DOCSLIB.ORG

A MATLAB Tool for the Analysis of Cryptographic Properties of S-Boxes by Fatima Ishfaq a Thesis Submitted in Partial Fulfillment for the Degree of Master of Philosophy

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A MATLAB Tool for the Analysis of Cryptographic Properties of S-Boxes by Fatima Ishfaq a Thesis Submitted in Partial Fulfillment for the Degree of Master of Philosophy CAPITAL UNIVERSITY OF SCIENCE AND TECHNOLOGY, ISLAMABAD A MATLAB Tool for the Analysis of Cryptographic Properties of S-boxes by Fatima Ishfaq A thesis submitted in partial fulfillment for the degree of Master of Philosophy in the Faculty of Computing Department of Mathematics 2018 i Copyright c 2018 by Fatima Ishfaq All rights reserved. No part of this thesis may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, by any information storage and retrieval system without the prior written permission of the author. ii To my father for his prayers and love, for giving me the determination to overcome many trying moments to pursue my dreams. CAPITAL UNIVERSITY OF SCIENCE & TECHNOLOGY ISLAMABAD CERTIFICATE OF APPROVAL A MATLAB Tool for the Analysis of Cryptographic Properties of S-boxes by Fatima Ishfaq MMT153016 THESIS EXAMINING COMMITTEE S. No. Examiner Name Organization (a) External Examiner Dr. Umar Hayat QAU, Islamabad (a) Internal Examiner Dr. Dure Shehwar Sagheer CUST, Islamabad (b) Supervisor Dr. Rashid Ali CUST, Islamabad Dr. Rashid Ali Thesis Supervisor September, 2018 Dr. Muhammad Sagheer Dr. Muhammad Abdul Qadir Head Dean Dept. of Mathematics Faculty of Computing September, 2018 September, 2018 iv Author's Declaration I, Fatima Ishfaq hereby state that my M.Phil thesis titled \A MATLAB Tool for the Analysis of Cryptographic Properties of S-boxes" is my own work and has not been submitted previously by me for taking any degree from Capital University of Science and Technology, Islamabad or anywhere else in the coun- try/abroad. At any time if my statement is found to be incorrect even after my graduation, the University has the right to withdraw my M.Phil Degree. (Fatima Ishfaq) Registration No: MMT-153016 v Plagiarism Undertaking I solemnly declare that research work presented in this thesis titled \A MATLAB Tool for the Analysis of Cryptographic Properties of S-boxes" is solely my research work with no significant contribution from any other person. Small contribu- tion/help wherever taken has been dully acknowledged and that complete thesis has been written by me. I understand the zero tolerance policy of the HEC and Capital University of Science and Technology towards plagiarism. Therefore, I as an author of the above titled thesis declare that no portion of my thesis has been plagiarized and any material used as reference is properly referred/cited. I undertake that if I am found guilty of any formal plagiarism in the above titled thesis even after award of M.Phil Degree, the University reserves the right to with- draw/revoke my M.Phil degree and that HEC and the University have the right to publish my name on the HEC/University website on which names of students are placed who submitted plagiarized work. (Fatima Ishfaq) Registration No: MMT-153016 vi Acknowledgements All praise be to Almighty ALLAH who has been bestowing me with His great bounties and enabled me to complete my dissertation. I would like to thank my affectionate teachers, Dr. Muhammad Sagheer, Dr. Abdul Rehman Kashif, Dr. Shafqat Hussain, Dr. M. Afzal and Dr. Rashid Ali for their excellent teaching and support during these years. I would like to express my special gratitude to my supervisor Dr. Rashid Ali for his patience with me and guidance. A more supportive and considerate supervisor I could not have asked for. He was a big support and motivation in the difficult times as he encouraged and helped a lot during research and writing of thesis. I feel really blessed and proud to be his student. I truly appreciate my mother for her love and continuous support, for without her, I would not have finished my degree. I am grateful to my late father for all the prayers, who always supported me in achieving my targets. I would like to thank my sister for the motivation and my kids who are always been a sweet delight of life and helped me to be a better human. I have also had the good fortune to study with some wonderful people: Saba Majeed, Urwa Aftab, Afsheen Nazar, Maria Qamar and Sumaira Bibi who helped and encouraged me throughout my studies. Their friendships are what I will miss the most and hope to keep forever. Especially, I would like to acknowledge Ms. Saba Majeed and appreciate her friendship and contribution. My friend Zareen, your support made all the