DOCSLIB.ORG

6.5.4 Nested Authentication Attack

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
6.5.4 Nested Authentication Attack PDF hosted at the Radboud Repository of the Radboud University Nijmegen The following full text is a publisher's version. For additional information about this publication click this link. http://hdl.handle.net/2066/140089 Please be advised that this information was generated on 2021-10-04 and may be subject to change. The (in)security of proprietary cryptography Roel Verdult Copyright c Roel Verdult, 2015 ISBN: 978-94-6259-622-1 IPA Dissertation Series: 2015-10 URL: http://roel.verdult.xyz/publications/phd_thesis-roel_verdult.pdf Typeset using LATEX The work in this dissertation has been carried out under the auspices of the research school IPA (Institute for Programming research and Algorithmics). For more information, visit http://www.win.tue.nl/ipa/ XY-pic is used for typesetting graphs and diagrams in schematic rep- U x hx,yi resentations of logical composition of visual components. XY-pic allows X ×Z Y p X the style of pictures to match well with the exquisite quality of the y q f g surrounding TEX typeset material [RM99]. For more information, visit Y Z http://xy-pic.sourceforge.net/ msc Example User Machine 1 Machine 2 Machine 3 The message sequence diagrams, charts and protocols in this disserta- control drill test startm1 tion are facilitated by the MSC macro package [MB01, BvDKM13]. It startm2 log continue allows LATEX users to easily include Message Sequence Charts in their free output texts. For more information, visit http://satoss.uni.lu/software/mscpackage/ The graphical art of this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/3.0/ The remaining part of this work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Netherlands License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/nl/ The (in)security of proprietary cryptography Proefschrift ter verkrijging van de graad van doctor aan de Radboud Universiteit Nijmegen op gezag van de rector magnificus prof. dr. Th.L.M. Engelen volgens besluit van het college van decanen en ter verkrijging van de graad van doctor in de ingenieurswetenschappen aan de KU Leuven op gezag van de rector prof. dr. R. Torfs, in het openbaar te verdedigen op dinsdag 21 april 2015 om 14:30 uur precies door Roel Verdult geboren op 20 oktober 1982 te Zevenaar, Nederland. Promotoren: Prof. dr. Bart Jacobs Prof. dr. ir. Ingrid Verbauwhede KU Leuven, Belgi¨e Copromotoren: Dr. Lejla Batina Dr. Claudia Diaz Martinez KU Leuven, Belgi¨e Manuscriptcommissie: Prof. dr. Eric Verheul Dr. Jaap-Henk Hoepman Prof. dr. Herbert Bos Vrije Universiteit Amsterdam, Nederland Prof. dr. Srdjan Capkunˇ ETH Zurich, Zwitserland Prof. dr. Thorsten Holz Ruhr-Universit¨at Bochum, Duitsland KU Leuven Examencommissie: Prof. dr. Wim Dehaene KU Leuven, Belgi¨e Prof. dr. Bart Preneel KU Leuven, Belgi¨e Prof. dr. Herman Neuckermans KU Leuven, Belgi¨e Prof. dr. Gildas Avoine Université Catholique de Louvain, Belgi¨e The (in)security of proprietary cryptography Doctoral Thesis to obtain the degree of doctor from Radboud University Nijmegen on the authority of the rector magnificus prof. dr. Th.L.M. Engelen according to the decision of the Council of Deans and to obtain the degree of doctor of Engineering Science from KU Leuven on the authority of the rector prof. dr. R. Torfs, to be defended in public on Tuesday, 21 April 2015 at exactly 14:30 hours by Roel Verdult born in Zevenaar, Nederland on 20 October 1982. Supervisors: Prof. dr. Bart Jacobs Prof. dr. ir. Ingrid Verbauwhede KU Leuven, Belgium Co-supervisors: Dr. Lejla Batina Dr. Claudia Diaz Martinez KU Leuven, Belgium Doctoral Thesis Committee: Prof. dr. Eric Verheul Dr. Jaap-Henk Hoepman Prof. dr. Herbert Bos Vrije Universiteit Amsterdam, The Netherlands Prof. dr. Srdjan Capkunˇ ETH Zurich, Switzerland Prof. dr. Thorsten Holz Ruhr-Universit¨at Bochum, Germany KU Leuven Examination Board: Prof. dr. Wim Dehaene KU Leuven, Belgium Prof. dr. Bart Preneel KU Leuven, Belgium Prof. dr. Herman Neuckermans KU Leuven, Belgium Prof. dr. Gildas Avoine Université Catholique de Louvain, Belgium A tribute to my dearest family Irma, Twan and Sten Acknowledgements It has been a great honour to work with my direct colleagues at the Digital Security group of the Radboud University, who worked with me as co-authors, but most of all, as best friends. They inspired me to explore the path of science, which enabled me to write this doctoral dissertation. I am extremely grateful for their guidance, didactics, insights and support. I would like to specially thank Flavio Garcia and Gerhard de Koning Gans, who have been working besides me from day one. Without their feedback and continuous support, I would not have realized my admiration for science and discovered the contribution that I have to offer. Furthermore, I’m grateful to my first promotor Bart Jacobs, who is an excellent example of a dedicated and outstanding scientist that is concurrently involved in