DOCSLIB.ORG

LIGHTWEIGHT CRYPTOGRAPHY Cryptographic Engineering for a Pervasive World

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
LIGHTWEIGHT CRYPTOGRAPHY Cryptographic Engineering for a Pervasive World LIGHTWEIGHT CRYPTOGRAPHY Cryptographic Engineering for a Pervasive World DISSERTATION for the degree Doktor-Ingenieur Faculty of Electrical Engineering and Information Technology Ruhr-University Bochum, Germany Axel York Poschmann Bochum, February 2009 To my parents and Katja. Author’s contact information: [email protected] Thesis Advisor: Prof. Dr.-Ing. Christof Paar Secondary Referee: Dr. Matthew J.B. Robshaw Thesis submitted: February 4, 2009 Thesis defense: April 30, 2009 “As light as a feather, and as hard as dragon-scales” Bilbo Baggins in “The Lord of the Rings: The Fellowship of the Ring”. vii Abstract Increasingly, everyday items are enhanced to pervasive devices by embedding computing power and their interconnection leads to Mark Weiser’s famous vision of ubiquitous comput- ing (ubicomp), which is widely believed to be the next paradigm in information technology. The mass deployment of pervasive devices promises on the one hand many benefits (e.g. opti- mized supply-chains), but on the other hand, many foreseen applications are security sensitive (military, financial or automotive applications), not to mention possible privacy issues. Even worse, pervasive devices are deployed in a hostile environment, i.e. an adversary has physical access to or control over the devices, which enables the whole field of physical attacks. Not only the adversary model is different for ubicomp, but also its optimisation goals are signifi- cantly different from that of traditional application scenarios: high throughput is usually not an issue but power, energy and area are sparse resources. Due to the harsh cost constraints for ubicomp applications only the least required amount of computing power will be realized. If computing power is fixed and cost are variable, Moore’s Law leads to the paradox of an increasing demand for lightweight solutions. In this Thesis different approaches are followed to investigate new lightweight cryptographic designs for block ciphers, hash functions and asymmetric identification schemes. A strong fo- cus is put on lightweight hardware implementations that require as few area (measured in Gate Equivalents (GE)) as possible. We start by scrutinizing the Data Encryption Standard (DES)—a standardized and well-investigated algorithm—and subsequently slightly modify it (yielding DESL) to decrease the area requirements. Then we start from scratch and design a complete new algorithm, called PRESENT, where we could build upon the results of the first step. A va- riety of implementation results of PRESENT—both in software and hardware—using different design strategies and different platforms is presented. Our serialized ASIC implementation (1; 000 GE) is the smallest published and enabled PRESENT to be considered as a suitable can- didate for the upcoming ISO/IEC standard on lightweight cryptography (ISO/IEC JTC1 SC27 WG2). Inspired by these implementation results, we propose several lightweight hash func- tions that are based on PRESENT in Davies-Meyer-mode (DM-PRESENT-80, DM-PRESENT-128) and in Hirose-mode (H-PRESENT-128). For their security level of 64 (DM-PRESENT-80, DM- PRESENT-128) and 128 bits (H-PRESENT-128) the implementation results are the smallest pub- lished. Finally, we use PRESENT in output feedback mode (OFB) as a pseudo-random number generator within the asymmetric identification scheme crypto-GPS. Its design trade-offs are discussed and the implementation results of different architectures (starting from 2; 181 GE) are backed with figures from a manufactured prototype ASIC. We conclude that block ciphers drew level with stream-ciphers with regard to low area re- quirements. Consequently, hash functions that are based on block ciphers can be implemented efficiently in hardware as well. Though it is not easy to obtain lightweight hash functions with a digest size of greater or equal to 160 bits. Given the required parameters, it is very unlikely that the NIST SHA-3 hash competition will lead to a lightweight approach. Hence, lightweight hash functions with a digest size of greater or equal to 160 bits remain an open research prob- lem. Keywords. Lightweight Cryptography, Design, Embedded Systems, Hardware, ASIC, S- boxes, Block cipher, Hash Function, Pervasive Security, IT Security. ix Kurzfassung Alltagsgegenstände werden zunehmend durch das Einbetten