difference and I can't thank you enough for driving me towards my goal always. Finally, I am obliged to all the people who prayed for me, shared their knowledge during my degree program and supported me. \Once dust, you are now spirit. Once ignorant, now wise. He who has led you so far, will guide you further." Rumi viii Abstract Substitution boxes (S-boxes) are one amongst the crucial parts within a block cipher and play an important role in their security for being the only non-linear part of the system. Despite the fact that some old algorithms and S-boxes are still in use these days as they possess theoretically known security parameters, there is always a demand for a tool which can investigate the strength of an S-box and its corresponding boolean functions cryptographic properties. A well built tool for the analysis is also necessary when we want to create new S-boxes. Although in some cases, the common properties of S-boxes are known because of their generating algorithms but still we believe that an extensive investigation is required for all cryptographic properties. In this thesis, we present a tool for the evaluation of some key properties of Boolean functions and S-boxes suitable for cryptography. The performance indexes of S-boxes are outlined and surveyed. The corresponding numerical formulas for calculating them are discussed. Then, a code is established in MATLAB software which can not only compute the required parameters for an S-box but also for the boolean functions with large computational space GF (2n) for 2 ≤ n ≤ 20. This tool provides an in depth approach of calculation process for the user so we believe that this tool is very useful to support the researchers for the analysis and designing of S-boxes to check the security of associated symmetric encryption scheme. Contents Author's Declaration iv Plagiarism Undertakingv Acknowledgements vi Abstract viii List of Figures xi List of Tables xii Abbreviations xiii Symbols xiv 1 INTRODUCTION1 1.1 Substitution Boxes in Cryptography..................2 1.2 Why We Study S-boxes?........................3 1.2.1 Classification of S-boxes....................4 1.3 Construction of S-boxes........................4 1.3.1 History of Design Criteria of S-boxes.............5 1.4 Desirable Properties for Good S-boxes................7 1.5 Software Tools For S-box Analysis...................8 1.6 Thesis Objective............................9 2 S-boxes and their Cryptographic Properties 12 2.1 Mathematical Background....................... 12 2.1.1 Galois Field........................... 12 2.1.1.1 Representation of Galois field elements....... 14 2.1.2 Boolean Functions....................... 15 2.1.2.1 Representation of Boolean functions........ 16 2.1.3 Properties of Boolean Functions................ 18 2.2 Substitution Boxes........................... 25 2.2.1 The Rijndael S-box (AES)................... 27 ix x 2.2.1.1 Irreducible Polynomial................ 27 2.2.1.2 Affine Transformation................ 28 2.2.2 Properties of Cryptographically Strong S-boxes....... 30 3 MATLAB tool for the analysis of S-boxes 42 3.1 MATLAB tool.............................. 42 3.1.1 How to use this MATLAB code?............... 45 3.1.1.1 Requirements..................... 45 3.1.1.2 S-box Analysis MATLAB Tool (SAMT.p)..... 45 3.1.1.3 Notation........................ 51 3.2 Analysis of different S-boxes by SAMT................ 53 3.2.1 AES S-box Analysis...................... 53 3.2.2 Guo Chen S-box properties.................. 57 3.2.3 Faith and Ahmet S-box properties............... 61 3.3 Comparison of Results with SET-tool................. 65 3.4 Conclusion................................ 66 Bibliography 67 List of Figures 3.1 MATLAB Window with Editor space and Command window.... 46 3.2 MATLAB Path requirement...................... 47 3.3 Code file name in Command Window................. 48 3.4 MATLAB code Results......................... 51 xi List of Tables 2.1 Roots of primitive polynomial in GF (23)............... 14 2.2 Elements of Finite Field GF (28) with irreducible polynomial m(u) = u8 + u4 + u3 + u + 1......................... 15 2.3 Truth Table of XOR Boolean function................ 16 2.4 Truth Table of logical OR function.................. 17 2.5 One Variable Boolean Functions.................... 17 2.6 Number of Boolean Functions..................... 17 2.7 Conversion in affine cipher....................... 19 2.8 Hamming distance between two functions f and g .......... 21 2.9 Calculation of Hamming distances and Unexpected distances of f = [1 0 0 1 1 0 0 1]............................. 22 2.10 Comparison of truth tables....................... 