DOCSLIB.ORG

Analysis of Block Cipher Constructions Against Biclique and Multiset Attacks

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Analysis of Block Cipher Constructions Against Biclique and Multiset Attacks Analysis of Block Cipher Constructions against Biclique and Multiset Attacks By Mohona Ghosh Indraprastha Institute of Information Technology, Delhi (IIIT-Delhi) Supervisors: Dr. Somitra Sanadhya Dr. Donghoon Chang January, 2016 c Indraprastha Institute of Information Technology (IIIT-D), New Delhi, 2016 Analysis of Block Cipher Constructions against Biclique and Multiset Attacks By Mohona Ghosh Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science & Engineering to the Indraprastha Institute of Information Technology, Delhi January, 2016 Certificate This is to certify that the thesis titled - \Analysis of Block Cipher Constructions against Biclique and Multiset Attacks" being submitted by Mohona Ghosh to Indraprastha Institute of Information Technology, Delhi, for the award of the degree of Doctor of Philosophy, is an original research work carried out by her under our super- vision. In our opinion, the thesis has reached the standards fulfilling the requirements of the regulations relating to the degree. The results contained in this thesis have not been submitted in part or full to any other university or institute for the award of any degree/diploma. Dr. Somitra Sanadhya Dr. Donghoon Chang January, 2016 Department of Computer Science Indraprastha Institute of Information Technology, Delhi New Delhi, 110020 IV Acknowledgments \It takes a big heart to help shape little minds" - Unknown First and foremost, I express my heartfelt gratitude to my esteemed teacher and guide, Dr. Somitra Sanadhya, my inspiration, for his invaluable guidance, constant support and for the intellectual stimulation given, which I will cherish in my heart always. His constant oasis of ideas exceptionally enrich the learner's thought process. I am extremely fortunate to have him as my advisor. I also express my sincere gratitude to my esteemed co-advisor, Dr. Donghoon Chang, who has helped me immensely throughout my PhD. life. All of the research I have conducted in completing my thesis wouldn't have been possible without his vision, encouragement and support. I would like to thank my PhD examiners, Dr. Vincent Rijmen, Dr. Sourav Mukhopadhyay and Dr. Jiageng Chen for their valuable comments and suggestions which helped me improve my dissertation. I am grateful to Dr. Andrey Bogdanov for the inspiring and fruitful collaboration I had with him. His passion for cryptanalysis and the perseverance of always pushing the results to a higher standard will always inspire me in my future research pursuits. I take this opportunity to thank all the members of my Crypto Lab. The resources and environment provided by them really helped me in my research. They have made my research life at IIIT-Delhi less tensed. I would like to thank all my friends from IIIT-Delhi, especially Sweta, Monalisa, Monika, Megha, Madhvi, Madhur, Jyoti and Tarun for their help and cooperation that always kept my spirits high. Their company made my graduate life a memorable one. I had a great opportunity to closely work with some brilliant undergraduate stu- dents: Akshima and Aarushi Goel. I would also like to forward my gratitude to Tata Consultancy Services (TCS), India for awarding me the prestigious TCS fellowship for my full PhD period. On a personal front , I owe my heartfelt thanks to my parents, my uncle and my sis- ter for their unconditional support, understanding and encouragement without which this dissertation would not have got completed. Above all, I am grateful to the Almighty, who showered the opportunity, blessings and moral courage on me to complete this dissertation. V List of Publications The author names are in the alphabetical order. 1. Andrey Bogdanov, Donghoon Chang, Mohona Ghosh, and Somitra Kumar Sanadhya. Bicliques with Minimal Data and Time Complexity for AES. In Jooy- oung Lee and Jongsung Kim, editors, Information Security and Cryptology - ICISC 2014 - 17th International Conference, Seoul, Korea, December 3-5, 2014, Revised Selected Papers, volume 8949 of Lecture Notes in Computer Science, pages 160-174. Springer, 2014. 2. Megha Agrawal, Donghoon Chang, Mohona Ghosh, and Somitra Kumar Sanad- hya. Collision attack on 4-branch, type-2 GFN based hash functions using Sliced Biclique Cryptanalysis Technique. In Dongdai Lin, Moti Yung, and Jianying Zhou, editors, Information Security and Cryptology - 10th International Confer- ence, Inscrypt 2014, Beijing, China, December 13-15, 2014, Revised Selected Papers, volume 8957 of Lecture Notes in Computer Science, pages 343-360. Springer, 2014. 