society. My gratitude goes to all the members of the Radboud University reading com- mittee and KU Leuven examination board, Eric Verheul, Jaap-Henk Hoepman, Wim Dehaene, Bart Preneel, Herman Neuckermans, Gildas Avoine, Herbert Bos, Srdjan Capkunˇ and Thorsten Holz, who helped improving this doctoral dissertation a lot by their valuable and professional comments. Additionally, I would like to thank my friends and family, and especially my father Ad Verdult, for helping me improving the language of this thesis. It was pleasant to work with my second promotor Ingrid Verbauwhede and her research group at the KU Leuven. Specifically, I would like to thank my direct colleague from Belgium, Josep Balasch. Besides our scientific collaboration, he also assisted me numerous times to comply with rules and administrative protocols of the KU Leuven. During the security research that I performed with my colleagues, several friendly and prominent contacts were established. We collaborated extensively with govern- ments, secret services, nation wide police forces and large corporations. However, despite our efforts to carefully disclose sensitive information in a responsible way, there were a few unfortunate events where we faced legal pressure that tried to re- ix strain us from publishing the details of our work. During such an event we have always been firmly supported by the legal department and executive board of the Radboud University. My gratitude goes especially to Bas Kortmann, former rector magnificus of the Radboud University, and Dorine Gebbink, head of legal affairs. Although it is impossible to name every person, I would like to show my gratitude to all the people who supported me in many ways over the last years. During this period I have acquired a lot of knowledge, skills and experience. I’m very thankful for that. Finally, I would like to express my admiration, gratitude and love to my wife and children. They have always supported me during my research and the long days that I’ve spent writing of this thesis. I will be forever grateful for their love and care. Roel Verdult Oosterbeek, March 2015 Abstract Proprietary cryptography is a term used to describe custom encryption techniques that are kept secret by its designers to add additional security. It is questionable if such an approach increases the cryptographic strength of the underlying mathematical algorithms. The security of proprietary encryption techniques relies entirely on the competence of the semi-conductor companies, which keep the technical description strictly confidential after designing. It is difficult to give a public and independent security assessment of the cryptography, without having access to the detailed infor- mation of the design. Proprietary cryptography is currently deployed in many products which are used on a daily basis by the majority of people world-wide. It is embedded in the compu- tational core of many wireless and contactless devices used in access control systems and vehicle immobilizers. Contactless access control cards are used in various security systems. Examples include the use in public transport, payment terminals, office buildings and even in highly secure facilities such as ministries, banks, nuclear power plants and prisons. Many of these access control cards are based on proprietary encryption techniques. Prominent examples are the widely deployed contactless access control systems that use the MIFARE Classic, iClass and Cryptomemory technology. A vehicle immobilizer is an electronic device that prevents the engine of the vehicle from starting when the corresponding transponder is not present. This transponder is a wireless radio frequency chip which is typically embedded in the plastic casing of the car key. When the driver tries to start the vehicle, the car authenticates the transponder before starting the engine, thus preventing hot-wiring. According to European Commission directive (95/56/EC) it is mandatory that all cars, sold in the EU from 1995 onwards, are fitted with an electronic immobilizer. In practice, almost all recently sold cars in Europe are protected by transponders that embed one of the two proprietary encryption techniques Hitag2 or Megamos Crypto. In this doctoral thesis well-known techniques are combined with novel methods xi to analyze the workings of the previously mentioned proprietary cryptosystems. The cryptographic strength and security features of each system are comprehensively eval- uated. The technical chapters describe various weaknesses and practical cryptanalytic attacks which can be mounted by an adversary that uses only ordinary and consumer grade hardware. This emphasizes the seriousness and relevance to the level of pro- tection that is offered. The identified vulnerabilities are often plain design mistakes, which makes the cryptosystems exploitable since their introduction. The first part of this dissertation is dedicated to an introduction of the general field of computer security and cryptography.