24 2.11 (4 × 4) S-box.............................. 26 2.12 Truth Table of XOR, AND functions................. 30 2.13 S-box fixed points............................ 41 2.14 S-box opposite fixed points....................... 41 3.1 AES S-box results with SET tool and SAMT............. 65 xii Abbreviations DES Data Encryption Standard AES Advanced Encryption Standard SPN Substitution Permutation Network SAC Strict Avalanche Criterion WHT Walsh Hadamard Transform SET S-box Evaluation Tool GF Galois Field TT Truth Table ANF Algebraic Normal Form BIC Bit Independence Criterion DD Dynamic Distance xiii Symbols G Group Z Set of integers R Set of real numbers Q Rational numbers C Complex numbers V Vector space G∗ Multiplicative Group p; q Prime number Fp,Zp Finite field of order prime p Fpk Finite field extension xiv Chapter 1 INTRODUCTION Cryptography is the science of special techniques of secret writing which changes original message into a coded message with an unreadable format for its transmis- sion over the public networks in the presence of adversaries.
Load more

Recommended publications
  • Vector Boolean Functions: Applications in Symmetric Cryptography
    Vector Boolean Functions: Applications in Symmetric Cryptography José Antonio Álvarez Cubero Departamento de Matemática Aplicada a las Tecnologías de la Información y las Comunicaciones Universidad Politécnica de Madrid This dissertation is submitted for the degree of Doctor Ingeniero de Telecomunicación Escuela Técnica Superior de Ingenieros de Telecomunicación November 2015 I would like to thank my wife, Isabel, for her love, kindness and support she has shown during the past years it has taken me to finalize this thesis. Furthermore I would also liketo thank my parents for their endless love and support. Last but not least, I would like to thank my loved ones such as my daughter and sisters who have supported me throughout entire process, both by keeping me harmonious and helping me putting pieces together. I will be grateful forever for your love. Declaration The following papers have been published or accepted for publication, and contain material based on the content of this thesis. 1. [7] Álvarez-Cubero, J. A. and Zufiria, P. J. (expected 2016). Algorithm xxx: VBF: A library of C++ classes for vector Boolean functions in cryptography. ACM Transactions on Mathematical Software. (In Press: http://toms.acm.org/Upcoming.html) 2. [6] Álvarez-Cubero, J. A. and Zufiria, P. J. (2012). Cryptographic Criteria on Vector Boolean Functions, chapter 3, pages 51–70. Cryptography and Security in Computing, Jaydip Sen (Ed.), http://www.intechopen.com/books/cryptography-and-security-in-computing/ cryptographic-criteria-on-vector-boolean-functions. (Published) 3. [5] Álvarez-Cubero, J. A. and Zufiria, P. J. (2010). A C++ class for analysing vector Boolean functions from a cryptographic perspective.
    [Show full text]
  • Quasi-Orthogonal Sequences for Code-Division Multiple-Access Systems Kyeongcheol Yang, Member, IEEE, Young-Ky Kim, and P
    982 IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 46, NO. 3, MAY 2000 Quasi-Orthogonal Sequences for Code-Division Multiple-Access Systems Kyeongcheol Yang, Member, IEEE, Young-Ky Kim, and P. Vijay Kumar, Member, IEEE Abstract—In this paper, the notion of quasi-orthogonal se- correlation between two binary sequences and of quence (QOS) as a means of increasing the number of channels the same length is given by in synchronous code-division multiple-access (CDMA) systems that employ Walsh sequences for spreading information signals and separating channels is introduced. It is shown that a QOS sequence may be regarded as a class of bent (almost bent) functions possessing, in addition, a certain window property. Such sequences while increasing system capacity, minimize interference where is computed modulo for all . It is easily to the existing set of Walsh sequences. The window property gives shown that where denotes the the system the ability to handle variable data rates. A general procedure of constructing QOS's from well-known families of Hamming distance of two vectors and . Two sequences are binary sequences with good correlation, including the Kasami and said to be orthogonal if their correlation is zero. Gold sequence families, as well as from the binary Kerdock code Let be a family of binary is provided. Examples of QOS's are presented for small lengths. sequences of period . The family is said to be orthogonal if Some examples of quaternary QOS's drawn from Family are any two sequences are mutually orthogonal, that is, also included. for any and . For example, the Walsh sequence family of Index Terms—Bent functions, code-division multiple-access sys- length is orthogonal.
