Optimizations in Algebraic and Differential Cryptanalysis

In this thesis, we study how to enhance current cryptanalytic techniques, especially in Differential Cryptanalysis (DC) and to some degree in Algebraic Cryptanalysis (AC), by considering and solving some underlying optimization problems based on the general structure of the algorithm. In the first part, we study techniques for optimizing arbitrary algebraic computations in the general non-commutative setting with respect to several metrics [42, 44]. We apply our techniques to combinatorial circuit optimization and Matrix Multiplication (MM) problems [30, 44]. Obtaining exact bounds for such problems is very challenging. We have developed a 2- step technique, where firstly we algebraically encode the problem and then we solve the corresponding CNF-SAT problem using a SAT solver. We apply this methodology to optimize small circuits such as S-boxes with respect to a given metric and to discover new bilinear algorithms for multiplying sufficiently small matrices. We have obtained the best bit-slice implementation of PRESENT S-box currently known [6]. Furthermore, this technique allows us to compute the Multiplicative Complexity (MC) of whole ciphers [23], a very important measure of the non-linearity of a cipher [20, 44]. Another major theme in this thesis is the study of advanced differential attacks on block ciphers. We suggest a general framework, which enhances current differential cryptanalytic techniques and we apply it to evaluate the security of GOST block cipher [63, 102, 107]. We introduce a new type of differential sets based on the connections be- tween the S-boxes, named “general open sets” [50, 51], which can be seen as a refinement of Knudsen’s truncated differentials [84]. Using this notion, we construct 20-round statistical distinguishers and then based on this construction we develop attacks against full 32-rounds. Our attacks are in the form of Depth-First key search with many technical steps subject to optimization. We validate and analyze in detail each of these steps in an attempt to provide a solid formulation for our advanced differential attacks

Hypothesis testing and advanced distinguishers in differential cryptanalysis of block ciphers

Distinguishing distributions is a major part during cryptanalysis of symmetric block ciphers. The goal of the cryptanalyst is to distinguish two distributions; one that characterizes the number of certain events which occur totally at random and another one that characterizes same type of events but due to propagation inside the cipher. This can be realized as a hypothesis testing problem, where a source is used to generate independent random samples in some given finite set with some distribution P, which is either R or W, corresponding to propagation inside the cipher or a random permutation respectively. Distinguisher’s goal is to determine which one is most likely the one which was used to generate the sample. In this paper, we study a general hypothesis-testing based approach to construct statistical distinguishers using truncated differential properties. The observable variable in our case is the expected number of pairs that follow a certain truncated differential property of the form ΔX → ΔY after a certain number of rounds. As a proof of concept, we apply this methodology to GOST and SIMON 64/128 block ciphers and present distinguishers on 20 and 22 rounds respectivel

Advanced truncated differential cryptanalysis of GOST block cipher

n this paper, we use the ideas presented by Courtois and Mourouzis to study the security of two variants of GOST, which are considered as the simpler and most secure variants [9]; the one with the S-boxes replaced by the Identity Map and the ISO version which is assumed to be the strongest one. The advanced differential attacks we present are of the form of Depth-First Key search, which uses a 20 round distinguisher in the middle (or equivalently 26-round distinguisher for the simpler version of GOST with Identity Map) [11]. The main idea is that we consider a partition of the 32 rounds by placing in the middle the constructed distinguisher. Then, based on the weak diffusion we can extend these very strong statistical distinguishers to efficiently good filters for some external rounds. Then, by guessing some key bits for external rounds and determining some plaintext and ciphertext pairs of specified input-output differences we can extend the construction to an attack against the full block cipher. Thus, the technique we apply is a generic cryptanalytic framework of First-Search key search type which involves several optimization tasks obtained from the specific structure of the given encryption algorithm

Towards a combined Rotational-Differential Cryptanalytic Framework

In this report, we suggest a new cryptanalytic framework of constructing distinguishers which can be eventually extended to full attacks in the related-key scenario. We name this new paradigm as ”Relational Cryptanalysis”. The main idea is to exhibit the non-randomness of a given encryption algorithm by observing the propagation of specific sets of plaintexts of the form (P,P′) such that these pairs satisfy some rotational and differential properties of the form R1(P) = P′ and P ⊕ P′ ∈ ∆P, for some rotational symmetry R1 and fixed set of differences ∆P . Except of rotational and differential properties, we can add any other relation which seems to hold for a reduced number of rounds of the cryptographic primitive we study. Intuitively, we expect that by adding more relations we increase the observed probability of the propagation and this result to stronger statistical distinguishers

On The Security Evaluation of Partial Password Implementations

A partial password is a mode of password-based authentication that is widely used, especially in the financial sector. It is based on a challenge-response protocol, where at each login attempt, a challenge requesting characters from randomly selected positions of a pre-shared secret is presented to the user. This mode could be seen as a “cheap way” of preventing for example a malware or a keylogger installed on a user’s device to learn the full password in a single step. Despite of the widespread adoption of this mechanism, especially by many UK banks, there is limited material in the open literature. Questions like how the security of the scheme varies with the sampling method employed to form the challenges or what are the existing server-side implementations are left unaddressed. In this paper, we study questions like how the security of this mechanism varies in relation to the number of challenge-response pairs available to an attacker under different ways of generating challenges. In addition, we discuss possible server-side implementations as (unofficially) listed in different online forums by information security experts. To the best of our knowledge there is no formal academic literature in this direction and one of the aims of this paper is to motivate other researchers to study this topic

