DOCSLIB.ORG

A New Family of Boolean Functions with Good Cryptographic Properties

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

axioms Article A New Family of Boolean Functions with Good Cryptographic Properties Guillermo Sosa-Gómez 1,* , Octavio Paez-Osuna 2 , Omar Rojas 1 and Evaristo José Madarro-Capó 3 1 Facultad de Ciencias Económicas y Empresariales, Universidad Panamericana, Álvaro del Portillo 49, Zapopan, Jalisco 45010, Mexico; [email protected] 2 Ronin Institute, Montclair, NJ 07043, USA; [email protected] 3 Institute of Cryptography, University of Havana, Havana 10400, Cuba; [email protected] * Correspondence: [email protected]; Tel.: +52-3313682200 Abstract: In 2005, Philippe Guillot presented a new construction of Boolean functions using linear codes as an extension of the Maiorana–McFarland’s (MM) construction of bent functions. In this paper, we study a new family of Boolean functions with cryptographically strong properties, such as non- linearity, propagation criterion, resiliency, and balance. The construction of cryptographically strong Boolean functions is a daunting task, and there is currently a wide range of algebraic techniques and heuristics for constructing such functions; however, these methods can be complex, computationally difficult to implement, and not always produce a sufficient variety of functions. We present in this paper a construction of Boolean functions using algebraic codes following Guillot’s work. Keywords: resilient; boolean function; Hadamard; cryptography; non-linearity MSC: 06E30; 94C10 Citation: Sosa-Gómez, G.; Paez-Osuna, O.; Rojas, O.; Madarro-Capó, E.J. A New Family of 1. Introduction Boolean Functions with Good In today’s society, there is a dependency-based communications security for financial Cryptographic Properties. Axioms transactions [1], telematic services, and telephony networks. Each day, new challenges 2021, 10, 42. https://doi.org/ arise for the protection of sensitive information from unauthorized entities. Cryptosystems 10.3390/axioms10020042 are divided into two main types: symmetric and asymmetric ciphers [2]. Symmetric cryptosystems are classified in two families: block ciphers and stream ciphers. A Academic Editor: Javier Fernandez fundamental piece of many symmetric ciphers are Boolean functions [3] used, for example, in internal state S-boxes. For example, the well known DES block cipher uses 6 input bits Received: 9 February 2021 and 4 output bits [4] and stream ciphers, like Mickey and Sosemanuk, in the eSTREAM Accepted: 22 March 2021 final round portfolio [5]. Published: 25 March 2021 Symmetric ciphers are classified, generally, in block cipher and stream cipher and a fundamental piece in the design of both type of ciphers are Boolean functions [3]. Block Publisher’s Note: MDPI stays neutral ciphers include Boolean functions as component function of internal state non-linear with regard to jurisdictional claims in published maps and institutional Vectorial function, called S-boxes [4], while stream ciphers that are feedback shift register affiliations. based used them as non-linear combination, non-linear filtering, or irregular clock-control [5]. In a symmetric cipher system, one seeks cryptographically strong Boolean functions that can be of practical use and resistant to different kinds of attacks that have appeared over the years (differential attack, linear attack, correlation attack, algebraic attack, etc.). Copyright: c 2021 by the authors. Boolean functions appear in various scientific disciplines, including Coding Theory, Licensee MDPI, Basel, Switzerland. This Combinatorics, Complexity Theory, Cryptography, and Graphic Theory, among others. article is an open access article distributed under the terms and conditions of the In Cryptography, the design and analysis of Boolean functions that possess specific Creative Commons Attribution (CC BY) properties has often being the focus of attention. A productive field of research for most of license (https://creativecommons.org/ these cryptographic properties is the Walsh-Hadamard spectrum, one of the most widely licenses/by/ 4.0/). used representations of the Boolean function. Axioms 2021, 10, 42. https://doi.org/10.3390/axioms10020042 https://www.mdpi.com/journal/axioms Axioms 2021, 10, 42 2 of 10 The construction of cryptographically strong Boolean functions is a daunting task, and there is currently a wide range of algebraic techniques and heuristics for constructing such functions; however, these methods can be complex, computationally difficult to implement, and not always produce a sufficient variety of functions. We present in this