An Overview of Cryptographic Primitives for Possible Use in 5G and Beyond
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
A Quantitative Study of Advanced Encryption Standard Performance
United States Military Academy USMA Digital Commons West Point ETD 12-2018 A Quantitative Study of Advanced Encryption Standard Performance as it Relates to Cryptographic Attack Feasibility Daniel Hawthorne United States Military Academy, [email protected] Follow this and additional works at: https://digitalcommons.usmalibrary.org/faculty_etd Part of the Information Security Commons Recommended Citation Hawthorne, Daniel, "A Quantitative Study of Advanced Encryption Standard Performance as it Relates to Cryptographic Attack Feasibility" (2018). West Point ETD. 9. https://digitalcommons.usmalibrary.org/faculty_etd/9 This Doctoral Dissertation is brought to you for free and open access by USMA Digital Commons. It has been accepted for inclusion in West Point ETD by an authorized administrator of USMA Digital Commons. For more information, please contact [email protected]. A QUANTITATIVE STUDY OF ADVANCED ENCRYPTION STANDARD PERFORMANCE AS IT RELATES TO CRYPTOGRAPHIC ATTACK FEASIBILITY A Dissertation Presented in Partial Fulfillment of the Requirements for the Degree of Doctor of Computer Science By Daniel Stephen Hawthorne Colorado Technical University December, 2018 Committee Dr. Richard Livingood, Ph.D., Chair Dr. Kelly Hughes, DCS, Committee Member Dr. James O. Webb, Ph.D., Committee Member December 17, 2018 © Daniel Stephen Hawthorne, 2018 1 Abstract The advanced encryption standard (AES) is the premier symmetric key cryptosystem in use today. Given its prevalence, the security provided by AES is of utmost importance. Technology is advancing at an incredible rate, in both capability and popularity, much faster than its rate of advancement in the late 1990s when AES was selected as the replacement standard for DES. Although the literature surrounding AES is robust, most studies fall into either theoretical or practical yet infeasible. -
The First Biclique Cryptanalysis of Serpent-256
The First Biclique Cryptanalysis of Serpent-256 Gabriel C. de Carvalho1, Luis A. B. Kowada1 1Instituto de Computac¸ao˜ – Universidade Federal Fluminense (UFF) – Niteroi´ – RJ – Brazil Abstract. The Serpent cipher was one of the finalists of the AES process and as of today there is no method for finding the key with fewer attempts than that of an exhaustive search of all possible keys, even when using known or chosen plaintexts for an attack. This work presents the first two biclique attacks for the full-round Serpent-256. The first uses a dimension 4 biclique while the second uses a dimension 8 biclique. The one with lower dimension covers nearly 4 complete rounds of the cipher, which is the reason for the lower time complex- ity when compared with the other attack (which covers nearly 3 rounds of the cipher). On the other hand, the second attack needs a lot less pairs of plain- texts for it to be done. The attacks require 2255:21 and 2255:45 full computations of Serpent-256 using 288 and 260 chosen ciphertexts respectively with negligible memory. 1. Introduction The Serpent cipher is, along with MARS, RC6, Twofish and Rijindael, one of the AES process finalists [Nechvatal et al. 2001] and has not had, since its proposal, its full round versions attacked. It is a Substitution Permutation Network (SPN) with 32 rounds, 128 bit block size and accepts keys of sizes 128, 192 and 256 bits. Serpent has been targeted by several cryptanalysis [Kelsey et al. 2000, Biham et al. 2001b, Biham et al. -
On Security and Privacy for Networked Information Society
