DOCSLIB.ORG

Impossible Differential Cryptanalysis on Reduced Round of Tiny Aes

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Impossible Differential Cryptanalysis on Reduced Round of Tiny Aes International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395 -0056 Volume: 04 Issue: 04 | Apr -2017 www.irjet.net p-ISSN: 2395-0072 IMPOSSIBLE DIFFERENTIAL CRYPTANALYSIS ON REDUCED ROUND OF TINY AES Mehak Khurana1, Meena Kumari2 1Assistant Prof, Dept of Computer Science, The NorthCap Univerity, Gurugram, India 2Prof, Dept of Computer Science, The NorthCap Univerity, Gurugram, India ---------------------------------------------------------------------***--------------------------------------------------------------------- Abstract - The emerging need of the secure ciphers has number of subkeys differs in each version. NSA analyzed lead to the designing and analysis of many lightweight block security of all three variants of AES thoroughly and ciphers. In this respect, many lightweight block ciphers have declared that none version has any known vulnerability been designed, of which is simple AES, one of the popular and can be used in protecting the storage and proposed secure block ciphers is used in ubiquitous systems. transmission of highly secret digital data. In this paper, we evaluate the security of reduced round of Later on the situation started to change, different authors simple AES (Tiny AES) against impossible differential [4-5] started attacking on AES by recovering key with less cryptanalysis. Firstly the analysis of Tiny AES has been complexity than brute force attack. All the attacks were introduced. Secondly the impossible cryptanalysis on 5 similar attacks and fell in one category of mainly related rounds of Tiny AES has been analyzed which requires data key and subkey attack which had similar concept of key complexity 2110 approximately and 240.memory accesses to characteristic cancelation. This attack was launch on 192 recover the secret key which is better than exhaustive and 256 version of AES. Further many other attacks were search. launched by finding the trails in AES. Key Words: Symmetric key ciphers, block ciphers, Tiny 2. Block cipher: AES, Impossible differential cryptanalysis 1.2 The AES Block Cipher In 2001, AES block cipher was introduced by Joan Daemen, Vincent Rijmen.The AES (Rijndael) has 3 versions which 1. INTRODUCTION have been standardized by the NIST, and Versions are During the recent decade, it has become a challenge to AES-128, AES-192 and AES-256 where the number design cryptographic primitives [1] to provide security corresponds to the key size. The 128 bits AES in the with efficiency when limited hardware resources are available. Many lightweight block ciphers were designed encryption standard version which is also large enough to to be used in devices used for storing and transmitting prevent any exhaustive key search. An encryption information securely. Some of the block cipher [2-3] algorithm performs following operations and stores the having a structure derived from that of the AES are KLEIN, state of 128 bits in 4x4 matrix of 16 bytes LED, Midori, Mysterion, SKINNY, Zorro. Some of the fiestel block ciphers are Hight, LEA, XTEA, Simon and Speck. Some block ciphers which have bit sliced S-Boxes are [ ] PRIDE, Rectangle, Noekeon. Some SPN structured ciphers are PRESENT, PRINCE, mCrypton. Some other two branched block ciphers are DESLX, MISTY, Lblock, KASUMI, SEA, and some Generalized Feistel Networks It consists of subbyte, shiftrow, mix column and add (GFN) ciphers are CLEFIA, Piccolo, TWINE. round key. Advanced Encryption Standard (AES) is an iterated block cipher that was selected in 2000 by NIST as an 1. SubBytes: In parallel each byte in of a 4x4 replacement of Data Encryption standard (DES) after a matrix state is substituted by its corresponding byte three year competition. It was declares as a national and in its defined 8 bit invertible S-box. The S-box is international standard and was and still being used in where represents many applications such as online banking, File transfer, multiplicative inverse, M represents matrix and C voice calls etc. The AES has three versions called AES-128, AES-192, and AES- 256 where each version differ from represents constant and is calculated in another on the basis of the key length i.e. 128, 192, and and is used because of it is highly non-linear. 