von Prozessoren zu pervasiven Geräten erweitert und ihre Vernetzung führt zu Mark Weiser’s berühmter Vision des Ubiq- uitous Computing (ubicomp), das gemeinhin als neues IT-Paradigma angenommen wird. Der erwartete Nutzen ist einerseits vielversprechend (z.B. optimierte Supply-Chains), jedoch sind andererseits viele der skizzierten Szenarien (z.B. fürs Militär, für Banken oder für die Auto- mobilbranche) sicherheitskritisch. Schlimmer noch, durch den Einsatz in „feindlicher” Umge- bung, hat ein möglicher Angreifer volle physikalische Kontrolle über die Geräte, wodurch die gesamte Klasse der physikalischen Angriffe überhaupt erst ermöglicht wird. Abschließend sei noch auf die Gefahren für die Privatsphäre und anderer Bürgerrechte durch die Allgegenwär- tigkeit von eingebetteten Systemen hingewiesen. Sicherheit ist also von zentraler Bedeutung. Nicht nur das Angreifermodell von ubicomp, auch seine Optimierungsziele unterscheiden sich deutlich von denen traditioneller IT-Systeme: einerseits geringer Durchsatz, aber ander- erseits starke Beschränkungen hinsichtlich des Strom-, Energie-, und Flächenverbrauchs. Be- dingt durch die scharfen Kostenvorgaben wird stets nur das Minimum der benötigten Rechen- bzw. Speicherkapazität realisiert, wodurch Moore’s Law konträr interpretiert werden muss: da die Rechenkapazität fix und die Kosten variabel sind führt Moore’s Law zu dem Paradoxon einer konstanten oder sogar steigenden Nachfrage nach hocheffizienten Implementierungen. In dieser Dissertation werden verschiedene Ansätze verfolgt um hocheffiziente Implemen- tierungen von kryptographischen Primitiven wie Blockchiffren, Hashfunktionen und asym- metrischen Identifikationssystemen zu untersuchen. Der Fokus liegt dabei auf hocheffizienten Hardwarerealisierungen, die so wenig Fläche wie möglich—gemessen in Gatter Äquivalenten (GE)—verbrauchen. Zuerst wird der Data Encryption Standard (DES)—ein standardisierter und gut-untersuchter Algorithmus—effizient implementiert und um den Flächenverbrauch weiter zu verringern wird er anschließend geringfügig verändert (DESL). Im nächsten Schritt wird ein komplett neuer Algorithmus (PRESENT) entworfen. Hierbei konnte auf Ergebnisse der vorherigen Untersuchungen aufgebaut werden. Verschiedenste Hard- und Softwarere- alisierungen von PRESENT für unterschiedliche Plattformen werden vorgestellt, wobei unser Hardwarerealisiserung (1; 000 GE) die kleinste bekannte Hardwarerealisierung einer kryp- tographischen Primitive mit angemessener Sicherheit darstellt. Diese Ergebnisse führten dazu, dass PRESENT als geeigneter Kandidat für den zukünftigen ISO/IEC Standard für Lightweight Cryptography (ISO/IEC JTC1 SC27 WG2) gehandelt wird. Auf diesen Ergebnissen aufbauend, werden neue hocheffiziente Hashfunktionen, die auf PRESENT im Davies-Meyer-Modus (DM- PRESENT-80, DM-PRESENT-128) und im Hirose-Modus (H-PRESENT-128) basieren, vorgestellt. Für die jeweiligen Sicherheitslevel von 64 (DM-PRESENT-80, DM-PRESENT-128)) bzw. 128 Bit (H-PRESENT-128) sind usere Implementierungen diejenigen mit dem geringsten Flächenver- brauch. Schließlich kommt PRESENT im Output-Feedback-Modus als Pseudozufallszahlen- generator innerhalb des asymmetrischen Identifikationssystems crypto-GPS zum Einsatz. Ver- schiedene Architekturen werden vorgestellt und die Implementierungsergebnisse werden durch die Zahlen eines speziell gefertigten ASIC-Prototypen von crypto-GPS ergänzt. Die Ergebnisse dieser Dissertation lassen den Schluss zu, dass im Hinblick auf effieziente Hardwarerealisierungen Blockchiffren mit Stromchiffren gleichgezogen sind. Dadurch lassen sich Hashfunktionen, die auf Blockchiffren basieren, ebenfalls hocheffizient implementieren. Dieses trifft jedoch nicht auf Hashfunktionen mit Ausgabelängen von 160 oder mehr Bits zu. Berücksichtigt man die Parameter des NIST SHA-3 Hashfunktions-Wettbewerbs, ist es sehr xi unwahrscheinlich, dass hieraus eine hocheffiziente Hashfunktion resultiert und folglich bleibt diese Forschungsfrage weiterhin offen. Schlüsselworte. Hocheffiziente Kryptographie, Entwurf, Eingebette Systeme, Hardware, ASIC, S-Box, Blockchiffre, Hashfunktion, Pervasive Sicherheit, IT-Sicherheit. xii Acknowledgement This Thesis is the outcome of three years of research at the Embedded Security group1 at the Horst Görtz Institute for IT Security at the Ruhr University Bochum. During this time I got the chance to work with friends and therefore could combine many times work and spare time. It offered me a smooth transition from a students life to the working world. The results would not