paper a construction of Boolean functions using algebraic codes following Guillot’s work. 2. Preliminaries n Here, we follow Reference [6]. Let F2 be the binary vector space of dimension n over n the Galois field of two elements F2. Given two vectors a,b 2 F2 , we define the scalar product as a · b = (a1b1 ⊕ ... ⊕ anbn), and the sum as a ⊕ b = (a1 ⊕ b1,..., an ⊕ bn), where the product and sum ⊕ (also called XOR) are over F2. An n-variable Boolean function f is a mapping n f : F2 −! F2. We will denote by Bn the set of all Boolean functions of n variables. The set Bn is a vector space over F2 with the addition ⊕ defined by ( f ⊕ g)(x) = f (x) ⊕ g(x), n ˆ n for any f , g 2 Bn and any x 2 F2 . The polar form f : F2 −! R, or sign function, of a Boolean function f 2 Bn, is defined by ( ) fˆ(x) = (−1) f x . n The truth table of a Boolean function f is the vector, indexed by the elements of F2 (in lexicographical order), ( f (0¯), f (1¯),..., f (2n − 1)), where 0¯ = (0, ... , 0, 0), 1¯ = (0, ... , 0, 1), ... , 2n − 1 = (1, ... , 1, 1). The polar truth table of f is the (1, −1) sequence defined by (¯) ( n− ) (−1) f 0 ,..., (−1) f 2 1 . n The support f , denoted by Supp( f ), is the set of vectors in F2 in which the image under f is 1, i.e., n Supp( f ) = fx 2 F2 j f (x) = 1g. The weight of a Boolean function f 2 Bn, denoted by w( f ), is the cardinality of its support, i.e., w( f ) = jSupp( f )j. We will say that a function f 2 Bn is balanced if w( f ) = 2n−1, i.e., if the truth table of f contains the same number of 0 and 1. This property is desirable in a Boolean function to resist differential attacks, such as those introduced by Shamir against the DES algorithm [7]. A Boolean function f 2 Bn is called affine if we can write it as f (x) = ha, xi ⊕ b, n for some a 2 F2 and b 2 F2. If b = 0, we say that f is a linear function. The set of affine functions will be denoted by An. Let f , g 2 Bn. The distance, d( f , g), between f and g, is the weight of the function f ⊕ g, i.e., d( f , g) = w( f ⊕ g). Axioms 2021, 10, 42 3 of 10 The non-linearity of a Boolean function f 2 Bn, denoted by N f , is the minimum distance between f and the set of affine functions An, i.e., N f = minfd( f , j) j j 2 Ang. A high non-linearity is desired to reduce the effect of linear cryptanalysis attacks [8]. n A Boolean function in F2 can be expressed uniquely as a polynomial in 2 2 F2[x1,..., xn]/ x1 ⊕ x1,..., xn ⊕ xn , through its Algebraic Normal Form (ANF) ( ) = a1 ··· an f x ∑ cax1 xn , (1) n a2F2 where ca 2 F2, and a = (a1, ... , an), with ca = ∑x≤a f (x), where x ≤ a means that xi ≤ ai, for all 1 ≤ i ≤ n, i.e., ca = g(a1, ... , an), and g is a function in Bn called the Möbius Transform of f , denoted by g = m( f ). The Algebraic Degree of a Boolean function f is the degree of its ANF. It follows that the algebraic degree of f 2 Bn does not exceed n, that is, is the number of variables in the highest order term with non-zero coefficient. n n The Walsh-Hadamard Transform of a function f in F2 is the mapping H( f ) : F2 ! R, defined by H( f )(h) = ∑ f (x)(−1)h·x. (2) n x2F2 n ? Let f 2 Bn be a Boolean function, and let S be an arbitrary subspace of F2 and S the dual (annihilator) of S, i.e., ? n S = fx 2 F2 : x · s = 0, 8s 2 Sg, then ∑ H( f )(u) = 2dimS ∑ f (u). (3) u2S u2S? From the definition of the Walsh-Hadamard Transform, it follows that H( fˆ)(u) equals the number of zeros minus the number of ones in the binary vector f ⊕ lu(lu 2 An and n lu(v) = ∑i=1 uivi) such that n ˆ n H( f )(u) = 2 − 2d( f , ∑ uivi), (4) i=1 n 1 n ˆ d( f , ∑ uivi) = (2 − H( f )(u)), (5) i=1 2 n 1 n ˆ d( f , 1 ⊕ ∑ uivi) = (2 + H( f )(u)). (6) i=1 2 We summarize these results in the following Theorem 1. The non-linearity f is determined by the Walsh-Hadamard Transform of f , i.e., n−1 1 ˆ N f = 2 − max jH( f )(u)j. (7) 2 n u2F2 Proof. See proof in Reference [9]. Axioms 2021, 10, 42 4 of 10 In what follows, we summarize some factors which are important in the design of Boolean functions with good cryptographic properties [10]. An n-variable Boolean function is said to have correlation immunity of order m if and only if H( fˆ)(u) = 0, with 1 ≤ w(u) ≤ m. A Boolean function with correlation immunity of order m and balanced is called m-resilient. The fundamental relationship between the number of variables n, the algebraic degree d, and the order of correlation immunity m of a Boolean function is m + d ≤ n; see Reference [11]. The autocorrelation function r fˆ(s) of a Boolean function f is defined from its polar representation as ( ) = ˆ( ) ˆ( ⊕ ) r fˆ s ∑ f x f x s .
Recommended publications
  • A Differential Fault Attack on MICKEY

