DOCSLIB.ORG

Cryptography

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Cryptography Cryptography Prof. Dr. Carsten Damm Dr. Henrik Brosenne University of Goettingen Institut of Computer Science Winter 2013/2014 Table of Contents Stream Ciphers Types of Stream Ciphers Pseudorandomness Linear Feedback Shift Register sequences Linear Complexity RC4 stream cipher Published worksheet 06 general considerations. Setup recall: stream ciphers encipher plaintext symbols/blocks one at a time, but the cipher transformation (the key) varies with time Vigenere, running key, auto-key, Vernam the cipher is determined by the current state S (which requires some memory to be stored) of a key stream generator G G is basically determined by a state function fk : current state 7! next state in the narrow sense \stream cipher" refers to bit based encryption Synchronous stream ciphers in synchronous stream ciphers the keystream is generated independently from plaintext or ciphertext given key k and initial state S0, the encryption process is defined by key stream function ki = gk (Si ) output function ci = h(ki ; mi ) next state function Si+1 = fk (Si ) the stream ciphers we study are additive binary stream ciphers, i.e., h = XOR (repeating) XOR-cipher = Vigenere-cipher on the binary alphabet Properties of synchronous stream ciphers synchronization: while processing the ith symbol sender and receiver must be in same state and process corresponding plain-/ciphertext symbols error propagation: none attacks: active adversary can use insertion/deletion/replay of ciphertext and observe the result (chosen plaintext attack) Self-synchronizing ciphers other name: asynchronous stream cipher requirement: keystream is function of the key and fixed number ` of previous ciphertext characters ) state i can be encoded as vector of last ` cipher symbols stored in a shift register S0 = (c−`; :::; c−1) initial state Si = (ci−`; :::; ci−1) state i key stream function and output function as in the synchronous case ki = gk (Si ) ci = h(ki ; mi ) Properties of self-synchronizing ciphers synchronization: insertion/deletion/change of ciphertext symbols results in loss of a fixed number of blocks, afterwards the cipher self-synchronizes in the following sense: I after the change is \shifted out", the receiver observes the unchanged cipher bits from which the key is derived error propagation: ciphertext transmission errors affect at most ` deciphered plaintext symbols attacks: changing attacks are more easily detected (because of error propagation); insertion/deletion/replay are harder to detect because of self-synchronization; better diffusion properties compared to synchronous stream cipher remark: similar to OFB mode of block ciphers Example 1: One-time pad key = keystream, determined by true randomness from the real world last digits of time difference between keyboard strokes or mouse events Linux machines maintain a special device /dev/random/ that outputs random bits \distilled" by hashing many system states, quick&dirty access: echo $RANDOM (see man urandom for more information), this is a rather slow device and it is not designed for security applications the one time pad is very secure and very impractical as the huge key has to be transferred in advance and kept secret Example 2: the binary XOR cipher = Vigenere cipher on the binary alphabet Example: 8 bit key 1110011 defines the keystream 1110011 1110011 1110011 1110011 . vulnerable against known plaintext attacks (key = cipher ⊕ knownplaintext) vulnerable against ciphertext only statistical attacks very practical but very insecure Exercise 24 see published worksheet 06 exercise 24 Serious and practical stream ciphers generate k 7! k0k1k2::: key stream that \looks random" but is easily reconstructed from a short key most generators can be considered as feedback shift registers: I state = last ` output values I initial state determined by key I current output = function of current state I next state = current state shifted by one place (oldest output thrown away) and current output appended shift clock bit stream bn−1 b1 b0 f : f0; 1gn ! f0; 1g feedback shift register shift clock bit stream bn−1 b1 b0 f : f0; 1gn ! f0; 1g if the generator has ` memory cells, each able to store one out of m symbols, the system has N = m` states obvious consequence: the key stream period d = minft j 8i : ki = ki+t g satisfies d ≤ N Example Linear concruential generators (LCG) the bits will be derived from the sequence kn = (a · kn−1 + c) (mod m) initial state k0 and a; c are part of the key a; b; m are called multiplier, increment and modulus of the LCG Table of Contents Stream Ciphers Types of Stream Ciphers Pseudorandomness Linear Feedback Shift Register sequences Linear Complexity RC4 stream cipher Published worksheet 06 pseudorandomness. What is a random bit sequence? A bit sequence is 1 truly random if the next bit is unpredictable by