazardous areas, particularly in industrial complexes. As digital camera capabilities improve, more visual information can be stored in high-resolution images, resulting in larger image sizes. Therefore, algorithms for encrypting digital images sent from drones must be both secure and highly efficient. This paper presents a novel algorithm based on DNA computing and a finite state machine (FSM). DNA and FSM are combined to design a key schedule with high flexibility and statistical randomness. The image encryption algorithm is designed to achieve both confusion and diffusion properties simultaneously. The DNA bases themselves provide diffusion, while the random integers extracted from the DNA bases contribute to confusion. The proposed algorithm underwent a thorough set of statistical analyses to demonstrate its security. Experimental findings show that the proposed algorithm can resist many well-known attacks and encrypt large-sized images at a higher throughput compared to other algorithms. High experimental results for the proposed algorithm include correlation coefficients of 0.0001 and Shannon entropy of 7.999. Overall, the proposed image encryption algorithm meets the requirements for use in drone-based surveillance applications

Blockchain Consensus: An Overview of Alternative Protocols

Blockchain networks are based on cryptographic notions that include asymmetric-key encryption, hash functions and consensus protocols. Despite their popularity, mainstream protocols, such as Proof of Work or Proof of Stake still have drawbacks. Efforts to enhance these protocols led to the birth of alternative consensus protocols, catering to specific areas, such as medicine or transportation. These protocols remain relatively unknown despite having unique merits worth investigating. Although past reviews have been published on popular blockchain consensus protocols, they do not include most of these lesser-known protocols. Highlighting these alternative consensus protocols contributes toward the advancement of the state of the art, as they have design features that may be useful to academics, blockchain practitioners and researchers. In this paper, we bridge this gap by providing an overview of alternative consensus protocols proposed within the past 3 years. We evaluate their overall performance based on metrics such as throughput, scalability, security, energy consumption, and finality. In our review, we examine the trade-offs that these consensus protocols have made in their attempts to optimize scalability and performance. To the best of our knowledge, this is the first paper that focuses on these alternative protocols, highlighting their unique features that can be used to develop future consensus protocols

Meet-in-the-Filter and Dynamic Counting with Applications to Speck

We propose a new cryptanalytic tool for differential cryptanalysis, called meet-in-the-filter (MiF). It is suitable for ciphers with a slow or incomplete diffusion layer such as the ones based on Addition-Rotation-XOR (ARX). The main idea of the MiF technique is to stop the difference propagation earlier in the cipher, allowing to use differentials with higher probability. This comes at the expense of a deeper analysis phase in the bottom rounds possible due to the slow diffusion of the target cipher. The MiF technique uses a meet-in-the-middle matching to construct differential trails connecting the differential’s output and the ciphertext difference. The proposed trails are used in the key recovery procedure, reducing time complexity and allowing flexible time-data trade-offs. In addition, we show how to combine MiF with a dynamic counting technique for key recovery. We illustrate MiF in practice by reporting improved attacks on the ARXbased family of block ciphers Speck. We improve the time complexities of the best known attacks up to 15 rounds of Speck32 and 20 rounds of Speck64/128. Notably, our new attack on 11 rounds of Speck32 has practical analysis and data complexities of 224.66 and 226.70 respectively, and was experimentally verified, recovering the master key in a matter of seconds. It significantly improves the previous deep learning-based attack by Gohr from CRYPTO 2019, which has time complexity 238. As an important milestone, our conventional cryptanalysis method sets a new high benchmark to beat for cryptanalysis relying on machine learning

On the resistance of new lightweight block ciphers against differential cryptanalysis

Many recently proposed lightweight block ciphers lack security evaluation against generic cryptanalytic attacks such as differential cryptanalysis. In this paper, we contribute towards security evaluation efforts by investigating four lightweight Feistel-based block ciphers including SLIM, LBC-IoT, SCENERY, and LCB. SLIM claims resistance to differential cryptanalysis since, using a heuristic technique, its designers could only find a 7-round differential trail. Despite having no analysis of security against attacks such as differential cryptanalysis, the designers of LBC-IoT and LCB claimed that their ciphers are secure. Meanwhile, the designers of SCENERY claim that the best 11-round differential trail for the cipher has a probability of 2−66. To substantiate these claims, we propose attacks on all four ciphers based on differential cryptanalysis. We presented practical key recovery attacks on SLIM which can retrieve the final round key for up to 14 rounds with a time complexity of 232. LBC-IoT was found to be weaker against differential cryptanalysis despite sharing many similarities with SLIM, whereby a key recovery attack of up to 19 rounds is possible with time complexity 231. For SCENERY, we found a differential trail of up to 12 rounds with probability 2−60, which was used as the distinguisher for a 13-round key recovery attack. We also discovered that LCB's design lacks nonlinearity, allowing us to easily derive deterministic differential trails regardless of the number of rounds. This flaw allowed us to perform a trivial distinguishing attack using a single known ciphertext. By using a different S-box to address this flaw, LCB is now more resilient to differential cryptanalysis than SLIM and LBC-IoT when using the same number of rounds. Our paper presents new independent cryptanalysis results for these ciphers