Load more

Recommended publications
  • Improved Related-Key Attacks on DESX and DESX+
    Improved Related-key Attacks on DESX and DESX+ Raphael C.-W. Phan1 and Adi Shamir3 1 Laboratoire de s´ecurit´eet de cryptographie (LASEC), Ecole Polytechnique F´ed´erale de Lausanne (EPFL), CH-1015 Lausanne, Switzerland [email protected] 2 Faculty of Mathematics & Computer Science, The Weizmann Institute of Science, Rehovot 76100, Israel [email protected] Abstract. In this paper, we present improved related-key attacks on the original DESX, and DESX+, a variant of the DESX with its pre- and post-whitening XOR operations replaced with addition modulo 264. Compared to previous results, our attack on DESX has reduced text complexity, while our best attack on DESX+ eliminates the memory requirements at the same processing complexity. Keywords: DESX, DESX+, related-key attack, fault attack. 1 Introduction Due to the DES’ small key length of 56 bits, variants of the DES under multiple encryption have been considered, including double-DES under one or two 56-bit key(s), and triple-DES under two or three 56-bit keys. Another popular variant based on the DES is the DESX [15], where the basic keylength of single DES is extended to 120 bits by wrapping this DES with two outer pre- and post-whitening keys of 64 bits each. Also, the endorsement of single DES had been officially withdrawn by NIST in the summer of 2004 [19], due to its insecurity against exhaustive search. Future use of single DES is recommended only as a component of the triple-DES. This makes it more important to study the security of variants of single DES which increase the key length to avoid this attack.
    [Show full text]
  • Vector Boolean Functions: Applications in Symmetric Cryptography
    Vector Boolean Functions: Applications in Symmetric Cryptography José Antonio Álvarez Cubero Departamento de Matemática Aplicada a las Tecnologías de la Información y las Comunicaciones Universidad Politécnica de Madrid This dissertation is submitted for the degree of Doctor Ingeniero de Telecomunicación Escuela Técnica Superior de Ingenieros de Telecomunicación November 2015 I would like to thank my wife, Isabel, for her love, kindness and support she has shown during the past years it has taken me to finalize this thesis. Furthermore I would also liketo thank my parents for their endless love and support. Last but not least, I would like to thank my loved ones such as my daughter and sisters who have supported me throughout entire process, both by keeping me harmonious and helping me putting pieces together. I will be grateful forever for your love. Declaration The following papers have been published or accepted for publication, and contain material based on the content of this thesis. 1. [7] Álvarez-Cubero, J. A. and Zufiria, P. J. (expected 2016). Algorithm xxx: VBF: A library of C++ classes for vector Boolean functions in cryptography. ACM Transactions on Mathematical Software. (In Press: http://toms.acm.org/Upcoming.html) 2. [6] Álvarez-Cubero, J. A. and Zufiria, P. J. (2012). Cryptographic Criteria on Vector Boolean Functions, chapter 3, pages 51–70. Cryptography and Security in Computing, Jaydip Sen (Ed.), http://www.intechopen.com/books/cryptography-and-security-in-computing/ cryptographic-criteria-on-vector-boolean-functions. (Published) 3. [5] Álvarez-Cubero, J. A. and Zufiria, P. J. (2010). A C++ class for analysing vector Boolean functions from a cryptographic perspective.
