17 research outputs found
Lightweight symmetric cryptography
The Internet of Things is one of the principal trends in information
technology nowadays. The main idea behind this concept is that devices
communicate autonomously with each other over the Internet. Some of
these devices have extremely limited resources, such as power and energy,
available time for computations, amount of silicon to produce the chip,
computational power, etc. Classical cryptographic primitives are often
infeasible for such constrained devices. The goal of lightweight
cryptography is to introduce cryptographic solutions with reduced resource
consumption, but with a sufficient security level.
Although this research area was of great interest to academia during the
last years and a large number of proposals for lightweight cryptographic
primitives have been introduced, almost none of them are used in real-word.
Probably one of the reasons is that, for academia, lightweight usually
meant to design cryptographic primitives such that they require minimal
resources among all existing solutions. This exciting research problem
became an important driver which allowed the academic community to better
understand many cryptographic design concepts and to develop new attacks.
However, this criterion does not seem to be the most important one for
industry, where lightweight may be considered as "rightweight". In other
words, a given cryptographic solution just has to fit the constraints of
the specific use cases rather than to be the smallest. Unfortunately,
academic researchers tended to neglect vital properties of the particular
types of devices, into which they intended to apply their primitives. That
is, often solutions were proposed where the usage of some resources was
reduced to a minimum. However, this was achieved by introducing new costs
which were not appropriately taken into account or in such a way that the
reduction of costs also led to a decrease in the security level. Hence,
there is a clear gap between academia and industry in understanding what
lightweight cryptography is. In this work, we are trying to fill some of
these gaps. We carefully investigate a broad number of existing lightweight
cryptographic primitives proposed by academia including authentication
protocols, stream ciphers, and block ciphers and evaluate their
applicability for real-world scenarios. We then look at how individual
components of design of the primitives influence their cost and summarize
the steps to be taken into account when designing primitives for concrete
cost optimization, more precisely - for low energy consumption. Next, we
propose new implementation techniques for existing designs making them more
efficient or smaller in hardware without the necessity to pay any
additional costs. After that, we introduce a new stream cipher design
philosophy which enables secure stream ciphers with smaller area size than
ever before and, at the same time, considerably higher throughput compared
to any other encryption schemes of similar hardware cost. To demonstrate
the feasibility of our findings we propose two ciphers with the smallest
area size so far, namely Sprout and Plantlet, and the most energy
efficient encryption scheme called Trivium-2. Finally, this thesis solves
a concrete industrial problem. Based on standardized cryptographic
solutions, we design an end-to-end data-protection scheme for low power
networks. This scheme was deployed on the water distribution network in the
City of Antibes, France
Evaluating GPT-4’s Proficiency in Addressing Cryptography Examinations
In the rapidly advancing domain of artificial intelligence, ChatGPT, powered by the GPT-4 model, has emerged as a state-of-the-art interactive agent, exhibiting substantial capabilities across various domains. This paper aims to assess the efficacy of GPT-4 in addressing and solving problems found within cryptographic examinations. We devised a multi-faceted methodology, presenting the model with a series of cryptographic questions of varying complexities derived from real academic examinations. Our evaluation encompasses both classical and modern cryptographic challenges, focusing on the model\u27s ability to understand, interpret, and generate correct solutions while discerning its limitations.
The model was challenged with a spectrum of cryptographic tasks, earning 201 out of 208 points by solving fundamental queries inspired by an oral exam, 80.5 out of 90 points on a written Crypto 1 exam, and 287 out of 385 points on advanced exercises from the Crypto 2 course.
The results demonstrate that while GPT-4 shows significant promise in grasping fundamental cryptographic concepts and techniques, certain intricate problems necessitate domain-specific knowledge that may sometimes lie beyond the model\u27s general training. Insights from this study can provide educators, researchers, and examiners with a deeper understanding of how cutting-edge AI models can be both an asset and a potential concern in academic settings related to cryptology.
To enhance the clarity and coherence of our work, we utilized ChatGPT-4 to help us in formulating sentences in this paper
On Ciphers that Continuously Access the Non-Volatile Key
Due to the increased use of devices with restricted resources such as limited area size, power or energy, the community has developed various techniques for designing lightweight ciphers. One approach that is increasingly discussed is to use the cipher key that is stored on the device in non-volatile memory not only for the initialization of the registers but during the encryption/decryption process as well. Recent examples are the ciphers Midori (Asiacrypt’15) and Sprout (FSE’15). This may on the one hand help to save resources, but also may allow for a stronger key involvement and hence higher security. However, only little is publicly known so far if and to what extent this approach is indeed practical. Thus, cryptographers without strong engineering background face the problem that they cannot evaluate whether certain designs are reasonable (from a practical point of view) which hinders the development of new designs.