whatever means (no precise mathematical definition) 2 Kolmogoroff random if it is \not compressible", i.e., the string has essentially no significantly shorter description than itself I precise description can be given but is somehow cumbersome I main drawback: it is provably impossible, to prove that a given string is Kolmogorov random (at the same time it is easy to prove, that there are Kolmogorov random strings) 3 statistically random if it passes any statistical test of randomness frequency tests, auto correlation tests, graphical tests, . difficult to specify 4 computational random restricts this to polynomial time computable statistical tests (precise definition somewhat cumbersome, input consists of the data to be tested and the confidence level of the test) random bit sequence truly random or Kolmogorov random bit sequences cannot be algorithmically generated from a short key we can only generate pseudorandom bit sequences, i.e., sequences that \look random" to any observer who does not know initial state and parameters of the generation process (the seed) to be precise we require computational randomness Cryptographic requirements we need a good trade-off between \quality of randomness" and practicability in particular we need: C1 good expansion = ratio period/key length C2 simple and fast generation of bits C3 computation of next bit given all previous bits takes more resources than an attacker is willing/able to invest linear congruential generator satisfies C1, C2, but not C3 (see Exercise 25) Quadratic generator (Blum, Blum, Shub 1986) let p; q be Blum primes = primes that are congruent to 3 modulo 4 (there are infinitely many Blum primes) ∗ let n = p · q and k 2 Zn (this means: gcd(k; n) = 1) based on these values we define a sequence of residues 2 a0 = k (mod n) 2 ai+1 = ai (mod n) and a sequence of bits xi = ai (mod 2) obviously C1, C2 are satisfied and under the following complexity theoretic assumption also C3 is satisfied Quadratic residue Quadratic residue assumption (QRA): There is no polynomial time algorithm, that given only n (not its factorization into p · q) and a 2 Zn decides, wheher a is a quadratic residue, i.e., whether there is some b such that b2 = a (mod n). Remark The obvious brute force attack of testing all possible b is an exponential time algorithm!: running time is measured in dependence of input length in bits (which is O(log n)). Theorem If quadratic residue assumption (QRA) holds then the quadratic generator generates a computationally random bit sequence. Exercise 25 1 Consider a LCG with modulus 231 and three consecutive generated values 1403686589, 4653678, 1890276371. Compute the next three values. Table of Contents Stream Ciphers Types of Stream Ciphers Pseudorandomness Linear Feedback Shift Register sequences Linear Complexity RC4 stream cipher Published worksheet 06 LFSR sequences. Definition a linear feedback shift register sequence of n registers is the output sequence of a binary FSR with linear output function n−1 X f (x0;:::; xn−1) = ci · xi (mod 2) i=0 where ci are the feedback coefficients bn−1 b1 b0 ci cn−1 c0 2n states, period ≤ 2n − 1 (because state 0 = (0; :::; 0) is stable) linear feedback shift register bn−1 b1 b0 ci cn−1 c0 the characteristic polynomial of the LFSR with feedback coefficients c0; :::; cn−1 is ∗ n−1 n f (X ) = c0 + c1x + ::: + cn−1X + X 2 GF(2)[X ] f ∗(X ) is called primitive if ∗ I f (X ) is irreducible (has no non-trivial divisors) AND n ∗ m I for every m < 2 − 1 holds: f (X ) does not divide X − 1 linear feedback shift register Theorem A linear feedback shift register (LFSR) with characteristic polynomial ∗ n−1 n f (X ) = c0 + c1x + ::: + cn−1X + X has period 2n − 1 (which is maximal) if and only if f ∗(X ) is primitive. Obvious consequence In case f ∗(X ) is primitive, every initial state6= 0 leads to a maximum period sequence LFSR sequences for cryptographic use Fact 1: the number of primitive polynomials of degree n is '(2n − 1) n where '(n) = number of coprimes to n (Euler totient function, will be considered in more detail later) I just keep in mind: there are many maximal LFSR-sequences for any number of registers I coefficients + initial state could be used as key for a stream cipher Fact 2: maximal LFSR sequences \look randomly" as seen below Pseudorandom periodic sequences by definition: periodic sequences are not random what is a \randomly looking" bit sequence of period d? consider weak version of the requirements for statistical randomness using following notions/notations: I t- block = subsequence of shape 0 11:::1 0 | {z } t I t- gap = subsequence of shape 1 00:::0 1 | {z } t a d-periodic bit sequence x = x0;:::; xN−1 is Golomb-random, if for every length d subsequence x of x holds: G1 balance. the number of 1's and the number of 0's is ≈ d=2 G2 for small enough t the number of t-blocks and the number of t-gaps are both ≈ d=4t G3 autocorrelation.