256 bits and have 10, 12, and 14 rounds respectively. Encryption of data through rounds is same in all three 2. ShiftRows: Each row is shifted to the left by its own versions but the key generation process to generate row no-1. i.e first row of matrix is shifted by zero © 2017, IRJET | Impact Factor value: 5.181 | ISO 9001:2008 Certified Journal Page 1992 International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395 -0056 Volume: 04 Issue: 04 | Apr -2017 www.irjet.net p-ISSN: 2395-0072 towards left which means it is left untouched, second differentials with zero probability). It can be applied to the row is shifted by 1 to the left, third by 2 and those in cipher, whose non-linear round function is bijective. the fourth by 3. This is to ensure diffusion between columns. The new state generated is 3.1 Generalized Impossible Differential Attack To apply impossible differential attack, we need to find impossible differential pair which can be used as distinguisher. The difference after rounds produces [ ] the output difference An impossible differential with miss in middle technique works as a distinguisher to rule out the incorrect keys, where miss in middle technique 3. MixColumns: Each column is multiplied by an uses combination of two differentials both of which hold invertible MDS constant 4x4 matrix over field with probability one and do not meet in middle i.e. for to ensure diffusion between the rows. Last round does rounds of partial encryption becomes and for partial decryption of rounds becomes . If the not include column mixing to improve efficiency in difference after rounds of encryption is decryption. impossible because and ( , is called impossible differential pair. We eliminate or discard keys 4. AddRoundKey: Key schedule algorithm generates for which impossible differential characteristic succession of 128 bits keys using original key. The 128 holds for the subkey of that key. bits for round key is placed into 4x4 matrix Finding the Distinguisher, to obtain impossible each of 16 bytes. The each byte of of subkey differentials and filtering and Key Elimination is XORed with current state i.e. 1. Let the defined structure of set of plaintext with It offers good hardware and software performance and is input differential and where is represented as more efficient and secure than many other known block active bytes of chosen plaintexts, which means it has all fixed values except bytes. ciphers. For cryptographer, if an attacker can attack a 2. Some set of structures are selected randomly, cipher in fewer computations and faster than a brute force attack then it is a cryptographic break. Thus computations encrypt plaintext pairs by rounds to obtain required against 128 bit key of AES are less than 2128 then //differential of the outputs for 3. In those t structures, select only those plaintext it is considered a break of cipher, even though it takes 2112 ciphertext pairs for those, whose ciphertext pairs computations which takes much longer time to be have same bytes in the appointed positions with zero computed. Basic security analysis of AES has been done difference except for fixed bytes of ciphertext, which shows resistance against attacks such as linear, discard the rest of the pairs. differential and their variants. In order to speed up the 4. Create a table of remaining ciphertexts pairs. algorithm we want as few rounds of encryption as possible 5. For active bytes in the last jth round , guess the but there are a minimum number of rounds required to subkeys and store in table . Partially decrypt all assure the security level. ciphertext pairs from table through last round using these guessed key bytes. Select only those 3. Impossible Differential Attacks ciphertext pairs which after partially decryption through round give output difference of non-zero Most known and powerful attacks on block ciphers are bytes only in the guessed key positions in obtained differential cryptanalysis (DC) [6-9] and linear ciphertext pair. cryptanalysis (LC) [10]. These cryptanalytic techniques 6. For each of the remaining ciphertext pairs in table , have attacked many block ciphers. So as to design a block compute their corresponding plaintext pair and cipher, every designer keeps the DC and LC attacks in Check then subkey is invalid. mind to make it secure against these attacks. But now a 7. Eliminate the invalid keys from table that lead to days to secure a block cipher only against DC and LC is not the input difference of the impossible differential in sufficient. There are many other cryptanalysis techniques the input of the 1st round. If a guess for these bytes [11] which can attack block ciphers remains, guess all the remaining key bytes to obtain Biham et.al. in 1998 developed variant of a truncated original key with exhaustive search by checking over differential cryptanalysis called impossible differential pairs and check the guess using trial encryption, cryptanalysis [12-16] by formulating distinguisher based else try above steps for all remaining guessed keys in on the fact that certain differentials never occur (i.e. the . © 2017, IRJET | Impact Factor value: 5.181 | ISO 9001:2008 Certified Journal Page 1993 International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395 -0056 Volume: 04 Issue: 04 | Apr -2017 www.irjet.net p-ISSN: 2395-0072 8. Rejecting the invalid keys, the total key space is 3.4 Example of Impossible Differential Attack on reduced. AES-128 3.2 Probability and Complexity Evaluation 4-round impossible differential for AES is In step 1, Let plaintext set in a structure and in each structure, there are about plaintext pairs.