Antti Hakkala On Security and Privacy for Networked Information Society Observations and Solutions for Security Engineering and Trust Building in Advanced Societal Processes Turku Centre for Computer Science TUCS Dissertations No 225, November 2017 ON SECURITY AND PRIVACY FOR NETWORKED INFORMATIONSOCIETY Observations and Solutions for Security Engineering and Trust Building in Advanced Societal Processes antti hakkala To be presented, with the permission of the Faculty of Mathematics and Natural Sciences of the University of Turku, for public criticism in Auditorium XXII on November 18th, 2017, at 12 noon. University of Turku Department of Future Technologies FI-20014 Turun yliopisto 2017 supervisors Adjunct professor Seppo Virtanen, D. Sc. (Tech.) Department of Future Technologies University of Turku Turku, Finland Professor Jouni Isoaho, D. Sc. (Tech.) Department of Future Technologies University of Turku Turku, Finland reviewers Professor Tuomas Aura Department of Computer Science Aalto University Espoo, Finland Professor Olaf Maennel Department of Computer Science Tallinn University of Technology Tallinn, Estonia opponent Professor Jarno Limnéll Department of Communications and Networking Aalto University Espoo, Finland The originality of this thesis has been checked in accordance with the University of Turku quality assurance system using the Turnitin OriginalityCheck service ISBN 978-952-12-3607-5 (Online) ISSN 1239-1883 To my wife Maria, I am forever grateful for everything. Thank you. ABSTRACT Our society has developed into a networked information soci- ety, in which all aspects of human life are interconnected via the Internet — the backbone through which a significant part of communications traffic is routed. This makes the Internet ar- guably the most important piece of critical infrastructure in the world. -
Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 Family
Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 family Dmitry Khovratovich1 and Christian Rechberger2 and Alexandra Savelieva3 1Microsoft Research Redmond, USA 2DTU MAT, Denmark 3National Research University Higher School of Economics, Russia Abstract. We present the new concept of biclique as a tool for preimage attacks, which employs many powerful techniques from differential cryptanalysis of block ciphers and hash functions. The new tool has proved to be widely applicable by inspiring many authors to publish new re- sults of the full versions of AES, KASUMI, IDEA, and Square. In this paper, we demonstrate how our concept results in the first cryptanalysis of the Skein hash function, and describe an attack on the SHA-2 hash function with more rounds than before. Keywords: SHA-2, SHA-256, SHA-512, Skein, SHA-3, hash function, meet-in-the-middle attack, splice-and-cut, preimage attack, initial structure, biclique. 1 Introduction The last years saw an exciting progress in preimage attacks on hash functions. In contrast to collision search [29, 26], where differential cryptanalysis has been in use since 90s, there had been no similarly powerful tool for preimages. The situation changed dramatically in 2008, when the so-called splice-and-cut framework has been applied to MD4 and MD5 [2, 24], and later to SHA-0/1/2 [1, 3], Tiger [10], and other primitives. Despite amazing results on MD5, the applications to SHA-x primitives seemed to be limited by the internal properties of the message schedule procedures. The only promising element, the so-called initial structure tool, remained very informal and complicated. -
Efficient Hashing Using the AES Instruction
Efficient Hashing Using the AES Instruction Set Joppe W. Bos1, Onur Özen1, and Martijn Stam2 1 Laboratory for Cryptologic Algorithms, EPFL, Station 14, CH-1015 Lausanne, Switzerland {joppe.bos,onur.ozen}@epfl.ch 2 Department of Computer Science, University of Bristol, Merchant Venturers Building, Woodland Road, Bristol, BS8 1UB, United Kingdom [email protected] Abstract. In this work, we provide a software benchmark for a large range of 256-bit blockcipher-based hash functions. We instantiate the underlying blockci- pher with AES, which allows us to exploit the recent AES instruction set (AES- NI). Since AES itself only outputs 128 bits, we consider double-block-length constructions, as well as (single-block-length) constructions based on RIJNDAEL- 256. Although we primarily target architectures supporting AES-NI, our frame- work has much broader applications by estimating the performance of these hash functions on any (micro-)architecture given AES-benchmark results. As far as we are aware, this is the first comprehensive performance comparison of multi- block-length hash functions in software. 1 Introduction Historically, the most popular way of constructing a hash function is to iterate a com- pression function that itself is based on a blockcipher (this idea dates back to Ra- bin [49]). This approach has the practical advantage—especially on resource-constrained devices—that only a single primitive is needed to implement two functionalities (namely encrypting and hashing). Moreover, trust in the blockcipher can be conferred to the cor- responding hash function. The wisdom of blockcipher-based hashing is still valid today. Indeed, the current cryptographic hash function standard SHA-2 and some of the SHA- 3 candidates are, or can be regarded as, blockcipher-based designs. -
