DOCSLIB.ORG

Applying Conditional Linear Cryptanalysis to Ciphers with Key- Dependant Operations

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Applying Conditional Linear Cryptanalysis to Ciphers with Key- Dependant Operations Applying Conditional Linear Cryptanalysis to Ciphers with Key- Dependant Operations REINER DOJEN TOM COFFEY Data Communications Security Laboratory Department of Electronic and Computer Engineering University of Limerick IRELAND Abstract: - Linear cryptanalysis has been proven to be a powerful attack that can be applied to a number of symmetric block ciphers. However, conventional linear cryptanalysis is ineffective in attacking ciphers that use key-dependent operations, such as ICE, Lucifer and SAFER. In this paper conditional linear cryptanalysis, which uses characteristics that depend on some key-bit values, is introduced. This technique and its application to symmetric ciphers are analysed. The consequences of using key-dependent characteristics are explained and a formal notation of conditional linear cryptanalysis is presented. As a case study, conditional linear cryptanalysis is applied to the ICE cipher, which uses key-dependant operations to improve resistance against cryptanalysis. A successful attack on ThinICE using the new technique is presented. Further, experimental work supporting the effectiveness of conditional linear cryptanalysis is also detailed., Key-Words: - Cryptography, Cryptanalysis, Linear cryptanalysis, Symmetric ciphers, Attack 1 Introduction In contrast to differential cryptanalysis, linear As the volume of data transmitted over the world's cryptanalysis uses linear approximations to describe expanding communication networks increases so the F-function of a block cipher. Thus, if some also does the demand for data security services such plaintext bits and ciphertext bits are XORed as confidentiality and integrity. This protection can together, then the result equals the XOR of some be achieved by using either a public key cipher or a bits of the key (with a probability p, for the key) and symmetric cipher. Due to their superior speed, any random plaintext/ciphertext pair. symmetric ciphers are particularly suited for With this method the adversary can deduce part of securely handling large amounts of data. the key. The remaining key bits can be obtained by In the early 1990's two statistical attacks on a brute force search. Linear cryptanalysis is a symmetric ciphers, differential [1] and linear known-plaintext attack, as the adversary only has to cryptanalysis [2][3][4], were invented. know, rather than to choose, the plaintext and Differential cryptanalysis examines pairs of ciphertext pairs. Ciphers susceptible to linear plaintext with a particular difference and analyses cryptanalysis include SC2000 [5], Serpent [10], these differences throughout the encipher process. SAFER[11], RC6[12], RC5[13]. Looking at the resulting differences in the This paper presents conditional linear ciphertext, the key, or parts of the key, can be cryptanalysis, which is a derivation on linear deduced. Differential cryptanalysis is a chosen- cryptanalysis. Conditional linear cryptanalysis is plaintext attack, as both the plaintext and the useful for attacks on block ciphers that employ key- ciphertext are known to the attacker and the dependent operations in their F-function. The plaintexts have to satisfy particular properties. A process of applying conditional linear cryptanalysis chosen-plaintext attack can be changed to a known- to ciphers with key-dependant operations is detailed. plaintext attack, by increasing the amount of the As a case study, conditional linear cryptanalysis is plaintexts, assuming that within the known applied to ICE. It is shown that a conditional linear plaintexts sufficient pairs with the needed properties attack can be successfully applied to ThinICE, while are available. Ciphers with weaknesses against standard ICE appears to be secure. The results of an differential cryptanalysis include SC2000 [5], experimental attack, which support the effectiveness SAFER+[6], RC5 [7], KHF [8], ICE[9]. of conditional linear cryptanalysis, are also presented. 2 Conditional Linear Cryptanalysis assumption is correct. If the key used is outside the Symmetric block ciphers sometimes use key- covered key-space, the attack will fail. dependant operations (other than simple XOR) to At a first glance this seems to render the attack prevent the application of cryptanalysis. Examples useless, as the size of the covered key-space for such key-dependant operations include the keyed decreases exponentially with the number of fixed permutation of ICE [14], the exchange of nibbles in key bits. However, multiple conditional Lucifer [15] and the combination of bytes with sub- characteristics can be used simultaneously to keys in SAFER [16]. In Lucifer and ICE certain increase the overall covered key-space significantly. parts of data are exchanged according to some sub- In order to maximize the effectiveness of the key bits. As a result, the exact path of the data-bits attack, it is advisable to use