    A Differential Fault Attack on MICKEY

    A Differential Fault Attack on MICKEY 2.0 Subhadeep Banik and Subhamoy Maitra Applied Statistics Unit, Indian Statistical Institute Kolkata, 203, B.T. Road, Kolkata-108. s.banik [email protected], [email protected] Abstract. In this paper we present a differential fault attack on the stream cipher MICKEY 2.0 which is in eStream's hardware portfolio. While fault attacks have already been reported against the other two eStream hardware candidates Trivium and Grain, no such analysis is known for MICKEY. Using the standard assumptions for fault attacks, we show that if the adversary can induce random single bit faults in the internal state of the cipher, then by injecting around 216:7 faults and performing 232:5 computations on an average, it is possible to recover the entire internal state of MICKEY at the beginning of the key-stream generation phase. We further consider the scenario where the fault may affect at most three neighbouring bits and in that case we require around 218:4 faults on an average. Keywords: eStream, Fault attacks, MICKEY 2.0, Stream Cipher. 1 Introduction The stream cipher MICKEY 2.0 [4] was designed by Steve Babbage and Matthew Dodd as a submission to the eStream project. The cipher has been selected as a part of eStream's final hardware portfolio. MICKEY is a synchronous, bit- oriented stream cipher designed for low hardware complexity and high speed. After a TMD tradeoff attack [16] against the initial version of MICKEY (ver- sion 1), the designers responded by tweaking the design by increasing the state size from 160 to 200 bits and altering the values of some control bit tap loca- tions.
  • Laced Boolean Functions and Subset Sum Problems in Finite Fields

    Laced Boolean Functions and Subset Sum Problems in Finite Fields

    Laced Boolean functions and subset sum problems in finite fields David Canright1, Sugata Gangopadhyay2 Subhamoy Maitra3, Pantelimon Stanic˘ a˘1 1 Department of Applied Mathematics, Naval Postgraduate School Monterey, CA 93943{5216, USA; fdcanright,[email protected] 2 Department of Mathematics, Indian Institute of Technology Roorkee 247667 INDIA; [email protected] 3 Applied Statistics Unit, Indian Statistical Institute 203 B. T. Road, Calcutta 700 108, INDIA; [email protected] March 13, 2011 Abstract In this paper, we investigate some algebraic and combinatorial properties of a special Boolean function on n variables, defined us- ing weighted sums in the residue ring modulo the least prime p ≥ n. We also give further evidence to a question raised by Shparlinski re- garding this function, by computing accurately the Boolean sensitivity, thus settling the question for prime number values p = n. Finally, we propose a generalization of these functions, which we call laced func- tions, and compute the weight of one such, for every value of n. Mathematics Subject Classification: 06E30,11B65,11D45,11D72 Key Words: Boolean functions; Hamming weight; Subset sum problems; residues modulo primes. 1 1 Introduction Being interested in read-once branching programs, Savicky and Zak [7] were led to the definition and investigation, from a complexity point of view, of a special Boolean function based on weighted sums in the residue ring modulo a prime p. Later on, a modification of the same function was used by Sauerhoff [6] to show that quantum read-once branching programs are exponentially more powerful than classical read-once branching programs. Shparlinski [8] used exponential sums methods to find bounds on the Fourier coefficients, and he posed several open questions, which are the motivation of this work.
  • Analysis of Boolean Functions and Its Applications to Topics Such As Property Testing, Voting, Pseudorandomness, Gaussian Geometry and the Hardness of Approximation