have been possible without collaboration with many researchers and colleagues. Therefore I would like to briefly acknowledge a subset of all the interesting people I met in the past years. First of all I would like to say Danke! to my supervisor Christof Paar for his great work in supervising, guiding and mentoring me in a very friendly and cooperative way. Secondly, I would like to say Danke! to Irmgard Kühn for coping with all the administrative stuff and all the nice coffee chats that we had. Thank you! Matt Robshaw for being my Thesis reader, and for all the exciting research projects we had. Danke! Gregor Leander for all the funny hours that we spent in your office on joint research
Load more

Recommended publications
  • A Quantitative Study of Advanced Encryption Standard Performance
    United States Military Academy USMA Digital Commons West Point ETD 12-2018 A Quantitative Study of Advanced Encryption Standard Performance as it Relates to Cryptographic Attack Feasibility Daniel Hawthorne United States Military Academy, [email protected] Follow this and additional works at: https://digitalcommons.usmalibrary.org/faculty_etd Part of the Information Security Commons Recommended Citation Hawthorne, Daniel, "A Quantitative Study of Advanced Encryption Standard Performance as it Relates to Cryptographic Attack Feasibility" (2018). West Point ETD. 9. https://digitalcommons.usmalibrary.org/faculty_etd/9 This Doctoral Dissertation is brought to you for free and open access by USMA Digital Commons. It has been accepted for inclusion in West Point ETD by an authorized administrator of USMA Digital Commons. For more information, please contact [email protected]. A QUANTITATIVE STUDY OF ADVANCED ENCRYPTION STANDARD PERFORMANCE AS IT RELATES TO CRYPTOGRAPHIC ATTACK FEASIBILITY A Dissertation Presented in Partial Fulfillment of the Requirements for the Degree of Doctor of Computer Science By Daniel Stephen Hawthorne Colorado Technical University December, 2018 Committee Dr. Richard Livingood, Ph.D., Chair Dr. Kelly Hughes, DCS, Committee Member Dr. James O. Webb, Ph.D., Committee Member December 17, 2018 © Daniel Stephen Hawthorne, 2018 1 Abstract The advanced encryption standard (AES) is the premier symmetric key cryptosystem in use today. Given its prevalence, the security provided by AES is of utmost importance. Technology is advancing at an incredible rate, in both capability and popularity, much faster than its rate of advancement in the late 1990s when AES was selected as the replacement standard for DES. Although the literature surrounding AES is robust, most studies fall into either theoretical or practical yet infeasible.
    [Show full text]
  • Low-Latency Hardware Masking with Application to AES
    Low-Latency Hardware Masking with Application to AES Pascal Sasdrich, Begül Bilgin, Michael Hutter, and Mark E. Marson Rambus Cryptography Research, 425 Market Street, 11th Floor, San Francisco, CA 94105, United States {psasdrich,bbilgin,mhutter,mmarson}@rambus.com Abstract. During the past two decades there has been a great deal of research published on masked hardware implementations of AES and other cryptographic primitives. Unfortunately, many hardware masking techniques can lead to increased latency compared to unprotected circuits for algorithms such as AES, due to the high-degree of nonlinear functions in their designs. In this paper, we present a hardware masking technique which does not increase the latency for such algorithms. It is based on the LUT-based Masked Dual-Rail with Pre-charge Logic (LMDPL) technique presented at CHES 2014. First, we show 1-glitch extended strong non- interference of a nonlinear LMDPL gadget under the 1-glitch extended probing model. We then use this knowledge to design an AES implementation which computes a full AES-128 operation in 10 cycles and a full AES-256 operation in 14 cycles. We perform practical side-channel analysis of our implementation using the Test Vector Leakage Assessment (TVLA) methodology and analyze univariate as well as bivariate t-statistics to demonstrate its DPA resistance level. Keywords: AES · Low-Latency Hardware · LMDPL · Masking · Secure Logic Styles · Differential Power Analysis · TVLA · Embedded Security 1 Introduction Masking countermeasures against side-channel analysis [KJJ99] have received a lot of attention over the last two decades. They are popular because they are relatively easy and inexpensive to implement, and their strengths and limitations are well understood using theoretical models and security proofs.