Load more

Recommended publications
  • High Performance Architecture for LILI-II Stream Cipher
    International Journal of Computer Applications (0975 – 8887) Volume 107 – No 13, December 2014 High Performance Architecture for LILI-II Stream Cipher N. B. Hulle R. D. Kharadkar, Ph.D. S. S. Dorle, Ph.D. GHRIEET, Pune GHRIEET, Pune GHRCE, Nagpur Domkhel Road Domkhel Road Hingana Road Wagholi, Pune Wagholi, Pune Nagpur ABSTRACT cipher. This architecture uses same clock for both LFSRs. It is Proposed work presents high performance architecture for capable of shifting LFSRD content by one to four stages, LILI-II stream cipher. This cipher uses 128 bit key and 128 bit depending on value of function FC in single clock cycle IV for initialization of two LFSR. Proposed architecture uses without losing any data from function FC. single clock for both LFSRs, so this architecture will be useful in high speed communication applications. Presented 2. LILI-II STREAM CIPHER architecture uses four bit shifting of LFSR in single clock LILI-II is synchronous stream cipher developed by A. Clark et D al. in 2002 by removing existing weaknesses of LILI-128 cycle without losing any data items from function FC. Proposed architecture is coded by using VHDL language with stream cipher. It consists of two subsystems, clock controlled CAD tool Xilinx ISE Design Suite 13.2 and targeted hardware subsystem and data generation subsystem as shown in Fig. 1. is Xilinx Virtex5 FPGA having device xc4vlx60, with KEY IV package ff1148. Proposed architecture achieved throughput of 127 128 128 224.7 Mbps at 224.7 MHz frequency. 127 General Terms Hardware implementation of stream ciphers LFSRc LFSRd ... Keywords X0 X126 X0 X1 X96 X122 LILI, Stream cipher, clock controlled, FPGA, LFSR.
    [Show full text]
  • Pseudo-Random Bit Generators Based on Linear-Feedback Shift Registers in a Programmable Device
    184 Measurement Automation Monitoring, Jun. 2016, no. 06, vol. 62, ISSN 2450-2855 Maciej PAROL, Paweł DĄBAL, Ryszard SZPLET MILITARY UNIVERSITY OF TECHNOLOGY, FACULTY OF ELECTRONICS 2 Gen. Sylwestra Kaliskiego, 00-908 Warsaw, Poland Pseudo-random bit generators based on linear-feedback shift registers in a programmable device Abstract known how to construct LFSRs with the maximum period since they correspond to primitive polynomials over the binary field F2. We present the results of comparative study on three pseudo-random bit The N-bit length LFSR with a well-chosen feedback function generators (PRBG) based on various use of linear-feedback shift registers gives the sequence of maximal period (LFSR). The project was focused on implementation and tests of three such PRBG in programmable device Spartan 6, Xilinx. Tests of the designed PRBGs were performed with the use of standard statistical tests =2 . (1) NIST SP800-22. For example, an eight bit LFSR will have 255 states. LFSRs Keywords: pseudo-random bit generators, linear-feedback shift register, generators have good statistical properties, however they have low programmable device. linear complexity equal to their order (only N in considered case), which is the main drawback of primitive LFSRs. They can 1. Introduction be easily reconstructed having a short output segment of length just 2N [4]. In addition, they are very easy for implementation in In dynamically developed domains of information technology programmable devices. Figure 1 presents the structure of a simple and telecommunication, sequences of random generated bits are LFSR-based generator. still more and more required and used. There are two common sources of random bits, i.e.
