DOCSLIB.ORG

Secure Stream Cipher Initialisation Processes

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Secure Stream Cipher Initialisation Processes Secure Stream Cipher Initialisation Processes by Ali Abdulaziz Alhamdan Bachelor of Engineering (Electrical Engineering) (KSU) { 1997 Master of Information Technology (QUT) { 2009 Thesis submitted in accordance with the regulations for the Degree of Doctor of Philosophy Information Security discipline Electrical Engineering and Computer Science School Science and Engineering Faculty Queensland University of Technology January 2014 ii Keywords A5/1, Common Scrambling Algorithm Stream Cipher (CSA-SC), cryptanaly- sis, cryptography, differential attacks, diffusion phase, Dragon, Grain, initialisa- tion flaws, initialisation process, initialisation vector (IV), LILI, loading phase, MICKEY, RC4, rekeying, resynchronisation attacks, Sfinks, shifted keystream, slid pairs, slide attacks, state convergence, stream cipher, symmetric cipher, Time Memory trade-off (TMTO) attacks, Trivium, weak key-IV combinations. iii iv Abstract Stream ciphers are symmetric key cryptosystems that are used commonly to pro- vide confidentiality for a wide range of frame-based applications; such as mobile phone communication, pay TV transmission and Internet traffic. For these ap- plications, stream ciphers are preferred for encryption due to the simplicity of implementation, security against known attacks, efficiency and high throughput. In modern stream ciphers, the initialisation process (also known as resyn- chronisation) involves the use of publicly known material as well as the secret key. Unless it is carefully designed, this process may reveal some information about the secret key or may leave a stream cipher vulnerable for some attacks. Analysis of the initialisation process in the literature is limited and has not been addressed thoroughly. The main objective of this research is to provide design recommendations for strengthening initialisation processes in modern stream ciphers. We achieve this by examining in-depth the initialisation process of three well-known stream ciphers: A5/1, Sfinks and the Common Scrambling Algorithm. Our reasons for choosing these algorithms are: • These ciphers are broadly representative of modern stream ciphers. • They cover a variety of loading processes • A5/1 and the Common Scrambling Algorithm are both used widely. We have examined the initialisation processes of these three ciphers Design criteria provide to prevent these flaws as well as other flaws in the initialisation process of stream ciphers. v vi Contents Front Matteri Keywords.................................. iii Abstract...................................v Table of Contents.............................. vii List of Tables................................ xiii List of Figures................................ xv List of Algorithms............................. xvi Abbreviations................................ xix List of Symbols............................... xxi Declaration................................. xxiii Previously Published Material....................... xxv Acknowledgements............................. xxvii 1 Introduction1 1.1 Motivation...............................2 1.2 Aims and Objectives.........................4 1.3 Contributions and Achievements...................4 1.3.1 Analysis of the Initialisation Process of A5/1 Stream Cipher4 1.3.2 Analysis of the Initialisation Process of Sfinks Stream Cipher6 1.3.3 Analysis of the Initialisation Process of the CSA-SC....7 1.3.4 Criteria for the Initialisation Process of Stream Ciphers..8 1.4 Thesis Outline.............................8 2 Background 11 2.1 Terminology and Notation...................... 12 2.2 Stream Ciphers............................ 13 2.2.1 Types of Keystream Generators............... 16 vii 2.2.2 Properties of Keystream................... 19 2.3 Initialisation Process......................... 20 2.3.1 Loading Phase........................ 20 2.3.2 Diffusion Phase........................ 21 2.3.3 Keystream Generation Process................ 21 2.4 Examples of Initialisation Processes................. 22 2.4.1 RC4.............................. 22 2.4.2 Trivium............................ 24 2.4.3 Grain v1............................ 25 2.4.4 Dragon............................. 28 2.4.5 MICKEY v1.......................... 30 2.4.6 LILI-II............................. 34 2.4.7 Why A5/1, Sfinks and CSA-SC............... 36 2.5 Cryptanalysis of Stream Ciphers................... 