    [Show full text]
  • Investigating Profiled Side-Channel Attacks Against the DES Key
    IACR Transactions on Cryptographic Hardware and Embedded Systems ISSN 2569-2925, Vol. 2020, No. 3, pp. 22–72. DOI:10.13154/tches.v2020.i3.22-72 Investigating Profiled Side-Channel Attacks Against the DES Key Schedule Johann Heyszl1[0000−0002−8425−3114], Katja Miller1, Florian Unterstein1[0000−0002−8384−2021], Marc Schink1, Alexander Wagner1, Horst Gieser2, Sven Freud3, Tobias Damm3[0000−0003−3221−7207], Dominik Klein3[0000−0001−8174−7445] and Dennis Kügler3 1 Fraunhofer Institute for Applied and Integrated Security (AISEC), Germany, [email protected] 2 Fraunhofer Research Institution for Microsystems and Solid State Technologies (EMFT), Germany, [email protected] 3 Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany, [email protected] Abstract. Recent publications describe profiled single trace side-channel attacks (SCAs) against the DES key-schedule of a “commercially available security controller”. They report a significant reduction of the average remaining entropy of cryptographic keys after the attack, with surprisingly large, key-dependent variations of attack results, and individual cases with remaining key entropies as low as a few bits. Unfortunately, they leave important questions unanswered: Are the reported wide distributions of results plausible - can this be explained? Are the results device- specific or more generally applicable to other devices? What is the actual impact on the security of 3-key triple DES? We systematically answer those and several other questions by analyzing two commercial security controllers and a general purpose microcontroller. We observe a significant overall reduction and, importantly, also observe a large key-dependent variation in single DES key security levels, i.e.
    [Show full text]
  • Hardware Performance Evaluation of Authenticated Encryption SAEAES with Threshold Implementation
    cryptography Article Hardware Performance Evaluation of Authenticated Encryption SAEAES with Threshold Implementation Takeshi Sugawara Department of Informatics, The University of Electro-Communications, Tokyo 182-8585, Japan; [email protected] Received: 30 June 2020; Accepted: 5 August 2020; Published: 9 August 2020 Abstract: SAEAES is the authenticated encryption algorithm instantiated by combining the SAEB mode of operation with AES, and a candidate of the NIST’s lightweight cryptography competition. Using AES gives the advantage of backward compatibility with the existing accelerators and coprocessors that the industry has invested in so far. Still, the newer lightweight block cipher (e.g., GIFT) outperforms AES in compact implementation, especially with the side-channel attack countermeasure such as threshold implementation. This paper aims to implement the first threshold implementation of SAEAES and evaluate the cost we are trading with the backward compatibility. We design a new circuit architecture using the column-oriented serialization based on the recent 3-share and uniform threshold implementation (TI) of the AES S-box based on the generalized changing of the guards. Our design uses 18,288 GE with AES’s occupation reaching 97% of the total area. Meanwhile, the circuit area is roughly three times the conventional SAEB-GIFT implementation (6229 GE) because of a large memory size needed for the AES’s non-linear key schedule and the extended states for satisfying uniformity in TI. Keywords: threshold implementation; SAEAES; authenticated encryption, side-channel attack; changing of the guards; lightweight cryptography; implementation 1. Introduction There is an increasing demand for secure data communication between embedded devices in many areas, including automotive, industrial, and smart-home applications.