3. Donghoon Chang, Mohona Ghosh, and Somitra Kumar Sanadhya. Biclique Cryptanalysis of full round AES-128 based hashing modes. In Dongdai Lin, Moti Yung, and Xiaofeng Wang, editors, Information Security and Cryptology - 11th International Conference, Inscrypt 2015, Beijing, China, November 1-3, 2015, Revised Selected Papers, volume 9589 of Lecture Notes in Computer Science. Springer, 2015. 4. Akshima, Donghoon Chang, Mohona Ghosh, Aarushi Goel, and Somitra Ku- mar Sanadhya. Single Key Recovery Attacks on 9-round Kalyna-128/256 and Kalyna-256/512. In Soonhak Kwon and Aaram Yun, editors, Information Secu- rity and Cryptology - ICISC 2015 - 18th International Conference, Seoul, Korea, November 25-27, 2015, Revised Selected Papers, volume 9558 of Lecture Notes in Computer Science. Springer, 2015. 5. Akshima, Donghoon Chang, Mohona Ghosh, Aarushi Goel, and Somitra Ku- mar Sanadhya. Improved Meet-in-the-Middle Attacks on 7 and 8-Round ARIA- 192 and ARIA-256. In Alex Biryukov and Vipul Goyal, editors, Progress in Cryptology - INDOCRYPT 2015 - 16th International Conference on Cryptology in India, Bangalore, India, December 6-9, 2015, Proceedings, volume 9462 of Lecture Notes in Computer Science, pages 198-217. Springer, 2015. VI Abstract Cryptographic protocols have been a cornerstone of secure communications among armed forces and diplomatic missions since time immemorial. With easy availability and low cost of computing facilities and Internet, the domain of cryptology has not only expanded to non-government uses but also in fulfilling the common needs of individuals. Block ciphers are the basic building blocks of most of today's deployed cryptography and are one of the most widely used cryptographic primitives. They play a crucial role in providing confidentiality of data transmitted over insecure communication channels - one of the fundamental goals of cryptography. Apart from it, block ciphers are also used to build other cryptographic mechanisms such as - Hash functions and Message Authentication Codes. Hence, it is crucial to ensure construction of a secure and robust block cipher design. To achieve so, it is imperative to analyze and evaluate the resis- tance of block ciphers against a variety of cryptanalytic attacks. This thesis is devoted to the security analysis of block ciphers and block cipher based hash functions against some of the current state-of-the-art cryptanalytic techniques. We specifically focus on Biclique Cryptanalysis and Multiset Attacks in this work. We propose a new extension of biclique technique - termed as Star based Bicliques and use them to solve the problem of high data complexity usually associated with this technique. Further, we also employ the above cryptanalytic methods to provide the best attacks on few standardized block ciphers. Our cryptanalytic results are as follows: 1. We study biclique based key recovery attacks and find improvements that lower the attack costs compared to the original attack in [39]. These attacks are applied to full round AES-128 (10-rounds), AES-192 (12-rounds) and AES-256 (14-rounds) with interesting observations and results. As part of the results, we propose star-based bicliques which allow us to launch attacks with the minimal data complexity in accordance with the unicity distance. Each attack requires just 2-3 known plaintexts with success probability 1. 2. We utilize the biclique based key recovery attacks to find second-preimages on AES based hashing modes. In our attacks, the initialization vector (IV) is a public constant that cannot be changed by the attacker. Under this setting, with message padding restrictions, the biclique trails constructed for key recovery attack in [39] cannot be utilized here. We construct new biclique trails that satisfy the above restrictions and launch second preimage attacks on all 12 PGV hashing modes based on full round AES-128. 