Stream Cipher Designs: a Review
SCIENCE CHINA Information Sciences March 2020, Vol. 63 131101:1–131101:25 . REVIEW . https://doi.org/10.1007/s11432-018-9929-x Stream cipher designs: a review Lin JIAO1*, Yonglin HAO1 & Dengguo FENG1,2* 1 State Key Laboratory of Cryptology, Beijing 100878, China; 2 State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China Received 13 August 2018/Accepted 30 June 2019/Published online 10 February 2020 Abstract Stream cipher is an important branch of symmetric cryptosystems, which takes obvious advan- tages in speed and scale of hardware implementation. It is suitable for using in the cases of massive data transfer or resource constraints, and has always been a hot and central research topic in cryptography. With the rapid development of network and communication technology, cipher algorithms play more and more crucial role in information security. Simultaneously, the application environment of cipher algorithms is in- creasingly complex, which challenges the existing cipher algorithms and calls for novel suitable designs. To accommodate new strict requirements and provide systematic scientific basis for future designs, this paper reviews the development history of stream ciphers, classifies and summarizes the design principles of typical stream ciphers in groups, briefly discusses the advantages and weakness of various stream ciphers in terms of security and implementation. Finally, it tries to foresee the prospective design directions of stream ciphers. Keywords stream cipher, survey, lightweight, authenticated encryption, homomorphic encryption Citation Jiao L, Hao Y L, Feng D G. Stream cipher designs: a review. Sci China Inf Sci, 2020, 63(3): 131101, https://doi.org/10.1007/s11432-018-9929-x 1 Introduction The widely applied e-commerce, e-government, along with the fast developing cloud computing, big data, have triggered high demands in both efficiency and security of information processing. -
Deep Learning-Based Cryptanalysis of Lightweight Block Ciphers
Hindawi Security and Communication Networks Volume 2020, Article ID 3701067, 11 pages https://doi.org/10.1155/2020/3701067 Research Article Deep Learning-Based Cryptanalysis of Lightweight Block Ciphers Jaewoo So Department of Electronic Engineering, Sogang University, Seoul 04107, Republic of Korea Correspondence should be addressed to Jaewoo So; [email protected] Received 5 February 2020; Revised 21 June 2020; Accepted 26 June 2020; Published 13 July 2020 Academic Editor: Umar M. Khokhar Copyright © 2020 Jaewoo So. +is is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Most of the traditional cryptanalytic technologies often require a great amount of time, known plaintexts, and memory. +is paper proposes a generic cryptanalysis model based on deep learning (DL), where the model tries to find the key of block ciphers from known plaintext-ciphertext pairs. We show the feasibility of the DL-based cryptanalysis by attacking on lightweight block ciphers such as simplified DES, Simon, and Speck. +e results show that the DL-based cryptanalysis can successfully recover the key bits when the keyspace is restricted to 64 ASCII characters. +e traditional cryptanalysis is generally performed without the keyspace restriction, but only reduced-round variants of Simon and Speck are successfully attacked. Although a text-based key is applied, the proposed DL-based cryptanalysis can successfully break the full rounds of Simon32/64 and Speck32/64. +e results indicate that the DL technology can be a useful tool for the cryptanalysis of block ciphers when the keyspace is restricted. -
Cryptanalysis of Block Ciphers, Stream Ciphers, Modes of Operation Of
