A New Family of Boolean Functions with Good Cryptographic Properties
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
A Differential Fault Attack on MICKEY
A Differential Fault Attack on MICKEY 2.0 Subhadeep Banik and Subhamoy Maitra Applied Statistics Unit, Indian Statistical Institute Kolkata, 203, B.T. Road, Kolkata-108. s.banik [email protected], [email protected] Abstract. In this paper we present a differential fault attack on the stream cipher MICKEY 2.0 which is in eStream's hardware portfolio. While fault attacks have already been reported against the other two eStream hardware candidates Trivium and Grain, no such analysis is known for MICKEY. Using the standard assumptions for fault attacks, we show that if the adversary can induce random single bit faults in the internal state of the cipher, then by injecting around 216:7 faults and performing 232:5 computations on an average, it is possible to recover the entire internal state of MICKEY at the beginning of the key-stream generation phase. We further consider the scenario where the fault may affect at most three neighbouring bits and in that case we require around 218:4 faults on an average. Keywords: eStream, Fault attacks, MICKEY 2.0, Stream Cipher. 1 Introduction The stream cipher MICKEY 2.0 [4] was designed by Steve Babbage and Matthew Dodd as a submission to the eStream project. The cipher has been selected as a part of eStream's final hardware portfolio. MICKEY is a synchronous, bit- oriented stream cipher designed for low hardware complexity and high speed. After a TMD tradeoff attack [16] against the initial version of MICKEY (ver- sion 1), the designers responded by tweaking the design by increasing the state size from 160 to 200 bits and altering the values of some control bit tap loca- tions. -
Laced Boolean Functions and Subset Sum Problems in Finite Fields
Laced Boolean functions and subset sum problems in finite fields David Canright1, Sugata Gangopadhyay2 Subhamoy Maitra3, Pantelimon Stanic˘ a˘1 1 Department of Applied Mathematics, Naval Postgraduate School Monterey, CA 93943{5216, USA; fdcanright,[email protected] 2 Department of Mathematics, Indian Institute of Technology Roorkee 247667 INDIA; [email protected] 3 Applied Statistics Unit, Indian Statistical Institute 203 B. T. Road, Calcutta 700 108, INDIA; [email protected] March 13, 2011 Abstract In this paper, we investigate some algebraic and combinatorial properties of a special Boolean function on n variables, defined us- ing weighted sums in the residue ring modulo the least prime p ≥ n. We also give further evidence to a question raised by Shparlinski re- garding this function, by computing accurately the Boolean sensitivity, thus settling the question for prime number values p = n. Finally, we propose a generalization of these functions, which we call laced func- tions, and compute the weight of one such, for every value of n. Mathematics Subject Classification: 06E30,11B65,11D45,11D72 Key Words: Boolean functions; Hamming weight; Subset sum problems; residues modulo primes. 1 1 Introduction Being interested in read-once branching programs, Savicky and Zak [7] were led to the definition and investigation, from a complexity point of view, of a special Boolean function based on weighted sums in the residue ring modulo a prime p. Later on, a modification of the same function was used by Sauerhoff [6] to show that quantum read-once branching programs are exponentially more powerful than classical read-once branching programs. Shparlinski [8] used exponential sums methods to find bounds on the Fourier coefficients, and he posed several open questions, which are the motivation of this work. -
Analysis of Boolean Functions and Its Applications to Topics Such As Property Testing, Voting, Pseudorandomness, Gaussian Geometry and the Hardness of Approximation