    [Show full text]
  • Encryption Algorithm Trade Survey
    CCSDS Historical Document This document’s Historical status indicates that it is no longer current. It has either been replaced by a newer issue or withdrawn because it was deemed obsolete. Current CCSDS publications are maintained at the following location: http://public.ccsds.org/publications/ CCSDS HISTORICAL DOCUMENT Report Concerning Space Data System Standards ENCRYPTION ALGORITHM TRADE SURVEY INFORMATIONAL REPORT CCSDS 350.2-G-1 GREEN BOOK March 2008 CCSDS HISTORICAL DOCUMENT Report Concerning Space Data System Standards ENCRYPTION ALGORITHM TRADE SURVEY INFORMATIONAL REPORT CCSDS 350.2-G-1 GREEN BOOK March 2008 CCSDS HISTORICAL DOCUMENT CCSDS REPORT CONCERNING ENCRYPTION ALGORITHM TRADE SURVEY AUTHORITY Issue: Informational Report, Issue 1 Date: March 2008 Location: Washington, DC, USA This document has been approved for publication by the Management Council of the Consultative Committee for Space Data Systems (CCSDS) and reflects the consensus of technical panel experts from CCSDS Member Agencies. The procedure for review and authorization of CCSDS Reports is detailed in the Procedures Manual for the Consultative Committee for Space Data Systems. This document is published and maintained by: CCSDS Secretariat Space Communications and Navigation Office, 7L70 Space Operations Mission Directorate NASA Headquarters Washington, DC 20546-0001, USA CCSDS 350.2-G-1 i March 2008 CCSDS HISTORICAL DOCUMENT CCSDS REPORT CONCERNING ENCRYPTION ALGORITHM TRADE SURVEY FOREWORD Through the process of normal evolution, it is expected that expansion, deletion, or modification of this document may occur. This Recommended Standard is therefore subject to CCSDS document management and change control procedures, which are defined in the Procedures Manual for the Consultative Committee for Space Data Systems.
    [Show full text]
  • By Jennifer M. Fogel a Dissertation Submitted in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy
    A MODERN FAMILY: THE PERFORMANCE OF “FAMILY” AND FAMILIALISM IN CONTEMPORARY TELEVISION SERIES by Jennifer M. Fogel A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy (Communication) in The University of Michigan 2012 Doctoral Committee: Associate Professor Amanda D. Lotz, Chair Professor Susan J. Douglas Professor Regina Morantz-Sanchez Associate Professor Bambi L. Haggins, Arizona State University © Jennifer M. Fogel 2012 ACKNOWLEDGEMENTS I owe my deepest gratitude to the members of my dissertation committee – Dr. Susan J. Douglas, Dr. Bambi L. Haggins, and Dr. Regina Morantz-Sanchez, who each contributed their time, expertise, encouragement, and comments throughout this entire process. These women who have mentored and guided me for a number of years have my utmost respect for the work they continue to contribute to our field. I owe my deepest gratitude to my advisor Dr. Amanda D. Lotz, who patiently refused to accept anything but my best work, motivated me to be a better teacher and academic, praised my successes, and will forever remain a friend and mentor. Without her constructive criticism, brainstorming sessions, and matching appreciation for good television, I would have been lost to the wolves of academia. One does not make a journey like this alone, and it would be remiss of me not to express my humble thanks to my parents and sister, without whom seven long and lonely years would not have passed by so quickly. They were both my inspiration and staunchest supporters. Without their tireless encouragement, laughter, and nurturing this dissertation would not have been possible.
    [Show full text]
  • Towards the Generation of a Dynamic Key-Dependent S-Box to Enhance Security
    Towards the Generation of a Dynamic Key-Dependent S-Box to Enhance Security 1 Grasha Jacob, 2 Dr. A. Murugan, 3Irine Viola 1Research and Development Centre, Bharathiar University, Coimbatore – 641046, India, [email protected] [Assoc. Prof., Dept. of Computer Science, Rani Anna Govt College for Women, Tirunelveli] 2 Assoc. Prof., Dept. of Computer Science, Dr. Ambedkar Govt Arts College, Chennai, India 3Assoc. Prof., Dept. of Computer Science, Womens Christian College, Nagercoil, India E-mail: [email protected] ABSTRACT Secure transmission of message was the concern of early men. Several techniques have been developed ever since to assure that the message is understandable only by the sender and the receiver while it would be meaningless to others. In this century, cryptography has gained much significance. This paper proposes a scheme to generate a Dynamic Key-dependent S-Box for the SubBytes Transformation used in Cryptographic Techniques. Keywords: Hamming weight, Hamming Distance, confidentiality, Dynamic Key dependent S-Box 1. INTRODUCTION Today communication networks transfer enormous volume of data. Information related to healthcare, defense and business transactions are either confidential or private and warranting security has become more and more challenging as many communication channels are arbitrated by attackers. Cryptographic techniques allow the sender and receiver to communicate secretly by transforming a plain message into meaningless form and then retransforming that back to its original form. Confidentiality is the foremost objective of cryptography. Even though cryptographic systems warrant security to sensitive information, various methods evolve every now and then like mushroom to crack and crash the cryptographic systems. NSA-approved Data Encryption Standard published in 1977 gained quick worldwide adoption.