Outline Computer Science 418 1 Attacks on Block Ciphers Security of Block Ciphers, Stream Ciphers, Modes of Operation Exhaustive Attacks Meet-in-the-Middle Attack on Double Encryption Analytic Attacks Mike Jacobson 2 Stream Ciphers Department of Computer Science University of Calgary Synchronous Stream Ciphers (SSC) Self-Synchronizing Stream Ciphers (Self-SSC) Week 6 3 Modes of Operation for Block Ciphers Mike Jacobson (University of Calgary) Computer Science 418 Week 6 1 / 34 Mike Jacobson (University of Calgary) Computer Science 418 Week 6 2 / 34 Attacks on Block Ciphers Attacks on Block Ciphers Exhaustive Attacks Security of AES Exhaustive Search Set N = jKj (number of keys). Simple exhaustive search (COA) | requires jKj encryptions There is no mathematical proof that AES is secure feasible for DES | N = 256 ≈ 1017 possible keys. 112 34 All we know is that in practice, it withstands all modern attacks. infeasible for 3DES { N = 2 ≈ 10 possible key combinations. infeasible for AES { N = 2128 ≈ 1038 possible keys This lecture: overview of modern attacks on block ciphers Parallelism can speed up exhaustive search. Perspective: there are approximately 1040 water molecules in Lake Ontario. 1038 is significantly bigger than the number of water molecules in Lake Louise or in the stretch of the Bow River through Calgary! Mike Jacobson (University of Calgary) Computer Science 418 Week 6 3 / 34 Mike Jacobson (University of Calgary) Computer Science 418 Week 6 4 / 34 Attacks on Block Ciphers Exhaustive Attacks Attacks on Block Ciphers Exhaustive Attacks Improvement for DES Hellman's Time-memory tradeoff (1980) KPA that shortens search time by using a lot of memory. -
A Bibliography of Publications on Hashing Algorithms
A Bibliography of Publications on Hashing Algorithms Nelson H. F. Beebe University of Utah Department of Mathematics, 110 LCB 155 S 1400 E RM 233 Salt Lake City, UT 84112-0090 USA Tel: +1 801 581 5254 FAX: +1 801 581 4148 E-mail: [email protected], [email protected], [email protected] (Internet) WWW URL: http://www.math.utah.edu/~beebe/ 24 August 2021 Version 2.344 Title word cross-reference [BRM+09, BS91b, BS91a, CM01, Gir87, Ven86, WS93, War14, Coh97, Coh98, LHC05, QG89, QG90]. O(1) [FKS84]. O(log log n) #2 [Cer85]. [MN90]. O(log W ) [LS07b]. O(N) [HG77, MN90]. pn [Ack74]. π [FFGL10]. q 1 [PPS21]. 10 [GLM+10]. 11 [SY11]. 2 [OWZ14]. SL2 [MT16]. Z=p [Mue04]. + [EAA 16, GG92, HD72]. 2n [QG89, QG90]. + 3 [CBA94, Fly92, GG92, GK94, LMJC07, -approximate [SWQ 14]. -ary LDY+16, SYW+20, WSSO12]. 5=8 [Sch11]. [CC91, CLC92, Gui78, RRS07]. -Bit $62m [Nic17]. 64 [LK16]. ∗ [LNS93]. + [QG89, QG90, LK16, LK11]. -Body MT [WS93, War14]. -codes [Bie95]. -dimension [Omi88, Omi89a]. [HRB13]. 2 [AK98, QJ97]. A [Lyo83]. A∗ [MD97]. A2 [LHC05]. -dimensional [Yuv75]. + + -Functions [OOB12]. -gram [Bie95]. α [ABC 16]. b [LK11]. B [TB91]. + c [SWQ+14]. d [FPS17, PRM16]. f [LG78]. [Coh98, Ven86]. -Grams [Coh97, BRM 09]. 2 -Hash [BS91b, BS91a]. -Independence GL2(Fpn )[TNS20].H [DRS12]. H2A [CBB05]. K [Yuv75, APV07, CL85, CC91, [PT16, PT10a]. -mer [HC14, PNPC20]. CLC92, DKRT15, Die96, EFMRK+20, -min-wise [FPS17]. -Nearest [CL85]. + -partitions [DKRT15]. -Pipeline [PRM16]. FPS17, Gui78, HC14, LLG 17, PT10a, + PT16, PNPC20, RRS07, SS90b]. L [OOB12]. -probe [SS90b]. -Round [GLM 10, SY11]. -
Optimizing Authenticated Encryption Algorithms
Masaryk University Faculty of Informatics Optimizing authenticated encryption algorithms Master’s Thesis Ondrej Mosnáček Brno, Fall 2017 Masaryk University Faculty of Informatics Optimizing authenticated encryption algorithms Master’s Thesis Ondrej Mosnáček Brno, Fall 2017 This is where a copy of the official signed thesis assignment and a copy ofthe Statement of an Author is located in the printed version of the document. Declaration Hereby I declare that this paper is my original authorial work, which I have worked out on my own. All sources, references, and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Ondrej Mosnáček Advisor: Ing. Milan Brož i Acknowledgement I would like to thank my advisor, Milan Brož, for his guidance, pa- tience, and helpful feedback and advice. Also, I would like to thank my girlfriend Ludmila, my family, and my friends for their support and kind words of encouragement. If I had