39 2.5.1 Attacking Models....................... 39 2.5.2 Aims of Attackers....................... 40 2.6 Generic Attacks on the Initialisation Process............ 41 2.6.1 Brute Force Attack...................... 41 2.6.2 Time Memory Data Trade-Off Attack............ 42 2.6.3 Differential Attacks...................... 44 2.7 Flaws in the Initialisation Process.................. 45 2.7.1 State Convergence...................... 45 2.7.2 Analysis of State Convergence................ 46 2.7.3 Slid Pairs and Shifted Keystream.............. 49 2.7.4 Analysis of Slid Pairs and Shifted Keystream........ 51 2.7.5 Weak Key-IV Combinations................. 53 2.7.6 Analysis of Weak Key-IV Pairs............... 53 2.8 Existing Attacks on Initialisation Processes............. 55 2.8.1 RC4 Analysis......................... 55 2.8.2 Trivium Analysis....................... 56 2.8.3 Grain Analysis........................ 57 2.8.4 Dragon Analysis....................... 59 2.8.5 MICKEY Analysis...................... 59 2.8.6 LILI-II Analysis........................ 60 2.9 Tools.................................. 60 viii 2.10 Summary............................... 61 3 Analysis of A5/1 Stream Cipher Initialisation Process 63 3.1 Specification of A5/1 Stream Cipher................ 64 3.1.1 Initialisation Process..................... 65 3.1.2 Keystream Generation.................... 66 3.2 State Convergence.......................... 66 3.2.1 Previous Analysis....................... 67 3.2.2 Extension of Existing Work................. 69 3.3 Slid Pairs and Synchronisation Attacks............... 74 3.3.1 Analysis of Slid Pairs..................... 75 3.3.2 Result of Analysis....................... 79 3.3.3 Attack Procedure....................... 82 3.4 Weak Key-IV Combinations..................... 85 3.4.1 Three Registers all Zeros................... 87 3.4.2 Two Registers all Zeros.................... 90 3.4.3 One Register all Zeros.................... 95 3.5 Summary and Security Impact.................... 100 4 Analysis of Sfinks Stream Cipher Initialisation Process 105 4.1 Specification of Sfinks Stream Cipher................ 106 4.1.1 Initialisation Process..................... 107 4.1.2 Keystream Generation.................... 110 4.2 State Convergence.......................... 111 4.2.1 States Which Converge.................... 111 4.2.2 State Convergence Across the Initialisation Process.... 115 4.3 Slid Pairs and Synchronisation Attacks............... 116 4.3.1 Slid Pairs Using Sfinks.................... 116 4.3.2 Analysis of Slid Pairs..................... 119 4.3.3 Findings and Results..................... 123 4.3.4 Attack Procedure....................... 131 4.3.5 Analysis of Sfinks with Slight Modification......... 134 4.4 Weak Key-IV Combinations..................... 135 4.5 Summary and Security Impact.................... 135 ix 5 Analysis of CSA-SC Initialisation Process 139 5.1 Specification of CSA-SC....................... 140 5.1.1 Initialisation process..................... 142 5.1.2 Keystream generation.................... 145 5.2 State Convergence in CSA-SC.................... 145 5.2.1 Initialisation State Update Equations............ 146 5.2.2 State Convergence During Initialisation Process...... 149 5.2.3 State Convergence During Keystream Generation..... 158 5.3 Analysis of Slid Pairs......................... 160 5.4 Weak Key-IV Combinations..................... 167 5.5 Summary and Security Impact.................... 167 6 Security Issues in Initialisation 171 6.1 Security Flaws in Initialisation Process............... 173 6.2 Loading Phase and Security Flaws.................. 174 6.2.1 Padding Pattern Weaknesses................. 175 6.2.2 Loading Process and Flaws................. 176 6.2.3 Autonomy in Loading Phase and Flaws........... 177 6.3 Diffusion Phase and Security Flaws................. 179 6.3.1 Number of Iterations and Security.............. 179 6.3.2 Properties of State Update Function and Flaws...... 181 6.4 Recommendations........................... 184 6.5 Summary............................... 186 7 Conclusion and Future Work 189 7.1 Review of Contributions....................... 190 7.1.1 Analysis of the Initialisation Process of A5/1........ 190 7.1.2 Analysis of the Initialisation Process of Sfinks....... 191 7.1.3 Analysis of the Initialisation Process of CSA-SC...... 192 7.1.4 Criteria for the Initialisation Process of Stream Ciphers.. 