    [Show full text]
  • A Novel and Highly Efficient AES Implementation Robust Against Differential Power Analysis Massoud Masoumi K
    A Novel and Highly Efficient AES Implementation Robust against Differential Power Analysis Massoud Masoumi K. N. Toosi University of Tech., Tehran, Iran [email protected] ABSTRACT been proposed. Unfortunately, most of these techniques are Developed by Paul Kocher, Joshua Jaffe, and Benjamin Jun inefficient or costly or vulnerable to higher-order attacks in 1999, Differential Power Analysis (DPA) represents a [6]. They include randomized clocks, memory unique and powerful cryptanalysis technique. Insight into encryption/decryption schemes [7], power consumption the encryption and decryption behavior of a cryptographic randomization [8], and decorrelating the external power device can be determined by examining its electrical power supply from the internal power consumed by the chip. signature. This paper describes a novel approach for Moreover, the use of different hardware logic, such as implementation of the AES algorithm which provides a complementary logic, sense amplifier based logic (SABL), significantly improved strength against differential power and asynchronous logic [9, 10] have been also proposed. analysis with a minimal additional hardware overhead. Our Some of these techniques require about twice as much area method is based on randomization in composite field and will consume twice as much power as an arithmetic which entails an area penalty of only 7% while implementation that is not protected against power attacks. does not decrease the working frequency, does not alter the For example, the technique proposed in [10] adds area 3 algorithm and keeps perfect compatibility with the times and reduces throughput by a factor of 4. Another published standard. The efficiency of the proposed method is masking which involves ensuring the attacker technique was verified by practical results obtained from cannot predict any full registers in the system without real implementation on a Xilinx Spartan-II FPGA.
    [Show full text]
  • Cryptographic Sponge Functions
    Cryptographic sponge functions Guido B1 Joan D1 Michaël P2 Gilles V A1 http://sponge.noekeon.org/ Version 0.1 1STMicroelectronics January 14, 2011 2NXP Semiconductors Cryptographic sponge functions 2 / 93 Contents 1 Introduction 7 1.1 Roots .......................................... 7 1.2 The sponge construction ............................... 8 1.3 Sponge as a reference of security claims ...................... 8 1.4 Sponge as a design tool ................................ 9 1.5 Sponge as a versatile cryptographic primitive ................... 9 1.6 Structure of this document .............................. 10 2 Definitions 11 2.1 Conventions and notation .............................. 11 2.1.1 Bitstrings .................................... 11 2.1.2 Padding rules ................................. 11 2.1.3 Random oracles, transformations and permutations ........... 12 2.2 The sponge construction ............................... 12 2.3 The duplex construction ............................... 13 2.4 Auxiliary functions .................................. 15 2.4.1 The absorbing function and path ...................... 15 2.4.2 The squeezing function ........................... 16 2.5 Primary aacks on a sponge function ........................ 16 3 Sponge applications 19 3.1 Basic techniques .................................... 19 3.1.1 Domain separation .............................. 19 3.1.2 Keying ..................................... 20 3.1.3 State precomputation ............................ 20 3.2 Modes of use of sponge functions .........................
