Differential Power Analysis on (Non-)Linear Feedback Shift Registers

Differential power analysis (DPA) is a statistical analysis of the power traces of cryptographic computations. DPA has many applications including key-recovery on linear feedback shift register based stream ciphers. In 2017, Dobraunig et. al. presented a DPA on Keymill to uncover the bit relations of neighbouring bits in the shift registers, effectively reduces the internal state guessing space to 4-bit. In this work, we generalise the analysis methodology to uncover more bit relations on both linear feedback shift registers (LFSRs) and non-linear feedback shift registers (NLFSRs) and with application to fresh re-keying scheme --- LR-Keymill. In addition, we improve the DPA on Keymill by halving the data resources needed for the attack

A deeper understanding of the XOR count distribution in the context of lightweight cryptography

In this paper, we study the behavior of the XOR count distributions under different bases of finite field. XOR count of a field element is a simplified metric to estimate the hardware implementation cost to compute the finite field multiplication of an element. It is an important criterion in the design of lightweight cryptographic primitives, typically to estimate the efficiency of the diffusion layer in a block cipher. Although several works have been done to find lightweight MDS diffusion matrices, to the best of our knowledge, none has considered finding lightweight diffusion matrices under other bases of finite field apart from the conventional polynomial basis. The main challenge for considering different bases for lightweight diffusion matrix is that the number of bases grows exponentially as the dimension of a finite field increases, causing it to be infeasible to check all possible bases. Through analyzing the XOR count distributions and the relationship between the XOR count distributions under different bases, we find that when all possible bases for a finite field are considered, the collection of the XOR count distribution is invariant to the choice of the irreducible polynomial of the same degree. In addition, we can partition the set of bases into equivalence classes, where the XOR count distribution is invariant in an equivalence class, thus when changing bases within an equivalence class, the XOR count of a diffusion matrix will be the same. This significantly reduces the number of bases to check as we only need to check one representative from each equivalence class for lightweight diffusion matrices. The empirical evidence from our investigation says that the bases which are in the equivalence class of the polynomial basis are the recommended choices for constructing lightweight MDS diffusion matrices

Lightweight MDS Generalized Circulant Matrices (Full Version)

In this article, we analyze the circulant structure of generalized circulant matrices to reduce the search space for finding lightweight MDS matrices. We first show that the implementation of circulant matrices can be serialized and can achieve similar area requirement and clock cycle performance as a serial-based implementation. By proving many new properties and equivalence classes for circulant matrices, we greatly reduce the search space for finding lightweight maximum distance separable (MDS) circulant matrices. We also generalize the circulant structure and propose a new class of matrices, called cyclic matrices, which preserve the benefits of circulant matrices and, in addition, have the potential of being self-invertible. In this new class of matrices, we obtain not only the MDS matrices with the least XOR gates requirement for dimensions from 3x3 to 8x8 in GF(2^4) and GF(2^8), but also involutory MDS matrices which was proven to be non-existence in the class of circulant matrices. To the best of our knowledge, the latter matrices are the first of its kind, which have a similar matrix structure as circulant matrices and are involutory and MDS simultaneously. Compared to the existing best known lightweight matrices, our new candidates either outperform or match them in terms of XOR gates required for a hardware implementation. Notably, our work is generic and independent of the metric for lightweight. Hence, our work is applicable for improving the search for efficient circulant matrices under other metrics besides XOR gates

On the Design of Bit Permutation Based Ciphers - The Interplay Among S-box, Bit Permutation and Key-addition

Bit permutation based block ciphers, like PRESENT and GIFT, are well-known for their extreme lightweightness in hardware implementation. However, designing such ciphers comes with one major challenge - to ensure strong cryptographic properties simply depending on the combination of three components, namely S-box, a bit permutation and a key addition function. Having a wrong combination of components could lead to weaknesses. In this article, we studied the interaction between these components, improved the theoretical security bound of GIFT and highlighted the potential pitfalls associated with a bit permutation based primitive design. We also conducted analysis on TRIFLE, a first-round candidate for the NIST lightweight cryptography competition, where our findings influenced the elimination of TRIFLE from second-round of the NIST competition. In particular, we showed that internal state bits of TRIFLE can be partially decrypted for a few rounds even without any knowledge of the key

Artificial intelligence based direct torque control of induction motor drive system