193 7.2 Future Work.............................. 193 Appendix A A5/1 Algebraic Representation 197 A.1 The Key and IV Relationship for Slid Pairs............ 197 A.2 The Key and IV Relationship for Weak Key-IV.......... 214 x Appendix B Common Scrambling Algorithm Stream Cipher 237 B.1 The Boolean Functions of the CSA-SC............... 237 B.2 Algebraic Equations at Time t = −31................ 240 Index 245 Bibliography 247 xi xii List of Tables 2.1 The four sequences COMP 0i; COMP 1i;FB0i and FB1i ..... 32 2.2 Summary of well known stream cipher proposals.......... 38 3.1 Proportions of states in each of Goli´c'scases............ 68 3.2 Comparison between the analysis of inaccessible states...... 68 3.3 Proportion of available states after α iterations.......... 71 3.4 Slid
Load more

Recommended publications
  • 2020 Sneak Peek Is Now Available
    GISWatch 2020 GISW SNEAK PEEK SNEAK PEEK GLOBAL INFORMATION atch 2020 SOCIETY WATCH 2020 Technology, the environment and a sustainable world: Responses from the global South ASSOCIATION FOR PROGRESSIVE COMMUNICATIONS (APC) AND SWEDISH INTERNATIONAL DEVELOPMENT COOPERATION AGENCY (SIDA) GISWatch 2020 SNEAK PEEK Global Information Society Watch 2020 SNEAK PEEK Technology, the environment and a sustainable world: Responses from the global South APC would like to thank the Swedish International Development Cooperation Agency (Sida) for their support for Global Information Society Watch 2020. Published by APC 2021 Creative Commons Attribution 4.0 International (CC BY 4.0) https://creativecommons.org/licenses/by/4.0/ Some rights reserved. Disclaimer: The views expressed herein do not necessarily represent those of Sida, APC or its members. GISWatch 2020 SNEAK PEEK Table of contents Introduction: Returning to the river.... ............................................4 Alan Finlay The Sustainable Development Goals and the environment ............................9 David Souter Community networks: A people – and environment – centred approach to connectivity ................................................13 “Connecting the Unconnected” project team www.rhizomatica.org; www.apc.org Australia . 18 Queensland University of Technology and Deakin University marcus foth, monique mann, laura bedford, walter fieuw and reece walters Brazil . .23 Brazilian Association of Digital Radio (ABRADIG) anna orlova and adriana veloso Latin America . 28 Gato.Earth danae tapia and paz peña Uganda . .33 Space for Giants oliver poole GISWatch 2020 SNEAK PEEK Introduction: Returning to the river Alan Finlay do not have the same power as governments or the agribusiness, fossil fuel and extractive industries, and that to refer to them as “stakeholders” would The terrain of environmental sustainability involves make this power imbalance opaque.
    [Show full text]
  • A Differential Fault Attack on MICKEY
    A Differential Fault Attack on MICKEY 2.0 Subhadeep Banik and Subhamoy Maitra Applied Statistics Unit, Indian Statistical Institute Kolkata, 203, B.T. Road, Kolkata-108. s.banik [email protected], [email protected] Abstract. In this paper we present a differential fault attack on the stream cipher MICKEY 2.0 which is in eStream's hardware portfolio. While fault attacks have already been reported against the other two eStream hardware candidates Trivium and Grain, no such analysis is known for MICKEY. Using the standard assumptions for fault attacks, we show that if the adversary can induce random single bit faults in the internal state of the cipher, then by injecting around 216:7 faults and performing 232:5 computations on an average, it is possible to recover the entire internal state of MICKEY at the beginning of the key-stream generation phase. We further consider the scenario where the fault may affect at most three neighbouring bits and in that case we require around 218:4 faults on an average. Keywords: eStream, Fault attacks, MICKEY 2.0, Stream Cipher. 1 Introduction The stream cipher MICKEY 2.0 [4] was designed by Steve Babbage and Matthew Dodd as a submission to the eStream project. The cipher has been selected as a part of eStream's final hardware portfolio. MICKEY is a synchronous, bit- oriented stream cipher designed for low hardware complexity and high speed. After a TMD tradeoff attack [16] against the initial version of MICKEY (ver- sion 1), the designers responded by tweaking the design by increasing the state size from 160 to 200 bits and altering the values of some control bit tap loca- tions.