3. We investigate the security of Generalized Feistel Networks (GFNs) in known-key scenario. We apply a variant of biclique technique - termed as sliced biclique cryptanalysis on 4-branch, Type-2 Generalized Feistel Networks (GFNs) based hash functions to generate actual collisions. We further demonstrate the best 8-round collision attack on 4-branch, Type-2 based GFNs when the round function F is instantiated with double SP layers. VII 4. We analyze the security of Korean Encryption Standard ARIA against meet-in-the-middle attack model. We conduct multiset based key recovery attacks on 7 and 8-round ARIA-192 and ARIA-256 with improved time, memory and data complexities compared to [168]. While the previous at- tacks on ARIA could only recover some round keys, our attacks show the first recovery of the complete master secret key. 5. We analyze the security of recently announced Ukrainian Encryption Stan- dard Kalyna against meet-in-the-middle attack model. We apply multiset attacks supplemented with further related advancements in this attack tech- nique to recover the secret key from 9-round Kalyna-128/256 and Kalyna- 256/512. This improves upon the previous best attack reported in [13] in terms of number of rounds attacked by 2. In terms of either the attack complexity or the number of attacked rounds, the attacks presented in the thesis are better than any previously published cryptanalytic results for the block ciphers concerned. VIII Contents 1 Introduction 1 1.1 Motivation . .3 1.2 Thesis Organization . .5 1.3 Contributions . .6 2 Symmetric cryptosystems 9 2.1 What is a block cipher ? . .9 2.2 Anatomy of a block cipher . 10 2.3 Construction of iterated block ciphers .
Load more

Recommended publications
  • The First Biclique Cryptanalysis of Serpent-256
    The First Biclique Cryptanalysis of Serpent-256 Gabriel C. de Carvalho1, Luis A. B. Kowada1 1Instituto de Computac¸ao˜ – Universidade Federal Fluminense (UFF) – Niteroi´ – RJ – Brazil Abstract. The Serpent cipher was one of the finalists of the AES process and as of today there is no method for finding the key with fewer attempts than that of an exhaustive search of all possible keys, even when using known or chosen plaintexts for an attack. This work presents the first two biclique attacks for the full-round Serpent-256. The first uses a dimension 4 biclique while the second uses a dimension 8 biclique. The one with lower dimension covers nearly 4 complete rounds of the cipher, which is the reason for the lower time complex- ity when compared with the other attack (which covers nearly 3 rounds of the cipher). On the other hand, the second attack needs a lot less pairs of plain- texts for it to be done. The attacks require 2255:21 and 2255:45 full computations of Serpent-256 using 288 and 260 chosen ciphertexts respectively with negligible memory. 1. Introduction The Serpent cipher is, along with MARS, RC6, Twofish and Rijindael, one of the AES process finalists [Nechvatal et al. 2001] and has not had, since its proposal, its full round versions attacked. It is a Substitution Permutation Network (SPN) with 32 rounds, 128 bit block size and accepts keys of sizes 128, 192 and 256 bits. Serpent has been targeted by several cryptanalysis [Kelsey et al. 2000, Biham et al. 2001b, Biham et al.
    [Show full text]
  • Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 Family
    Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 family Dmitry Khovratovich1 and Christian Rechberger2 and Alexandra Savelieva3 1Microsoft Research Redmond, USA 2DTU MAT, Denmark 3National Research University Higher School of Economics, Russia Abstract. We present the new concept of biclique as a tool for preimage attacks, which employs many powerful techniques from differential cryptanalysis of block ciphers and hash functions. The new tool has proved to be widely applicable by inspiring many authors to publish new re- sults of the full versions of AES, KASUMI, IDEA, and Square. In this paper, we demonstrate how our concept results in the first cryptanalysis of the Skein hash function, and describe an attack on the SHA-2 hash function with more rounds than before. Keywords: SHA-2, SHA-256, SHA-512, Skein, SHA-3, hash function, meet-in-the-middle attack, splice-and-cut, preimage attack, initial structure, biclique. 1 Introduction The last years saw an exciting progress in preimage attacks on hash functions. In contrast to collision search [29, 26], where differential cryptanalysis has been in use since 90s, there had been no similarly powerful tool for preimages. The situation changed dramatically in 2008, when the so-called splice-and-cut framework has been applied to MD4 and MD5 [2, 24], and later to SHA-0/1/2 [1, 3], Tiger [10], and other primitives. Despite amazing results on MD5, the applications to SHA-x primitives seemed to be limited by the internal properties of the message schedule procedures. The only promising element, the so-called initial structure tool, remained very informal and complicated.