Analysis of Boolean Functions Notes from a series of lectures by Ryan O’Donnell Guest lecture by Per Austrin Barbados Workshop on Computational Complexity February 26th – March 4th, 2012 Organized by Denis Th´erien Scribe notes by Li-Yang Tan arXiv:1205.0314v1 [cs.CC] 2 May 2012 Contents 1 Linearity testing and Arrow’s theorem 3 1.1 TheFourierexpansion ............................. 3 1.2 Blum-Luby-Rubinfeld. .. .. .. .. .. .. .. .. 7 1.3 Votingandinfluence .............................. 9 1.4 Noise stability and Arrow’s theorem . ..... 12 2 Noise stability and small set expansion 15 2.1 Sheppard’s formula and Stabρ(MAJ)...................... 15 2.2 Thenoisyhypercubegraph. 16 2.3 Bonami’slemma................................. 18 3 KKL and quasirandomness 20 3.1 Smallsetexpansion ............................... 20 3.2 Kahn-Kalai-Linial ............................... 21 3.3 Dictator versus Quasirandom tests . ..... 22 4 CSPs and hardness of approximation 26 4.1 Constraint satisfaction problems . ...... 26 4.2 Berry-Ess´een................................... 27 5 Majority Is Stablest 30 5.1 Borell’s isoperimetric inequality . ....... 30 5.2 ProofoutlineofMIST ............................. 32 5.3 Theinvarianceprinciple . 33 6 Testing dictators and UGC-hardness 37 1 Linearity testing and Arrow’s theorem Monday, 27th February 2012 Rn Open Problem [Guy86, HK92]: Let a with a 2 = 1. Prove Prx 1,1 n [ a, x • ∈ k k ∈{− } |h i| ≤ 1] 1 . ≥ 2 Open Problem (S. Srinivasan): Suppose g : 1, 1 n 2 , 1 where g(x) 2 , 1 if • {− } →± 3 ∈ 3 n x n and g(x) 1, 2 if n x n . Prove deg( f)=Ω(n). i=1 i ≥ 2 ∈ − − 3 i=1 i ≤− 2 P P In this workshop we will study the analysis of boolean functions and its applications to topics such as property testing, voting, pseudorandomness, Gaussian geometry and the hardness of approximation. -
Probabilistic Boolean Logic, Arithmetic and Architectures
PROBABILISTIC BOOLEAN LOGIC, ARITHMETIC AND ARCHITECTURES A Thesis Presented to The Academic Faculty by Lakshmi Narasimhan Barath Chakrapani In Partial Fulfillment of the Requirements for the Degree Doctor of Philosophy in the School of Computer Science, College of Computing Georgia Institute of Technology December 2008 PROBABILISTIC BOOLEAN LOGIC, ARITHMETIC AND ARCHITECTURES Approved by: Professor Krishna V. Palem, Advisor Professor Trevor Mudge School of Computer Science, College Department of Electrical Engineering of Computing and Computer Science Georgia Institute of Technology University of Michigan, Ann Arbor Professor Sung Kyu Lim Professor Sudhakar Yalamanchili School of Electrical and Computer School of Electrical and Computer Engineering Engineering Georgia Institute of Technology Georgia Institute of Technology Professor Gabriel H. Loh Date Approved: 24 March 2008 College of Computing Georgia Institute of Technology To my parents The source of my existence, inspiration and strength. iii ACKNOWLEDGEMENTS आचायातर् ्पादमादे पादं िशंयः ःवमेधया। पादं सॄचारयः पादं कालबमेणच॥ “One fourth (of knowledge) from the teacher, one fourth from self study, one fourth from fellow students and one fourth in due time” 1 Many people have played a profound role in the successful completion of this disser- tation and I first apologize to those whose help I might have failed to acknowledge. I express my sincere gratitude for everything you have done for me. I express my gratitude to Professor Krisha V. Palem, for his energy, support and guidance throughout the course of my graduate studies. Several key results per- taining to the semantic model and the properties of probabilistic Boolean logic were due to his brilliant insights. -
Predicate Logic
Predicate Logic Laura Kovács Recap: Boolean Algebra and Propositional Logic 0, 1 True, False (other notation: t, f) boolean variables a ∈{0,1} atomic formulas (atoms) p∈{True,False} boolean operators ¬, ∧, ∨, fl, ñ logical connectives ¬, ∧, ∨, fl, ñ boolean functions: propositional formulas: • 0 and 1 are boolean functions; • True and False are propositional formulas; • boolean variables are boolean functions; • atomic formulas are propositional formulas; • if a is a boolean function, • if a is a propositional formula, then ¬a is a boolean function; then ¬a is a propositional formula; • if a and b are boolean functions, • if a and b