DOCSLIB.ORG

The Round Functions of KASUMI Generate the Alternating Group

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

DOI 10.1515/jmc-2013-0028 Ë J. Math. Cryptol. 2015; 9 (1):23–32 Research Article Rüdiger Sparr and Ralph Wernsdorf The round functions of KASUMI generate the alternating group Abstract: We show that the round functions of the KASUMI block cipher for odd and even round type gen- erate the alternating group on the message space. Moreover, under the assumption of independent round keys, we prove that also the KASUMI two-round functions and the KASUMI encryption functions generate the alternating group. Keywords: KASUMI, block cipher, permutation groups MSC 2010: 94A60, 20B35 ËË Rüdiger Sparr, Ralph Wernsdorf: Rohde & Schwarz SIT GmbH, Am Studio 3, 12489 Berlin, Germany, e-mail: [email protected], [email protected] Communicated by: Robert Gilman 1 Introduction KASUMI is a -bit block cipher with -bit key size which is used for the condentiality and integrity algo- rithms of the Third Generation Partnership Project ( GPP) for mobile communications [7]. KASUMI is based on the MISTY64block cipher [15] and is128 carefully designed to resist conventional dierential and linear crypt- analysis [1]. It has been shown that the four-round3 KASUMI-type permutation is pseudorandom and that the six-round1 KASUMI-type permutation is super-pseudorandom under an adaptive distinguisher model [11]. Furthermore, as shown in [6], KASUMI is susceptible to a related key attack using four related keys, which however is not a security threat for the use of KASUMI in GSM and UMTS applications. Recent further crypt- analysis results about KASUMI can be found in [12, 19]. In this paper we present several new results on group theoretic properties of the KASUMI round functions and component functions. For any block cipher, it is desirable to exclude possible structural defects for the group generated by the round functions, such as an insucient diversity of occurring permutations or im- primitivity. Because of the widespread use for GPP mobile communications, the exclusion of such structural weaknesses appears particularly relevant for the KASUMI block cipher. As shown by Paterson [17], there are DES-like block ciphers which possess a certain3 resistance to linear and dierential cryptanalysis, but can be easily broken since the round functions generate a group which acts imprimitively on the message space. A further purpose for the analysis of group theoretic properties of a block cipher stems from the fact that, if the round functions of the cipher generate the alternating group on the message space, then general security proofs for the cipher are possible with respect to the Markov cipher approach to classical dierential crypt- analysis (cf. [2, 10, 16]). For the DES [4], AES [22], and other ciphers, several results on the cyclic and group theoretic structure of their components have already been found (see [3, 5, 8, 13, 21, 23, 24]). The paper is organized as follows. In Section 2 we provide some notions and facts from the theory of per- mutation groups which are used in this paper. In Section 3 we give a description of the KASUMI block cipher. In Section 4 we investigate cyclic properties of the internal components of the KASUMI round functions and prove an unexpected property of the FO-functions of KASUMI. In Section 5 we show that the groups gener- ated by the KASUMI round functions for odd and even round type are equal to the alternating group on the message space 64. In Section 6 we show that also the KASUMI two-round functions as well as the KASUMI encryption functions generate the alternating group on the set 64 under the assumption of independent round keys. In Section{0, 1} 7 we nish the paper with some concluding remarks. {0, 1} 24 Ë R. Sparr and R. Wernsdorf, The round functions of KASUMI 2 Group theoretical facts For any nonempty nite set , the group of bijective mappings of onto itself is denoted by X. If is a natural number and , we also write n instead of X. Every subgroup of X is called a permutation group on . Let be a natural numberX with . A permutationX group X is called -transitiveS n if, for any ~ pair of -tuplesX = {1,1 . , n}~ , 1 ~ S with i S j i j for , thereS is a permutation with Xi i ~for .A -transitive0 < permutation~ ≤ |X| group is simply calledG ≤ Stransitive.