    [Show full text]
  • Lecture Note 8 ATTACKS on CRYPTOSYSTEMS I Sourav Mukhopadhyay
    Lecture Note 8 ATTACKS ON CRYPTOSYSTEMS I Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Attacks on Cryptosystems • Up to this point, we have mainly seen how ciphers are implemented. • We have seen how symmetric ciphers such as DES and AES use the idea of substitution and permutation to provide security and also how asymmetric systems such as RSA and Diffie Hellman use other methods. • What we haven’t really looked at are attacks on cryptographic systems. Cryptography and Network Security - MA61027 (Sourav Mukhopadhyay, IIT-KGP, 2010) 1 • An understanding of certain attacks will help you to understand the reasons behind the structure of certain algorithms (such as Rijndael) as they are designed to thwart known attacks. • Although we are not going to exhaust all possible avenues of attack, we will get an idea of how cryptanalysts go about attacking ciphers. Cryptography and Network Security - MA61027 (Sourav Mukhopadhyay, IIT-KGP, 2010) 2 • This section is really split up into two classes of attack: Cryptanalytic attacks and Implementation attacks. • The former tries to attack mathematical weaknesses in the algorithms whereas the latter tries to attack the specific implementation of the cipher (such as a smartcard system). • The following attacks can refer to either of the two classes (all forms of attack assume the attacker knows the encryption algorithm): Cryptography and Network Security - MA61027 (Sourav Mukhopadhyay, IIT-KGP, 2010) 3 – Ciphertext-only attack: In this attack the attacker knows only the ciphertext to be decoded. The attacker will try to find the key or decrypt one or more pieces of ciphertext (only relatively weak algorithms fail to withstand a ciphertext-only attack).
    [Show full text]
  • Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices
    Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices † ‡ ‡ ‡ Nadia Heninger ∗ Zakir Durumeric ∗ Eric Wustrow J. Alex Halderman † University of California, San Diego ‡ The University of Michigan [email protected] {zakir, ewust, jhalderm}@umich.edu Abstract expect that today’s widely used operating systems and RSA and DSA can fail catastrophically when used with server software generate random numbers securely. In this malfunctioning random number generators, but the extent paper, we test that proposition empirically by examining to which these problems arise in practice has never been the public keys in use on the Internet. comprehensively studied at Internet scale. We perform The first component of our study is the most compre- the largest ever network survey of TLS and SSH servers hensive Internet-wide survey to date of two of the most and present evidence that vulnerable keys are surprisingly important cryptographic protocols, TLS and SSH (Sec- widespread. We find that 0.75% of TLS certificates share tion 3.1). By scanning the public IPv4 address space, keys due to insufficient entropy during key generation, we collected 5.8 million unique TLS certificates from and we suspect that another 1.70% come from the same 12.8 million hosts and 6.2 million unique SSH host keys faulty implementations and may be susceptible to com- from 10.2 million hosts. This is 67% more TLS hosts promise. Even more alarmingly, we are able to obtain than the latest released EFF SSL Observatory dataset [18]. RSA private keys for 0.50% of TLS hosts and 0.03% of Our techniques take less than 24 hours to scan the entire SSH hosts, because their public keys shared nontrivial address space for listening hosts and less than 96 hours common factors due to entropy problems, and DSA pri- to retrieve keys from them.