    [Show full text]
  • Optimizing the Placement of Tap Positions and Guess and Determine
    Optimizing the placement of tap positions and guess and determine cryptanalysis with variable sampling S. Hodˇzi´c, E. Pasalic, and Y. Wei∗† Abstract 1 In this article an optimal selection of tap positions for certain LFSR-based encryption schemes is investigated from both design and cryptanalytic perspective. Two novel algo- rithms towards an optimal selection of tap positions are given which can be satisfactorily used to provide (sub)optimal resistance to some generic cryptanalytic techniques applicable to these schemes. It is demonstrated that certain real-life ciphers (e.g. SOBER-t32, SFINKS and Grain-128), employing some standard criteria for tap selection such as the concept of full difference set, are not fully optimized with respect to these attacks. These standard design criteria are quite insufficient and the proposed algorithms appear to be the only generic method for the purpose of (sub)optimal selection of tap positions. We also extend the framework of a generic cryptanalytic method called Generalized Filter State Guessing Attacks (GFSGA), introduced in [26] as a generalization of the FSGA method, by applying a variable sampling of the keystream bits in order to retrieve as much information about the secret state bits as possible. Two different modes that use a variable sampling of keystream blocks are presented and it is shown that in many cases these modes may outperform the standard GFSGA mode. We also demonstrate the possibility of employing GFSGA-like at- tacks to other design strategies such as NFSR-based ciphers (Grain family for instance) and filter generators outputting a single bit each time the cipher is clocked.
    [Show full text]
  • MTH6115 Cryptography 4.1 Fish
    MTH6115 Cryptography Notes 4: Stream ciphers, continued Recall from the last part the definition of a stream cipher: Definition: A stream cipher over an alphabet of q symbols a1;:::;aq requires a key, a random or pseudo-random string of symbols from the alphabet with the same length as the plaintext, and a substitution table, a Latin square of order q (whose entries are symbols from the alphabet, and whose rows and columns are indexed by these symbols). If the plaintext is p = p1 p2 ::: pn and the key is k = k1k2 :::kn, then the ciphertext is z = z1z2 :::zn, where zt = pt ⊕ kt for t = 1;:::;n; the operation ⊕ is defined as follows: ai ⊕a j = ak if and only if the symbol in the row labelled ai and the column labelled a j of the substitution table is ak. We extend the definition of ⊕ to denote this coordinate-wise operation on strings: thus, we write z = p ⊕ k, where p;k;z are the plaintext, key, and ciphertext strings. We also define the operation by the rule that p = z k if z = p ⊕ k; thus, describes the operation of decryption. 4.1 Fish (largely not examinable) A simple improvement of the Vigenere` cipher is to encipher twice using two differ- ent keys k1 and k2. Because of the additive nature of the cipher, this is the same as enciphering with k1 + k2. The advantage is that the length of the new key is the least common multiple of the lengths of k1 and k2. For example, if we encrypt a message once with the key FOXES and again with the key WOLVES, the new key is obtained by encrypting a six-fold repeat of FOXES with a five-fold repeat of WOLVES, namely BCIZWXKLPNJGTSDASPAGQJBWOTZSIK 1 The new key has period 30.