    [Show full text]
  • Advanced Encryption Standard (Aes) Modes of Operation
    ADVANCED ENCRYPTION STANDARD (AES) MODES OF OPERATION 1 Arya Rohan Under the guidance of Dr. Edward Schneider University of Maryland, College Park MISSION: TO SIMULATE BLOCK CIPHER MODES OF OPERATION FOR AES IN MATLAB Simulation of the AES (Rijndael Algorithm) in MATLAB for 128 bit key-length. Simulation of the five block cipher modes of operation for AES as per FIPS publication. Comparison of the five modes based on Avalanche Effect. Future Work 2 OUTLINE A brief history of AES Galois Field Theory De-Ciphering the Algorithm-ENCRYPTION De-Ciphering the Algorithm-DECRYPTION Block Cipher Modes of Operation Avalanche Effect Simulation in MATLAB Conclusion & Future Work References 3 A BRIEF HISTORY OF AES 4 In January 1997, researchers world-over were invited by NIST to submit proposals for a new standard to be called Advanced Encryption Standard (AES). From 15 serious proposals, the Rijndael algorithm proposed by Vincent Rijmen and Joan Daemen, two Belgian cryptographers won the contest. The Rijndael algorithm supported plaintext sizes of 128, 192 and 256 bits, as well as, key-lengths of 128, 192 and 256 bits. The Rijndael algorithm is based on the Galois field theory and hence it gives the algorithm provable 5 security properties. GALOIS FIELD 6 GALOIS FIELD - GROUP Group/Albelian Group: A group G or {G, .} is a set of elements with a binary operation denoted by . , that associates to each ordered pair (a, b) of elements in G an element (a . b) such that the following properties are obeyed: Closure: If a & b belong to G, then a . b also belongs to G.
    [Show full text]
  • A Construction of Bent Functions with Optimal Algebraic Degree and Large Symmetric Group
    Advances in Mathematics of Communications doi:10.3934/amc.2020003 Volume 14, No. 1, 2020, 23{33 A CONSTRUCTION OF BENT FUNCTIONS WITH OPTIMAL ALGEBRAIC DEGREE AND LARGE SYMMETRIC GROUP Wenying Zhang and Zhaohui Xing School of Information Science and Engineering, Shandong Normal University Jinan 250014, China Keqin Feng Department of Mathematical Sciences, Tsinghua University Beijing, 100084 China State Key Lab. of Cryptology, P.O.Box 5159 Beijing 100878 China (Communicated by Sihem Mesnager) Abstract. As maximal, nonlinear Boolean functions, bent functions have many theoretical and practical applications in combinatorics, coding theory, and cryptography. In this paper, we present a construction of bent function m fa;S with n = 2m variables for any nonzero vector a 2 F2 and subset S m of F2 satisfying a + S = S. We give a simple expression of the dual bent function of fa;S and prove that fa;S has optimal algebraic degree m if and only if jSj ≡ 2(mod4). This construction provides a series of bent functions with optimal algebraic degree and large symmetric group if a and S are chosen properly. We also give some examples of those bent functions fa;S and their dual bent functions. 1. Introduction Bent functions were introduced by Rothaus [17] in 1976 and studied by Dillon [7] in 1974 with their equivalent combinatorial objects: Hadamard difference sets in elementary 2-groups. Bent functions are equidistant from all the affine func- tions, so it is equally hard to approximate with any affine function. Given such good properties, bent functions are the ideal choice for secure cryptographic func- tions.