Load more

Recommended publications
  • Improved Related-Key Attacks on DESX and DESX+
    Improved Related-key Attacks on DESX and DESX+ Raphael C.-W. Phan1 and Adi Shamir3 1 Laboratoire de s´ecurit´eet de cryptographie (LASEC), Ecole Polytechnique F´ed´erale de Lausanne (EPFL), CH-1015 Lausanne, Switzerland [email protected] 2 Faculty of Mathematics & Computer Science, The Weizmann Institute of Science, Rehovot 76100, Israel [email protected] Abstract. In this paper, we present improved related-key attacks on the original DESX, and DESX+, a variant of the DESX with its pre- and post-whitening XOR operations replaced with addition modulo 264. Compared to previous results, our attack on DESX has reduced text complexity, while our best attack on DESX+ eliminates the memory requirements at the same processing complexity. Keywords: DESX, DESX+, related-key attack, fault attack. 1 Introduction Due to the DES’ small key length of 56 bits, variants of the DES under multiple encryption have been considered, including double-DES under one or two 56-bit key(s), and triple-DES under two or three 56-bit keys. Another popular variant based on the DES is the DESX [15], where the basic keylength of single DES is extended to 120 bits by wrapping this DES with two outer pre- and post-whitening keys of 64 bits each. Also, the endorsement of single DES had been officially withdrawn by NIST in the summer of 2004 [19], due to its insecurity against exhaustive search. Future use of single DES is recommended only as a component of the triple-DES. This makes it more important to study the security of variants of single DES which increase the key length to avoid this attack.
    [Show full text]
  • The Data Encryption Standard (DES) – History
    Chair for Network Architectures and Services Department of Informatics TU München – Prof. Carle Network Security Chapter 2 Basics 2.1 Symmetric Cryptography • Overview of Cryptographic Algorithms • Attacking Cryptographic Algorithms • Historical Approaches • Foundations of Modern Cryptography • Modes of Encryption • Data Encryption Standard (DES) • Advanced Encryption Standard (AES) Cryptographic algorithms: outline Cryptographic Algorithms Symmetric Asymmetric Cryptographic Overview En- / Decryption En- / Decryption Hash Functions Modes of Cryptanalysis Background MDC’s / MACs Operation Properties DES RSA MD-5 AES Diffie-Hellman SHA-1 RC4 ElGamal CBC-MAC Network Security, WS 2010/11, Chapter 2.1 2 Basic Terms: Plaintext and Ciphertext Plaintext P The original readable content of a message (or data). P_netsec = „This is network security“ Ciphertext C The encrypted version of the plaintext. C_netsec = „Ff iThtIiDjlyHLPRFxvowf“ encrypt key k1 C P key k2 decrypt In case of symmetric cryptography, k1 = k2. Network Security, WS 2010/11, Chapter 2.1 3 Basic Terms: Block cipher and Stream cipher Block cipher A cipher that encrypts / decrypts inputs of length n to outputs of length n given the corresponding key k. • n is block length Most modern symmetric ciphers are block ciphers, e.g. AES, DES, Twofish, … Stream cipher A symmetric cipher that generats a random bitstream, called key stream, from the symmetric key k. Ciphertext = key stream XOR plaintext Network Security, WS 2010/11, Chapter 2.1 4 Cryptographic algorithms: overview
    [Show full text]
  • Investigating Profiled Side-Channel Attacks Against the DES Key