    [Show full text]
  • Comparison of 256-Bit Stream Ciphers at the Beginning of 2006
    Comparison of 256-bit stream ciphers at the beginning of 2006 Daniel J. Bernstein ? [email protected] Abstract. This paper evaluates and compares several stream ciphers that use 256-bit keys: counter-mode AES, CryptMT, DICING, Dragon, FUBUKI, HC-256, Phelix, Py, Py6, Salsa20, SOSEMANUK, VEST, and YAMB. 1 Introduction ECRYPT, a consortium of European research organizations, issued a Call for Stream Cipher Primitives in November 2004. A remarkable variety of ciphers were proposed in response by a total of 97 authors spread among Australia, Belgium, Canada, China, Denmark, England, France, Germany, Greece, Israel, Japan, Korea, Macedonia, Norway, Russia, Singapore, Sweden, Switzerland, and the United States. Evaluating a huge pool of stream ciphers, to understand the merits of each cipher, is not an easy task. This paper simplifies the task by focusing on the relatively small pool of ciphers that allow 256-bit keys. Ciphers limited to 128- bit keys (or 80-bit keys) are ignored. See Section 2 to understand my interest in 256-bit keys. The ciphers allowing 256-bit keys are CryptMT, DICING, Dragon, FUBUKI, HC-256, Phelix, Py, Py6, Salsa20, SOSEMANUK, VEST, and YAMB. I included 256-bit AES in counter mode as a basis for comparison. Beware that there are unresolved claims of attacks against Py (see [4] and [3]), SOSEMANUK (see [1]), and YAMB (see [5]). ECRYPT, using measurement tools written by Christophe De Canni`ere, has published timings for each cipher on several common general-purpose CPUs. The original tools and timings used reference implementations (from the cipher authors) but were subsequently updated for faster implementations (also from the cipher authors).
    [Show full text]
  • Statistical Attack on RC4 Distinguishing WPA
    Statistical Attack on RC4 Distinguishing WPA Pouyan Sepehrdad, Serge Vaudenay, and Martin Vuagnoux EPFL CH-1015 Lausanne, Switzerland http://lasecwww.epfl.ch Abstract. In this paper we construct several tools for manipulating pools of bi- ases in the analysis of RC4. Then, we show that optimized strategies can break WEP based on 4000 packets by assuming that the first bytes of plaintext are known for each packet. We describe similar attacks for WPA. Firstly, we de- scribe a distinguisher for WPA of complexity 243 and advantage 0.5 which uses 240 packets. Then, based on several partial temporary key recovery attacks, we recover the full 128-bit temporary key by using 238 packets. It works within a complexity of 296. So far, this is the best attack against WPA. We believe that our analysis brings further insights on the security of RC4. 1 Introduction RC4 was designed by Rivest in 1987. It used to be a trade secret until it was anony- mously posted in 1994. Nowadays, RC4 is widely used in SSL/TLS and Wi-Fi 802.11 wireless communications. 802.11 [1] used to be protected by WEP (Wired Equivalent Privacy) which is now being replaced by WPA (Wi-Fi Protected Access) due to security weaknesses. WEP uses RC4 with a pre-shared key. Each packet is encrypted by a XOR to a keystream generated by RC4. The RC4 key is the pre-shared key prepended with a 3- byte nonce IV. The IV is sent in clear for self-synchronization. There have been several attempts to break the full RC4 algorithm but it has only been devastating so far in this scenario.
    [Show full text]
  • On Quantum Slide Attacks Xavier Bonnetain, María Naya-Plasencia, André Schrottenloher
    On Quantum Slide Attacks Xavier Bonnetain, María Naya-Plasencia, André Schrottenloher To cite this version: Xavier Bonnetain, María Naya-Plasencia, André Schrottenloher. On Quantum Slide Attacks. 2018. hal-01946399 HAL Id: hal-01946399 https://hal.inria.fr/hal-01946399 Preprint submitted on 6 Dec 2018 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. On Quantum Slide Attacks Xavier Bonnetain1,2, María Naya-Plasencia2 and André Schrottenloher2 1 Sorbonne Université, Collège Doctoral, F-75005 Paris, France 2 Inria de Paris, France Abstract. At Crypto 2016, Kaplan et al. proposed the first quantum exponential acceleration of a classical symmetric cryptanalysis technique: they showed that, in the superposition query model, Simon’s algorithm could be applied to accelerate the slide attack on the alternate-key cipher. This allows to recover an n-bit key with O(n) quantum time and queries. In this paper we propose many other types of quantum slide attacks, inspired by classical techniques including sliding with a twist, complementation slide and mirror slidex. These slide attacks on Feistel networks reach up to two round self-similarity with modular additions inside branch or key-addition operations.