    [Show full text]
  • State Convergence and Keyspace Reduction of the Mixer Stream Cipher
    State convergence and keyspace reduction of the Mixer stream cipher Sui-Guan Teo1, Kenneth Koon-Ho Wong1, Leonie Simpson1;2, and Ed Dawson1 1 Information Security Institute, Queensland University of Technology fsg.teo,kkwong,[email protected] 2 Faculty of Science and Technology, Queensland University of Technology GPO Box 2434, Brisbane Qld 4001, Australia [email protected] Keywords: Stream cipher, initialisation, state convergence, Mixer, LILI, Grain Abstract. This paper presents an analysis of the stream cipher Mixer, a bit-based cipher with structural components similar to the well-known Grain cipher and the LILI family of keystream generators. Mixer uses a 128-bit key and 64-bit IV to initialise a 217-bit internal state. The analysis is focused on the initialisation function of Mixer and shows that there exist multiple key-IV pairs which, after initialisation, produce the same initial state, and consequently will generate the same keystream. Furthermore, if the number of iterations of the state update function performed during initialisation is increased, then the number of distinct initial states that can be obtained decreases. It is also shown that there exist some distinct initial states which produce the same keystream, re- sulting in a further reduction of the effective key space. 1 Introduction Many keystream generators for stream ciphers are based on shift registers, partic- ularly Linear Feedback Shift Registers (LFSRs). Using the output of a regularly- clocked LFSR directly as keystream is cryptographically weak due to the linear properties of LFSR sequences. To mask this linearity, stream cipher designers use LFSRs and introduce non-linearity either explicitly through the use of nonlinear Boolean functions or implicitly through through the use of irregular clocking.
    [Show full text]
  • A 1 Gbps Chaos-Based Stream Cipher Implemented in 0.18 Μm CMOS Technology
    electronics Article A 1 Gbps Chaos-Based Stream Cipher Implemented in 0.18 µm CMOS Technology Miguel Garcia-Bosque * , Guillermo Díez-Señorans, Adrián Pérez-Resa, Carlos Sánchez-Azqueta, Concepción Aldea and Santiago Celma Group of Electronic Design, University of Zaragoza, 50009 Zaragoza, Spain; [email protected] (G.D.-S.); [email protected] (A.P.-R.); [email protected] (C.S.-A.); [email protected] (C.A.); [email protected] (S.C.) * Correspondence: [email protected]; Tel.: +34-876-55-3539 Received: 15 May 2019; Accepted: 29 May 2019; Published: 1 June 2019 Abstract: In this work, a novel chaos-based stream cipher based on a skew tent map is proposed and implemented in a 0.18 µm CMOS (Complementary Metal-Oxide-Semiconductor) technology. The proposed ciphering algorithm uses a linear feedback shift register that perturbs the orbits generated by the skew tent map after each iteration. This way, the randomness of the generated sequences is considerably improved. The implemented stream cipher was capable of achieving encryption speeds of 1 Gbps by using an approximate area of 20, 000 2-NAND equivalent gates, with a power ∼ consumption of 24.1 mW. To test the security of the proposed cipher, the generated keystreams were subjected to National Institute of Standards and Technology (NIST) randomness tests, proving that they were undistinguishable from truly random sequences. Finally, other security aspects such as the key sensitivity, key space size, and security against reconstruction attacks were studied, proving that the stream cipher is secure. Keywords: stream cipher; PRNG; cryptography; chaotic map; skew tent map 1. Introduction Despite the large number of encryption algorithms proposed in previous decades, there is still a great interest in the field of cryptography [1,2].
    [Show full text]
  • Recovering the MSS-Sequence Via CA
    Procedia Computer Science Volume 80, 2016, Pages 599–606 ICCS 2016. The International Conference on Computational Science Recovering the MSS-sequence via CA Sara D. Cardell1 and Amparo F´uster-Sabater2∗ 1 Instituto de Matem´atica,Estat´ıstica e Computa¸c˜ao Cient´ıfica UNICAMP, Campinas, Brazil [email protected] 2 Instituto de Tecnolog´ıas F´ısicasy de la Informaci´on CSIC, Madrid, Spain [email protected] Abstract A cryptographic sequence generator, the modified self-shrinking generator (MSSG), was re- cently designed as a novel version of the self-shrinking generator. Taking advantage of the cryptographic properties of the irregularly decimated generator class, the MSSG was mainly created to be used in stream cipher applications and hardware implementations. Nevertheless, in this work it is shown that the MSSG output sequence, the so-called modified self-shrunken sequence, is generated as one of the output sequences of a linear model based on Cellular Au- tomata that use rule 60 for their computations. Thus, the linearity of these structures can be advantageous exploited to recover the complete modified self-shrunken sequence from a number of intercepted bits. Keywords: Modified Self-Shrinking Generator, Cellular Automata, Rule 60, Cryptography 1 Introduction Symmetric key ciphers, also known as secret key ciphers [10, 12 ], are characterized by the fact that the same key is used in both encryption and decryption processes. They are commonly classified into block ciphers and stream ciphers. As opposed to block ciphers, in stream ciphers thesymbolsizetobeencryptedequalsthesizeofeachcharacterinthealphabet.Ifweusea binary alphabet, then the encryption is performed bit by bit, that is, every bit in the original message (plaintext) is encrypted separate and independently from the previous or the following bits.