more time, I would have written a shorter letter. — Blaise Pascal iii Abstract In this thesis, we look at authenticated encryption with associated data (AEAD), which is a cryptographic scheme that provides both confidentiality and integrity of messages within a single operation. We look at various existing and proposed AEAD algorithms and compare them both in terms of security and performance. We take a closer look at three selected candidate families of algorithms from the CAESAR competition. Then we discuss common facilities provided by the two most com- mon CPU architectures – x86 and ARM – that can be used to implement cryptographic algorithms efficiently. -
A Note on an Infeasible Linearization of Some Block Ciphers
A note on an infeasible linearization of some block ciphers Riccardo Aragona∗1, Anna Rimoldi†1, and Massimiliano Sala‡1 1Department of Mathematics, University of Trento, Italy Abstract A block cipher can be easily broken if its encryption functions can be seen as linear maps on a small vector space. Even more so, if its round functions can be seen as linear maps on a small vector space. We show that this cannot happen for the AES. More precisely, we prove that if the AES round transformations can be embedded into a linear cipher acting on a vector space, then this space is huge-dimensional and so this embedding is infeasible in practice. We present two elementary proofs. Keywords: AES, block cipher, group theory. 1 Introduction The Advanced Encryption Standard (AES) [10] is nowadays the most widespread block cipher in commercial applications. It represents the state-of-the-art in block cipher design and the only known attack on its full version is the biclique attack [4], which still requires an amount of cryptanalytic effort slightly less than the brute-force key-search. Practical attacks on reduced versions of the AES only tackle up to 6 rounds, with the Partial Sum attack being the most dangerous [8, 1] The best that a designer can hope for a block cipher is that all its encryption functions behave in an unpredictable way (close to random), in particular the designer aims at a cipher behaviour totally different from linear or affine maps. An indication of the cryptographic strength of the AES is that nobody has been able to show that its encryption functions are any closer to linear maps than arbitrary random functions. -
Low-Complexity Mitigation of Cache Side Channel Attacks
Non-Monopolizable Caches: Low-Complexity Mitigation of Cache Side Channel Attacks LEONID DOMNITSER, State University of New York at Binghamton AAMER JALEEL, Intel Corporation, VSSAD JASON LOEW, NAEL ABU-GHAZALEH, and DMITRY PONOMAREV, State University of New York at Binghamton We propose a flexibly-partitioned cache design that either drastically weakens or completely eliminates cache-based side channel attacks. The proposed Non-Monopolizable (NoMo) cache dynamically reserves cache lines for active threads and prevents other co-executing threads from evicting reserved lines. Unreserved lines remain available for dynamic sharing among threads. NoMo requires only simple modifications to the cache replacement logic, making it straightforward to adopt. It requires no software support enabling it to automatically protect pre-existing binaries. NoMo results in performance degradation of about 1% on average. We demonstrate that NoMo can provide strong security guarantees for the AES and Blowfish encryption algorithms. Categories and Subject Descriptors: C.1.0 [Processor Architectures]: General General Terms: Design, Security, Performance Additional Key Words and Phrases: Side-channel attacks, shared caches, secure architectures ACM Reference Format: Domnitser, L., Jaleel, A., Loew, J., Abu-Ghazaleh, N., and Ponomarev, D. 2012. Non-monopolizable caches: Low-complexity mitigation of cache side channel attacks. ACM Trans. Architec. Code Optim. 8, 4, Article 35 (January 2012), 21 pages. DOI = 10.1145/2086696.2086714 http://doi.acm.org/10.1145/2086696.2086714 1. INTRODUCTION In recent years, security has emerged as a key design consideration in computing and communication systems. Security solutions center around the use of cryptographic algorithms, such as symmetric ciphers, public-key ciphers, and hash functions.