    [Show full text]
  • 9/11 Report”), July 2, 2004, Pp
    Final FM.1pp 7/17/04 5:25 PM Page i THE 9/11 COMMISSION REPORT Final FM.1pp 7/17/04 5:25 PM Page v CONTENTS List of Illustrations and Tables ix Member List xi Staff List xiii–xiv Preface xv 1. “WE HAVE SOME PLANES” 1 1.1 Inside the Four Flights 1 1.2 Improvising a Homeland Defense 14 1.3 National Crisis Management 35 2. THE FOUNDATION OF THE NEW TERRORISM 47 2.1 A Declaration of War 47 2.2 Bin Ladin’s Appeal in the Islamic World 48 2.3 The Rise of Bin Ladin and al Qaeda (1988–1992) 55 2.4 Building an Organization, Declaring War on the United States (1992–1996) 59 2.5 Al Qaeda’s Renewal in Afghanistan (1996–1998) 63 3. COUNTERTERRORISM EVOLVES 71 3.1 From the Old Terrorism to the New: The First World Trade Center Bombing 71 3.2 Adaptation—and Nonadaptation— ...in the Law Enforcement Community 73 3.3 . and in the Federal Aviation Administration 82 3.4 . and in the Intelligence Community 86 v Final FM.1pp 7/17/04 5:25 PM Page vi 3.5 . and in the State Department and the Defense Department 93 3.6 . and in the White House 98 3.7 . and in the Congress 102 4. RESPONSES TO AL QAEDA’S INITIAL ASSAULTS 108 4.1 Before the Bombings in Kenya and Tanzania 108 4.2 Crisis:August 1998 115 4.3 Diplomacy 121 4.4 Covert Action 126 4.5 Searching for Fresh Options 134 5.
    [Show full text]
  • Security in Wireless Sensor Networks Using Cryptographic Techniques
    American Journal of Engineering Research (AJER) 2014 American Journal of Engineering Research (AJER) e-ISSN : 2320-0847 p-ISSN : 2320-0936 Volume-03, Issue-01, pp-50-56 www.ajer.org Research Paper Open Access Security in Wireless Sensor Networks using Cryptographic Techniques Madhumita Panda Sambalpur University Institute of Information Technology(SUIIT)Burla, Sambalpur, Odisha, India. Abstract: -Wireless sensor networks consist of autonomous sensor nodes attached to one or more base stations.As Wireless sensor networks continues to grow,they become vulnerable to attacks and hence the need for effective security mechanisms.Identification of suitable cryptography for wireless sensor networks is an important challenge due to limitation of energy,computation capability and storage resources of the sensor nodes.Symmetric based cryptographic schemes donot scale well when the number of sensor nodes increases.Hence public key based schemes are widely used.We present here two public – key based algorithms, RSA and Elliptic Curve Cryptography (ECC) and found out that ECC have a significant advantage over RSA as it reduces the computation time and also the amount of data transmitted and stored. Keywords: -Wireless Sensor Network,Security, Cryptography, RSA,ECC. I. WIRELESS SENSOR NETWORK Sensor networks refer to a heterogeneous system combining tiny sensors and actuators with general- purpose computing elements. These networks will consist of hundreds or thousands of self-organizing, low- power, low-cost wireless nodes deployed to monitor and affect the environment [1]. Sensor networks are typically characterized by limited power supplies, low bandwidth, small memory sizes and limited energy. This leads to a very demanding environment to provide security.