    [Show full text]
  • Optimization of Core Components of Block Ciphers Baptiste Lambin
    Optimization of core components of block ciphers Baptiste Lambin To cite this version: Baptiste Lambin. Optimization of core components of block ciphers. Cryptography and Security [cs.CR]. Université Rennes 1, 2019. English. NNT : 2019REN1S036. tel-02380098 HAL Id: tel-02380098 https://tel.archives-ouvertes.fr/tel-02380098 Submitted on 26 Nov 2019 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. THÈSE DE DOCTORAT DE L’UNIVERSITE DE RENNES 1 COMUE UNIVERSITE BRETAGNE LOIRE Ecole Doctorale N°601 Mathématique et Sciences et Technologies de l’Information et de la Communication Spécialité : Informatique Par Baptiste LAMBIN Optimization of Core Components of Block Ciphers Thèse présentée et soutenue à RENNES, le 22/10/2019 Unité de recherche : IRISA Rapporteurs avant soutenance : Marine Minier, Professeur, LORIA, Université de Lorraine Jacques Patarin, Professeur, PRiSM, Université de Versailles Composition du jury : Examinateurs : Marine Minier, Professeur, LORIA, Université de Lorraine Jacques Patarin, Professeur, PRiSM, Université de Versailles Jean-Louis Lanet, INRIA Rennes Virginie Lallemand, Chargée de Recherche, LORIA, CNRS Jérémy Jean, ANSSI Dir. de thèse : Pierre-Alain Fouque, IRISA, Université de Rennes 1 Co-dir. de thèse : Patrick Derbez, IRISA, Université de Rennes 1 Remerciements Je tiens à remercier en premier lieu mes directeurs de thèse, Pierre-Alain et Patrick.
    [Show full text]
  • Two Practical and Provably Secure Block Ciphers: BEAR and LION
    Two Practical and Provably Secure Block Ciphers: BEAR and LION Ross Anderson 1 and Eh Biham 2 Cambridge University, England; emall rja14~cl.cmn.ar .uk 2 Technion, Haifa, Israel; email biham~cs .teclmion.ac.il Abstract. In this paper we suggest two new provably secure block ci- phers, called BEAR and LION. They both have large block sizes, and are based on the Luby-Rackoff construction. Their underlying components are a hash function and a stream cipher, and they are provably secure in the sense that attacks which find their keys would yield attacks on one or both of the underlying components. They also have the potential to be much faster than existing block ciphers in many applications. 1 Introduction There are a number of ways in which cryptographic primitives can be trans- formed by composition, such as output feedback mode which transforms a block cipher into a stream cipher, and feedforward mode which transforms it into a hash function [P]. A number of these reductions are provable, in the sense that certain kinds of attack on the composite function would yield an attack on the underlying primitive; a recent example is the proof that the ANSI message au- thentication code is as secure as the underlying block cipher [BKR]. One construction which has been missing so far is a means of building a block cipher out of a stream cipher. In this paper, we show provably secure ways to construct a block cipher from a stream cipher and a hash function. Given that ways of constructing keyed hash functions from stream ciphers already exist [LRW] [K], this enables block ciphers to be constructed from stream ciphers.