    Analysis of Boolean Functions and Its Applications to Topics Such As Property Testing, Voting, Pseudorandomness, Gaussian Geometry and the Hardness of Approximation

    Analysis of Boolean Functions Notes from a series of lectures by Ryan O’Donnell Guest lecture by Per Austrin Barbados Workshop on Computational Complexity February 26th – March 4th, 2012 Organized by Denis Th´erien Scribe notes by Li-Yang Tan arXiv:1205.0314v1 [cs.CC] 2 May 2012 Contents 1 Linearity testing and Arrow’s theorem 3 1.1 TheFourierexpansion ............................. 3 1.2 Blum-Luby-Rubinfeld. .. .. .. .. .. .. .. .. 7 1.3 Votingandinfluence .............................. 9 1.4 Noise stability and Arrow’s theorem . ..... 12 2 Noise stability and small set expansion 15 2.1 Sheppard’s formula and Stabρ(MAJ)...................... 15 2.2 Thenoisyhypercubegraph. 16 2.3 Bonami’slemma................................. 18 3 KKL and quasirandomness 20 3.1 Smallsetexpansion ............................... 20 3.2 Kahn-Kalai-Linial ............................... 21 3.3 Dictator versus Quasirandom tests . ..... 22 4 CSPs and hardness of approximation 26 4.1 Constraint satisfaction problems . ...... 26 4.2 Berry-Ess´een................................... 27 5 Majority Is Stablest 30 5.1 Borell’s isoperimetric inequality . ....... 30 5.2 ProofoutlineofMIST ............................. 32 5.3 Theinvarianceprinciple . 33 6 Testing dictators and UGC-hardness 37 1 Linearity testing and Arrow’s theorem Monday, 27th February 2012 Rn Open Problem [Guy86, HK92]: Let a with a 2 = 1. Prove Prx 1,1 n [ a, x • ∈ k k ∈{− } |h i| ≤ 1] 1 . ≥ 2 Open Problem (S. Srinivasan): Suppose g : 1, 1 n 2 , 1 where g(x) 2 , 1 if • {− } →± 3 ∈ 3 n x n and g(x) 1, 2 if n x n . Prove deg( f)=Ω(n). i=1 i ≥ 2 ∈ − − 3 i=1 i ≤− 2 P P In this workshop we will study the analysis of boolean functions and its applications to topics such as property testing, voting, pseudorandomness, Gaussian geometry and the hardness of approximation.
  • Probabilistic Boolean Logic, Arithmetic and Architectures

    Probabilistic Boolean Logic, Arithmetic and Architectures

    PROBABILISTIC BOOLEAN LOGIC, ARITHMETIC AND ARCHITECTURES A Thesis Presented to The Academic Faculty by Lakshmi Narasimhan Barath Chakrapani In Partial Fulfillment of the Requirements for the Degree Doctor of Philosophy in the School of Computer Science, College of Computing Georgia Institute of Technology December 2008 PROBABILISTIC BOOLEAN LOGIC, ARITHMETIC AND ARCHITECTURES Approved by: Professor Krishna V. Palem, Advisor Professor Trevor Mudge School of Computer Science, College Department of Electrical Engineering of Computing and Computer Science Georgia Institute of Technology University of Michigan, Ann Arbor Professor Sung Kyu Lim Professor Sudhakar Yalamanchili School of Electrical and Computer School of Electrical and Computer Engineering Engineering Georgia Institute of Technology Georgia Institute of Technology Professor Gabriel H. Loh Date Approved: 24 March 2008 College of Computing Georgia Institute of Technology To my parents The source of my existence, inspiration and strength. iii ACKNOWLEDGEMENTS आचायातर् ्पादमादे पादं िशंयः ःवमेधया। पादं सॄचारयः पादं कालबमेणच॥ “One fourth (of knowledge) from the teacher, one fourth from self study, one fourth from fellow students and one fourth in due time” 1 Many people have played a profound role in the successful completion of this disser- tation and I first apologize to those whose help I might have failed to acknowledge. I express my sincere gratitude for everything you have done for me. I express my gratitude to Professor Krisha V. Palem, for his energy, support and guidance throughout the course of my graduate studies. Several key results per- taining to the semantic model and the properties of probabilistic Boolean logic were due to his brilliant insights.
  • Predicate Logic