    [Show full text]
  • ASIC-Oriented Comparative Review of Hardware Security Algorithms for Internet of Things Applications Mohamed A
    ASIC-Oriented Comparative Review of Hardware Security Algorithms for Internet of Things Applications Mohamed A. Bahnasawi1, Khalid Ibrahim2, Ahmed Mohamed3, Mohamed Khalifa Mohamed4, Ahmed Moustafa5, Kareem Abdelmonem6, Yehea Ismail7, Hassan Mostafa8 1,3,5,6,8Electronics and Electrical Communications Engineering Department, Cairo University, Giza, Egypt 2Electronics Department, Faculty of Information Engineering and Technology, German University in Cairo, Cairo, Egypt 4Electrical, Electronics and Communications Engineering Department, Faculty of Engineering, Alexandria University, Egypt 7,8Center for Nanoelectronics and Devices, AUC and Zewail City of Science and Technology, New Cairo, Egypt {[email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected]; [email protected] } Abstract— Research into the security of the Internet of Applications have different requirements for the Things (IoT) needs to utilize particular algorithms that offer cryptographic algorithms that secure them, varying in the ultra-low power consumption and a long lifespan, along with throughput needed, the extent of immunity against attacks, other parameters such as strong immunity against attacks, power consumption, the area needed on-chip, etc. The lower chip area and acceptable throughput. This paper offers Internet of Things (IoT) focuses mainly on low-power an ASIC-oriented comparative review of the most popular and implementations of security algorithms. This is because powerful cryptographic algorithms worldwide, namely AES, most of them are related to autonomous applications or 3DES, Twofish and RSA. The ASIC implementations of those embedded systems applications (i.e. an ultra-thin sensor algorithms are analyzed by studying statistical data extracted system [2] embedded inside clothes or biomedical from the ASIC layouts of the algorithms and comparing them to determine the most suited algorithms for IoT hardware- applications).
    [Show full text]
  • Comparison of 256-Bit Stream Ciphers at the Beginning of 2006
    Comparison of 256-bit stream ciphers at the beginning of 2006 Daniel J. Bernstein ? [email protected] Abstract. This paper evaluates and compares several stream ciphers that use 256-bit keys: counter-mode AES, CryptMT, DICING, Dragon, FUBUKI, HC-256, Phelix, Py, Py6, Salsa20, SOSEMANUK, VEST, and YAMB. 1 Introduction ECRYPT, a consortium of European research organizations, issued a Call for Stream Cipher Primitives in November 2004. A remarkable variety of ciphers were proposed in response by a total of 97 authors spread among Australia, Belgium, Canada, China, Denmark, England, France, Germany, Greece, Israel, Japan, Korea, Macedonia, Norway, Russia, Singapore, Sweden, Switzerland, and the United States. Evaluating a huge pool of stream ciphers, to understand the merits of each cipher, is not an easy task. This paper simplifies the task by focusing on the relatively small pool of ciphers that allow 256-bit keys. Ciphers limited to 128- bit keys (or 80-bit keys) are ignored. See Section 2 to understand my interest in 256-bit keys. The ciphers allowing 256-bit keys are CryptMT, DICING, Dragon, FUBUKI, HC-256, Phelix, Py, Py6, Salsa20, SOSEMANUK, VEST, and YAMB. I included 256-bit AES in counter mode as a basis for comparison. Beware that there are unresolved claims of attacks against Py (see [4] and [3]), SOSEMANUK (see [1]), and YAMB (see [5]). ECRYPT, using measurement tools written by Christophe De Canni`ere, has published timings for each cipher on several common general-purpose CPUs. The original tools and timings used reference implementations (from the cipher authors) but were subsequently updated for faster implementations (also from the cipher authors).
    [Show full text]
  • Cs 255 (Introduction to Cryptography)
    CS 255 (INTRODUCTION TO CRYPTOGRAPHY) DAVID WU Abstract. Notes taken in Professor Boneh’s Introduction to Cryptography course (CS 255) in Winter, 2012. There may be errors! Be warned! Contents 1. 1/11: Introduction and Stream Ciphers 2 1.1. Introduction 2 1.2. History of Cryptography 3 1.3. Stream Ciphers 4 1.4. Pseudorandom Generators (PRGs) 5 1.5. Attacks on Stream Ciphers and OTP 6 1.6. Stream Ciphers in Practice 6 2. 1/18: PRGs and Semantic Security 7 2.1. Secure PRGs 7 2.2. Semantic Security 8 2.3. Generating Random Bits in Practice 9 2.4. Block Ciphers 9 3. 1/23: Block Ciphers 9 3.1. Pseudorandom Functions (PRF) 9 3.2. Data Encryption Standard (DES) 10 3.3. Advanced Encryption Standard (AES) 12 3.4. Exhaustive Search Attacks 12 3.5. More Attacks on Block Ciphers 13 3.6. Block Cipher Modes of Operation 13 4. 1/25: Message Integrity 15 4.1. Message Integrity 15 5. 1/27: Proofs in Cryptography 17 5.1. Time/Space Tradeoff 17 5.2. Proofs in Cryptography 17 6. 1/30: MAC Functions 18 6.1. Message Integrity 18 6.2. MAC Padding 18 6.3. Parallel MAC (PMAC) 19 6.4. One-time MAC 20 6.5. Collision Resistance 21 7. 2/1: Collision Resistance 21 7.1. Collision Resistant Hash Functions 21 7.2. Construction of Collision Resistant Hash Functions 22 7.3. Provably Secure Compression Functions 23 8. 2/6: HMAC And Timing Attacks 23 8.1. HMAC 23 8.2.