    [Show full text]
  • Kalyna Country Tourism Development Strategy
    KALYNA COUNTRY TOURISM DEVELOPMENT STRATEGY Table of Contents EXECUTIVE SUMMARY ..............................................................................................................5 INTRODUCTION ........................................................................................................................10 Background..........................................................................................................................10 Project Objectives................................................................................................................11 Process Overview................................................................................................................11 SITUATION ASSESSMENT: Where are we now? ....................................................................16 Study Area...............................................................................................................................17 Themes ...................................................................................................................................18 Lures and Clusters: Kalyna’s Tourism Resource ....................................................................19 Key Attractions and Clusters ...............................................................................................19 Market Analysis .......................................................................................................................27 Trends in Alberta Tourism ...................................................................................................27
    [Show full text]
  • How Far Can We Go Beyond Linear Cryptanalysis?
    How Far Can We Go Beyond Linear Cryptanalysis? Thomas Baign`eres, Pascal Junod, and Serge Vaudenay EPFL http://lasecwww.epfl.ch Abstract. Several generalizations of linear cryptanalysis have been pro- posed in the past, as well as very similar attacks in a statistical point of view. In this paper, we de¯ne a rigorous general statistical framework which allows to interpret most of these attacks in a simple and uni¯ed way. Then, we explicitely construct optimal distinguishers, we evaluate their performance, and we prove that a block cipher immune to classical linear cryptanalysis possesses some resistance to a wide class of general- ized versions, but not all. Finally, we derive tools which are necessary to set up more elaborate extensions of linear cryptanalysis, and to general- ize the notions of bias, characteristic, and piling-up lemma. Keywords: Block ciphers, linear cryptanalysis, statistical cryptanalysis. 1 A Decade of Linear Cryptanalysis Linear cryptanalysis is a known-plaintext attack proposed in 1993 by Matsui [21, 22] to break DES [26], exploiting speci¯c correlations between the input and the output of a block cipher. Namely, the attack traces the statistical correlation between one bit of information about the plaintext and one bit of information about the ciphertext, both obtained linearly with respect to GF(2)L (where L is the block size of the cipher), by means of probabilistic linear expressions, a concept previously introduced by Tardy-Corfdir and Gilbert [30]. Soon after, several attempts to generalize linear cryptanalysis are published: Kaliski and Robshaw [13] demonstrate how it is possible to combine several in- dependent linear correlations depending on the same key bits.
    [Show full text]
  • Identifying Open Research Problems in Cryptography by Surveying Cryptographic Functions and Operations 1
    International Journal of Grid and Distributed Computing Vol. 10, No. 11 (2017), pp.79-98 http://dx.doi.org/10.14257/ijgdc.2017.10.11.08 Identifying Open Research Problems in Cryptography by Surveying Cryptographic Functions and Operations 1 Rahul Saha1, G. Geetha2, Gulshan Kumar3 and Hye-Jim Kim4 1,3School of Computer Science and Engineering, Lovely Professional University, Punjab, India 2Division of Research and Development, Lovely Professional University, Punjab, India 4Business Administration Research Institute, Sungshin W. University, 2 Bomun-ro 34da gil, Seongbuk-gu, Seoul, Republic of Korea Abstract Cryptography has always been a core component of security domain. Different security services such as confidentiality, integrity, availability, authentication, non-repudiation and access control, are provided by a number of cryptographic algorithms including block ciphers, stream ciphers and hash functions. Though the algorithms are public and cryptographic strength depends on the usage of the keys, the ciphertext analysis using different functions and operations used in the algorithms can lead to the path of revealing a key completely or partially. It is hard to find any survey till date which identifies different operations and functions used in cryptography. In this paper, we have categorized our survey of cryptographic functions and operations in the algorithms in three categories: block ciphers, stream ciphers and cryptanalysis attacks which are executable in different parts of the algorithms. This survey will help the budding researchers in the society of crypto for identifying different operations and functions in cryptographic algorithms. Keywords: cryptography; block; stream; cipher; plaintext; ciphertext; functions; research problems 1. Introduction Cryptography [1] in the previous time was analogous to encryption where the main task was to convert the readable message to an unreadable format.