    [Show full text]
  • Cryptanalysis of Sfinks*
    Cryptanalysis of Sfinks? Nicolas T. Courtois Axalto Smart Cards Crypto Research, 36-38 rue de la Princesse, BP 45, F-78430 Louveciennes Cedex, France, [email protected] Abstract. Sfinks is an LFSR-based stream cipher submitted to ECRYPT call for stream ciphers by Braeken, Lano, Preneel et al. The designers of Sfinks do not to include any protection against algebraic attacks. They rely on the so called “Algebraic Immunity”, that relates to the complexity of a simple algebraic attack, and ignores other algebraic attacks. As a result, Sfinks is insecure. Key Words: algebraic cryptanalysis, stream ciphers, nonlinear filters, Boolean functions, solving systems of multivariate equations, fast algebraic attacks on stream ciphers. 1 Introduction Sfinks is a new stream cipher that has been submitted in April 2005 to ECRYPT call for stream cipher proposals, by Braeken, Lano, Mentens, Preneel and Varbauwhede [6]. It is a hardware-oriented stream cipher with associated authentication method (Profile 2A in ECRYPT project). Sfinks is a very simple and elegant stream cipher, built following a very classical formula: a single maximum-period LFSR filtered by a Boolean function. Several large families of ciphers of this type (and even much more complex ones) have been in the recent years, quite badly broken by algebraic attacks, see for exemple [12, 13, 1, 14, 15, 2, 18]. Neverthe- less the specialists of these ciphers counter-attacked by defining and applying the concept of Algebraic Immunity [7] to claim that some designs are “secure”. Unfortunately, as we will see later, the notion of Algebraic Immunity protects against only one simple alge- braic attack and ignores other algebraic attacks.
    [Show full text]
  • CHUCK CHONSON: AMERICAN CIPHER by ERIC NOLAN A
    CHUCK CHONSON: AMERICAN CIPHER By ERIC NOLAN A THESIS PRESENTED TO THE GRADUATE SCHOOL OF THE UNIVERSITY OF FLORIDA IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF FINE ARTS UNIVERSITY OF FLORIDA 2003 Copyright 2003 by Eric Nolan To my parents, and to Nicky ACKNOWLEDGMENTS I thank my parents, my teachers, and my colleagues. Special thanks go to Dominique Wilkins and Don Mattingly. iv TABLE OF CONTENTS ACKNOWLEDGMENTS..................................................................................................iv ABSTRACT......................................................................................................................vii CHAPTER 1 LIVE-IN GIRLFRIEND, SHERRY CRAVENS ...................................................... 1 2 DEPARTMENT CHAIR, FURRY LUISSON..........................................................8 3 TRAIN CONDUCTOR, BISHOP PROBERT........................................................ 12 4 TWIN BROTHER, MARTY CHONSON .............................................................. 15 5 DEALER, WILLIE BARTON ................................................................................ 23 6 LADY ON BUS, MARIA WOESSNER................................................................. 33 7 CHILDHOOD PLAYMATE, WHELPS REMIEN ................................................ 36 8 GUY IN TRUCK, JOE MURHPY .........................................................................46 9 EX-WIFE, NORLITTA FUEGOS...........................................................................49 10
    [Show full text]
  • Identifying Open Research Problems in Cryptography by Surveying Cryptographic Functions and Operations 1
    International Journal of Grid and Distributed Computing Vol. 10, No. 11 (2017), pp.79-98 http://dx.doi.org/10.14257/ijgdc.2017.10.11.08 Identifying Open Research Problems in Cryptography by Surveying Cryptographic Functions and Operations 1 Rahul Saha1, G. Geetha2, Gulshan Kumar3 and Hye-Jim Kim4 1,3School of Computer Science and Engineering, Lovely Professional University, Punjab, India 2Division of Research and Development, Lovely Professional University, Punjab, India 4Business Administration Research Institute, Sungshin W. University, 2 Bomun-ro 34da gil, Seongbuk-gu, Seoul, Republic of Korea Abstract Cryptography has always been a core component of security domain. Different security services such as confidentiality, integrity, availability, authentication, non-repudiation and access control, are provided by a number of cryptographic algorithms including block ciphers, stream ciphers and hash functions. Though the algorithms are public and cryptographic strength depends on the usage of the keys, the ciphertext analysis using different functions and operations used in the algorithms can lead to the path of revealing a key completely or partially. It is hard to find any survey till date which identifies different operations and functions used in cryptography. In this paper, we have categorized our survey of cryptographic functions and operations in the algorithms in three categories: block ciphers, stream ciphers and cryptanalysis attacks which are executable in different parts of the algorithms. This survey will help the budding researchers in the society of crypto for identifying different operations and functions in cryptographic algorithms. Keywords: cryptography; block; stream; cipher; plaintext; ciphertext; functions; research problems 1. Introduction Cryptography [1] in the previous time was analogous to encryption where the main task was to convert the readable message to an unreadable format.
    [Show full text]