    Predicate Logic

    Predicate Logic Laura Kovács Recap: Boolean Algebra and Propositional Logic 0, 1 True, False (other notation: t, f) boolean variables a ∈{0,1} atomic formulas (atoms) p∈{True,False} boolean operators ¬, ∧, ∨, fl, ñ logical connectives ¬, ∧, ∨, fl, ñ boolean functions: propositional formulas: • 0 and 1 are boolean functions; • True and False are propositional formulas; • boolean variables are boolean functions; • atomic formulas are propositional formulas; • if a is a boolean function, • if a is a propositional formula, then ¬a is a boolean function; then ¬a is a propositional formula; • if a and b are boolean functions, • if a and b are propositional formulas, then a∧b, a∨b, aflb, añb are boolean functions. then a∧b, a∨b, aflb, añb are propositional formulas. truth value of a boolean function truth value of a propositional formula (truth tables) (truth tables) Recap: Boolean Algebra and Propositional Logic 0, 1 True, False (other notation: t, f) boolean variables a ∈{0,1} atomic formulas (atoms) p∈{True,False} boolean operators ¬, ∧, ∨, fl, ñ logical connectives ¬, ∧, ∨, fl, ñ boolean functions: propositional formulas (propositions, Aussagen ): • 0 and 1 are boolean functions; • True and False are propositional formulas; • boolean variables are boolean functions; • atomic formulas are propositional formulas; • if a is a boolean function, • if a is a propositional formula, then ¬a is a boolean function; then ¬a is a propositional formula; • if a and b are boolean functions, • if a and b are propositional formulas, then a∧b, a∨b, aflb, añb are
  • Satisfiability 6 the Decision Problem 7

    Satisfiability 6 the Decision Problem 7

    Satisfiability Difficult Problems Dealing with SAT Implementation Klaus Sutner Carnegie Mellon University 2020/02/04 Finding Hard Problems 2 Entscheidungsproblem to the Rescue 3 The Entscheidungsproblem is solved when one knows a pro- cedure by which one can decide in a finite number of operations So where would be look for hard problems, something that is eminently whether a given logical expression is generally valid or is satis- decidable but appears to be outside of P? And, we’d like the problem to fiable. The solution of the Entscheidungsproblem is of funda- be practical, not some monster from CRT. mental importance for the theory of all fields, the theorems of which are at all capable of logical development from finitely many The Circuit Value Problem is a good indicator for the right direction: axioms. evaluating Boolean expressions is polynomial time, but relatively difficult D. Hilbert within P. So can we push CVP a little bit to force it outside of P, just a little bit? In a sense, [the Entscheidungsproblem] is the most general Say, up into EXP1? problem of mathematics. J. Herbrand Exploiting Difficulty 4 Scaling Back 5 Herbrand is right, of course. As a research project this sounds like a Taking a clue from CVP, how about asking questions about Boolean fiasco. formulae, rather than first-order? But: we can turn adversity into an asset, and use (some version of) the Probably the most natural question that comes to mind here is Entscheidungsproblem as the epitome of a hard problem. Is ϕ(x1, . , xn) a tautology? The original Entscheidungsproblem would presumable have included arbitrary first-order questions about number theory.
  • Security in Wireless Sensor Networks Using Cryptographic Techniques

    Security in Wireless Sensor Networks Using Cryptographic Techniques

    American Journal of Engineering Research (AJER) 2014 American Journal of Engineering Research (AJER) e-ISSN : 2320-0847 p-ISSN : 2320-0936 Volume-03, Issue-01, pp-50-56 www.ajer.org Research Paper Open Access Security in Wireless Sensor Networks using Cryptographic Techniques Madhumita Panda Sambalpur University Institute of Information Technology(SUIIT)Burla, Sambalpur, Odisha, India. Abstract: -Wireless sensor networks consist of autonomous sensor nodes attached to one or more base stations.As Wireless sensor networks continues to grow,they become vulnerable to attacks and hence the need for effective security mechanisms.Identification of suitable cryptography for wireless sensor networks is an important challenge due to limitation of energy,computation capability and storage resources of the sensor nodes.Symmetric based cryptographic schemes donot scale well when the number of sensor nodes increases.Hence public key based schemes are widely used.We present here two public – key based algorithms, RSA and Elliptic Curve Cryptography (ECC) and found out that ECC have a significant advantage over RSA as it reduces the computation time and also the amount of data transmitted and stored. Keywords: -Wireless Sensor Network,Security, Cryptography, RSA,ECC. I. WIRELESS SENSOR NETWORK Sensor networks refer to a heterogeneous system combining tiny sensors and actuators with general- purpose computing elements. These networks will consist of hundreds or thousands of self-organizing, low- power, low-cost wireless nodes deployed to monitor and affect the environment [1]. Sensor networks are typically characterized by limited power supplies, low bandwidth, small memory sizes and limited energy. This leads to a very demanding environment to provide security.
  • Problems and Comments on Boolean Algebras Rosen, Fifth Edition: Chapter 10; Sixth Edition: Chapter 11 Boolean Functions