~ If is a permutation group on~ a set (aand, . , a ) ,(b the, . subgroup . , b ) ∈ X of all a ̸= witha , b ̸= b isi denoted̸= j by a. g ∈ G g(a )For= b multiplei = transitivity1, . , ~ 1 we have the following proposition (cf. [25]). G X a ∈ X g ∈ G g(a) = a G Proposition 2.1. Let be a transitive permutation group on a nite set , a natural number with , and . Then is -transitive on if and only if a is -transitive on . G X ~ 0 < ~ < |X| Let be a permutation group with . A subset is called a block of if or a ∈ XX G (~ + 1) X G ~ X \ {a} for every . A block is said to be trivial if or where .A complete nontrivial blockG ≤ systemS for is a partition 1 |X|t =ofn into disjointB ⊆ X subsets i of equalG sizeg(B)with= B g(B)∩,B such= that for everyg ∈ G permutationB ⊆ X and every block i thereB ∈ {X, is a} blockB = j{x}with ix ∈ Xj for . Let X be transitive.G is called{Ximprimitive,...,X } if thereX is a nontrivial blockX of . Otherwise,s 1 < s <isn said to be primitive. Every -transitiveg ∈ G permutation groupX is primitive, but notX conversely.g(X ) = AX permutationi, j ∈ {1, . , t}X is a transpositionG ≤ S if interchangesG two elements and xes all the otherB ⊂ elementsX G of . A permutationG is called even (odd)2 if can be represented as a product of an even (odd) number of transpositions.g ∈ TheS set of all even permutationsg n forms a groupx, which y ∈ X is called the alternating group on theX set andg which is denoted by gn. For any permutation ong ∈ a niteS set of even cardinality, the number of cycles of odd length in its{1, disjoint . , n} cy- cle decomposition mustA be even. Since the cycles of even length are odd permutations, we have the following result. Proposition 2.2. A permutation on a nite set with even cardinality is even if and only if its cycle representation contains an even number of cycles (including the cycles of length ). The degree of a permutation group on a nite set is dened as the number of elements of that are 1 moved by at least one permutation of . The degree of a permutation is dened as the degree of the cyclic group generated by this permutation.G X X We need the subsequent results whichG provide sucient conditions for a permutation group to be the alternating or symmetric group. Theorem 2.3 (cf. [25, Theorem 13.10]). Let be a prime and a primitive permutation group of degree , which contains an element of order and degree , but which is neither the alternating nor symmetric group. p G n = (a)qp +Ifk and , then . p qp (b) If and , then . q ≤ 7 p ≥ 11 k ≤ 8 Proposition 2.4. Let be a primitive permutation group on the set 2n with . Suppose there is an q ≥ 8 p ≥ 2q − 1 k ≤ 4q − 4 element which contains in its cycle representation a cycle with a prime factor n+1 and for 2n we have G {0, 1} n > 2 g ∈ G 2n p > 2 r = Then2 modisp the alternating or the symmetric group on 2n. r > max8, 4 ⋅ (2 − r)/p − 4. Proof. Suppose is neither the alternating nor symmetric group. Using an appropriate exponentiation of , G {0, 1} we obtain a permutation with cycles of length , where n−1. Hence contains an element of order and degree ,G where 2n . Then , but g 2n q p 2n 1 ≤ q < 2 G p pq pq ≤ 2 − r p ≥ max(11, 2q − 1) which is a contradiction to Theorem 2.3. 2 − pq ≥ r > max8, 4 ⋅ (2 − r)/p − 4 ≥ max(8, 4q − 4) R. Sparr and R. Wernsdorf, The round functions of KASUMI Ë 25 Remark 2.5. As an alternative to Theorem 2.3 and Proposition 2.4, it is also possible to use the theorems [18, Theorem A] or [14, Theorem 1.1] to derive similar sucient conditions for a permutation group to be the alternating or symmetric group. Theorem 2.6 (cf. [20, Corollary 10.2.2]). Let be a transitive permutation group on a nite set with . If there is an element which contains in its cycle representation a cycle of prime number length with , then is the alternating orG the symmetric group on . X |X| > 7 g ∈ G p |X|/2 < p < |X| − 2 G X 3 Description of KASUMI 2n For every 1 2n we write L for 1 n and R for n+1 2n . The all-zero bit- vector in the set n is denoted by n and elements of m n are identied with elements in mn by concatenation.x = (x We, .write . , x ) k∈for{0, the 1} left rotationx of (x-bit, . words . , x ) by bitx positions(x , . and . , x )for the projection of -bit words {0,to 1} the seven right-most0 bits of . Let ({0,and 1} ) denote the S-boxes of KASUMI,{0, which 1} are nonlinear permutations onrot 7 and 9, respectively16 [7]. Furthermore,k let pr 9 w w S7 S9 2 {0, 1} {0, 1} 7 9 16 16 16 for every ì(v,and w) k= S7(v) ⊕ v for⊕ pr every(S9(w)), (0 , v) ⊕ andS9(w) .
Recommended publications
  • Improved Related-Key Attacks on DESX and DESX+