    [Show full text]
  • Block Ciphers
    Block Ciphers Chester Rebeiro IIT Madras CR STINSON : chapters 3 Block Cipher KE KD untrusted communication link Alice E D Bob #%AR3Xf34^$ “Attack at Dawn!!” message encryption (ciphertext) decryption “Attack at Dawn!!” Encryption key is the same as the decryption key (KE = K D) CR 2 Block Cipher : Encryption Key Length Secret Key Plaintext Ciphertext Block Cipher (Encryption) Block Length • A block cipher encryption algorithm encrypts n bits of plaintext at a time • May need to pad the plaintext if necessary • y = ek(x) CR 3 Block Cipher : Decryption Key Length Secret Key Ciphertext Plaintext Block Cipher (Decryption) Block Length • A block cipher decryption algorithm recovers the plaintext from the ciphertext. • x = dk(y) CR 4 Inside the Block Cipher PlaintextBlock (an iterative cipher) Key Whitening Round 1 key1 Round 2 key2 Round 3 key3 Round n keyn Ciphertext Block • Each round has the same endomorphic cryptosystem, which takes a key and produces an intermediate ouput • Size of the key is huge… much larger than the block size. CR 5 Inside the Block Cipher (the key schedule) PlaintextBlock Secret Key Key Whitening Round 1 Round Key 1 Round 2 Round Key 2 Round 3 Round Key 3 Key Expansion Expansion Key Key Round n Round Key n Ciphertext Block • A single secret key of fixed size used to generate ‘round keys’ for each round CR 6 Inside the Round Function Round Input • Add Round key : Add Round Key Mixing operation between the round input and the round key. typically, an ex-or operation Confusion Layer • Confusion layer : Makes the relationship between round Diffusion Layer input and output complex.
    [Show full text]
  • Visualization of the Avalanche Effect in CT2
    University of Mannheim Faculty for Business Informatics & Business Mathematics Theoretical Computer Science and IT Security Group Bachelor's Thesis Visualization of the Avalanche Effect in CT2 as part of the degree program Bachelor of Science Wirtschaftsinformatik submitted by Camilo Echeverri [email protected] on October 31, 2016 (2nd revised public version, Apr 18, 2017) Supervisors: Prof. Dr. Frederik Armknecht Prof. Bernhard Esslinger Visualization of the Avalanche Effect in CT2 Abstract Cryptographic algorithms must fulfill certain properties concerning their security. This thesis aims at providing insights into the importance of the avalanche effect property by introducing a new plugin for the cryptography and cryptanalysis platform CrypTool 2. The thesis addresses some of the desired properties, discusses the implementation of the plugin for modern and classic ciphers, guides the reader on how to use it, applies the proposed tool in order to test the avalanche effect of different cryptographic ciphers and hash functions, and interprets the results obtained. 2 Contents Abstract .......................................... 2 Contents .......................................... 3 List of Abbreviations .................................. 5 List of Figures ...................................... 6 List of Tables ....................................... 7 1 Introduction ..................................... 8 1.1 CrypTool 2 . 8 1.2 Outline of the Thesis . 9 2 Properties of Secure Block Ciphers ....................... 10 2.1 Avalanche Effect . 10 2.2 Completeness . 10 3 Related Work ..................................... 11 4 Plugin Design and Implementation ....................... 12 4.1 General Description of the Plugin . 12 4.2 Prepared Methods . 14 4.2.1 AES and DES . 14 4.3 Unprepared Methods . 20 4.3.1 Classic Ciphers, Modern Ciphers, and Hash Functions . 20 4.4 Architecture of the Code . 22 4.5 Limitations and Future Work .