In this project, a three-phase Induction motor (IM) under the direct torque control (DTC) technique is studied. IM is known for its simple engines and its self-starter feature but it always suffered a setback in the area of torque and speed control as it is a highly coupled nonlinear plant and proves to be most complex and expensive speed drive. The application of direct torque control (DTC) is beneficial for fast torque reaction in IM but provide high torque and ripples due to harmonic effects. Thus, the speed control of induction motor is important to achieve maximum torque and efficiency. The aim of this study is to improve tracking performance of the induction motor drive using artificial intelligence control system. A method for controlling induction motor drive is presented with Proportional-Integral (PI) controller and Artificial Neural Networks (ANNs) for performance comparison. MATLAB/SIMULINK software is used to develop a three-phase 2 pole-cage type induction motor model. Also the performances of the two controllers have been verified in terms of its speed and torque responses. The ANN is trained so that the speed of the drive tracks the reference speed. This study proved that the performance and dynamics of the induction motor are enhanced using ANN controller as compared with PI controller

Optimizing Implementations of Lightweight Building Blocks

We study the synthesis of small functions used as building blocks in lightweight cryptographic designs in terms of hardware implementations. This phase most notably appears during the ASIC implementation of cryptographic primitives. The quality of this step directly affects the output circuit, and while general tools exist to carry out this task, most of them belong to proprietary software suites and apply heuristics to any size of functions. In this work, we focus on small functions (4- and 8-bit mappings) and look for their optimal implementations on a specific weighted instructions set which allows fine tuning of the technology. We propose a tool named LIGHTER, based on two related algorithms, that produces optimized implementations of small functions. To demonstrate the validity and usefulness of our tool, we applied it to two practical cases: first, linear permutations that define diffusion in most of SPN ciphers; second, non-linear 4-bit permutations that are used in many lightweight block ciphers. For linear permutations, we exhibit several new MDS diffusion matrices lighter than the state-of-the-art, and we also decrease the implementation cost of several already known MDS matrices. As for non-linear permutations, LIGHTER outperforms the area-optimized synthesis of the state-of-the-art academic tool ABC. Smaller circuits can also be reached when ABC and LIGHTER are used jointly

Cryptanalysis of JAMBU

In this article, we analyse the security of the authenticated encryption mode JAMBU, a submission to the CAESAR competition that remains currently unbroken. We show that the security claims of this candidate regarding its nonce-misuse resistance can be broken. More precisely, we explain a technique to guess in advance a ciphertext block corresponding to a plaintext that has never been queried before (nor its prefix), thus breaking the confidentiality of the scheme when the attacker can make encryption queries with the same nonce. Our attack is very practical as it requires only about 2^{32} encryption queries and computations (instead of the 2^{128} claimed by the designers). Our cryptanalysis has been fully implemented in order to verify our findings. Moreover, due to the small tag length of JAMBU, we show how this attack can be extended in the nonce-respecting scenario to break confidentiality in the adaptative chosen-ciphertext model (IND-CCA2) with 2^{96} computations, with message prefixes not previously queried

Related-Key Impossible-Differential Attack on Reduced-Round Skinny

At CRYPTO’16, Beierle et al. presented SKINNY, a family of lightweight tweakable block ciphers intended to compete with the NSA designs SIMON and SPECK. SKINNY can be implemented efficiently in both soft- and hardware and supports block sizes of 64 and 128 bits as well as tweakey sizes of 64, 128, 192 and 128, 256, 384 bits respectively. This paper presents a related-tweakey impossible-differential attack on up to 23 (out of 36) rounds of SKINNY-64/128 for different tweak sizes. All our attacks can be trivially extended to SKINNY-128/128

Foundation Failures Mitigation under Expansive Clay by Using Granular Pile Anchor System

Expansive soils are found in typical areas in the world especially in arid and semi-arid regions. The problems associated with this type of soil drive geotechnical engineers to invent new technologies as remediation’s such as physical and chemical treatments. Innovative foundation techniques were also suggested for remedying the swell-shrink problems of the expansive soil. The granular pile anchor (GPA) is relatively a more favorable technique indebted to its cost-effective, easy and fast to assemble and most importantly was found to be more efficient in remedying the expansive soil. Despite the extensive studies on the expansive soil remedies, yet the granular pile anchor system requires more comprehensive and in-depth investigations. This study is aimed at developing a model with granular piles of various length and diameter extended to the stable zone to investigate the heave and uplift pressure in the expansive soil. For this purpose, experimental and numerical analysis were conducted in a small and in a full scale model respectively. A significant improvement was attained in heave reduction and an increment of uplift capacity. The findings also show that heave decreased significantly when the length and diameter of the GPA increases while the uplift capacity increased. However, it was noted that the extension of length to the stable zone resulted in insignificant changes. Therefore, it can be concluded that the maximum length of 6 m is the ideal length for GPA for this particular type of soil