    [Show full text]
  • The Sword, November 2020
    NOVEMBER 2020 VOLUME 59 | ISSUE 3 2 Marginalized Students at Concordia Share Grievances: Recent Sit-In BY MARYKATE FENSTERMAKER 6 Milestone in Catholic History with First African American Cardinal BY ERIKA SOUKUP 8 How to Enjoy Thanksgiving Without Killing Grandma BY RYAN SKILLE 11 CSP Baseball Team Sends Uniforms to Nicaragua BY DAVINA BELLINGER 20 Criminal Justice & Sociology Club holds Open Conversation BY REBECCA BEASLEY Photo Credit: Rene Elias *THIS IS NOT AN OFFICIAL CSP PUBLICATION AND DOES NOT NECESSARILY REFLECT THE VIEWS OF THE ADMINISTRATION, FACULTY, OR STAFF. SPECIAL THANKS TO THE CONTRIBUTING SPONSORS. 1 THE SWORD NEWSPAPER NOVEMBER 2020 VOLUME 59 | ISSUE 3 NEWS CONCORDIA ST. PAUL’S OFFICIAL STUDENT NEWSPAPER SINCE 1966 EDITOR IN CHIEF Anna Fritze Letter from the Editor Marginalized Students at Concordia ART DIRECTOR BY ANNA FRITZE Share Grievances: Recent Sit-In Carli Bruckmueller alloween has come and gone, the u.s. NEWS EDITOR is in its second wave of the coronavirus, and our Organized by Black Students Harry Lien H nation will have a new president in January. What a roller coaster this month has been. So, it’s pretty Challenges Administration SPORTS EDITOR much been like every other month since March! Crazy Jaid Perry BY MARYKATE FENSTERMAKER what America can throw at you. ARTS & VARIETY EDITOR Before I released last month’s issue, I was most expectant group of around 30 students staged a sit-on in the Tunnel on Friday Oct. Davina Bellinger of receiving negative feedback due to the majority of the 30th to express their dissatisfaction with Concordia’s response to Black students paper taking the liberal side of the election.
    [Show full text]
  • International Journal of Computer Engineering and Applications, Volume XII, Special Issue, May 18, ISSN 2321-3469
    International Journal of Computer Engineering and Applications, Volume XII, Special Issue, May 18, www.ijcea.com ISSN 2321-3469 PROVIDING RESTRICTIONS AGAINST ATTACK AND CONGESTION CONTROL IN PUBLICINFRASTRUCTURE CLOUD Nousheen R1, Shanmugapriya M2, Sujatha P3,Dhinakaran D4 Student, Computer Science and Engineering, Peri Institute of Technology, Chennai, India 1,2,3 Assistant professor, Computer Science and Engineering, Peri Institute of Technology, Chennai, India 4 ABSTRACT: Cloud computing is current trend in market .It reduce the cost and complexity of service providers by the means of capital and operational cost.It allows users to access application remotely. This construct directs cloud service provider to handle cost of servers, software updates,etc. If the session tokens are not properly protected, an attacker can hijack an active session and assume the identity of a user. To focusing on session hijacking and broken authenticationOTP is generated it will send user mail.Once the user is authenticatedthey will be split into virtual machine it is initiate to the upload process into the cloud.Thecloud user files are uploaded and stored in domain based .Also in our proposed system encryption keys are maintained outside of the IaaS domain.For encryption, we proposed RSA algorithm .For data owner file encryption, we use camellia algorithm. Finally the files are stored in the public cloud named CloudMe. Keywords: Cloud computing, session hijacking, OTP, Virtual machine, Iaas, CloudMe [1] INTRODUCTION Cloud computing is an information technology(IT) standard that enables universal access to share group of configurable system resource and higher-level services that can be quickly provisioned with minimal management effort, often over the internet.