    [Show full text]
  • Two Practical and Provably Secure Block Ciphers: BEAR and LION
    Two Practical and Provably Secure Block Ciphers: BEAR and LION Ross Anderson 1 and Eh Biham 2 Cambridge University, England; emall rja14~cl.cmn.ar .uk 2 Technion, Haifa, Israel; email biham~cs .teclmion.ac.il Abstract. In this paper we suggest two new provably secure block ci- phers, called BEAR and LION. They both have large block sizes, and are based on the Luby-Rackoff construction. Their underlying components are a hash function and a stream cipher, and they are provably secure in the sense that attacks which find their keys would yield attacks on one or both of the underlying components. They also have the potential to be much faster than existing block ciphers in many applications. 1 Introduction There are a number of ways in which cryptographic primitives can be trans- formed by composition, such as output feedback mode which transforms a block cipher into a stream cipher, and feedforward mode which transforms it into a hash function [P]. A number of these reductions are provable, in the sense that certain kinds of attack on the composite function would yield an attack on the underlying primitive; a recent example is the proof that the ANSI message au- thentication code is as secure as the underlying block cipher [BKR]. One construction which has been missing so far is a means of building a block cipher out of a stream cipher. In this paper, we show provably secure ways to construct a block cipher from a stream cipher and a hash function. Given that ways of constructing keyed hash functions from stream ciphers already exist [LRW] [K], this enables block ciphers to be constructed from stream ciphers.
    [Show full text]
  • CHUCK CHONSON: AMERICAN CIPHER by ERIC NOLAN A
    CHUCK CHONSON: AMERICAN CIPHER By ERIC NOLAN A THESIS PRESENTED TO THE GRADUATE SCHOOL OF THE UNIVERSITY OF FLORIDA IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF FINE ARTS UNIVERSITY OF FLORIDA 2003 Copyright 2003 by Eric Nolan To my parents, and to Nicky ACKNOWLEDGMENTS I thank my parents, my teachers, and my colleagues. Special thanks go to Dominique Wilkins and Don Mattingly. iv TABLE OF CONTENTS ACKNOWLEDGMENTS..................................................................................................iv ABSTRACT......................................................................................................................vii CHAPTER 1 LIVE-IN GIRLFRIEND, SHERRY CRAVENS ...................................................... 1 2 DEPARTMENT CHAIR, FURRY LUISSON..........................................................8 3 TRAIN CONDUCTOR, BISHOP PROBERT........................................................ 12 4 TWIN BROTHER, MARTY CHONSON .............................................................. 15 5 DEALER, WILLIE BARTON ................................................................................ 23 6 LADY ON BUS, MARIA WOESSNER................................................................. 33 7 CHILDHOOD PLAYMATE, WHELPS REMIEN ................................................ 36 8 GUY IN TRUCK, JOE MURHPY .........................................................................46 9 EX-WIFE, NORLITTA FUEGOS...........................................................................49 10
    [Show full text]
  • Identifying Open Research Problems in Cryptography by Surveying Cryptographic Functions and Operations 1
    International Journal of Grid and Distributed Computing Vol. 10, No. 11 (2017), pp.79-98 http://dx.doi.org/10.14257/ijgdc.2017.10.11.08 Identifying Open Research Problems in Cryptography by Surveying Cryptographic Functions and Operations 1 Rahul Saha1, G. Geetha2, Gulshan Kumar3 and Hye-Jim Kim4 1,3School of Computer Science and Engineering, Lovely Professional University, Punjab, India 2Division of Research and Development, Lovely Professional University, Punjab, India 4Business Administration Research Institute, Sungshin W. University, 2 Bomun-ro 34da gil, Seongbuk-gu, Seoul, Republic of Korea Abstract Cryptography has always been a core component of security domain. Different security services such as confidentiality, integrity, availability, authentication, non-repudiation and access control, are provided by a number of cryptographic algorithms including block ciphers, stream ciphers and hash functions. Though the algorithms are public and cryptographic strength depends on the usage of the keys, the ciphertext analysis using different functions and operations used in the algorithms can lead to the path of revealing a key completely or partially. It is hard to find any survey till date which identifies different operations and functions used in cryptography. In this paper, we have categorized our survey of cryptographic functions and operations in the algorithms in three categories: block ciphers, stream ciphers and cryptanalysis attacks which are executable in different parts of the algorithms. This survey will help the budding researchers in the society of crypto for identifying different operations and functions in cryptographic algorithms. Keywords: cryptography; block; stream; cipher; plaintext; ciphertext; functions; research problems 1. Introduction Cryptography [1] in the previous time was analogous to encryption where the main task was to convert the readable message to an unreadable format.