are propositional formulas, then a∧b, a∨b, aflb, añb are boolean functions. then a∧b, a∨b, aflb, añb are propositional formulas. truth value of a boolean function truth value of a propositional formula (truth tables) (truth tables) Recap: Boolean Algebra and Propositional Logic 0, 1 True, False (other notation: t, f) boolean variables a ∈{0,1} atomic formulas (atoms) p∈{True,False} boolean operators ¬, ∧, ∨, fl, ñ logical connectives ¬, ∧, ∨, fl, ñ boolean functions: propositional formulas (propositions, Aussagen ): • 0 and 1 are boolean functions; • True and False are propositional formulas; • boolean variables are boolean functions; • atomic formulas are propositional formulas; • if a is a boolean function, • if a is a propositional formula, then ¬a is a boolean function; then ¬a is a propositional formula; • if a and b are boolean functions, • if a and b are propositional formulas, then a∧b, a∨b, aflb, añb are -
Satisfiability 6 the Decision Problem 7
Satisfiability Difficult Problems Dealing with SAT Implementation Klaus Sutner Carnegie Mellon University 2020/02/04 Finding Hard Problems 2 Entscheidungsproblem to the Rescue 3 The Entscheidungsproblem is solved when one knows a pro- cedure by which one can decide in a finite number of operations So where would be look for hard problems, something that is eminently whether a given logical expression is generally valid or is satis- decidable but appears to be outside of P? And, we’d like the problem to fiable. The solution of the Entscheidungsproblem is of funda- be practical, not some monster from CRT. mental importance for the theory of all fields, the theorems of which are at all capable of logical development from finitely many The Circuit Value Problem is a good indicator for the right direction: axioms. evaluating Boolean expressions is polynomial time, but relatively difficult D. Hilbert within P. So can we push CVP a little bit to force it outside of P, just a little bit? In a sense, [the Entscheidungsproblem] is the most general Say, up into EXP1? problem of mathematics. J. Herbrand Exploiting Difficulty 4 Scaling Back 5 Herbrand is right, of course. As a research project this sounds like a Taking a clue from CVP, how about asking questions about Boolean fiasco. formulae, rather than first-order? But: we can turn adversity into an asset, and use (some version of) the Probably the most natural question that comes to mind here is Entscheidungsproblem as the epitome of a hard problem. Is ϕ(x1, . , xn) a tautology? The original Entscheidungsproblem would presumable have included arbitrary first-order questions about number theory. -
Security in Wireless Sensor Networks Using Cryptographic Techniques
American Journal of Engineering Research (AJER) 2014 American Journal of Engineering Research (AJER) e-ISSN : 2320-0847 p-ISSN : 2320-0936 Volume-03, Issue-01, pp-50-56 www.ajer.org Research Paper Open Access Security in Wireless Sensor Networks using Cryptographic Techniques Madhumita Panda Sambalpur University Institute of Information Technology(SUIIT)Burla, Sambalpur, Odisha, India. Abstract: -Wireless sensor networks consist of autonomous sensor nodes attached to one or more base stations.As Wireless sensor networks continues to grow,they become vulnerable to attacks and hence the need for effective security mechanisms.Identification of suitable cryptography for wireless sensor networks is an important challenge due to limitation of energy,computation capability and storage resources of the sensor nodes.Symmetric based cryptographic schemes donot scale well when the number of sensor nodes increases.Hence public key based schemes are widely used.We present here two public – key based algorithms, RSA and Elliptic Curve Cryptography (ECC) and found out that ECC have a significant advantage over RSA as it reduces the computation time and also the amount of data transmitted and stored. Keywords: -Wireless Sensor Network,Security, Cryptography, RSA,ECC. I. WIRELESS SENSOR NETWORK Sensor networks refer to a heterogeneous system combining tiny sensors and actuators with general- purpose computing elements. These networks will consist of hundreds or thousands of self-organizing, low- power, low-cost wireless nodes deployed to monitor and affect the environment [1]. Sensor networks are typically characterized by limited power supplies, low bandwidth, small memory sizes and limited energy. This leads to a very demanding environment to provide security. -
