DOCSLIB.ORG

Cryptography at Large

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Cryptography at Large Cryptography at Large Gerard Tel Trefw: cryptografie, informatiebeveiliging, digitale handtekening, elektronisch geld c Copyright 2009 Gerard Tel. Alle rechten voorbehouden. Niets uit deze uitgave mag worden verveelvoudigd, opgeslagen in een geautomatiseerd gegevensbestand, of openbaar gemaakt, in enige vorm of op enige wijze, hetzij elektronisch, mechanisch, door fotokopie¨en,opnamen, of enige andere manier, zonder voorafgaande toestemming van de auteur. Voorzover het maken van kopie¨enuit deze uitgave is toegestaan op grond van artikel 16B Auteurswet 1912 jo het Besluit van 20 juni 1974, St.b. 351, zoals gewijzigd bij Besluit van 23 augustus 1985, St.b. 471 en artikel 17 Auteurswet 1912, dient men de daarvoor wettelijk verschuldigde vergoedingen te voldoen aan de Stichting Reprorecht. Voor het overnemen van gedeelte(n) uit deze uitgave in bloemlezingen, readers en andere compilatie- of andere werken (artikel 16 Auteurswet 1912), in welke vorm dan ook, dient men zich tot de auteur te wenden. Ondanks alle aan de samenstelling van dit boek bestede zorg kan noch de redactie, noch de auteur, noch de uitgever aansprakelijkheid aanvaarden voor schade die het gevolg is van enige fout in deze uitgave. Contents Contents v Preface ix 1 Quantum Factorization (Bart Jansen ) 1 1.1 Introduction to quantum mechanics . 1 1.2 Shor's factoring algorithm . 4 1.3 Complexity considerations for cryptography . 8 1.4 Implementations of Shor's algorithm . 9 1.5 The future of quantum computing . 10 2 Diffie-Hellman and Discrete Logarithm Problems (Sori Lee ) 11 2.1 The `problems' . 12 2.2 Reducing the DL problem to the DH problem . 13 2.3 Summary . 18 3 Hash Collisions (Jan Olav Hajduk ) 21 3.1 MD5 . 21 3.2 SHA-1 . 26 3.3 Conclusion . 28 4 RSA Challenges (Eleni Mina ) 29 4.1 Introduction . 29 4.2 RSA Challenges . 31 4.3 Conclusion . 38 5 Representation collisions in Pollard's Rho-Method (Sanne Willems ) 39 5.1 Pollard's Rho-Method . 40 5.2 Representation of z .................................. 41 5.3 Application in Pollard's Rho-Method . 43 5.4 Verification with experiments . 43 5.5 Conclusion . 46 6 Phishing (Geerten Doornenbal ) 47 6.1 Phishing - what is it? . 47 6.2 The term phishing . 47 6.3 Different kinds of phishing . 48 6.4 Why does it work? . 51 v vi Contents 6.5 Economic losses . 51 6.6 Technical solution . 52 7 Biometry (Hannelore van der Burgh ) 55 7.1 System . 55 7.2 Attacks . 57 7.3 Biometric traits . 58 7.4 The matching procedure of fingerprints . 61 7.5 Conclusion . 64 8 Privacy of rfid (Roland Vaandrager ) 65 8.1 Introduction . 65 8.2 Example uses of rfid . 65 8.3 Privacy issues . 66 8.4 Possible solutions . 67 8.5 Conclusion . 71 9 Practical Elliptic Curve Cryptography (Tom Smeets ) 73 9.1 Elliptic Curves introduced . 73 9.2 Curve Parameters . 74 9.3 Standardized Curves . 75 9.4 Fast Curve25519 . 77 9.5 Software using ECC . 78 9.6 Addendum . 79 10 GRAIN an eSTREAM Cipher (Zamarak ) 81 10.1 Introduction . 81 10.2 eSTREAM . 83 10.3 GRAIN . 84 10.4 Summary . 91 10.5 Used resources . 91 11 Advanced Encryption Standard (Anieke Brombacher ) 93 11.1 The beginning of AES . 93 11.2 Description of the standard . 94 11.3 Possible attacks on AES . 97 11.4 Summary and Conclusion . 99 12 Non-malleability (Ren´eKersten ) 101 12.1 Introduction . 101 12.2 DDL-Lite . 102 12.3 Improved definition and algorithm . 104 12.4 Non-malleability in other cryptographic primitives . 109 12.5 Summary . 110 13 Broadcast Encryption (Tamar Christina ) 111 13.1 Introduction . 111 13.2 Encryption Schemes . 112 13.3 Traitor Tracing . 115 13.4 Conclusion . 118 Cryptography at Large vii 14 Receipt-freedom in voting (Pieter van Ede ) 119 14.1 Introduction . 119 14.2 Current voting systems . 121 14.3 Receipt-freedom by Moran and Naor . 122 14.4 Discussion and conclusion . 125 15 Safety of the dutch OV-chipkaart (Marcel van Kooten Niekerk ) 127 15.1 Introduction to the OV-chipkaart . 127 15.2 System architecture of the OV-chipkaart . 128 15.3 Safety of the OV-chipkaart-system . 129 15.4 Safety of the disposable OV-chipkaart . 130 15.5 The anonymous and personal OV-chipkaart . 131 Summary and Conclusions . 