characteristics that are through the cipher can only be determined if the key affected by as few key-bits as possible. Further care is known (if the part of the key that controls the key- must be taken in combining multiple rounds, to dependant operation is known). Conventional linear ensure that none of the assumptions contradict each cryptanalysis cannot be applied to such key- other. As most ciphers expand their key into sub- dependant ciphers, as a requirement for this attack is keys, the same key-bit most likely will affect the ability to trace the exact path of bits through the multiple key-dependant operations in several cipher. Here conditional linear cryptanalysis is rounds. Hence, the attacker must be careful not to presented as an enhancement of linear cryptanalysis. use characteristics that assume opposite values for Conditional linear cryptanalysis uses key-dependant the same key-bit. characteristics to circumvent the problems introduced by the key-dependant operations. 2.3 Formal Notation of Conditional Linear Cryptanalysis 2.1 The Operation of Conditional Linear Conditional linear cryptanalysis is formally notated Cryptanalysis as follows: Conditional linear cryptanalysis, like conventional P The plaintext (the data before the linear cryptanalysis, is a known plaintext attack and first round = L0R0). is detailed as follows: A characteristic with a C The ciphertext (the data after the last sufficiently high bias is selected and those key bits round). (or sub-key bits) that affect the bits of the chosen Lr, Rr The left/right data half after round r. characteristic with regard to the key-dependant K The secret key. operation are determined. In the next step, fixed SKr The sub-key used in round r. values are assigned to these key bits. The F(Rr-1, SKr) The F-function as applied in round r. assignment of values to key bits turns the used A[i] The i-th bit of the binary vector A. characteristic into a conditional characteristic. The A[i,j,...,k] The binary XOR of the named bits, conditional characteristic is valid, only if the key i.e. A[i] ⊕ A[j] ⊕ … ⊕ A[k] used for encryption satisfies the condition that the | i,j,....,k Condition on key bits: ‘i’ indicates selected bits have the assigned values, otherwise it K[i]=1, ‘~i’ indicates K[i]=0. is void. This assignment effectively divides the key- space in two parts: The first part, also called the A conditional linear characteristic is expressed as: covered key-space, contains all the keys for which ⊕ = P[i1 ,i2 ,...,ia ] C[ j1 , j2 ,..., jb ] the characteristic is valid, the second contains all the keys for which the characteristic is void. Under the K[k1 ,k2 ,...,kc ] | c1 ,c2 ,...,cd assumption that the assignment of key bits is correct where i1,i2,…,ia, j1,j2,...,jb and k1,k2,...,kc denote fixed the attacker knows the exact path of the selected bits bit locations and the c1,c2, …,cn indicate the through the cipher. This knowledge allows the conditions on the used key K. The notation for a attacker to continue the attack according to single-round characteristic and a multi-round conventional linear cryptanalysis. characteristic is basically the same. Any intermediate terms in a multi-round characteristic 2.2 The Consequences of Applying appear twice and hence are cancelled out. The Conditional Characteristics conditions on intermediate terms cannot be When using a conditional characteristic, the attacker neglected and need to be added to the list of assumes that some key bits have a fixed value. conditions. Hence, this list increases with every Hence, the attack can only succeed if this non-trivial round. In the above equation for a conditional linear characteristic sub-key bits can be used instead of key bits. However, if the key- the trivial characteristic. However, it will be shown, schedule is not invertible, sub-key bits must be used, that some characteristics can be combined with the as the sub-key governs the key-dependant operation. trivial characteristic to form three-round The above characteristic can also be expressed as: characteristics. Even though this decreases the overall bias, as only one in three rounds is a trivial P[i ,i ,..,i ] ⊕ C[ j , j ,.., j ] = SK [k ,k ,..,k ] ⊕ round (rather than every second round when 1 2 a 1 2 b 1 11 12 1c ...⊕ SK [k ,k ,..,k ] | c ,c ,..,c multiple-bit characteristics are employed), this r k1 k 2 kd 1 2 e approach is preferred as the decrease of the bias is linear. In contrast to this, using multiple-bit Note that in this equation, c1,c2,…,ce express characteristics would result in an exponential conditions on sub-key bits, rather than on key bits. decrease in the covered key-space. As mentioned before, care must be taken to ensure that the conditions of the used characteristics do not 3 Case Study: Conditional Linear contradict each other. The linear equation for 3- Cryptanalysis Applied to ICE round conditional linear characteristics becomes: In this section we present a case study of the α ⊕ β = γ ⊕ δ ν ν application of conditional linear cryptanalysis. A L0 [ ] L3[ ] SK1[ ] SK 2 [ ] | α , β theoretical analysis of the ICE algorithm is detailed.