    [Show full text]
  • Harris Sierra II, Programmable Cryptographic
    TYPE 1 PROGRAMMABLE ENCRYPTION Harris Sierra™ II Programmable Cryptographic ASIC KEY BENEFITS When embedded in radios and other voice and data communications equipment, > Legacy algorithm support the Harris Sierra II Programmable Cryptographic ASIC encrypts classified > Low power consumption information prior to transmission and storage. NSA-certified, it is the foundation > JTRS compliant for the Harris Sierra II family of products—which includes two package options for the ASIC and supporting software. > Compliant with NSA’s Crypto Modernization Program The Sierra II ASIC offers a broad range of functionality, with data rates greater than 300 Mbps, > Compact form factor legacy algorithm support, advanced programmability and low power consumption. Its software programmability provides a low-cost migration path for future upgrades to embedded communications equipment—without the logistics and cost burden normally associated with upgrading hardware. Plus, it’s totally compliant with all Joint Tactical Radio System (JTRS) and Crypto Modernization Program requirements. The Sierra II ASIC’s small size, low power requirements, and high data rates make it an ideal choice for battery-powered applications, including military radios, wireless LANs, remote sensors, guided munitions, UAVs and any other devices that require a low-power, programmable solution for encryption. Specifications for: Harris SIERRA II™ Programmable Cryptographic ASIC GENERAL BATON/MEDLEY SAVILLE/PADSTONE KEESEE/CRAYON/WALBURN Type 1 – Cryptographic GOODSPEED Algorithms* ACCORDION FIREFLY/Enhanced FIREFLY JOSEKI Decrypt High Assurance AES DES, Triple DES Type 3 – Cryptographic AES Algorithms* Digital Signature Standard (DSS) Secure Hash Algorithm (SHA) Type 4 – Cryptographic CITADEL® Algorithms* SARK/PARK (KY-57, KYV-5 and KG-84A/C OTAR) DS-101 and DS-102 Key Fill Key Management SINCGARS Mode 2/3 Fill Benign Key/Benign Fill *Other algorithms can be added later.
    [Show full text]
  • An Archeology of Cryptography: Rewriting Plaintext, Encryption, and Ciphertext
    An Archeology of Cryptography: Rewriting Plaintext, Encryption, and Ciphertext By Isaac Quinn DuPont A thesis submitted in conformity with the requirements for the degree of Doctor of Philosophy Faculty of Information University of Toronto © Copyright by Isaac Quinn DuPont 2017 ii An Archeology of Cryptography: Rewriting Plaintext, Encryption, and Ciphertext Isaac Quinn DuPont Doctor of Philosophy Faculty of Information University of Toronto 2017 Abstract Tis dissertation is an archeological study of cryptography. It questions the validity of thinking about cryptography in familiar, instrumentalist terms, and instead reveals the ways that cryptography can been understood as writing, media, and computation. In this dissertation, I ofer a critique of the prevailing views of cryptography by tracing a number of long overlooked themes in its history, including the development of artifcial languages, machine translation, media, code, notation, silence, and order. Using an archeological method, I detail historical conditions of possibility and the technical a priori of cryptography. Te conditions of possibility are explored in three parts, where I rhetorically rewrite the conventional terms of art, namely, plaintext, encryption, and ciphertext. I argue that plaintext has historically been understood as kind of inscription or form of writing, and has been associated with the development of artifcial languages, and used to analyze and investigate the natural world. I argue that the technical a priori of plaintext, encryption, and ciphertext is constitutive of the syntactic iii and semantic properties detailed in Nelson Goodman’s theory of notation, as described in his Languages of Art. I argue that encryption (and its reverse, decryption) are deterministic modes of transcription, which have historically been thought of as the medium between plaintext and ciphertext.
    [Show full text]
  • Optimization of Core Components of Block Ciphers Baptiste Lambin
    Optimization of core components of block ciphers Baptiste Lambin To cite this version: Baptiste Lambin. Optimization of core components of block ciphers. Cryptography and Security [cs.CR]. Université Rennes 1, 2019. English. NNT : 2019REN1S036. tel-02380098 HAL Id: tel-02380098 https://tel.archives-ouvertes.fr/tel-02380098 Submitted on 26 Nov 2019 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. THÈSE DE DOCTORAT DE L’UNIVERSITE DE RENNES 1 COMUE UNIVERSITE BRETAGNE LOIRE Ecole Doctorale N°601 Mathématique et Sciences et Technologies de l’Information et de la Communication Spécialité : Informatique Par Baptiste LAMBIN Optimization of Core Components of Block Ciphers Thèse présentée et soutenue à RENNES, le 22/10/2019 Unité de recherche : IRISA Rapporteurs avant soutenance : Marine Minier, Professeur, LORIA, Université de Lorraine Jacques Patarin, Professeur, PRiSM, Université de Versailles Composition du jury : Examinateurs : Marine Minier, Professeur, LORIA, Université de Lorraine Jacques Patarin, Professeur, PRiSM, Université de Versailles Jean-Louis Lanet, INRIA Rennes Virginie Lallemand, Chargée de Recherche, LORIA, CNRS Jérémy Jean, ANSSI Dir. de thèse : Pierre-Alain Fouque, IRISA, Université de Rennes 1 Co-dir. de thèse : Patrick Derbez, IRISA, Université de Rennes 1 Remerciements Je tiens à remercier en premier lieu mes directeurs de thèse, Pierre-Alain et Patrick.