In this work, we investigate this design principle from a practical point of view. After a discussion on reasonable approaches for storing a key in non-volatile memory, motivated by several commercial products we focus on the case that the key is stored in EEPROM. Here, we highlight existing constraints and derive that some designs, based on the impact on their throughput, are better suited for the approach of continuously reading the key from all types of non-volatile memory. Based on these findings, we improve the design of Sprout for proposing a new lightweight stream cipher that (i) has a significantly smaller area size than almost all other stream ciphers and (ii) can be efficiently realized using common non-volatile memory techniques. Hence, we see our work as an important step towards putting such designs on a more solid ground and to initiate further discussions on realistic designs
Towards low energy stream ciphers
Energy optimization is an important design aspect of lightweight cryptography. Since low energy ciphers drain less battery, they are invaluable components of devices that operate on a tight energy budget such as handheld devices or RFID tags. At Asiacrypt 2015, Banik et al. presented the block cipher family Midori which was designed to optimize the energy consumed per encryption and which reduces the energy consumption by more than 30% compared to previous block ciphers. However, if one has to encrypt/decrypt longer streams of data, i.e. for bulk data encryption/decryption, it is expected that a stream cipher should perform even better than block ciphers in terms of energy required to encrypt. In this paper, we address the question of designing low energy stream ciphers. To this end, we analyze for common stream cipher design components their impact on the energy consumption. Based on this, we give arguments why indeed stream ciphers allow for encrypting long data streams with less energy than block ciphers and validate our findings by implementations. Afterwards, we use the analysis results to identify energy minimizing design principles for stream ciphers
Lightweight symmetric cryptography
The Internet of Things is one of the principal trends in information
technology nowadays. The main idea behind this concept is that devices
communicate autonomously with each other over the Internet. Some of
these devices have extremely limited resources, such as power and energy,
available time for computations, amount of silicon to produce the chip,
computational power, etc. Classical cryptographic primitives are often
infeasible for such constrained devices. The goal of lightweight
cryptography is to introduce cryptographic solutions with reduced resource
consumption, but with a sufficient security level.
Although this research area was of great interest to academia during the
last years and a large number of proposals for lightweight cryptographic
primitives have been introduced, almost none of them are used in real-word.
Probably one of the reasons is that, for academia, lightweight usually
meant to design cryptographic primitives such that they require minimal
resources among all existing solutions. This exciting research problem
became an important driver which allowed the academic community to better
understand many cryptographic design concepts and to develop new attacks.
However, this criterion does not seem to be the most important one for
industry, where lightweight may be considered as "rightweight". In other
words, a given cryptographic solution just has to fit the constraints of
the specific use cases rather than to be the smallest. Unfortunately,
academic researchers tended to neglect vital properties of the particular
types of devices, into which they intended to apply their primitives. That
is, often solutions were proposed where the usage of some resources was
reduced to a minimum. However, this was achieved by introducing new costs
which were not appropriately taken into account or in such a way that the
reduction of costs also led to a decrease in the security level. Hence,
there is a clear gap between academia and industry in understanding what
lightweight cryptography is. In this work, we are trying to fill some of
these gaps. We carefully investigate a broad number of existing lightweight
cryptographic primitives proposed by academia including authentication
protocols, stream ciphers, and block ciphers and evaluate their
applicability for real-world scenarios. We then look at how individual
components of design of the primitives influence their cost and summarize
the steps to be taken into account when designing primitives for concrete
cost optimization, more precisely - for low energy consumption. Next, we
propose new implementation techniques for existing designs making them more
efficient or smaller in hardware without the necessity to pay any
additional costs. After that, we introduce a new stream cipher design
philosophy which enables secure stream ciphers with smaller area size than
ever before and, at the same time, considerably higher throughput compared
to any other encryption schemes of similar hardware cost. To demonstrate
the feasibility of our findings we propose two ciphers with the smallest
area size so far, namely Sprout and Plantlet, and the most energy
efficient encryption scheme called Trivium-2. Finally, this thesis solves
a concrete industrial problem. Based on standardized cryptographic
solutions, we design an end-to-end data-protection scheme for low power
networks. This scheme was deployed on the water distribution network in the
City of Antibes, France
On ciphers that continuously access the non-volatile key
Due to the increased use of devices with restricted resources such as limited area size, power or energy, the community has developed various techniques for designing lightweight ciphers. One approach that is increasingly discussed is to use the cipher key that is stored on the device in non-volatile memory not only for the initialization of the registers but during the encryption/decryption process as well. Recent examples are the ciphers Midori (Asiacrypt’15) and Sprout (FSE’15). This may on the one hand help to save resources, but also may allow for a stronger key involvement and hence higher security. However, only little is publicly known so far if and to what extent this approach is indeed practical. Thus, cryptographers without strong engineering background face the problem that they cannot evaluate whether certain designs are reasonable (from a practical point of view) which hinders the development of new designs.