    IACR Transactions on Cryptographic Hardware and Embedded Systems ISSN 2569-2925, Vol. 2020, No. 3, pp. 22–72. DOI:10.13154/tches.v2020.i3.22-72 Investigating Profiled Side-Channel Attacks Against the DES Key Schedule Johann Heyszl1[0000−0002−8425−3114], Katja Miller1, Florian Unterstein1[0000−0002−8384−2021], Marc Schink1, Alexander Wagner1, Horst Gieser2, Sven Freud3, Tobias Damm3[0000−0003−3221−7207], Dominik Klein3[0000−0001−8174−7445] and Dennis Kügler3 1 Fraunhofer Institute for Applied and Integrated Security (AISEC), Germany, [email protected] 2 Fraunhofer Research Institution for Microsystems and Solid State Technologies (EMFT), Germany, [email protected] 3 Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany, [email protected] Abstract. Recent publications describe profiled single trace side-channel attacks (SCAs) against the DES key-schedule of a “commercially available security controller”. They report a significant reduction of the average remaining entropy of cryptographic keys after the attack, with surprisingly large, key-dependent variations of attack results, and individual cases with remaining key entropies as low as a few bits. Unfortunately, they leave important questions unanswered: Are the reported wide distributions of results plausible - can this be explained? Are the results device- specific or more generally applicable to other devices? What is the actual impact on the security of 3-key triple DES? We systematically answer those and several other questions by analyzing two commercial security controllers and a general purpose microcontroller. We observe a significant overall reduction and, importantly, also observe a large key-dependent variation in single DES key security levels, i.e.
    [Show full text]
  • Block Ciphers and the Data Encryption Standard
    Lecture 3: Block Ciphers and the Data Encryption Standard Lecture Notes on “Computer and Network Security” by Avi Kak ([email protected]) January 26, 2021 3:43pm ©2021 Avinash Kak, Purdue University Goals: To introduce the notion of a block cipher in the modern context. To talk about the infeasibility of ideal block ciphers To introduce the notion of the Feistel Cipher Structure To go over DES, the Data Encryption Standard To illustrate important DES steps with Python and Perl code CONTENTS Section Title Page 3.1 Ideal Block Cipher 3 3.1.1 Size of the Encryption Key for the Ideal Block Cipher 6 3.2 The Feistel Structure for Block Ciphers 7 3.2.1 Mathematical Description of Each Round in the 10 Feistel Structure 3.2.2 Decryption in Ciphers Based on the Feistel Structure 12 3.3 DES: The Data Encryption Standard 16 3.3.1 One Round of Processing in DES 18 3.3.2 The S-Box for the Substitution Step in Each Round 22 3.3.3 The Substitution Tables 26 3.3.4 The P-Box Permutation in the Feistel Function 33 3.3.5 The DES Key Schedule: Generating the Round Keys 35 3.3.6 Initial Permutation of the Encryption Key 38 3.3.7 Contraction-Permutation that Generates the 48-Bit 42 Round Key from the 56-Bit Key 3.4 What Makes DES a Strong Cipher (to the 46 Extent It is a Strong Cipher) 3.5 Homework Problems 48 2 Computer and Network Security by Avi Kak Lecture 3 Back to TOC 3.1 IDEAL BLOCK CIPHER In a modern block cipher (but still using a classical encryption method), we replace a block of N bits from the plaintext with a block of N bits from the ciphertext.