Load more

Recommended publications
  • Vector Boolean Functions: Applications in Symmetric Cryptography
    Vector Boolean Functions: Applications in Symmetric Cryptography José Antonio Álvarez Cubero Departamento de Matemática Aplicada a las Tecnologías de la Información y las Comunicaciones Universidad Politécnica de Madrid This dissertation is submitted for the degree of Doctor Ingeniero de Telecomunicación Escuela Técnica Superior de Ingenieros de Telecomunicación November 2015 I would like to thank my wife, Isabel, for her love, kindness and support she has shown during the past years it has taken me to finalize this thesis. Furthermore I would also liketo thank my parents for their endless love and support. Last but not least, I would like to thank my loved ones such as my daughter and sisters who have supported me throughout entire process, both by keeping me harmonious and helping me putting pieces together. I will be grateful forever for your love. Declaration The following papers have been published or accepted for publication, and contain material based on the content of this thesis. 1. [7] Álvarez-Cubero, J. A. and Zufiria, P. J. (expected 2016). Algorithm xxx: VBF: A library of C++ classes for vector Boolean functions in cryptography. ACM Transactions on Mathematical Software. (In Press: http://toms.acm.org/Upcoming.html) 2. [6] Álvarez-Cubero, J. A. and Zufiria, P. J. (2012). Cryptographic Criteria on Vector Boolean Functions, chapter 3, pages 51–70. Cryptography and Security in Computing, Jaydip Sen (Ed.), http://www.intechopen.com/books/cryptography-and-security-in-computing/ cryptographic-criteria-on-vector-boolean-functions. (Published) 3. [5] Álvarez-Cubero, J. A. and Zufiria, P. J. (2010). A C++ class for analysing vector Boolean functions from a cryptographic perspective.
    [Show full text]
  • A Preliminary Empirical Study to Compare MPI and Openmp ISI-TR-676
    A preliminary empirical study to compare MPI and OpenMP ISI-TR-676 Lorin Hochstein, Victor R. Basili December 2011 Abstract Context: The rise of multicore is bringing shared-memory parallelism to the masses. The community is struggling to identify which parallel models are most productive. Objective: Measure the effect of MPI and OpenMP models on programmer productivity. Design: One group of programmers solved the sharks and fishes problem using MPI and a second group solved the same problem using OpenMP, then each programmer switched models and solved the same problem again. The participants were graduate students in an HPC course. Measures: Development effort (hours), program correctness (grades), pro- gram performance (speedup versus serial implementation). Results: Mean OpenMP development time was 9.6 hours less than MPI (95% CI, 0.37 − 19 hours), a 43% reduction. No statistically significant difference was observed in assignment grades. MPI performance was better than OpenMP performance for 4 out of the 5 students that submitted correct implementations for both models. Conclusions: OpenMP solutions for this problem required less effort than MPI, but insufficient power to measure the effect on correctness. The perfor- mance data was insufficient to draw strong conclusions but suggests that unop- timized MPI programs perform better than unoptimized OpenMP programs, even with a similar parallelization strategy. Further studies are necessary to examine different programming problems, models, and levels of programmer experience. Chapter 1 INTRODUCTION In the high-performance computing community, the dominant parallel pro- gramming model today is MPI, with OpenMP as a distant but clear second place [1,2]. MPI’s advantage over OpenMP on distributed memory systems is well-known, and consequently MPI usage dominates in large-scale HPC sys- tems.