135 Bibliography 137 Index 145 viii Contents Preface This reader contains papers, written by students of Utrecht University as part of the Cryp- tography course of Fall 2008. The course treats the theory of Cryptography, underlying many solutions in computer and IT security. The challenge for the students is, to connect this theory to actual security products in their project study. The papers were presented during a symposium on January 29, 2009. For the purpose of the symposium, the presentations were divided into three themes, namely Successful Attacks (Chapters 1 through 6), about systems of which the security was broken, Safe Digital Society (Chapters 7 through 12), about security used in a nation-wide scale to support the economical or democratic infrastructure, and New Systems (Chapters 13 through 16), about new ideas or systems under development. The session chairs during the symposium were Marjan van den Akker, Gerard Vreeswijk, and Marinus Veldhorst. I hope the reader will be a nice souvenir for the speakers and writers, and that it will provide for all others an interesting overview of some computer security topics. Gerard Tel (course teacher), Utrecht, February 2009. ix Chapter 1 Quantum Factorization Written by Bart Jansen. In 1994 the American mathematician Peter Shor [Sho97] published an algorithm for factoring integers in polynomial time. Since the security of cryptosystems such as RSA [Tel08, Section 5.3.3] depends on the assumption that factoring large integers is computationally infeasible, this publication came as quite a shock to physicists and computer scientists alike. Because it has proven to be rather difficult to construct a quantum computer with sufficient \memory" to actually run the algorithm on the large integers that are used as RSA moduli, there is currently no threat to the safety of RSA encryption. This chapter investigates the nature of the algorithm, and evaluates how long RSA will remain safe against quantum computers. We start the chapter by introducing some of the basic concepts of quantum mechanics that are be needed to understand why quantum computers are potentially more powerful than classical computers. This is followed by a description of a probabilistic scheme for factoring integers, first published by Miller in 1974 [Mil75]. Miller's factoring scheme forms the basis of Shor's algorithm. Shor showed that the most critical step, finding the order of an element in a modular group, can be performed in polynomial time on a quantum computer. No poly- nomial algorithm is known for solving this problem on classical computers, which illustrates the computational power of a quantum computer. In the last part of this chapter, we look at the advancements that have been made towards implementing a quantum computer that can execute Shor's algorithm. In the exposition of this subject, a strong distinction has been made between physical and number-theoretical discussions. The text on physics will not contain any equations or formal notation, since it only serves to transfer the ideas behind quantum physics to an unini- tiated audience. The part on the number-theoretic properties of Shor's algorithm will be highly mathematical, since it neatly fits into the mathematical background of the course on cryptography. 1.1 Introduction to quantum mechanics The field of quantum mechanics originated in the 1920's, when bright young minds such as Heisenberg, Schr¨odingerand Bohr began to unify the various ad-hoc theories that existed at that time to explain the \strange" outcomes of some experiments in physics. Several effects 1 2 Quantum Factorization that were observed in the lab simply could not be explained by the classical laws of physics as postulated by Isaac Newton and James Maxwell. Even though classical physics had proven very accurate when dealing with macroscopic systems (calculating the motions of the stars, predicting the orbits of satellites and modeling the trajectory of rockets), it failed to explain the effects that were observed for experiments on a much smaller scale. In particular, some experiments seemed to suggest that light exists in the form of individual particles, while other observations seemed to indicate that light consists of waves. The theory of quantum mechanics was developed to explain this duality of light. In the course of the previous century, the theory started to mature. Important predictions that followed from the theory were later confirmed by experiments, and this predictive power was starting to appeal to scientists. Unfortunately quantum mechanics would often lead to conclusions that were extremely counterintu¨ıtive to our normal way of thinking. As we shall see, quantum mechanics does not give us a deterministic view of the world..
Recommended publications
  • A Differential Fault Attack on MICKEY