    [Show full text]
  • Encryption Algorithm Trade Survey
    CCSDS Historical Document This document’s Historical status indicates that it is no longer current. It has either been replaced by a newer issue or withdrawn because it was deemed obsolete. Current CCSDS publications are maintained at the following location: http://public.ccsds.org/publications/ CCSDS HISTORICAL DOCUMENT Report Concerning Space Data System Standards ENCRYPTION ALGORITHM TRADE SURVEY INFORMATIONAL REPORT CCSDS 350.2-G-1 GREEN BOOK March 2008 CCSDS HISTORICAL DOCUMENT Report Concerning Space Data System Standards ENCRYPTION ALGORITHM TRADE SURVEY INFORMATIONAL REPORT CCSDS 350.2-G-1 GREEN BOOK March 2008 CCSDS HISTORICAL DOCUMENT CCSDS REPORT CONCERNING ENCRYPTION ALGORITHM TRADE SURVEY AUTHORITY Issue: Informational Report, Issue 1 Date: March 2008 Location: Washington, DC, USA This document has been approved for publication by the Management Council of the Consultative Committee for Space Data Systems (CCSDS) and reflects the consensus of technical panel experts from CCSDS Member Agencies. The procedure for review and authorization of CCSDS Reports is detailed in the Procedures Manual for the Consultative Committee for Space Data Systems. This document is published and maintained by: CCSDS Secretariat Space Communications and Navigation Office, 7L70 Space Operations Mission Directorate NASA Headquarters Washington, DC 20546-0001, USA CCSDS 350.2-G-1 i March 2008 CCSDS HISTORICAL DOCUMENT CCSDS REPORT CONCERNING ENCRYPTION ALGORITHM TRADE SURVEY FOREWORD Through the process of normal evolution, it is expected that expansion, deletion, or modification of this document may occur. This Recommended Standard is therefore subject to CCSDS document management and change control procedures, which are defined in the Procedures Manual for the Consultative Committee for Space Data Systems.
    [Show full text]
  • Known and Chosen Key Differential Distinguishers for Block Ciphers
    Known and Chosen Key Differential Distinguishers for Block Ciphers Ivica Nikoli´c1?, Josef Pieprzyk2, Przemys law Soko lowski2;3, Ron Steinfeld2 1 University of Luxembourg, Luxembourg 2 Macquarie University, Australia 3 Adam Mickiewicz University, Poland [email protected], [email protected], [email protected], [email protected] Abstract. In this paper we investigate the differential properties of block ciphers in hash function modes of operation. First we show the impact of differential trails for block ciphers on collision attacks for various hash function constructions based on block ciphers. Further, we prove the lower bound for finding a pair that follows some truncated differential in case of a random permutation. Then we present open-key differential distinguishers for some well known round-reduced block ciphers. Keywords: Block cipher, differential attack, open-key distinguisher, Crypton, Hierocrypt, SAFER++, Square. 1 Introduction Block ciphers play an important role in symmetric cryptography providing the basic tool for encryp- tion. They are the oldest and most scrutinized cryptographic tool. Consequently, they are the most trusted cryptographic algorithms that are often used as the underlying tool to construct other cryp- tographic algorithms. One such application of block ciphers is for building compression functions for the hash functions. There are many constructions (also called hash function modes) for turning a block cipher into a compression function. Probably the most popular is the well-known Davies-Meyer mode. Preneel et al. in [27] have considered all possible modes that can be defined for a single application of n-bit block cipher in order to produce an n-bit compression function.
    [Show full text]
  • Development of the Advanced Encryption Standard
    Volume 126, Article No. 126024 (2021) https://doi.org/10.6028/jres.126.024 Journal of Research of the National Institute of Standards and Technology Development of the Advanced Encryption Standard Miles E. Smid Formerly: Computer Security Division, National Institute of Standards and Technology, Gaithersburg, MD 20899, USA [email protected] Strong cryptographic algorithms are essential for the protection of stored and transmitted data throughout the world. This publication discusses the development of Federal Information Processing Standards Publication (FIPS) 197, which specifies a cryptographic algorithm known as the Advanced Encryption Standard (AES). The AES was the result of a cooperative multiyear effort involving the U.S. government, industry, and the academic community. Several difficult problems that had to be resolved during the standard’s development are discussed, and the eventual solutions are presented. The author writes from his viewpoint as former leader of the Security Technology Group and later as acting director of the Computer Security Division at the National Institute of Standards and Technology, where he was responsible for the AES development. Key words: Advanced Encryption Standard (AES); consensus process; cryptography; Data Encryption Standard (DES); security requirements, SKIPJACK. Accepted: June 18, 2021 Published: August 16, 2021; Current Version: August 23, 2021 This article was sponsored by James Foti, Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology (NIST). The views expressed represent those of the author and not necessarily those of NIST. https://doi.org/10.6028/jres.126.024 1. Introduction In the late 1990s, the National Institute of Standards and Technology (NIST) was about to decide if it was going to specify a new cryptographic algorithm standard for the protection of U.S.