In this work, we investigate this design principle from a practical point of view. After a discussion on reasonable approaches for storing a key in non-volatile memory, motivated by several commercial products we focus on the case that the key is stored in EEPROM. Here, we highlight existing constraints and derive that some designs, based on the impact on their throughput, are better suited for the approach of continuously reading the key from all types of non-volatile memory. Based on these findings, we improve the design of Sprout for proposing a new lightweight stream cipher that (i) has a significantly smaller area size than almost all other stream ciphers and (ii) can be efficiently realized using common non-volatile memory techniques. Hence, we see our work as an important step towards putting such designs on a more solid ground and to initiate further discussions on realistic designs
On Ciphers that Continuously Access the Non-Volatile Key
Due to the increased use of devices with restricted resources such as limited area size, power or energy, the community has developed various techniques for designing lightweight ciphers. One approach that is increasingly discussed is to use the cipher key that is stored on the device in non-volatile memory not only for the initialization of the registers but during the encryption/decryption process as well. Recent examples are the ciphers Midori (Asiacrypt’15) and Sprout (FSE’15). This may on the one hand help to save resources, but also may allow for a stronger key involvement and hence higher security. However, only little is publicly known so far if and to what extent this approach is indeed practical. Thus, cryptographers without strong engineering background face the problem that they cannot evaluate whether certain designs are reasonable (from a practical point of view) which hinders the development of new designs.In this work, we investigate this design principle from a practical point of view. After a discussion on reasonable approaches for storing a key in non-volatile memory, motivated by several commercial products we focus on the case that the key is stored in EEPROM. Here, we highlight existing constraints and derive that some designs, based on the impact on their throughput, are better suited for the approach of continuously reading the key from all types of non-volatile memory. Based on these findings, we improve the design of Sprout for proposing a new lightweight stream cipher that (i) has a significantly smaller area size than almost all other stream ciphers and (ii) can be efficiently realized using common non-volatile memory techniques. Hence, we see our work as an important step towards putting such designs on a more solid ground and to initiate further discussions on realistic designs
The DRACO Stream Cipher: A Power-efficient Small-state Stream Cipher with Full Provable Security against TMDTO Attacks
Stream ciphers are vulnerable to generic time-memory-data tradeoff attacks. These attacks reduce the security level to half of the cipher’s internal state size. The conventional way to handle this vulnerability is to design the cipher with an internal state twice as large as the desired security level. In lightweight cryptography and heavily resource constrained devices, a large internal state size is a big drawback for the cipher. This design principle can be found in the eSTREAM portfolio members Grain and Trivium.Recently proposals have been made that reduce the internal state size. These ciphers distinguish between a volatile internal state and a non-volatile internal state. The volatile part would typically be updated during a state update while the non-volatile part remained constant. Cipher proposals like Sprout, Plantlet, Fruit and Atom reuse the secret key as non-volatile part of the cipher. However, when considering indistinguishability none of the ciphers mentioned above provides security beyond the birthday bound with regard to the volatile internal state. Partially this is due to the lack of a proper proof of security.We present a new stream cipher proposal called Draco which implements a construction scheme called CIVK. In contrast to the ciphers mentioned above, CIVK uses the initial value and a key prefix as its non-volatile state. Draco builds upon CIVK and uses a 128-bit key and a 96-bit initial value and requires 23 % less area and 31 % less power than Grain-128a at 10 MHz. Further, we present a proof that CIVK provides full security with regard to the volatile internal state length against distinguishing attacks. This makes Draco a suitable cipher choice for ultra-lightweight devices like RFID tags