    A Differential Fault Attack on MICKEY

    A Differential Fault Attack on MICKEY 2.0 Subhadeep Banik and Subhamoy Maitra Applied Statistics Unit, Indian Statistical Institute Kolkata, 203, B.T. Road, Kolkata-108. s.banik [email protected], [email protected] Abstract. In this paper we present a differential fault attack on the stream cipher MICKEY 2.0 which is in eStream's hardware portfolio. While fault attacks have already been reported against the other two eStream hardware candidates Trivium and Grain, no such analysis is known for MICKEY. Using the standard assumptions for fault attacks, we show that if the adversary can induce random single bit faults in the internal state of the cipher, then by injecting around 216:7 faults and performing 232:5 computations on an average, it is possible to recover the entire internal state of MICKEY at the beginning of the key-stream generation phase. We further consider the scenario where the fault may affect at most three neighbouring bits and in that case we require around 218:4 faults on an average. Keywords: eStream, Fault attacks, MICKEY 2.0, Stream Cipher. 1 Introduction The stream cipher MICKEY 2.0 [4] was designed by Steve Babbage and Matthew Dodd as a submission to the eStream project. The cipher has been selected as a part of eStream's final hardware portfolio. MICKEY is a synchronous, bit- oriented stream cipher designed for low hardware complexity and high speed. After a TMD tradeoff attack [16] against the initial version of MICKEY (ver- sion 1), the designers responded by tweaking the design by increasing the state size from 160 to 200 bits and altering the values of some control bit tap loca- tions.
  • Detection and Exploitation of Small Correlations in Stream Ciphers

    Detection and Exploitation of Small Correlations in Stream Ciphers

    Detection and Exploitation of Small Correlations in Stream Ciphers Masterthesis conducted under the guidance of Prof. Dr. Joachim Rosenthal and Dr. Gérard Maze Institute of Mathematics, University of Zurich 2008 Urs Wagner Outline This thesis gives an overview of stream ciphers based on linear feedback shift registers (LFSR) and their vulnerability to correlation attacks. In the rst chapter, a short introduction to symmetric key ciphers is given. The main focus hereby is on LFSR based stream ciphers. Further, the principles of LFSR are presented. The chapter is then closed by a stream cipher example, the Gee Generator. The second chapter treats the general approach of correlation attacks. Moreover a correlation attack is mounted on the Gee Generator and the practical results are presented. Boolean functions play an important role in stream cipher designs. The Walsh transform, a tool to analyze the cryptographic properties of Boolean functions, is introduced in chapter 3. Additionally, the cryptographic properties themselves are discussed. In the fourth chapter, an improved kind of correlation attack -the fast correlation attack- is presented. It exploits the same weaknesses in the stream cipher designs as the correlation attack, the mode of operation is however dierent. In the last chapter, the insights gained in the previous chapters are used to suggest an attack on a stream cipher by Philips, named Hitag 2. 1 Acknowledgments This thesis was written in the course of my master's studies at the University of Zurich. I am grateful to Prof. Joachim Rosenthal who gave me the opportunity to write my master thesis in cryptography. Special thanks go to Dr.
  • Analysis of Selected Block Cipher Modes for Authenticated Encryption