    [Show full text]
  • Cryptool 2 in Teaching Cryptography
    Journal of Computations & Modelling, vol.4, no.1, 2014, 349-358 ISSN: 1792-7625 (print), 1792-8850 (online) Scienpress Ltd, 2014 Cryptool 2 in Teaching Cryptography Major Konstantinos Loussios1 Abstract. Considering the value it had in the past, has continued to the present and will continue to have, perhaps to an even greater extent in the future concealing information during transmission or transport, leads automatically to attempt to discover the importance and the value of the means, methods and techniques used to implement the concealment. Cryptography is a branch of computer science attracts the attention with its great utility that has nowadays. Given therefore deemed necessary to standardize, analyze and present the encryption algorithms to learning and training on the operation with as efficiently and easily as possible. Having in mind that the theory must be accompanied by practice and examples that help to consolidate the syllabi material, we felt that the analytical presentation of an educational tool on learning algorithms of cryptography is a way of learning while embedding. The learning tool cryptool 2 is an implementation of all the above, and through this we will try to show, those essential functions, which help the user with visual and practical way, to see in detail all the properties and functional details of the algorithms contained, will present representative examples of functioning algorithms, we proceed to create digital signatures and will implement the cryptanalysis algorithms. The above is an object of study and teaching in the professional area of land, in the field of communications and transmissions-service systems. Knowing, however, that historically since the antiquity, first we Greeks, we use encryption in a simple form, for military purposes, but later down through the years and fighting wars around the world, the art encryption and decryption evolved and became object of all armies and weapons.
    [Show full text]
  • Methods for Symmetric Key Cryptography and Cryptanalysis EWM Phd Summer School, Turku, June 2009
    Methods for Symmetric Key Cryptography and Cryptanalysis EWM PhD Summer School, Turku, June 2009 Kaisa Nyberg [email protected] Department of Information and Computer Science Helsinki University of Technology and Nokia, Finland Methods for Symmetric Key Cryptography and Cryptanalysis – 1/32 This lecture is dedicated to the memory of Professor Susanne Dierolf a dear and supporting friend, a highly respected colleague, and a great European Woman in Mathematics, who passed away in May 2009 at the age of 64 in Trier, Germany. Methods for Symmetric Key Cryptography and Cryptanalysis – 2/32 Outline 1. Boolean function Linear approximation of Boolean function Related probability distribution 2. Cryptographic encryption primitives Linear approximation of block cipher Linear approximation of stream cipher 3. Cryptanalysis and attack scenarios Key information deduction on block cipher Distinguishing attack on stream cipher Initial state recovery of stream cipher 4. Conclusions Methods for Symmetric Key Cryptography and Cryptanalysis – 3/32 Boolean Functions Methods for Symmetric Key Cryptography and Cryptanalysis – 4/32 Binary vector space n Z 2 the space of n-dimensional binary vectors ¨ sum modulo 2 Given two vectors 1 n 1 n n a = ´a ; : : : ; a µ; b = ´b ; : : : ; b µ ¾ Z 2 the inner product (dot product) is defined as 1 1 n n a ¡ b = a b ¨ ¡ ¡ ¡ ¨ a b : Then a is called the linear mask of b. Methods for Symmetric Key Cryptography and Cryptanalysis – 5/32 Boolean function n f : Z 2 Z 2 Boolean function. Linear Boolean function is of the form f ´x µ = u ¡ x for some n fixed linear mask u ¾ Z 2.
    [Show full text]