    Improved Related-Key Attacks on DESX and DESX+

    Improved Related-key Attacks on DESX and DESX+ Raphael C.-W. Phan1 and Adi Shamir3 1 Laboratoire de s´ecurit´eet de cryptographie (LASEC), Ecole Polytechnique F´ed´erale de Lausanne (EPFL), CH-1015 Lausanne, Switzerland [email protected] 2 Faculty of Mathematics & Computer Science, The Weizmann Institute of Science, Rehovot 76100, Israel [email protected] Abstract. In this paper, we present improved related-key attacks on the original DESX, and DESX+, a variant of the DESX with its pre- and post-whitening XOR operations replaced with addition modulo 264. Compared to previous results, our attack on DESX has reduced text complexity, while our best attack on DESX+ eliminates the memory requirements at the same processing complexity. Keywords: DESX, DESX+, related-key attack, fault attack. 1 Introduction Due to the DES’ small key length of 56 bits, variants of the DES under multiple encryption have been considered, including double-DES under one or two 56-bit key(s), and triple-DES under two or three 56-bit keys. Another popular variant based on the DES is the DESX [15], where the basic keylength of single DES is extended to 120 bits by wrapping this DES with two outer pre- and post-whitening keys of 64 bits each. Also, the endorsement of single DES had been officially withdrawn by NIST in the summer of 2004 [19], due to its insecurity against exhaustive search. Future use of single DES is recommended only as a component of the triple-DES. This makes it more important to study the security of variants of single DES which increase the key length to avoid this attack.
  • 25 Years of Linear Cryptanalysis -Early History and Path Search Algorithm

    25 Years of Linear Cryptanalysis -Early History and Path Search Algorithm

    25 Years of Linear Cryptanalysis -Early History and Path Search Algorithm- Asiacrypt 2018, December 3 2018 Mitsuru Matsui © Mitsubishi Electric Corporation Back to 1990… 2 © Mitsubishi Electric Corporation FEAL (Fast data Encipherment ALgorithm) • Designed by Miyaguchi and Shimizu (NTT). • 64-bit block cipher family with the Feistel structure. • 4 rounds (1987) • 8 rounds (1988) • N rounds(1990) N=32 recommended • Key size is 64 bits (later extended to 128 bits). • Optimized for 8-bit microprocessors (no lookup tables). • First commercially successful cipher in Japan. • Inspired many new ideas, including linear cryptanalysis. 3 © Mitsubishi Electric Corporation FEAL-NX Algorithm [Miyaguchi 90] subkey 4 © Mitsubishi Electric Corporation The Round Function of FEAL 2-byte subkey Linear Relations 푌 2 = 푋1 0 ⊕ 푋2 0 푌 2 = 푋1 0 ⊕ 푋2 0 ⊕ 1 (푁표푡푎푡푖표푛: 푌 푖 = 푖-푡ℎ 푏푖푡 표푓 푌) 5 © Mitsubishi Electric Corporation Linear Relations of the Round Function Linear Relations 푂 16,26 ⊕ 퐼 24 = 퐾 24 K 푂 18 ⊕ 퐼 0,8,16,24 = 퐾 8,16 ⊕ 1 푂 10,16 ⊕ 퐼 0,8 = 퐾 8 S 0 푂 2,8 ⊕ 퐼 0 = 퐾 0 ⊕ 1 (푁표푡푎푡푖표푛: 퐴 푖, 푗, 푘 = 퐴 푖 ⊕ 퐴 푗 ⊕ 퐴 푘 ) S1 O I f S0 f 3-round linear relations with p=1 S1 f modified round function f at least 3 subkey (with whitening key) f bytes affect output6 6 © Mitsubishi Electric Corporation History of Cryptanalysis of FEAL • 4-round version – 100-10000 chosen plaintexts [Boer 88] – 20 chosen plaintexts [Murphy 90] – 8 chosen plaintexts [Biham, Shamir 91] differential – 200 known plaintexts [Tardy-Corfdir, Gilbert 91] – 5 known plaintexts [Matsui, Yamagishi
  • Encryption Algorithm Trade Survey