    [Show full text]
  • Identifying Open Research Problems in Cryptography by Surveying Cryptographic Functions and Operations 1
    International Journal of Grid and Distributed Computing Vol. 10, No. 11 (2017), pp.79-98 http://dx.doi.org/10.14257/ijgdc.2017.10.11.08 Identifying Open Research Problems in Cryptography by Surveying Cryptographic Functions and Operations 1 Rahul Saha1, G. Geetha2, Gulshan Kumar3 and Hye-Jim Kim4 1,3School of Computer Science and Engineering, Lovely Professional University, Punjab, India 2Division of Research and Development, Lovely Professional University, Punjab, India 4Business Administration Research Institute, Sungshin W. University, 2 Bomun-ro 34da gil, Seongbuk-gu, Seoul, Republic of Korea Abstract Cryptography has always been a core component of security domain. Different security services such as confidentiality, integrity, availability, authentication, non-repudiation and access control, are provided by a number of cryptographic algorithms including block ciphers, stream ciphers and hash functions. Though the algorithms are public and cryptographic strength depends on the usage of the keys, the ciphertext analysis using different functions and operations used in the algorithms can lead to the path of revealing a key completely or partially. It is hard to find any survey till date which identifies different operations and functions used in cryptography. In this paper, we have categorized our survey of cryptographic functions and operations in the algorithms in three categories: block ciphers, stream ciphers and cryptanalysis attacks which are executable in different parts of the algorithms. This survey will help the budding researchers in the society of crypto for identifying different operations and functions in cryptographic algorithms. Keywords: cryptography; block; stream; cipher; plaintext; ciphertext; functions; research problems 1. Introduction Cryptography [1] in the previous time was analogous to encryption where the main task was to convert the readable message to an unreadable format.
    [Show full text]
  • A Brief Outlook at Block Ciphers
    A Brief Outlook at Block Ciphers Pascal Junod Ecole¶ Polytechnique F¶ed¶eralede Lausanne, Suisse CSA'03, Rabat, Maroc, 10-09-2003 Content F Generic Concepts F DES / AES F Cryptanalysis of Block Ciphers F Provable Security CSA'03, 10 septembre 2003, Rabat, Maroc { i { Block Cipher P e d P C K K CSA'03, 10 septembre 2003, Rabat, Maroc { ii { Block Cipher (2) F Deterministic, invertible function: e : {0, 1}n × K → {0, 1}n d : {0, 1}n × K → {0, 1}n F The function is parametered by a key K. F Mapping an n-bit plaintext P to an n-bit ciphertext C: C = eK(P ) F The function must be a bijection for a ¯xed key. CSA'03, 10 septembre 2003, Rabat, Maroc { iii { Product Ciphers and Iterated Block Ciphers F A product cipher combines two or more transformations in a manner intending that the resulting cipher is (hopefully) more secure than the individual components. F An iterated block cipher is a block cipher involving the sequential repeti- tion of an internal function f called a round function. Parameters include the number of rounds r, the block bit size n and the bit size k of the input key K from which r subkeys ki (called round keys) are derived. For invertibility purposes, the round function f is a bijection on the round input for each value ki. CSA'03, 10 septembre 2003, Rabat, Maroc { iv { Product Ciphers and Iterated Block Ciphers (2) P K f k1 f k2 f kr C CSA'03, 10 septembre 2003, Rabat, Maroc { v { Good and Bad Block Ciphers F Flexibility F Throughput F Estimated Security Level CSA'03, 10 septembre 2003, Rabat, Maroc { vi { Data Encryption Standard (DES) F American standard from (1976 - 1998).
    [Show full text]
  • The Block Cipher SC2000
    The Block Cipher SC2000 Takeshi Shimoyama1, Hitoshi Yanami1, Kazuhiro Yokoyama1, Masahiko Takenaka2, Kouichi Itoh2, Jun Yajima2, Naoya Torii2, and Hidema Tanaka3 1 Fujitsu Laboratories LTD. 4-1-1, Kamikodanaka Nakahara-ku Kawasaki 211-8588, Japan {shimo,yanami,kayoko}@flab.fujitsu.co.jp 2 Fujitsu Laboratories LTD. 64, Nishiwaki, Ohkubo-cho, Akashi 674-8555, Japan {takenaka,kito,jyajima,torii}@flab.fujitsu.co.jp 3 Science University of Tokyo Yamazaki, Noda, Chiba, 278 Japan [email protected] Abstract. In this paper, we propose a new symmetric key block cipher SC2000 with 128-bit block length and 128-,192-,256-bit key lengths. The block cipher is constructed by piling two layers: one is a Feistel structure layer and the other is an SPN structure layer. Each operation used in two layers is S-box or logical operation, which has been well studied about security. It is a strong feature of the cipher that the fast software implementations are available by using the techniques of putting together S-boxes in various ways and of the Bitslice implementation. 1 Introduction In this paper, we propose a new block cipher SC2000. The algorithm has 128-bit data inputs and outputs and 128-bit, 192-bit, and 256-bit keys can be used. Our design policy for the cipher is to enable high-speed in software and hardware processing on various platforms while maintaining the high-level security as ci- pher. The cipher is constructed by piling a Feistel and an SPN structures with S-boxes for realizing those properties. For evaluation of security, we inspect the security in the design against dif- ferential attacks, linear attacks, higher order differential attacks, interpolation attacks, and so on.