    [Show full text]
  • Data Encryption with Linear Feedback Shift Register
    International Journal of Scientific & Engineering Research Volume 3, Issue 6, June-2012 1 ISSN 2229-5518 Data Encryption with Linear Feedback Shift Register Subhra Mazumdar , Tannishtha Som Abstract— A data encryption technology which ensures secrecy of the data while being transferred over a long distance. It can provide about 80-85% data security as decoding of data involves inverting the feedback function or generating the binary sequence which will help in retrieving the data after some recombination operation. Index Terms— octal word time generation , linear feedback shift register, feedback function, data security, priority encoder, email server, SMTP(simple mail transfer protocol) ,POP(post office protocol) , device sensitive password check. —————————— —————————— 1 INTRODUCTION An efficient method to modify the plain text into an encoded cipher text , not easily predictable ensuring that the key value is irrecoverable when data is attacked while being transmitted. If a data is lost or extra bit gets added while transmission, the system will automatically show error as all the processes are synchronised. To avoid data being modified while transmission, different types of feedback function for 100 characters(3-bit sequence specific and different for adjacent row and column input devices in the register shown in figure 4; arranged in a 10 * 10 matrix) having different bit sequence is devised. Two stage password check(one of them being device figure 1: OCTAL WORD-TIME SIGNAL GENERATION specific) is used for decoding the message. 2 PURPOSE AND DESIGN OF THE DEVICE Converting the data to its ASCII value, one character at a time, using a 2^8 x 8 priority encoder (1 byte per character), the 8-bit sequence is stored in an 8-bit right shift register M (PARALLEL IN).
    [Show full text]
  • On the Use of Continued Fractions for Stream Ciphers
    On the use of continued fractions for stream ciphers Amadou Moctar Kane Département de Mathématiques et de Statistiques, Université Laval, Pavillon Alexandre-Vachon, 1045 av. de la Médecine, Québec G1V 0A6 Canada. [email protected] May 25, 2013 Abstract In this paper, we present a new approach to stream ciphers. This method draws its strength from public key algorithms such as RSA and the development in continued fractions of certain irrational numbers to produce a pseudo-random stream. Although the encryption scheme proposed in this paper is based on a hard mathematical problem, its use is fast. Keywords: continued fractions, cryptography, pseudo-random, symmetric-key encryption, stream cipher. 1 Introduction The one time pad is presently known as one of the simplest and fastest encryption methods. In binary data, applying a one time pad algorithm consists of combining the pad and the plain text with XOR. This requires the use of a key size equal to the size of the plain text, which unfortunately is very difficult to implement. If a deterministic program is used to generate the keystream, then the system will be called stream cipher instead of one time pad. Stream ciphers use a great deal of pseudo- random generators such as the Linear Feedback Shift Registers (LFSR); although cryptographically weak [37], the LFSRs present some advantages like the fast time of execution. There are also generators based on Non-Linear transitions, examples included the Non-Linear Feedback Shift Register NLFSR and the Feedback Shift with Carry Register FCSR. Such generators appear to be more secure than those based on LFSR.