Problems and Comments on Boolean Algebras Rosen, Fifth Edition: Chapter 10; Sixth Edition: Chapter 11 Boolean Functions
Problems and Comments on Boolean Algebras Rosen, Fifth Edition: Chapter 10; Sixth Edition: Chapter 11 Boolean Functions Section 10. 1, Problems: 1, 2, 3, 4, 10, 11, 29, 36, 37 (fifth edition); Section 11.1, Problems: 1, 2, 5, 6, 12, 13, 31, 40, 41 (sixth edition) The notation ""forOR is bad and misleading. Just think that in the context of boolean functions, the author uses instead of ∨.The integers modulo 2, that is ℤ2 0,1, have an addition where 1 1 0 while 1 ∨ 1 1. AsetA is partially ordered by a binary relation ≤, if this relation is reflexive, that is a ≤ a holds for every element a ∈ S,it is transitive, that is if a ≤ b and b ≤ c hold for elements a,b,c ∈ S, then one also has that a ≤ c, and ≤ is anti-symmetric, that is a ≤ b and b ≤ a can hold for elements a,b ∈ S only if a b. The subsets of any set S are partially ordered by set inclusion. that is the power set PS,⊆ is a partially ordered set. A partial ordering on S is a total ordering if for any two elements a,b of S one has that a ≤ b or b ≤ a. The natural numbers ℕ,≤ with their ordinary ordering are totally ordered. A bounded lattice L is a partially ordered set where every finite subset has a least upper bound and a greatest lower bound.The least upper bound of the empty subset is defined as 0, it is the smallest element of L. -
Improved Correlation Attacks on SOSEMANUK and SOBER-128
Improved Correlation Attacks on SOSEMANUK and SOBER-128 Joo Yeon Cho Helsinki University of Technology Department of Information and Computer Science, Espoo, Finland 24th March 2009 1 / 35 SOSEMANUK Attack Approximations SOBER-128 Outline SOSEMANUK Attack Method Searching Linear Approximations SOBER-128 2 / 35 SOSEMANUK Attack Approximations SOBER-128 SOSEMANUK (from Wiki) • A software-oriented stream cipher designed by Come Berbain, Olivier Billet, Anne Canteaut, Nicolas Courtois, Henri Gilbert, Louis Goubin, Aline Gouget, Louis Granboulan, Cedric` Lauradoux, Marine Minier, Thomas Pornin and Herve` Sibert. • One of the final four Profile 1 (software) ciphers selected for the eSTREAM Portfolio, along with HC-128, Rabbit, and Salsa20/12. • Influenced by the stream cipher SNOW and the block cipher Serpent. • The cipher key length can vary between 128 and 256 bits, but the guaranteed security is only 128 bits. • The name means ”snow snake” in the Cree Indian language because it depends both on SNOW and Serpent. 3 / 35 SOSEMANUK Attack Approximations SOBER-128 Overview 4 / 35 SOSEMANUK Attack Approximations SOBER-128 Structure 1. The states of LFSR : s0,..., s9 (320 bits) −1 st+10 = st+9 ⊕ α st+3 ⊕ αst, t ≥ 1 where α is a root of the primitive polynomial. 2. The Finite State Machine (FSM) : R1 and R2 R1t+1 = R2t ¢ (rtst+9 ⊕ st+2) R2t+1 = Trans(R1t) ft = (st+9 ¢ R1t) ⊕ R2t where rt denotes the least significant bit of R1t. F 3. The trans function Trans on 232 : 32 Trans(R1t) = (R1t × 0x54655307 mod 2 )≪7 4. The output of the FSM : (zt+3, zt+2, zt+1, zt)= Serpent1(ft+3, ft+2, ft+1, ft)⊕(st+3, st+2, st+1, st) 5 / 35 SOSEMANUK Attack Approximations SOBER-128 Previous Attacks • Authors state that ”No linear relation holds after applying Serpent1 and there are too many unknown bits...”. -
On the Design and Analysis of Stream Ciphers Hell, Martin