    [Show full text]
  • Basic Cryptanalysis Methods on Block Ciphers
    1 BASIC CRYPTANALYSIS METHODS ON BLOCK CIPHERS A THESIS SUBMITTED TO THE GRADUATE SCHOOL OF APPLIED MATHEMATICS OF MIDDLE EAST TECHNICAL UNIVERSITY BY DILEK˙ C¸ELIK˙ IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF SCIENCE IN CRYPTOGRAPHY MAY 2010 Approval of the thesis: BASIC CRYPTANALYSIS METHODS ON BLOCK CIPHERS submitted by DILEK˙ C¸ELIK˙ in partial fulfillment of the requirements for the degree of Master of Science in Department of Cryptography, Middle East Technical University by, Prof. Dr. Ersan AKYILDIZ Director, Graduate School of Applied Mathematics Prof. Dr. Ferruh OZBUDAK¨ Head of Department, Cryptography Assoc. Prof. Dr. Ali DOGANAKSOY˘ Supervisor, Department of Mathematics, METU Examining Committee Members: Prof. Dr. Ferruh OZBUDAK¨ Department of Mathematics, METU Assoc. Prof. Dr. Ali DOGANAKSOY˘ Department of Mathematics, METU Assist. Prof. Dr. Zulf¨ ukar¨ SAYGI Department of Mathematics, TOBB ETU Dr. Muhiddin UGUZ˘ Department of Mathematics, METU Dr. Murat CENK Department of Cryptography, METU Date: I hereby declare that all information in this document has been obtained and presented in accordance with academic rules and ethical conduct. I also declare that, as required by these rules and conduct, I have fully cited and referenced all material and results that are not original to this work. Name, Last Name: DILEK˙ C¸ELIK˙ Signature : iii ABSTRACT BASIC CRYPTANALYSIS METHODS ON BLOCK CIPHERS C¸elik, Dilek M.S., Department of Cryptography Supervisor : Assoc. Prof. Dr. Ali DOGANAKSOY˘ May 2010, 119 pages Differential cryptanalysis and linear cryptanalysis are the first significant methods used to at- tack on block ciphers. These concepts compose the keystones for most of the attacks in recent years.
    [Show full text]
  • ACUSON SC2000TM Volume Imaging Ultrasound System
    ACUSON SC2000TM Volume Imaging Ultrasound System XXXXXXXXXXXXxxXXXXXXXXXXXXXXXXXXXX DICOM Conformance Statement Version VA16D, VA16E 30-Sept-2011 © Siemens Healthcare 2011 All rights reserved Siemens Healthcare, Henkestr. 127, D-91052 Erlangen, Germany Headquarters: Berlin and Munich Siemens AG, Wittelsbacher Platz 2, D-80333 Munich, Germany ACUSON SC2000TM is a trademark of Siemens Healthcare. TM ACUSON SC2000 Volume Imaging Ultrasound System DICOM Conformance Statement CONFORMANCE STATEMENT OVERVIEW The ACUSON SC2000TM Volume Imaging Ultrasound System supports the following DICOM Application Entities: - Verification o Verification AE - Transfer o Storage AE o Storage Commitment AE - Query / Retrieve o Query AE o Retrieve AE - Workflow Management o Worklist AE o MPPS AE Table 1. NETWORK SERVICES Service Class User Service Class Provider SOP Classes (SCU) (SCP) VERIFICATION Verification AE Verification Yes Yes TRANSFER Storage AE Ultrasound Image Storage Yes Yes Ultrasound Multi-frame Image Storage Yes Yes Secondary Capture Image Storage Yes Yes Comprehensive SR Yes Yes Raw Data Storage Yes Yes Storage Commitment AE Storage Commitment Push Model Yes No QUERY / RETRIEVE Query AE Study Root Query/Retrieve Information Model – FIND Yes No Retrieve AE Study Root Query/Retrieve Information Model – MOVE Yes No WORKFLOW MANAGEMENT Worklist AE Modality Worklist Yes No MPPS AE MPPS (N-Create, N-Set) Yes No © Siemens Healthcare, 2011 Version VA16D/E Page 2 of 111 TM ACUSON SC2000 Volume Imaging Ultrasound System DICOM Conformance Statement Table
    [Show full text]
  • Research Problems in Block Cipher Cryptanalysis: an Experimental Analysis Amandeep, G