    [Show full text]
  • Ethical Hacking
    Official Certified Ethical Hacker Review Guide Steven DeFino Intense School, Senior Security Instructor and Consultant Contributing Authors Barry Kaufman, Director of Intense School Nick Valenteen, Intense School, Senior Security Instructor Larry Greenblatt, Intense School, Senior Security Instructor Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States Official Certified Ethical Hacker © 2010 Course Technology, Cengage Learning Review Guide ALL RIGHTS RESERVED. No part of this work covered by the copyright herein Steven DeFino may be reproduced, transmitted, stored or used in any form or by any means Barry Kaufman graphic, electronic, or mechanical, including but not limited to photocopying, Nick Valenteen recording, scanning, digitizing, taping, Web distribution, information networks, Larry Greenblatt or information storage and retrieval systems, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without the prior Vice President, Career and written permission of the publisher. Professional Editorial: Dave Garza Executive Editor: Stephen Helba For product information and technology assistance, contact us at Managing Editor: Marah Bellegarde Cengage Learning Customer & Sales Support, 1-800-354-9706 For permission to use material from this text or product, Senior Product Manager: submit all requests online at www.cengage.com/permissions Michelle Ruelos Cannistraci Further permissions questions can be e-mailed to Editorial Assistant: Meghan Orvis [email protected]
    [Show full text]
  • Improved Meet-In-The-Middle Attacks on Round-Reduced Crypton-256
    Improved Meet-in-the-Middle Attacks on Round-Reduced Crypton-256 Yonglin Hao Department of Computer Science and Technology, Tsinghua Universtiy, Beijing 100084, China [email protected] Abstract. The meet-in-the-middle (MITM) attack has prove to be efficient in analyzing the AES block cipher. Its efficiency has been increasing with the introduction of various techniques such as differential enumeration, key-dependent sieve, super-box etc. The recent MITM attack given by Li and Jin has successfully mounted to 10-round AES-256. Crypton is an AES-like block cipher. In this paper, we apply the MITM method to the cryptanalysis of Crypton-256. Following Li and Jin's idea, we give the first 6-round dis- tinguisher for Crypton. Based on the distinguisher as well as the properties of Crypton's simple key schedule, we successfully launch MITM attacks on Crypton-256 reduced to 9 and 10 rounds. For 9-round Crypton-256, our MITM attack can recover the 256-bit key with a time complexity 2173:05, a memory complexity 2241:17. For the 10-round version, we give two MITM attacks. The basic attack requires a time complexity 2240:01 and memory complexity 2241:59. The time/memory complexity of the advanced MITM attack on 10-round Crypton is 2245:05=2209:59. Our MITM attacks share the same data complexity 2113 and their error rates are negligible. Keywords: Cryptanalysis, Crypton, MITM, Efficient Differential Enumeration Technique, Key- Dependent Sieve, Super-Box 1 Introduction The SPN-structural block cipher Crypton [1] was proposed by Lim in 1998 as a candidate algorithm for the Advanced Encryption Standard.
    [Show full text]
  • Deep Learning-Based Cryptanalysis of Lightweight Block Ciphers
    Hindawi Security and Communication Networks Volume 2020, Article ID 3701067, 11 pages https://doi.org/10.1155/2020/3701067 Research Article Deep Learning-Based Cryptanalysis of Lightweight Block Ciphers Jaewoo So Department of Electronic Engineering, Sogang University, Seoul 04107, Republic of Korea Correspondence should be addressed to Jaewoo So; [email protected] Received 5 February 2020; Revised 21 June 2020; Accepted 26 June 2020; Published 13 July 2020 Academic Editor: Umar M. Khokhar Copyright © 2020 Jaewoo So. +is is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Most of the traditional cryptanalytic technologies often require a great amount of time, known plaintexts, and memory. +is paper proposes a generic cryptanalysis model based on deep learning (DL), where the model tries to find the key of block ciphers from known plaintext-ciphertext pairs. We show the feasibility of the DL-based cryptanalysis by attacking on lightweight block ciphers such as simplified DES, Simon, and Speck. +e results show that the DL-based cryptanalysis can successfully recover the key bits when the keyspace is restricted to 64 ASCII characters. +e traditional cryptanalysis is generally performed without the keyspace restriction, but only reduced-round variants of Simon and Speck are successfully attacked. Although a text-based key is applied, the proposed DL-based cryptanalysis can successfully break the full rounds of Simon32/64 and Speck32/64. +e results indicate that the DL technology can be a useful tool for the cryptanalysis of block ciphers when the keyspace is restricted.
    [Show full text]