Malicious Keccak

In this paper, we investigate Keccak --- the cryptographic hash function adopted as the SHA-3 standard. We propose a malicious variant of the function, where new round constants are introduced. We show that for such the variant, collision and preimage attacks are possible. We also identify a class of weak keys for the malicious Keccak working in the MAC mode. Ideas presented in the paper were verified by implementing the attacks on the function with the 128-bit hash

A SAT-based preimage analysis of reduced KECCAK hash functions

In this paper, we present a preimage attack on reduced versions of Keccak hash functions. We use our recently developed toolkit CryptLogVer for generating CNF (conjunctive normal form) which is passed to the SAT solver PrecoSAT. We found preimages for some reduced versions of the function and showed that full Keccak function is secure against the presented attack

Parallel authenticated encryption with the duplex construction

The authentication encryption (AE) scheme based on the duplex construction can no be paralellized at the algorithmic level. To be competitive with some block cipher based modes like OCB (Offset CodeBook) or GCM (Galois Counter Mode), a scheme should allow parallel processing. In this note we show how parallel AE can be realized within the framework provided by the duplex construction. The first variant, pointed by the duplex designers, is a tree-like structure. Then we simplify the scheme replacing the final node by the bitwise xor operation and show that such a scheme has the same security level

Hebbian continual representation learning

Continual Learning aims to bring machine learning into a more realistic scenario, where tasks are learned sequentially and the i.i.d. assumption is not preserved. Although this setting is natural for biological systems, it proves very difficult for machine learning models such as artificial neural networks. To reduce this performance gap, we investigate the question whether biologically inspired Hebbian learning is useful for tackling continual challenges. In particular, we highlight a realistic and often overlooked unsupervised setting, where the learner has to build representations without any supervision. By combining sparse neural networks with Hebbian learning principle, we build a simple yet effective alternative (HebbCL) to typical neural network models trained via the gradient descent. Due to Hebbian learning, the network have easily interpretable weights, which might be essential in critical application such as security or healthcare. We demonstrate the efficacy of HebbCL in an unsupervised learning setting applied to MNIST and Omniglot datasets. We also adapt the algorithm to the supervised scenario and obtain promising results in the class-incremental learning

Hebbian Continual Representation Learning

Continual Learning aims to bring machine learning into a more realistic scenario, where tasks are learned sequentially and the i.i.d. assumption is not preserved. Although this setting is natural for biological systems, it proves very difficult for machine learning models such as artificial neural networks. To reduce this performance gap, we investigate the question whether biologically inspired Hebbian learning is useful for tackling continual challenges. In particular, we highlight a realistic and often overlooked unsupervised setting, where the learner has to build representations without any supervision. By combining sparse neural networks with Hebbian learning principle, we build a simple yet effective alternative (HebbCL) to typical neural network models trained via the gradient descent. Due to Hebbian learning, the network have easily interpretable weights, which might be essential in critical application such as security or healthcare. We demonstrate the efficacy of HebbCL in an unsupervised learning setting applied to MNIST and Omniglot datasets. We also adapt the algorithm to the supervised scenario and obtain promising results in the class-incremental learning

Differential Cryptanalysis of Round-Reduced SPECK

In this paper, we propose a new algorithm inspired by Nested to find a differential path in ARX ciphers. In order to enhance the decision process of our algorithm and to reduce the search space of our heuristic nested tool, we use the concept of partial difference distribution table (pDDT) along with the algorithm. The algorithm itself is applied on reduced round variants of the SPECK block cipher family. In our previous paper, we applied a naive algorithm with a large search space of values and presented the result only for one block size variant of SPECK. In this new approach, we provide the results within a simpler framework and within a very short period of time for all bigger block size variants of SPECK. More specifically, we report the differential path for up to 8, 9, 11, 10 and 11 rounds of SPECK32, SPECK48, SPECK64, SPECK96 and SPECK128, respectively. To construct a differential characteristics for large number of rounds, we divide long characteristics into short ones, by easily constructing a large characteristic from two short ones. Instead of starting from the first round, we start from the middle and run the experiments forwards as well as in the reverse direction. Using this method, we were able to improve our previous results and report the differential path for up to 9, 10, 12, 13 and 15 rounds of SPECK32, SPECK48, SPECK64, SPECK96 and SPECK128, respectively

Preimage attacks on the round-reduced Keccak with the aid of differential cryptanalysis

In this paper we use differential cryptanalysis to attack the winner of the SHA-3 competition, namely Keccak hash function. Despite more than 6 years of intensive cryptanalysis there have been known only two preimage attacks which reach 3 (or slightly more) rounds. Our 3-round preimage attack improves the complexity of those two existing attacks and it is obtained with a different technique. We also show the partial preimage attack on the 4-round Keccak, exploiting two properties of the linear step of the Keccak-f permutation

Applications of Key Recovery Cube-attack-like

In this paper, we describe a variant of the cube attack with much better-understood Preprocessing Phase, where complexity can be calculated without running the actual experiments and random-like search for the cubes. We apply our method to a few different cryptographic algorithms, showing that the method can be used against a wide range of cryptographic primitives, including hash functions and authenticated encryption schemes. We also show that our key-recovery approach could be a framework for side-channel attacks, where the attacker has to deal with random errors in measurements

Practical Complexity Cube Attacks on Round-Reduced Keccak Sponge Function

In this paper we mount the cube attack on the Keccak sponge function. The cube attack, formally introduced in 2008, is an algebraic technique applicable to cryptographic primitives whose output can be described as a low-degree polynomial in the input. Our results show that 5- and 6-round Keccak sponge function is vulnerable to this technique. All the presented attacks have practical complexities and were verified on a desktop PC

Pseudorandom Bit Generation with Asymmetric Numeral Systems

The generation of pseudorandom binary sequences is of a great importance in numerous applications stretching from simulation and gambling to cryptography. Pseudorandom bit generators (PRBGs) can be split into two classes depending on their claimed security. The first includes PRBGs that are provably secure (such as the Blum-Blum-Shub one). Security of the second class rests on heuristic arguments. Sadly, PRBG from the first class are inherently inefficient and some PRBG are insecure against quantum attacks. While, their siblings from the second class are very efficient, but security relies on their resistance against known cryptographic attacks. This work presents a construction of PRBG from the asymmetric numeral system (ANS) compression algorithm. We define a family of PRBGs for $2^R$ ANS states and prove that it is indistinguishable from a truly random one for a big enough $R$. To make our construction efficient, we investigate PRBG built for smaller $R=7,8,9$ and show how to remove local correlations from output stream. We permute output bits using rotation and Keccak transformations and show that permuted bits pass all NIST tests. Our PRBG design is provably secure (for a large enough $R$) and heuristically secure (for a smaller $R$). Besides, we claim that our PRBG is secure against quantum adversaries