    International Journal of Innovative Technology and Exploring Engineering (IJITEE) ISSN: 2278-3075, Volume-8 Issue-8S3, June 2019 Research Problems in Block Cipher Cryptanalysis: An Experimental Analysis Amandeep, G. Geetha Abstract: Cryptography has always been a very concerning Organization of this paper is as follows. Section 2 lists the issue in research related to digital security. The dynamic need of Block ciphers in a chronological order in a table having six applications and keeping online transactions secure have been columns stating name of the algorithm, year of publication, giving pathways to the need of developing different its cryptographic strategies. Though a number of cryptographic structure, block size, key size, and the cryptanalysis done on algorithms have been introduced till now, but each of these algorithms has its own disadvantages or weaknesses which are that particular cipher. This table becomes the basis of the identified by the process of cryptanalysis. This paper presents a analysis done in Section 3 and tabulates the information as to survey of different block ciphers and the results of attempts to which structure has been cryptanalyzed more, thereby identify their weakness. Depending upon the literature review, establishing a trend of structures analyzed Section 4 some open research problems are being presented which the identifies the open research problems based on the analysis cryptologists can depend on to work for bettering cyber security. done in Section 3. Section 5 of the paper, presents the conclusion of this study. Index Terms: block ciphers, cryptanalysis, attacks, SPN, Feistel. II. RELATED WORK I. INTRODUCTION This paper surveys 69 block ciphers and presents, in Cryptography is the science which deals with Table I, a summarized report as per the attacks concerned.
    [Show full text]
  • Secure Implementation of Block Ciphers Against Physical Attacks Dahmun Goudarzi
    Secure Implementation of Block Ciphers against Physical Attacks Dahmun Goudarzi To cite this version: Dahmun Goudarzi. Secure Implementation of Block Ciphers against Physical Attacks. Cryptography and Security [cs.CR]. ENS Paris - Ecole Normale Supérieure de Paris, 2018. English. tel-01896103v2 HAL Id: tel-01896103 https://hal.inria.fr/tel-01896103v2 Submitted on 24 Dec 2018 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. THÈSE DE DOCTORAT de l’Université de recherche Paris Sciences et Lettres PSL Research University Préparée à l’École normale supérieure Secure Implementation of Block Ciphers against Physical Attacks École doctorale n◦386 Sciences Mathématiques de Paris Centre Spécialité Informatique COMPOSITION DU JURY Mme. Canteaut Anne INRIA Paris Examinatrice M. Fouque Pierre-Alain Université de Rennes 1 Rapporteur Mme. Handschuh Helena Rambus Soutenue par Examinatrice Dahmun Goudarzi M. Pointcheval David le 21 septembre 2018 CNRS, École normale supérieure Examinateur M. Renault Guénaël Dirigée par ANSSI Matthieu Rivain et Examinateur Damien Vergnaud M. Rivain Matthieu CryptoExperts Directeur de thèse M. Schwabe Peter RESEARCH UNIVERSITY PARIS Radboud University ÉCOLE NORMALE SUPÉRIEURE Rapporteur M. Vergnaud Damien UPMC Directeur de thèse Secure Implementation of Block Ciphers against Physical Attacks Dahmun Goudarzi Thèse de doctorat dirigée par Matthieu Rivain et Damien Vergnaud Résumé Depuis leur introduction à la fin des années 1990, les attaques par canaux auxiliaires sont considérées comme une menace majeure contre les implémentations cryptographiques.