Solving Circuit Optimisation Problems in Cryptography and Cryptanalysis

One of the hardest problems in computer science is the problem of gate-eficient implementation. Such optimizations are particularly important in industrial hardware implementations of standard cryptographic algorithms. In this paper we focus on optimizing some small circuits such as S-boxes in cryptographic algorithms. We consider the notion of Multiplicative Complexity studied in 2008 by Boyar and Peralta and applied to find interesting optimizations for the S-box of the AES cipher. We applied this methodology to produce a compact implementation of several ciphers. In this short paper we report our results on PRESENT and GOST, two block ciphers known for their exceptionally low hardware cost. This kind of representation seems to be very promising in implementations aiming at preventing side channel attacks on cryptographic chips such as DPA. More importantly, we postulate that this kind of minimality is also an important and interesting tool in cryptanalysis

Advanced Differential Cryptanalysis of Reduced-Round SIMON64/128 Using Large-Round Statistical Distinguishers

Lightweight cryptography is a rapidly evolving area of research and it has great impact especially on the new computing environment called the Internet of Things (IoT) or the Smart Object networks (Holler et al., 2014), where lots of constrained devices are connected on the Internet and exchange information on a daily basis. Every year there are many new submissions of cryptographic primitives which are optimized towards both software and hardware implementation so that they can operate in devices which have limited resources of hardware and are subject to both power and energy consumption constraints. In 2013, two families of ultra-lightweight block ciphers were proposed, SIMON and SPECK, which come in a variety of block and key sizes and were designed to be optimized in hardware and software implementation respectively (Beaulieu et al., 2013). In this paper, we study the security of the 64-bit SIMON with 128-bit key against advanced forms of differential cryptanalysis using truncated differentials (Knudsen, 1995; Courtois et al., 2014a). We follow similar method as the one proposed in SECRYPT 2013 (Courtois and Mourouzis, 2013) in order to heuristically discover sets of differences that propagate with sufficiently good probability and allow us to combine them efficiently in order to construct large-round statistical distinguishers. We present a 22-round distinguisher which we use it in a depth-first key search approach to develop an attack against 24 and 26 rounds with complexity 2^{124.5} and 2^{126} SIMON encryptions respectively. Our methodology provides a framework for extending distinguishers to attacks to a larger number of rounds assuming truncated differential properties of relatively high probability were discovered

Benefits of maxillectomy with internal dissection of the masticator space by transmandibular approach in the surgical management of malignant tumours of the upper gingiva and hard palate: a clinical review of 10 cases

The aim of this study was to review patients with tumours extending to the posterior portion of the upper gingiva and hard palate, and to evaluate the postoperative outcomes. Ten consecutive patients with tumours in the upper gingiva and hard palate, who underwent maxillectomy with internal dissection of the masticator space by the transmandibular approach, were reviewed retrospectively. Among the 10 patients, the pathological diagnosis was squamous cell carcinoma in seven, adenoid cystic carcinoma in one, malignant melanoma in one, and osteosarcoma in one. Loco-regional control was achieved in eight of nine patients (88.9%). Three patients had residual moderate trismus. Cosmetic issues were not noted in any patient. En bloc resection of the maxilla with the internal portion of the masticator space and neck through the parapharyngeal space by the transmandibular approach is a useful and satisfactory technique for the excision of a tumour with involvement of the posterior portion of the upper gingiva and hard palate

Mindfulness in Action: Discovering How U.S. Navy Seals Build Capacity for Mindfulness in High-Reliability Organizations (HROs)

This study of US Navy Sea Air and Land (SEAL) commandos contributes to research investigating mindfulness in High-Reliability Organizations (HROs) by identifying the individual and collective influences that allow SEALs to build capacity for mindful behaviors despite the complexity of their missions, the unpredictability of their operating environments, and the danger inherent in their work. Although the HRO literature identifies a number of hallmarks of reliability, less attention is paid to how mindfulness is operationally achieved in situ by individuals on the frontline working in HROs. This study addresses this gap using a multi-phase, multi-method investigation of US Navy SEALs, identifying new links between individual mindfulness attributes (comfort with uncertainty and chaos) and collective mindfulness influences (a positive orientation towards failure) that combine to co-create a phenomenon we call 'mindfulness in action'. Mindfulness in action occurs when HROs achieve an attentive yet flexible focus capable of incorporating multiple—sometimes competing—realities in order to assess alternative solutions and take action in dynamic situations. By providing a more nuanced conceptualization of the links between individual mindfulness attributes and collective mindfulness influences, this paper opens up new avenues of discovery for a wide range of reliability-seeking organizations.This study of US Navy Sea Air and Land (SEAL) commandos contributes to research investigating mindfulness in High-Reliability Organizations (HROs) by identifying the individual and collective influences that allow SEALs to build capacity for mindful behaviors despite the complexity of their missions, the unpredictability of their operating environments, and the danger inherent in their work. Although the HRO literature identifies a number of hallmarks of reliability, less attention is paid to how mindfulness is operationally achieved in situ by individuals on the frontline working in HROs. This study addresses this gap using a multi-phase, multi-method investigation of US Navy SEALs, identifying new links between individual mindfulness attributes (comfort with uncertainty and chaos) and collective mindfulness influences (a positive orientation towards failure) that combine to co-create a phenomenon we call 'mindfulness in action'. Mindfulness in action occurs when HROs achieve an attentive yet flexible focus capable of incorporating multiple—sometimes competing—realities in order to assess alternative solutions and take action in dynamic situations. By providing a more nuanced conceptualization of the links between individual mindfulness attributes and collective mindfulness influences, this paper opens up new avenues of discovery for a wide range of reliability-seeking organizations