    Analysis of Selected Block Cipher Modes for Authenticated Encryption

    Analysis of Selected Block Cipher Modes for Authenticated Encryption by Hassan Musallam Ahmed Qahur Al Mahri Bachelor of Engineering (Computer Systems and Networks) (Sultan Qaboos University) – 2007 Thesis submitted in fulfilment of the requirement for the degree of Doctor of Philosophy School of Electrical Engineering and Computer Science Science and Engineering Faculty Queensland University of Technology 2018 Keywords Authenticated encryption, AE, AEAD, ++AE, AEZ, block cipher, CAESAR, confidentiality, COPA, differential fault analysis, differential power analysis, ElmD, fault attack, forgery attack, integrity assurance, leakage resilience, modes of op- eration, OCB, OTR, SHELL, side channel attack, statistical fault analysis, sym- metric encryption, tweakable block cipher, XE, XEX. i ii Abstract Cryptography assures information security through different functionalities, es- pecially confidentiality and integrity assurance. According to Menezes et al. [1], confidentiality means the process of assuring that no one could interpret infor- mation, except authorised parties, while data integrity is an assurance that any unauthorised alterations to a message content will be detected. One possible ap- proach to ensure confidentiality and data integrity is to use two different schemes where one scheme provides confidentiality and the other provides integrity as- surance. A more compact approach is to use schemes, called Authenticated En- cryption (AE) schemes, that simultaneously provide confidentiality and integrity assurance for a message. AE can be constructed using different mechanisms, and the most common construction is to use block cipher modes, which is our focus in this thesis. AE schemes have been used in a wide range of applications, and defined by standardisation organizations. The National Institute of Standards and Technol- ogy (NIST) recommended two AE block cipher modes CCM [2] and GCM [3].
  • Comparing Some Pseudo-Random Number Generators and Cryptography Algorithms Using a General Evaluation Pattern

    Comparing Some Pseudo-Random Number Generators and Cryptography Algorithms Using a General Evaluation Pattern

    I.J. Information Technology and Computer Science, 2016, 9, 25-31 Published Online September 2016 in MECS (http://www.mecs-press.org/) DOI: 10.5815/ijitcs.2016.09.04 Comparing Some Pseudo-Random Number Generators and Cryptography Algorithms Using a General Evaluation Pattern Ahmad Gaeini Imam Husein Comprehensive University, Iran E-mail: [email protected] Abdolrasoul Mirghadri1, Gholamreza Jandaghi2, Behbod Keshavarzi3 1Imam Husein Comprehensive University, Iran, E-mail: [email protected] 2Corresponding Author, University of Tehran, Farabi College, E-mail: [email protected] 3Shahed University, E-mail: [email protected] Abstract—Since various pseudo-random algorithms and generated by using chaotic systems and perturbation and sequences are used for cryptography of data or as initial by choosing least significant bits (LSB’s).In [4] and [5], values for starting a secure communication, how these chaotic maps have been used to design a cryptographic algorithms are analyzed and selected is very important. In algorithm; furthermore, output sequence has been fact, given the growingly extensive types of pseudo- statistically analyzed and method has also been evaluated random sequences and block and stream cipher in term of vulnerability to a variety of attacks, which has algorithms, selection of an appropriate algorithm needs proved the security of algorithm. In [6], a new an accurate and thorough investigation. Also, in order to pseudorandom number generator based on a complex generate a pseudo-random sequence and generalize it to a number chaotic equation has been introduced and cryptographer algorithm, a comprehensive and regular randomness of the produced sequence has been proven by framework is needed, so that we are enabled to evaluate NIST tests.
  • New Algorithms and Architectures for Arithmetic in GF (2 M) Suitable For