On the Design and Analysis of Stream Ciphers Hell, Martin 2007 Link to publication Citation for published version (APA): Hell, M. (2007). On the Design and Analysis of Stream Ciphers. Department of Electrical and Information Technology, Lund University. Total number of authors: 1 General rights Unless other specific re-use rights are stated the following general rights apply: Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal Read more about Creative commons licenses: https://creativecommons.org/licenses/ Take down policy If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim. LUND UNIVERSITY PO Box 117 221 00 Lund +46 46-222 00 00 On the Design and Analysis of Stream Ciphers Martin Hell Ph.D. Thesis September 13, 2007 Martin Hell Department of Electrical and Information Technology Lund University Box 118 S-221 00 Lund, Sweden e-mail: [email protected] http://www.eit.lth.se/ ISBN: 91-7167-043-2 ISRN: LUTEDX/TEIT-07/1039-SE c Martin Hell, 2007 Abstract his thesis presents new cryptanalysis results for several different stream Tcipher constructions. -
MICKEY 2.0. 85: a Secure and Lighter MICKEY 2.0 Cipher Variant With
S S symmetry Article MICKEY 2.0.85: A Secure and Lighter MICKEY 2.0 Cipher Variant with Improved Power Consumption for Smaller Devices in the IoT Ahmed Alamer 1,2,*, Ben Soh 1 and David E. Brumbaugh 3 1 Department of Computer Science and Information Technology, School of Engineering and Mathematical Sciences, La Trobe University, Victoria 3086, Australia; [email protected] 2 Department of Mathematics, College of Science, Tabuk University, Tabuk 7149, Saudi Arabia 3 Techno Authority, Digital Consultant, 358 Dogwood Drive, Mobile, AL 36609, USA; [email protected] * Correspondence: [email protected]; Tel.: +61-431-292-034 Received: 31 October 2019; Accepted: 20 December 2019; Published: 22 December 2019 Abstract: Lightweight stream ciphers have attracted significant attention in the last two decades due to their security implementations in small devices with limited hardware. With low-power computation abilities, these devices consume less power, thus reducing costs. New directions in ultra-lightweight cryptosystem design include optimizing lightweight cryptosystems to work with a low number of gate equivalents (GEs); without affecting security, these designs consume less power via scaled-down versions of the Mutual Irregular Clocking KEYstream generator—version 2-(MICKEY 2.0) cipher. This study aims to obtain a scaled-down version of the MICKEY 2.0 cipher by modifying its internal state design via reducing shift registers and modifying the controlling bit positions to assure the ciphers’ pseudo-randomness. We measured these changes using the National Institutes of Standards and Testing (NIST) test suites, investigating the speed and power consumption of the proposed scaled-down version named MICKEY 2.0.85. -
Logic and Bit Operations
Logic and bit operations • Computers represent information by bits. • A bit has two possible values, namely zero and one. This meaning of the word comes from binary digit, since zeroes and ones are the digits used in binary representations of numbers. The well-known statistician John Tuley introduced this terminology in 1946. (There were several other suggested words for a binary digit, including binit and bigit, that never were widely accepted.) • A bit can be used to represent a truth value, since there are two truth values, true and false. • A variable is called a Boolean variable if its values are either true or false. • Computer bit operations correspond to the logical connectives. We will also use the notation OR, AND and XOR for _ , ^ and exclusive _. • A bit string is a sequence of zero or more bits. The length of the string is the number of bits in the string. 1 • We can extend bit operations to bit strings. We define bitwise OR, bitwise AND and bitwise XOR of two strings of the same length to be the strings that have as their bits the OR, AND and XOR of the corresponding bits in the two strings. • Example: Find the bitwise OR, bitwise AND and bitwise XOR of the bit strings 01101 10110 11000 11101 Solution: The bitwise OR is 11101 11111 The bitwise AND is 01000 10100 and the bitwise XOR is 10101 01011 2 Boolean algebra • The circuits in computers and other electronic devices have inputs, each of which is either a 0 or a 1, and produce outputs that are also 0s and 1s.