    Problems and Comments on Boolean Algebras Rosen, Fifth Edition: Chapter 10; Sixth Edition: Chapter 11 Boolean Functions

    Problems and Comments on Boolean Algebras Rosen, Fifth Edition: Chapter 10; Sixth Edition: Chapter 11 Boolean Functions Section 10. 1, Problems: 1, 2, 3, 4, 10, 11, 29, 36, 37 (fifth edition); Section 11.1, Problems: 1, 2, 5, 6, 12, 13, 31, 40, 41 (sixth edition) The notation ""forOR is bad and misleading. Just think that in the context of boolean functions, the author uses instead of ∨.The integers modulo 2, that is ℤ2 0,1, have an addition where 1 1 0 while 1 ∨ 1 1. AsetA is partially ordered by a binary relation ≤, if this relation is reflexive, that is a ≤ a holds for every element a ∈ S,it is transitive, that is if a ≤ b and b ≤ c hold for elements a,b,c ∈ S, then one also has that a ≤ c, and ≤ is anti-symmetric, that is a ≤ b and b ≤ a can hold for elements a,b ∈ S only if a b. The subsets of any set S are partially ordered by set inclusion. that is the power set PS,⊆ is a partially ordered set. A partial ordering on S is a total ordering if for any two elements a,b of S one has that a ≤ b or b ≤ a. The natural numbers ℕ,≤ with their ordinary ordering are totally ordered. A bounded lattice L is a partially ordered set where every finite subset has a least upper bound and a greatest lower bound.The least upper bound of the empty subset is defined as 0, it is the smallest element of L.
  • Improved Correlation Attacks on SOSEMANUK and SOBER-128

    Improved Correlation Attacks on SOSEMANUK and SOBER-128

    Improved Correlation Attacks on SOSEMANUK and SOBER-128 Joo Yeon Cho Helsinki University of Technology Department of Information and Computer Science, Espoo, Finland 24th March 2009 1 / 35 SOSEMANUK Attack Approximations SOBER-128 Outline SOSEMANUK Attack Method Searching Linear Approximations SOBER-128 2 / 35 SOSEMANUK Attack Approximations SOBER-128 SOSEMANUK (from Wiki) • A software-oriented stream cipher designed by Come Berbain, Olivier Billet, Anne Canteaut, Nicolas Courtois, Henri Gilbert, Louis Goubin, Aline Gouget, Louis Granboulan, Cedric` Lauradoux, Marine Minier, Thomas Pornin and Herve` Sibert. • One of the final four Profile 1 (software) ciphers selected for the eSTREAM Portfolio, along with HC-128, Rabbit, and Salsa20/12. • Influenced by the stream cipher SNOW and the block cipher Serpent. • The cipher key length can vary between 128 and 256 bits, but the guaranteed security is only 128 bits. • The name means ”snow snake” in the Cree Indian language because it depends both on SNOW and Serpent. 3 / 35 SOSEMANUK Attack Approximations SOBER-128 Overview 4 / 35 SOSEMANUK Attack Approximations SOBER-128 Structure 1. The states of LFSR : s0,..., s9 (320 bits) −1 st+10 = st+9 ⊕ α st+3 ⊕ αst, t ≥ 1 where α is a root of the primitive polynomial. 2. The Finite State Machine (FSM) : R1 and R2 R1t+1 = R2t ¢ (rtst+9 ⊕ st+2) R2t+1 = Trans(R1t) ft = (st+9 ¢ R1t) ⊕ R2t where rt denotes the least significant bit of R1t. F 3. The trans function Trans on 232 : 32 Trans(R1t) = (R1t × 0x54655307 mod 2 )≪7 4. The output of the FSM : (zt+3, zt+2, zt+1, zt)= Serpent1(ft+3, ft+2, ft+1, ft)⊕(st+3, st+2, st+1, st) 5 / 35 SOSEMANUK Attack Approximations SOBER-128 Previous Attacks • Authors state that ”No linear relation holds after applying Serpent1 and there are too many unknown bits...”.
  • On the Design and Analysis of Stream Ciphers Hell, Martin