    Encryption Algorithm Trade Survey

    CCSDS Historical Document This document’s Historical status indicates that it is no longer current. It has either been replaced by a newer issue or withdrawn because it was deemed obsolete. Current CCSDS publications are maintained at the following location: http://public.ccsds.org/publications/ CCSDS HISTORICAL DOCUMENT Report Concerning Space Data System Standards ENCRYPTION ALGORITHM TRADE SURVEY INFORMATIONAL REPORT CCSDS 350.2-G-1 GREEN BOOK March 2008 CCSDS HISTORICAL DOCUMENT Report Concerning Space Data System Standards ENCRYPTION ALGORITHM TRADE SURVEY INFORMATIONAL REPORT CCSDS 350.2-G-1 GREEN BOOK March 2008 CCSDS HISTORICAL DOCUMENT CCSDS REPORT CONCERNING ENCRYPTION ALGORITHM TRADE SURVEY AUTHORITY Issue: Informational Report, Issue 1 Date: March 2008 Location: Washington, DC, USA This document has been approved for publication by the Management Council of the Consultative Committee for Space Data Systems (CCSDS) and reflects the consensus of technical panel experts from CCSDS Member Agencies. The procedure for review and authorization of CCSDS Reports is detailed in the Procedures Manual for the Consultative Committee for Space Data Systems. This document is published and maintained by: CCSDS Secretariat Space Communications and Navigation Office, 7L70 Space Operations Mission Directorate NASA Headquarters Washington, DC 20546-0001, USA CCSDS 350.2-G-1 i March 2008 CCSDS HISTORICAL DOCUMENT CCSDS REPORT CONCERNING ENCRYPTION ALGORITHM TRADE SURVEY FOREWORD Through the process of normal evolution, it is expected that expansion, deletion, or modification of this document may occur. This Recommended Standard is therefore subject to CCSDS document management and change control procedures, which are defined in the Procedures Manual for the Consultative Committee for Space Data Systems.
  • Camellia: a 128-Bit Block Cipher Suitable for Multiple Platforms

    Camellia: a 128-Bit Block Cipher Suitable for Multiple Platforms

    Copyright NTT and Mitsubishi Electric Corporation 2000 Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms † ‡ † Kazumaro Aoki Tetsuya Ichikawa Masayuki Kanda ‡ † ‡ ‡ Mitsuru Matsui Shiho Moriai Junko Nakajima Toshio Tokita † Nippon Telegraph and Telephone Corporation 1-1 Hikarinooka, Yokosuka, Kanagawa, 239-0847 Japan {maro,kanda,shiho}@isl.ntt.co.jp ‡ Mitsubishi Electric Corporation 5-1-1 Ofuna, Kamakura, Kanagawa, 247-8501 Japan {ichikawa,matsui,june15,tokita}@iss.isl.melco.co.jp September 26, 2000 Abstract. We present a new 128-bit block cipher called Camellia. Camellia sup- ports 128-bit block size and 128-, 192-, and 256-bit key lengths, i.e. the same interface specifications as the Advanced Encryption Standard (AES). Camellia was carefully designed to withstand all known cryptanalytic attacks and even to have a sufficiently large security leeway for use of the next 10-20 years. There are no hidden weakness inserted by the designers. It was also designed to have suitability for both software and hardware implementations and to cover all possible encryption applications that range from low-cost smart cards to high-speed network systems. Compared to the AES finalists, Camellia offers at least comparable encryption speed in software and hardware. An optimized implementation of Camellia in assembly language can en- crypt on a PentiumIII (800MHz) at the rate of more than 276 Mbits per second, which is much faster than the speed of an optimized DES implementation. In ad- dition, a distinguishing feature is its small hardware design. The hardware design, which includes key schedule, encryption and decryption, occupies approximately 11K gates, which is the smallest among all existing 128-bit block ciphers as far as we know.
  • Linear (Hull) and Algebraic Cryptanalysis of the Block Cipher PRESENT