    New Algorithms and Architectures for Arithmetic in GF (2 M) Suitable For

    AN ABSTRACT OF THE THESIS OF Francisco RodrIguez-HenrIquez for the degree of Doctor of Philosophy in Electrical & Computer Engineering presented on June 07, 2000. Title:New Algorithms and Architectures for Arithmetic in GF(2m Suitable for Elliptic Curve Cryptography Redacted for Privacy Abstract approved: cetin K. Koç During the last few years we have seen formidable advances in digital and mo- bile communication technologies such as cordless and cellular telephones, personal communication systems, Internet connection expansion, etc. The vast majority of digital information used in all these applications is stored and also processed within a computer system, and then transferred between computers via fiber optic, satellite systems, and/or Internet. In all these new scenarios, secure information transmission and storage has a paramount importance in the emerging interna- tional information infrastructure, especially, for supporting electronic commerce and other security related services. The techniques for the implementation of secure information handling and management are provided by cryptography, which can be succinctly defined as the study of how to establish secure communication in an adversarial environ- ment. Among the most important applications of cryptography, we can mention data encryption, digital cash, digital signatures, digital voting, network authenti- cation, data distribution and smart cards. The security of currently used cryptosystems is based on the computational complexity of an underlying mathematical problem, such as factoring largenum- bers or computing discrete logarithms for large numbers. These problems,are believed to be very hard to solve. In the practice, only a small number of mathe- matical structures could so far be applied to build public-key mechanisms.
  • Grain-128A: a New Version of Grain-128 with Optional Authentication

    Grain-128A: a New Version of Grain-128 with Optional Authentication

    Grain-128a: a new version of Grain-128 with optional authentication Ågren, Martin; Hell, Martin; Johansson, Thomas; Meier, Willi Published in: International Journal of Wireless and Mobile Computing DOI: 10.1504/IJWMC.2011.044106 2011 Link to publication Citation for published version (APA): Ågren, M., Hell, M., Johansson, T., & Meier, W. (2011). Grain-128a: a new version of Grain-128 with optional authentication. International Journal of Wireless and Mobile Computing, 5(1), 48-59. https://doi.org/10.1504/IJWMC.2011.044106 Total number of authors: 4 General rights Unless other specific re-use rights are stated the following general rights apply: Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal Read more about Creative commons licenses: https://creativecommons.org/licenses/ Take down policy If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim. LUND UNIVERSITY PO Box 117 221 00 Lund +46 46-222 00 00 Grain-128a: A New Version of Grain-128 with Optional Authentication Martin Agren˚ 1, Martin Hell1, Thomas Johansson1, and Willi Meier2 1 Dept.
  • Cryptography Using Random Rc4 Stream Cipher on SMS for Android-Based Smartphones

    Cryptography Using Random Rc4 Stream Cipher on SMS for Android-Based Smartphones

    (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 9, No. 12, 2018 Cryptography using Random Rc4 Stream Cipher on SMS for Android-Based Smartphones Rifki Rifki1, Anindita Septiarini2, Heliza Rahmania Hatta3 Department of Computer Science, Faculty of Computer Science and Information Technology, Mulawarman University, Jl. Panajam Kampus Gn. Kelua, Samarinda, Indonesia. Abstract—Messages sent using the default Short Message image/graphic is 160 characters using 7 bits or 70 characters Service (SMS) application have to pass the SMS Center (SMSC) using 16 bits of character encoding [5]. to record the communication between the sender and recipient. Therefore, the message security is not guaranteed because it may Cryptographic methods are divided based on key-based read by irresponsible people. This research proposes the RC4 and keyless [6]. Several conventional keyless cryptographic stream cipher method for security in sending SMS. However, methods have implemented for improving data security such RC4 has any limitation in the Key Scheduling Algorithm (KSA) as Caesar ciphers [7], Vigenere ciphers [8], [9], Zigzag ciphers and Pseudo Random Generation Algorithm (PRGA) phases. [10], and Playfair cipher [11]. Those methods are more Therefore, this research developed RC4 with a random initial complex and consume a significant amount of power when state to increase the randomness level of the keystream. This applied in the resource-constrained devices for the provision SMS cryptography method applied the processes of encryption of secure communication [12]. Another method that has used against the sent SMS followed by decryption against the received is key-based with Symmetric Cryptography. The type of SMS. The performance of the proposed method is evaluated encryption that used is to provide end-to-end security to SMS based on the time of encryption and decryption as well as the messages.
  • Identifying Open Research Problems in Cryptography by Surveying Cryptographic Functions and Operations 1