    [Show full text]
  • Installation Instructions Models SC2000, SC2001, SC3004 Rev
    Installation Instructions Models SC2000, SC2001, SC3004 Rev. G Signal Conditioning Self-Calibrating Digital Indicators 008-0608-00 SC2001 SC2000 SC3004 WARNING PERSONAL INJURY DO NOT use these devices as safety or emergency stop devices, or in any other application where failure of the WARNING product could result in personal injury. The operator of this instrument is advised that if equipment is Failure to comply with these instructions could result in used in a manner not specified in this manual, the protection death or serious injury. provided by the equipment may be impaired. Failure to comply with these instructions could result in CAUTION death or serious injury. Only qualified, service-trained personnel who are aware of the hazards involved should remove the cover from the instrument or connect external wiring to the instrument. Test and Measurement Signal Conditioning, Self Calibrating Digital Indicators Rev. G, 008-0608-00 Table of Contents 4.3 Model SC2000. 10 4.3.1 External Arrangement. 10 4.3.2 Rear Panel . .11 Chapter 1 - Introduction. .................1 4.3.3 Panel Mounting . 11 1.1 About this manual. .1 4.3.4 Rack Mounting . .11 1.1.1 Scope. 1 4.3.5 Bench Mounting. 11 1.1.2 Conventions. 1 4.3.6 Case Removal. 11 1.1.3 Organization . .1 4.3.7 Internal Arrangement . 12 1.2 Related Documents. .2 4.3.8 Cleaning. 12 Customer Information Sheet. 2 4.3.9 Vehicle Power Option. 12 Communications Guide. 2 4.3.10 Fuse Replacement. 12 Supplemental Instructions . .2 4.4 Model SC2001. 12 1.3 What is the SC Series? .
    [Show full text]
  • Survey: Block Cipher Methods
    International Journal of Advancements in Research & Technology, Volume 5, Issue 11, November-2016 11 ISSN 2278-7763 Survey: Block cipher Methods Salah A. k. Albermany Fatima RadiHamade Computer Science dept. Computer Science dept. University of kufa University of kufa [email protected] [email protected] Abstract—In this paper we give a short overview of cryptography can communicate two people during Symmetric key block cipher for different algorithms presented in this field according to classified it in secure channel, where to contact two people across cryptography where we classified into categories. first, Mode of operation which is ways helped to secure channel must first agree on a secret key apply block cipher to encrypt larger plaintext. shared in between them [6].Symmetric-key second, iterated product cipher which also classified it into Feistel Network, substitution-permutation cryptography classified into stream cipher and block networks and Unbalanced Feistel Network. cipher. 1. INTRODUCTION In this paper will concerned with Symmetric key block Cryptography is the science of studying information cipher that operating on fixed length of bits divided into security by provide several protocols, algorithms and separate blocks of fixed size (for example, 32, 56, strategies to protect sensitive data from unauthorized 64, 128, etc.) [7]such as DES and AES algorithm access.[1]. the main objectiveIJOART of cryptography is to that have been designated cryptography standard. enable two people to communicate over an insecure In this paper, we will give short overview about all channel [2][3].Cryptography aims to achieve the block cipher methods and categories in cryptography information security requirements as privacy or then compared among all these methods according to confidentiality, data integrity, authentication, non- classified it in cryptography.
    [Show full text]
  • Cryptanalysis of Symmetric-Key Primitives Based on the AES Block Cipher Jérémy Jean
    Cryptanalysis of Symmetric-Key Primitives Based on the AES Block Cipher Jérémy Jean To cite this version: Jérémy Jean. Cryptanalysis of Symmetric-Key Primitives Based on the AES Block Cipher. Cryp- tography and Security [cs.CR]. Ecole Normale Supérieure de Paris - ENS Paris, 2013. English. tel- 00911049 HAL Id: tel-00911049 https://tel.archives-ouvertes.fr/tel-00911049 Submitted on 28 Nov 2013 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Université Paris Diderot École Normale Supérieure (Paris 7) Équipe Crypto Thèse de doctorat Cryptanalyse de primitives symétriques basées sur le chiffrement AES Spécialité : Informatique présentée et soutenue publiquement le 24 septembre 2013 par Jérémy Jean pour obtenir le grade de Docteur de l’Université Paris Diderot devant le jury composé de Directeur de thèse : Pierre-Alain Fouque (Université de Rennes 1, France) Rapporteurs : Anne Canteaut (INRIA, France) Henri Gilbert (ANSSI, France) Examinateurs : Arnaud Durand (Université Paris Diderot, France) Franck Landelle (DGA, France) Thomas Peyrin (Nanyang Technological University, Singapour) Vincent Rijmen (Katholieke Universiteit Leuven, Belgique) Remerciements Je souhaite remercier toutes les personnes qui ont contribué de près ou de loin à mes trois années de thèse.
    [Show full text]