    Linear (Hull) and Algebraic Cryptanalysis of the Block Cipher PRESENT

    Linear (Hull) and Algebraic Cryptanalysis of the Block Cipher PRESENT Jorge Nakahara Jr1, Pouyan Sepehrdad1, Bingsheng Zhang2, Meiqin Wang3 1EPFL, Lausanne, Switzerland 2Cybernetica AS, Estonia and University of Tartu, Estonia 3Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, China Estonian Theory Days, 2-4.10.2009 Outline Why cryptanalysis?! Outline Outline Contributions The PRESENT Block Cipher Revisited Algebraic Cryptanalysis of PRESENT Linear Cryptanalysis of PRESENT Linear Hulls of PRESENT Conclusions Acknowledgements Outline Outline Contributions we performed linear analysis of reduced-round PRESENT exploiting fixed-points (and other symmetries) of pLayer exploiting low Hamming Weight bitmasks using iterative linear relations first linear hull analysis of PRESENT: 1st and 2nd best trails known-plaintext and ciphertext-only attack settings revisited algebraic analysis of 5-round PRESENT in less than 3 min best attacks on up to 26-round PRESENT (out of 31 rounds) Outline Outline The PRESENT Block Cipher block cipher designed by Bogdanov et al. at CHES’07 aimed at RFID tags, sensor networks (hardware environments) SPN structure 64-bit block size, 80- or 128-bit key size, 31 rounds one full round: xor with round subkey, S-box layer, bit permutation (pLayer) key schedule: 61-bit left rotation, S-box application, and xor with counter Outline Outline The PRESENT Block Cipher Computational graph of one full round of PRESENT Outline Outline Previous attack complexities on reduced-round
  • Security Analysis of an Encryption Scheme Based on Nonpositional Polynomial Notations

    Security Analysis of an Encryption Scheme Based on Nonpositional Polynomial Notations

    Open Eng. 2016; 6:250–258 Research Article Open Access Nursulu Kapalova* and Dilmukhanbet Dyusenbayev Security analysis of an encryption scheme based on nonpositional polynomial notations DOI 10.1515/eng-2016-0034 unique providing that bases are pairwise relatively prime. Received May 05, 2016; accepted Jun 28, 2016 As distinct from classical RNSs, irreducible polynomials over GF(2) that is binary polynomials serve as bases in Abstract: The aim of the research was to conduct a cryp- NPNs [1–6]. tographic analysis of an encryption scheme developed Based on NPNs, nonconventional algorithms for en- on the basis of nonpositional polynomial notations to cryption, digital signatures and cryptographic key ex- estimate the algorithm strength. Nonpositional polyno- change have been developed [3, 7–9]. This paper is con- mial notations (NPNs) are residue number systems (RNSs) cerned with an investigation of the strength of a noncon- based on irreducible polynomials over GF(2). To evalu- ventional encryption scheme against cryptanalysis. The ate if the algorithms developed on the basis of NPNs are core of the algorithm under study is as follows. secure, mathematical models of cryptanalysis involving algebraic, linear and differential methods have been de- 1. First of all, an NPN is formed with its working bases signed. The cryptanalysis is as follows. A system of non- consisting of chosen irreducible polynomials linear equations is obtained from a function transforming p x p x ... p x plaintext into ciphertext with a key. Next, a possibility of 1( ), 2( ), , S( ) (1) transition of the nonlinear system to a linear one is consid- over GF(2) of degrees m1, m2, ..
  • Optimization of Core Components of Block Ciphers Baptiste Lambin

    Optimization of Core Components of Block Ciphers Baptiste Lambin

    Optimization of core components of block ciphers Baptiste Lambin To cite this version: Baptiste Lambin. Optimization of core components of block ciphers. Cryptography and Security [cs.CR]. Université Rennes 1, 2019. English. NNT : 2019REN1S036. tel-02380098 HAL Id: tel-02380098 https://tel.archives-ouvertes.fr/tel-02380098 Submitted on 26 Nov 2019 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. THÈSE DE DOCTORAT DE L’UNIVERSITE DE RENNES 1 COMUE UNIVERSITE BRETAGNE LOIRE Ecole Doctorale N°601 Mathématique et Sciences et Technologies de l’Information et de la Communication Spécialité : Informatique Par Baptiste LAMBIN Optimization of Core Components of Block Ciphers Thèse présentée et soutenue à RENNES, le 22/10/2019 Unité de recherche : IRISA Rapporteurs avant soutenance : Marine Minier, Professeur, LORIA, Université de Lorraine Jacques Patarin, Professeur, PRiSM, Université de Versailles Composition du jury : Examinateurs : Marine Minier, Professeur, LORIA, Université de Lorraine Jacques Patarin, Professeur, PRiSM, Université de Versailles Jean-Louis Lanet, INRIA Rennes Virginie Lallemand, Chargée de Recherche, LORIA, CNRS Jérémy Jean, ANSSI Dir. de thèse : Pierre-Alain Fouque, IRISA, Université de Rennes 1 Co-dir. de thèse : Patrick Derbez, IRISA, Université de Rennes 1 Remerciements Je tiens à remercier en premier lieu mes directeurs de thèse, Pierre-Alain et Patrick.
  • TS 135 202 V7.0.0 (2007-06) Technical Specification