    Identifying Open Research Problems in Cryptography by Surveying Cryptographic Functions and Operations 1

    International Journal of Grid and Distributed Computing Vol. 10, No. 11 (2017), pp.79-98 http://dx.doi.org/10.14257/ijgdc.2017.10.11.08 Identifying Open Research Problems in Cryptography by Surveying Cryptographic Functions and Operations 1 Rahul Saha1, G. Geetha2, Gulshan Kumar3 and Hye-Jim Kim4 1,3School of Computer Science and Engineering, Lovely Professional University, Punjab, India 2Division of Research and Development, Lovely Professional University, Punjab, India 4Business Administration Research Institute, Sungshin W. University, 2 Bomun-ro 34da gil, Seongbuk-gu, Seoul, Republic of Korea Abstract Cryptography has always been a core component of security domain. Different security services such as confidentiality, integrity, availability, authentication, non-repudiation and access control, are provided by a number of cryptographic algorithms including block ciphers, stream ciphers and hash functions. Though the algorithms are public and cryptographic strength depends on the usage of the keys, the ciphertext analysis using different functions and operations used in the algorithms can lead to the path of revealing a key completely or partially. It is hard to find any survey till date which identifies different operations and functions used in cryptography. In this paper, we have categorized our survey of cryptographic functions and operations in the algorithms in three categories: block ciphers, stream ciphers and cryptanalysis attacks which are executable in different parts of the algorithms. This survey will help the budding researchers in the society of crypto for identifying different operations and functions in cryptographic algorithms. Keywords: cryptography; block; stream; cipher; plaintext; ciphertext; functions; research problems 1. Introduction Cryptography [1] in the previous time was analogous to encryption where the main task was to convert the readable message to an unreadable format.
  • On the Design and Analysis of Stream Ciphers Hell, Martin

    On the Design and Analysis of Stream Ciphers Hell, Martin

    On the Design and Analysis of Stream Ciphers Hell, Martin 2007 Link to publication Citation for published version (APA): Hell, M. (2007). On the Design and Analysis of Stream Ciphers. Department of Electrical and Information Technology, Lund University. Total number of authors: 1 General rights Unless other specific re-use rights are stated the following general rights apply: Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal Read more about Creative commons licenses: https://creativecommons.org/licenses/ Take down policy If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim. LUND UNIVERSITY PO Box 117 221 00 Lund +46 46-222 00 00 On the Design and Analysis of Stream Ciphers Martin Hell Ph.D. Thesis September 13, 2007 Martin Hell Department of Electrical and Information Technology Lund University Box 118 S-221 00 Lund, Sweden e-mail: [email protected] http://www.eit.lth.se/ ISBN: 91-7167-043-2 ISRN: LUTEDX/TEIT-07/1039-SE c Martin Hell, 2007 Abstract his thesis presents new cryptanalysis results for several different stream Tcipher constructions.
  • MICKEY 2.0. 85: a Secure and Lighter MICKEY 2.0 Cipher Variant With

    MICKEY 2.0. 85: a Secure and Lighter MICKEY 2.0 Cipher Variant With

    S S symmetry Article MICKEY 2.0.85: A Secure and Lighter MICKEY 2.0 Cipher Variant with Improved Power Consumption for Smaller Devices in the IoT Ahmed Alamer 1,2,*, Ben Soh 1 and David E. Brumbaugh 3 1 Department of Computer Science and Information Technology, School of Engineering and Mathematical Sciences, La Trobe University, Victoria 3086, Australia; [email protected] 2 Department of Mathematics, College of Science, Tabuk University, Tabuk 7149, Saudi Arabia 3 Techno Authority, Digital Consultant, 358 Dogwood Drive, Mobile, AL 36609, USA; [email protected] * Correspondence: [email protected]; Tel.: +61-431-292-034 Received: 31 October 2019; Accepted: 20 December 2019; Published: 22 December 2019 Abstract: Lightweight stream ciphers have attracted significant attention in the last two decades due to their security implementations in small devices with limited hardware. With low-power computation abilities, these devices consume less power, thus reducing costs. New directions in ultra-lightweight cryptosystem design include optimizing lightweight cryptosystems to work with a low number of gate equivalents (GEs); without affecting security, these designs consume less power via scaled-down versions of the Mutual Irregular Clocking KEYstream generator—version 2-(MICKEY 2.0) cipher. This study aims to obtain a scaled-down version of the MICKEY 2.0 cipher by modifying its internal state design via reducing shift registers and modifying the controlling bit positions to assure the ciphers’ pseudo-randomness. We measured these changes using the National Institutes of Standards and Testing (NIST) test suites, investigating the speed and power consumption of the proposed scaled-down version named MICKEY 2.0.85.
  • Adding MAC Functionality to Edon80