    [Show full text]
  • Chapter 3 – Block Ciphers and the Data Encryption Standard
    Symmetric Cryptography Chapter 6 Block vs Stream Ciphers • Block ciphers process messages into blocks, each of which is then en/decrypted – Like a substitution on very big characters • 64-bits or more • Stream ciphers process messages a bit or byte at a time when en/decrypting – Many current ciphers are block ciphers • Better analyzed. • Broader range of applications. Block vs Stream Ciphers Block Cipher Principles • Block ciphers look like an extremely large substitution • Would need table of 264 entries for a 64-bit block • Arbitrary reversible substitution cipher for a large block size is not practical – 64-bit general substitution block cipher, key size 264! • Most symmetric block ciphers are based on a Feistel Cipher Structure • Needed since must be able to decrypt ciphertext to recover messages efficiently Ideal Block Cipher Substitution-Permutation Ciphers • in 1949 Shannon introduced idea of substitution- permutation (S-P) networks – modern substitution-transposition product cipher • These form the basis of modern block ciphers • S-P networks are based on the two primitive cryptographic operations we have seen before: – substitution (S-box) – permutation (P-box) (transposition) • Provide confusion and diffusion of message Diffusion and Confusion • Introduced by Claude Shannon to thwart cryptanalysis based on statistical analysis – Assume the attacker has some knowledge of the statistical characteristics of the plaintext • Cipher needs to completely obscure statistical properties of original message • A one-time pad does this Diffusion
    [Show full text]
  • Key Schedule Algorithm Using 3-Dimensional Hybrid Cubes for Block Cipher
    (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 10, No. 8, 2019 Key Schedule Algorithm using 3-Dimensional Hybrid Cubes for Block Cipher Muhammad Faheem Mushtaq1, Sapiee Jamel2, Siti Radhiah B. Megat3, Urooj Akram4, Mustafa Mat Deris5 Faculty of Computer Science and Information Technology Universiti Tun Hussein Onn Malaysia (UTHM), Parit Raja, 86400 Batu Pahat, Johor, Malaysia1, 2, 3, 5 Faculty of Computer Science and Information Technology Khwaja Fareed University of Engineering and Information Technology, 64200 Rahim Yar Khan, Pakistan1, 4 Abstract—A key scheduling algorithm is the mechanism that difficulty for a cryptanalyst to recover the secret key [8]. All generates and schedules all session-keys for the encryption and cryptographic algorithms are recommended to follow 128, 192 decryption process. The key space of conventional key schedule and 256-bits key lengths proposed by Advanced Encryption algorithm using the 2D hybrid cubes is not enough to resist Standard (AES) [9]. attacks and could easily be exploited. In this regard, this research proposed a new Key Schedule Algorithm based on Permutation plays an important role in the development of coordinate geometry of a Hybrid Cube (KSAHC) using cryptographic algorithms and it contains the finite set of Triangular Coordinate Extraction (TCE) technique and 3- numbers or symbols that are used to mix up a readable message Dimensional (3D) rotation of Hybrid Cube surface (HCs) for the into ciphertext as shown in transposition cipher [10]. The logic block cipher to achieve large key space that are more applicable behind any cryptographic algorithm is the number of possible to resist any attack on the secret key.
    [Show full text]
  • ASIC Design of High Speed Kasumi Block Cipher
    International Journal of Engineering Research & Technology (IJERT) ISSN: 2278-0181 Vol. 3 Issue 2, February - 2014 ASIC design of High Speed Kasumi Block Cipher Dilip kumar1 Sunil shah2 1M. Tech scholar, Asst. Prof. Gyan ganga institute of technology and science Jabalpur Gyan ganga institute of technology and science Jabalpur M.P. M.P. Abstract - The nature of the information that flows throughout modern cellular communications networks has evolved noticeably since the early years of the first generation systems, when only voice sessions were possible. With today’s networks it is possible to transmit both voice and data, including e-mail, pictures and video. The importance of the security issues is higher in current cellular networks than in previous systems because users are provided with the mechanisms to accomplish very crucial operations like banking transactions and sharing of confidential business information, which require high levels of protection. Weaknesses in security architectures allow successful eavesdropping, message tampering and masquerading attacks to occur, with disastrous consequences for end users, companies and other organizations. The KASUMI block cipher lies at the core of both the f8 data confidentiality algorithm and the f9 data integrity algorithm for Universal Mobile Telecommunications System networks. The design goal is to increase the data conversion rate i.e. the throughput to a substantial value so that the design can be used as a cryptographic coprocessor in high speed network applications. Keywords— Xilinx ISE, Language used: Verilog HDL, Platform Used: family- Vertex4, Device-XC4VLX80 I. INTRODUCTION Symmetric key cryptographic algorithms have a single keyIJERT IJERT for both encryption and decryption.