    [Show full text]
  • Applications of Search Techniques to Cryptanalysis and the Construction of Cipher Components. James David Mclaughlin Submitted F
    Applications of search techniques to cryptanalysis and the construction of cipher components. James David McLaughlin Submitted for the degree of Doctor of Philosophy (PhD) University of York Department of Computer Science September 2012 2 Abstract In this dissertation, we investigate the ways in which search techniques, and in particular metaheuristic search techniques, can be used in cryptology. We address the design of simple cryptographic components (Boolean functions), before moving on to more complex entities (S-boxes). The emphasis then shifts from the construction of cryptographic arte- facts to the related area of cryptanalysis, in which we first derive non-linear approximations to S-boxes more powerful than the existing linear approximations, and then exploit these in cryptanalytic attacks against the ciphers DES and Serpent. Contents 1 Introduction. 11 1.1 The Structure of this Thesis . 12 2 A brief history of cryptography and cryptanalysis. 14 3 Literature review 20 3.1 Information on various types of block cipher, and a brief description of the Data Encryption Standard. 20 3.1.1 Feistel ciphers . 21 3.1.2 Other types of block cipher . 23 3.1.3 Confusion and diffusion . 24 3.2 Linear cryptanalysis. 26 3.2.1 The attack. 27 3.3 Differential cryptanalysis. 35 3.3.1 The attack. 39 3.3.2 Variants of the differential cryptanalytic attack . 44 3.4 Stream ciphers based on linear feedback shift registers . 48 3.5 A brief introduction to metaheuristics . 52 3.5.1 Hill-climbing . 55 3.5.2 Simulated annealing . 57 3.5.3 Memetic algorithms . 58 3.5.4 Ant algorithms .
    [Show full text]
  • All-Or-Nothing Encryption and the Package Transform
    All-or-Nothing Encryption and the Package Transform Ronald L. Rivest MIT Laboratory for Computer Science 545 Technology Square, Cambridge, Mass. 02139 rivest@theory, ics.mit, edu Abstract. We present a new mode of encryption for block ciphers, which we call all-or-nothing encryption. This mode has the interesting defining property that one must decrypt the entire ciphertext before one can de- termine even one message block. This means that brute-force searches against all-or-nothing encryption are slowed down by a factor equal to the number of blocks in the ciphertext. We give a specific way of im- plementing all-or-nothing encryption using a "package transform" as a pre-processing step to an ordinary encryption mode. A package trans- form followed by ordinary codebook encryption also has the interest- ing property that it is very efficiently implemented in parallel. All-or- nothing encryption can also provide protection against chosen-plaintext and related-message attacks. 1 Introduction One way in which a cryptosystem may be attacked is by brute-force search: an adversary tries decrypting an intercepted ciphertext with all possible keys until the plaintext "makes sense" or until it matches a known target plaintext. Our primary motivation is to devise means to make brute-force search more difficult, by appropriately pre-processing a message before encrypting it. In this paper, we assume that the cipher under discussion is a block cipher with fixed-length input/output blocks, although our remarks generalize to other kinds of ciphers. An "encryption mode" is used to extend the encryption function to arbitrary length messages (see, for example, Schneier [9] and Biham [3]).
    [Show full text]