    Adding MAC Functionality to Edon80

    194 IJCSNS International Journal of Computer Science and Network Security, VOL.7 No.1, January 2007 Adding MAC Functionality to Edon80 Danilo Gligoroski and Svein J. Knapskog “Centre for Quantifiable Quality of Service in Communication Systems”, Norwegian University of Science and Technology, Trondheim, Norway Summary VEST. At the time of writing, it seams that for NLS and In this paper we show how the synchronous stream cipher Phelix some weaknesses have been found [11,12]. Edon80 - proposed as a candidate stream cipher in Profile 2 of Although the eSTREAM project does not accept anymore the eSTREAM project, can be efficiently upgraded to a any tweaks or new submissions, we think that the design synchronous stream cipher with authentication. We are achieving of an efficient authentication techniques as a part of the that by simple addition of two-bit registers into the e- internal definition of the remaining unbroken stream transformers of Edon80 core, an additional 160-bit shift register and by putting additional communication logic between ciphers of Phase 2 of eSTREAM project still is an neighboring e-transformers of the Edon80 pipeline core. This important research challenge. upgrade does not change the produced keystream from Edon80 Edon80 is one of the stream ciphers that has been and we project that in total it will need not more then 1500 gates. proposed for hardware based implementations (PROFILE A previous version of the paper with the same title that has been 2) [13]. Its present design does not contain an presented at the Special Workshop “State of the Art of Stream authentication mechanism by its own.
  • Analysis of Lightweight Stream Ciphers

    Analysis of Lightweight Stream Ciphers

    ANALYSIS OF LIGHTWEIGHT STREAM CIPHERS THÈSE NO 4040 (2008) PRÉSENTÉE LE 18 AVRIL 2008 À LA FACULTÉ INFORMATIQUE ET COMMUNICATIONS LABORATOIRE DE SÉCURITÉ ET DE CRYPTOGRAPHIE PROGRAMME DOCTORAL EN INFORMATIQUE, COMMUNICATIONS ET INFORMATION ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE POUR L'OBTENTION DU GRADE DE DOCTEUR ÈS SCIENCES PAR Simon FISCHER M.Sc. in physics, Université de Berne de nationalité suisse et originaire de Olten (SO) acceptée sur proposition du jury: Prof. M. A. Shokrollahi, président du jury Prof. S. Vaudenay, Dr W. Meier, directeurs de thèse Prof. C. Carlet, rapporteur Prof. A. Lenstra, rapporteur Dr M. Robshaw, rapporteur Suisse 2008 F¨ur Philomena Abstract Stream ciphers are fast cryptographic primitives to provide confidentiality of electronically transmitted data. They can be very suitable in environments with restricted resources, such as mobile devices or embedded systems. Practical examples are cell phones, RFID transponders, smart cards or devices in sensor networks. Besides efficiency, security is the most important property of a stream cipher. In this thesis, we address cryptanalysis of modern lightweight stream ciphers. We derive and improve cryptanalytic methods for dif- ferent building blocks and present dedicated attacks on specific proposals, including some eSTREAM candidates. As a result, we elaborate on the design criteria for the develop- ment of secure and efficient stream ciphers. The best-known building block is the linear feedback shift register (LFSR), which can be combined with a nonlinear Boolean output function. A powerful type of attacks against LFSR-based stream ciphers are the recent algebraic attacks, these exploit the specific structure by deriving low degree equations for recovering the secret key.