    [Show full text]
  • Stream Cipher Designs: a Review
    SCIENCE CHINA Information Sciences March 2020, Vol. 63 131101:1–131101:25 . REVIEW . https://doi.org/10.1007/s11432-018-9929-x Stream cipher designs: a review Lin JIAO1*, Yonglin HAO1 & Dengguo FENG1,2* 1 State Key Laboratory of Cryptology, Beijing 100878, China; 2 State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China Received 13 August 2018/Accepted 30 June 2019/Published online 10 February 2020 Abstract Stream cipher is an important branch of symmetric cryptosystems, which takes obvious advan- tages in speed and scale of hardware implementation. It is suitable for using in the cases of massive data transfer or resource constraints, and has always been a hot and central research topic in cryptography. With the rapid development of network and communication technology, cipher algorithms play more and more crucial role in information security. Simultaneously, the application environment of cipher algorithms is in- creasingly complex, which challenges the existing cipher algorithms and calls for novel suitable designs. To accommodate new strict requirements and provide systematic scientific basis for future designs, this paper reviews the development history of stream ciphers, classifies and summarizes the design principles of typical stream ciphers in groups, briefly discusses the advantages and weakness of various stream ciphers in terms of security and implementation. Finally, it tries to foresee the prospective design directions of stream ciphers. Keywords stream cipher, survey, lightweight, authenticated encryption, homomorphic encryption Citation Jiao L, Hao Y L, Feng D G. Stream cipher designs: a review. Sci China Inf Sci, 2020, 63(3): 131101, https://doi.org/10.1007/s11432-018-9929-x 1 Introduction The widely applied e-commerce, e-government, along with the fast developing cloud computing, big data, have triggered high demands in both efficiency and security of information processing.
    [Show full text]
  • On the Design and Analysis of Stream Ciphers Hell, Martin
    On the Design and Analysis of Stream Ciphers Hell, Martin 2007 Link to publication Citation for published version (APA): Hell, M. (2007). On the Design and Analysis of Stream Ciphers. Department of Electrical and Information Technology, Lund University. Total number of authors: 1 General rights Unless other specific re-use rights are stated the following general rights apply: Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal Read more about Creative commons licenses: https://creativecommons.org/licenses/ Take down policy If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim. LUND UNIVERSITY PO Box 117 221 00 Lund +46 46-222 00 00 On the Design and Analysis of Stream Ciphers Martin Hell Ph.D. Thesis September 13, 2007 Martin Hell Department of Electrical and Information Technology Lund University Box 118 S-221 00 Lund, Sweden e-mail: [email protected] http://www.eit.lth.se/ ISBN: 91-7167-043-2 ISRN: LUTEDX/TEIT-07/1039-SE c Martin Hell, 2007 Abstract his thesis presents new cryptanalysis results for several different stream Tcipher constructions.
    [Show full text]
  • MICKEY 2.0. 85: a Secure and Lighter MICKEY 2.0 Cipher Variant With
    S S symmetry Article MICKEY 2.0.85: A Secure and Lighter MICKEY 2.0 Cipher Variant with Improved Power Consumption for Smaller Devices in the IoT Ahmed Alamer 1,2,*, Ben Soh 1 and David E. Brumbaugh 3 1 Department of Computer Science and Information Technology, School of Engineering and Mathematical Sciences, La Trobe University, Victoria 3086, Australia; [email protected] 2 Department of Mathematics, College of Science, Tabuk University, Tabuk 7149, Saudi Arabia 3 Techno Authority, Digital Consultant, 358 Dogwood Drive, Mobile, AL 36609, USA; [email protected] * Correspondence: [email protected]; Tel.: +61-431-292-034 Received: 31 October 2019; Accepted: 20 December 2019; Published: 22 December 2019 Abstract: Lightweight stream ciphers have attracted significant attention in the last two decades due to their security implementations in small devices with limited hardware. With low-power computation abilities, these devices consume less power, thus reducing costs. New directions in ultra-lightweight cryptosystem design include optimizing lightweight cryptosystems to work with a low number of gate equivalents (GEs); without affecting security, these designs consume less power via scaled-down versions of the Mutual Irregular Clocking KEYstream generator—version 2-(MICKEY 2.0) cipher. This study aims to obtain a scaled-down version of the MICKEY 2.0 cipher by modifying its internal state design via reducing shift registers and modifying the controlling bit positions to assure the ciphers’ pseudo-randomness. We measured these changes using the National Institutes of Standards and Testing (NIST) test suites, investigating the speed and power consumption of the proposed scaled-down version named MICKEY 2.0.85.
    [Show full text]