    [Show full text]
  • The Long Road to the Advanced Encryption Standard
    The Long Road to the Advanced Encryption Standard Jean-Luc Cooke CertainKey Inc. [email protected], http://www.certainkey.com/˜jlcooke Abstract 1 Introduction This paper will start with a brief background of the Advanced Encryption Standard (AES) process, lessons learned from the Data Encryp- tion Standard (DES), other U.S. government Two decades ago the state-of-the-art in cryptographic publications and the fifteen first the private sector cryptography was—we round candidate algorithms. The focus of the know now—far behind the public sector. presentation will lie in presenting the general Don Coppersmith’s knowledge of the Data design of the five final candidate algorithms, Encryption Standard’s (DES) resilience to and the specifics of the AES and how it dif- the then unknown Differential Cryptanaly- fers from the Rijndael design. A presentation sis (DC), the design principles used in the on the AES modes of operation and Secure Secure Hash Algorithm (SHA) in Digital Hash Algorithm (SHA) family of algorithms Signature Standard (DSS) being case and will follow and will include discussion about point[NISTDSS][NISTDES][DC][NISTSHA1]. how it is directly implicated by AES develop- ments. The selection and design of the DES was shrouded in controversy and suspicion. This very controversy has lead to a fantastic acceler- Intended Audience ation in private sector cryptographic advance- ment. So intrigued by the NSA’s modifica- tions to the Lucifer algorithm, researchers— This paper was written as a supplement to a academic and industry alike—powerful tools presentation at the Ottawa International Linux in assessing block cipher strength were devel- Symposium.
    [Show full text]
  • Optimization of Core Components of Block Ciphers Baptiste Lambin
    Optimization of core components of block ciphers Baptiste Lambin To cite this version: Baptiste Lambin. Optimization of core components of block ciphers. Cryptography and Security [cs.CR]. Université Rennes 1, 2019. English. NNT : 2019REN1S036. tel-02380098 HAL Id: tel-02380098 https://tel.archives-ouvertes.fr/tel-02380098 Submitted on 26 Nov 2019 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. THÈSE DE DOCTORAT DE L’UNIVERSITE DE RENNES 1 COMUE UNIVERSITE BRETAGNE LOIRE Ecole Doctorale N°601 Mathématique et Sciences et Technologies de l’Information et de la Communication Spécialité : Informatique Par Baptiste LAMBIN Optimization of Core Components of Block Ciphers Thèse présentée et soutenue à RENNES, le 22/10/2019 Unité de recherche : IRISA Rapporteurs avant soutenance : Marine Minier, Professeur, LORIA, Université de Lorraine Jacques Patarin, Professeur, PRiSM, Université de Versailles Composition du jury : Examinateurs : Marine Minier, Professeur, LORIA, Université de Lorraine Jacques Patarin, Professeur, PRiSM, Université de Versailles Jean-Louis Lanet, INRIA Rennes Virginie Lallemand, Chargée de Recherche, LORIA, CNRS Jérémy Jean, ANSSI Dir. de thèse : Pierre-Alain Fouque, IRISA, Université de Rennes 1 Co-dir. de thèse : Patrick Derbez, IRISA, Université de Rennes 1 Remerciements Je tiens à remercier en premier lieu mes directeurs de thèse, Pierre-Alain et Patrick.
    [Show full text]