    TS 135 202 V7.0.0 (2007-06) Technical Specification

    ETSI TS 135 202 V7.0.0 (2007-06) Technical Specification Universal Mobile Telecommunications System (UMTS); Specification of the 3GPP confidentiality and integrity algorithms; Document 2: Kasumi specification (3GPP TS 35.202 version 7.0.0 Release 7) 3GPP TS 35.202 version 7.0.0 Release 7 1 ETSI TS 135 202 V7.0.0 (2007-06) Reference RTS/TSGS-0335202v700 Keywords SECURITY, UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88 Important notice Individual copies of the present document can be downloaded from: http://www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http://portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http://portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission.
  • Miss in the Middle Attacks on IDEA and Khufu

    Miss in the Middle Attacks on IDEA and Khufu

    Miss in the Middle Attacks on IDEA and Khufu Eli Biham? Alex Biryukov?? Adi Shamir??? Abstract. In a recent paper we developed a new cryptanalytic techni- que based on impossible differentials, and used it to attack the Skipjack encryption algorithm reduced from 32 to 31 rounds. In this paper we describe the application of this technique to the block ciphers IDEA and Khufu. In both cases the new attacks cover more rounds than the best currently known attacks. This demonstrates the power of the new cryptanalytic technique, shows that it is applicable to a larger class of cryptosystems, and develops new technical tools for applying it in new situations. 1 Introduction In [5,17] a new cryptanalytic technique based on impossible differentials was proposed, and its application to Skipjack [28] and DEAL [17] was described. In this paper we apply this technique to the IDEA and Khufu cryptosystems. Our new attacks are much more efficient and cover more rounds than the best previously known attacks on these ciphers. The main idea behind these new attacks is a bit counter-intuitive. Unlike tra- ditional differential and linear cryptanalysis which predict and detect statistical events of highest possible probability, our new approach is to search for events that never happen. Such impossible events are then used to distinguish the ci- pher from a random permutation, or to perform key elimination (a candidate key is obviously wrong if it leads to an impossible event). The fact that impossible events can be useful in cryptanalysis is an old idea (for example, some of the attacks on Enigma were based on the observation that letters can not be encrypted to themselves).
  • Identifying Open Research Problems in Cryptography by Surveying Cryptographic Functions and Operations 1

    Identifying Open Research Problems in Cryptography by Surveying Cryptographic Functions and Operations 1

    International Journal of Grid and Distributed Computing Vol. 10, No. 11 (2017), pp.79-98 http://dx.doi.org/10.14257/ijgdc.2017.10.11.08 Identifying Open Research Problems in Cryptography by Surveying Cryptographic Functions and Operations 1 Rahul Saha1, G. Geetha2, Gulshan Kumar3 and Hye-Jim Kim4 1,3School of Computer Science and Engineering, Lovely Professional University, Punjab, India 2Division of Research and Development, Lovely Professional University, Punjab, India 4Business Administration Research Institute, Sungshin W. University, 2 Bomun-ro 34da gil, Seongbuk-gu, Seoul, Republic of Korea Abstract Cryptography has always been a core component of security domain. Different security services such as confidentiality, integrity, availability, authentication, non-repudiation and access control, are provided by a number of cryptographic algorithms including block ciphers, stream ciphers and hash functions. Though the algorithms are public and cryptographic strength depends on the usage of the keys, the ciphertext analysis using different functions and operations used in the algorithms can lead to the path of revealing a key completely or partially. It is hard to find any survey till date which identifies different operations and functions used in cryptography. In this paper, we have categorized our survey of cryptographic functions and operations in the algorithms in three categories: block ciphers, stream ciphers and cryptanalysis attacks which are executable in different parts of the algorithms. This survey will help the budding researchers in the society of crypto for identifying different operations and functions in cryptographic algorithms. Keywords: cryptography; block; stream; cipher; plaintext; ciphertext; functions; research problems 1. Introduction Cryptography [1] in the previous time was analogous to encryption where the main task was to convert the readable message to an unreadable format.
  • Security Analysis of Lightweight Iot Cipher: Chaskey