    On the Design and Analysis of Stream Ciphers Hell, Martin

    On the Design and Analysis of Stream Ciphers Hell, Martin 2007 Link to publication Citation for published version (APA): Hell, M. (2007). On the Design and Analysis of Stream Ciphers. Department of Electrical and Information Technology, Lund University. Total number of authors: 1 General rights Unless other specific re-use rights are stated the following general rights apply: Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal Read more about Creative commons licenses: https://creativecommons.org/licenses/ Take down policy If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim. LUND UNIVERSITY PO Box 117 221 00 Lund +46 46-222 00 00 On the Design and Analysis of Stream Ciphers Martin Hell Ph.D. Thesis September 13, 2007 Martin Hell Department of Electrical and Information Technology Lund University Box 118 S-221 00 Lund, Sweden e-mail: [email protected] http://www.eit.lth.se/ ISBN: 91-7167-043-2 ISRN: LUTEDX/TEIT-07/1039-SE c Martin Hell, 2007 Abstract his thesis presents new cryptanalysis results for several different stream Tcipher constructions.
  • MICKEY 2.0. 85: a Secure and Lighter MICKEY 2.0 Cipher Variant With

    MICKEY 2.0. 85: a Secure and Lighter MICKEY 2.0 Cipher Variant With

    S S symmetry Article MICKEY 2.0.85: A Secure and Lighter MICKEY 2.0 Cipher Variant with Improved Power Consumption for Smaller Devices in the IoT Ahmed Alamer 1,2,*, Ben Soh 1 and David E. Brumbaugh 3 1 Department of Computer Science and Information Technology, School of Engineering and Mathematical Sciences, La Trobe University, Victoria 3086, Australia; [email protected] 2 Department of Mathematics, College of Science, Tabuk University, Tabuk 7149, Saudi Arabia 3 Techno Authority, Digital Consultant, 358 Dogwood Drive, Mobile, AL 36609, USA; [email protected] * Correspondence: [email protected]; Tel.: +61-431-292-034 Received: 31 October 2019; Accepted: 20 December 2019; Published: 22 December 2019 Abstract: Lightweight stream ciphers have attracted significant attention in the last two decades due to their security implementations in small devices with limited hardware. With low-power computation abilities, these devices consume less power, thus reducing costs. New directions in ultra-lightweight cryptosystem design include optimizing lightweight cryptosystems to work with a low number of gate equivalents (GEs); without affecting security, these designs consume less power via scaled-down versions of the Mutual Irregular Clocking KEYstream generator—version 2-(MICKEY 2.0) cipher. This study aims to obtain a scaled-down version of the MICKEY 2.0 cipher by modifying its internal state design via reducing shift registers and modifying the controlling bit positions to assure the ciphers’ pseudo-randomness. We measured these changes using the National Institutes of Standards and Testing (NIST) test suites, investigating the speed and power consumption of the proposed scaled-down version named MICKEY 2.0.85.
  • Logic and Bit Operations

    Logic and Bit Operations

    Logic and bit operations • Computers represent information by bits. • A bit has two possible values, namely zero and one. This meaning of the word comes from binary digit, since zeroes and ones are the digits used in binary representations of numbers. The well-known statistician John Tuley introduced this terminology in 1946. (There were several other suggested words for a binary digit, including binit and bigit, that never were widely accepted.) • A bit can be used to represent a truth value, since there are two truth values, true and false. • A variable is called a Boolean variable if its values are either true or false. • Computer bit operations correspond to the logical connectives. We will also use the notation OR, AND and XOR for _ , ^ and exclusive _. • A bit string is a sequence of zero or more bits. The length of the string is the number of bits in the string. 1 • We can extend bit operations to bit strings. We define bitwise OR, bitwise AND and bitwise XOR of two strings of the same length to be the strings that have as their bits the OR, AND and XOR of the corresponding bits in the two strings. • Example: Find the bitwise OR, bitwise AND and bitwise XOR of the bit strings 01101 10110 11000 11101 Solution: The bitwise OR is 11101 11111 The bitwise AND is 01000 10100 and the bitwise XOR is 10101 01011 2 Boolean algebra • The circuits in computers and other electronic devices have inputs, each of which is either a 0 or a 1, and produce outputs that are also 0s and 1s.