    Security Analysis of Lightweight Iot Cipher: Chaskey

    cryptography Article Security Analysis of Lightweight IoT Cipher: Chaskey Ashutosh Dhar Dwivedi Department of Applied Mathematics and Computer Science, Technical University of Denmark, 2800 Kongens Lyngby, Denmark; [email protected] or [email protected] Received: 3 July 2020; Accepted: 1 August 2020; Published: 5 August 2020 Abstract: This paper presents the differential cryptanalysis of ARX based cipher Chaskey using tree search based heuristic approach. ARX algorithms are suitable for resource-constrained devices such as IoT and very resistant to standard cryptanalysis such as linear or differential. To make a differential attack, it is important to make differential characteristics of the cipher. Finding differential characteristics in ARX is the most challenging task nowadays. Due to the bigger block size, it is infeasible to calculate lookup tables for non-linear components. Transition through the non-linear layer of cipher faces a huge state space problem. The problem of huge state space is a serious research topic in artificial intelligence (AI). The proposed heuristic tool use such methods inspired by Nested Tree-based sampling to find differential paths in ARX cipher and successfully applied to get a state of art results for differential cryptanalysis with a very fast and simpler framework. The algorithm can also be applied in different research areas in cryptanalysis where such huge state space is a problem. Keywords: heuristic techniques; differential attacks; Chaskey cipher; ARX lightweight ciphers; nested tree search; single player games 1. Introduction IoT has created new values by connecting network with various small devices, but security threat becomes more important issues in the recent reports of automobile hacking and illegal surveillance camera manipulation etc.
  • Peptide Microarray Profiling Identifies Phospholipase C Gamma 1 (PLC-Γ1) As a Potential Target for T(8;21) AML

    Peptide Microarray Profiling Identifies Phospholipase C Gamma 1 (PLC-Γ1) As a Potential Target for T(8;21) AML

    www.impactjournals.com/oncotarget/ Oncotarget, 2017, Vol. 8, (No. 40), pp: 67344-67354 Research Paper Peptide microarray profiling identifies phospholipase C gamma 1 (PLC-γ1) as a potential target for t(8;21) AML Hasan Mahmud1,2, Frank J.G. Scherpen1, Tiny Meeuwsen de Boer1, Harm-Jan Lourens1, Caroline Schoenherr3, Matthias Eder3, Michaela Scherr3, Victor Guryev4 and Eveline S. De Bont1 1Department of Pediatric Oncology/Hematology, Beatrix Children’s Hospital, University Medical Center Groningen, University of Groningen, Groningen, The Netherlands 2Stephenson Cancer Center, The University of Oklahoma Health Sciences Center, Oklahoma City, OK, USA 3Department of Hematology, Hemostasis, Oncology and Stem Cell Transplantation, Hannover Medical School, Hannover, Germany 4Laboratory of Genome Structure and Aging, European Research Institute for the Biology of Aging, University Medical Center Groningen, University of Groningen, Groningen, The Netherlands Correspondence to: Eveline S. De Bont, email: [email protected] Keywords: AML, leukemia, t(8;21), PLC-γ1, peptide microarray Received: February 21, 2017 Accepted: May 01, 2017 Published: June 27, 2017 Copyright: Mahmud et al. This is an open-access article distributed under the terms of the Creative Commons Attribution License 3.0 (CC BY 3.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited. ABSTRACT The t(8;21) (q22;q22) chromosomal translocation is one of the most frequent genetic alterations in acute myeloid leukemia (AML) which has a need for improved therapeutic strategies. We found PLC-γ1 as one of the highest phosphorylated peptides in t(8;21) AML samples compared to NBM or CN-AML in our previous peptide microarray.