    [Show full text]
  • A Block Cipher Algorithm to Enhance the Avalanche Effect Using Dynamic Key- Dependent S-Box and Genetic Operations 1Balajee Maram and 2J.M
    International Journal of Pure and Applied Mathematics Volume 119 No. 10 2018, 399-418 ISSN: 1311-8080 (printed version); ISSN: 1314-3395 (on-line version) url: http://www.ijpam.eu Special Issue ijpam.eu A Block Cipher Algorithm to Enhance the Avalanche Effect Using Dynamic Key- Dependent S-Box and Genetic Operations 1Balajee Maram and 2J.M. Gnanasekar 1Department of CSE, GMRIT, Rajam, India. Research and Development Centre, Bharathiar University, Coimbatore. [email protected] 2Department of Computer Science & Engineering, Sri Venkateswara College of Engineering, Sriperumbudur Tamil Nadu. [email protected] Abstract In digital data security, an encryption technique plays a vital role to convert digital data into intelligible form. In this paper, a light-weight S- box is generated that depends on Pseudo-Random-Number-Generators. According to shared-secret-key, all the Pseudo-Random-Numbers are scrambled and input to the S-box. The complexity of S-box generation is very simple. Here the plain-text is encrypted using Genetic Operations and S-box which is generated based on shared-secret-key. The proposed algorithm is experimentally investigates the complexity, quality and performance using the S-box parameters which includes Hamming Distance, Balanced Output and the characteristic of cryptography is Avalanche Effect. Finally the comparison results motivates that the dynamic key-dependent S-box has good quality and performance than existing algorithms. 399 International Journal of Pure and Applied Mathematics Special Issue Index Terms:S-BOX, data security, random number, cryptography, genetic operations. 400 International Journal of Pure and Applied Mathematics Special Issue 1. Introduction In public network, several types of attacks1 can be avoided by applying Data Encryption/Decryption2.
    [Show full text]
  • FPGA Implementation and Analysis of the Block Cipher Mode Architectures for the PRESENT Light Weight Encryption Algorithm
    ISSN (Print) : 0974-6846 Indian Journal of Science and Technology, Vol 9(38), DOI: 10.17485/ijst/2016/v9i38/90314, October 2016 ISSN (Online) : 0974-5645 FPGA Implementation and Analysis of the Block Cipher Mode Architectures for the PRESENT Light Weight Encryption Algorithm A. Prathiba* and V. S. Kanchana Bhaaskaran School of Electronics Engineering, VIT University Chennai, Chennai - 600127, India; prathi_communication@yahoo. co.in, [email protected] Abstract Objective: This paper presents the Field Programmable Gate Array (FPGA) implementations of the different block cipher mode architectures of the ISO standardized light weight block cipher PRESENT, designed for resource constrained devices. Methods/ Statistical Analysis: The performance evaluations compare the implementations of the different block cipher modes, namely Electronic Code Book (ECB) mode, Cipher Block Chaining (CBC) mode, Cipher Feedback Mode (CFB), Output Feed Back Mode (OFB) and CounTeR (CTR) mode for the PRESENT cipher. The throughput of encryption of three successive 64 bit blocks of data ranges from 565.312Mbps to 574.784Mbps for the modes other than the cipher feedback arrives as 68.912 Mbps, 155.392Mbps and300.8 Mbps for a 64 bit block of data for the input streams of size 8 bits, 16 bits andmode 32 in bits the respectively.Spartan-3 FPGA. Findings: The throughput The throughput for providing of the confidentialityblock cipher mode through hardware encryption architectures in the cipher of the feedback light weight mode cipher PRESENT demonstrates the high speed performance of the cipher in encryption/decryption of data as blocks and streams. Application/ Improvement: different modes of operation for the light weight block cipher PRESENT.
    [Show full text]
  • Balanced Boolean Functions with Maximum Absolute Value In
    1 Construction of n-variable (n ≡ 2 mod 4) balanced Boolean functions with maximum absolute value in n autocorrelation spectra < 2 2 Deng Tang and Subhamoy Maitra Abstract In this paper we consider the maximum absolute value ∆f in the autocorrelation spectrum (not considering the zero point) of a function f. In even number of variables n, bent functions possess the highest nonlinearity with ∆f = 0. The long standing open question (for two decades) in this area is to obtain a theoretical construction of n balanced functions with ∆f < 2 2 . So far there are only a few examples of such functions for n = 10; 14, but no general construction technique is known. In this paper, we mathematically construct an infinite class of balanced n n+6 Boolean functions on n variables having absolute indicator strictly lesser than δn = 2 2 − 2 4 , nonlinearity strictly n−1 n n −3 n−2 greater than ρn = 2 − 2 2 + 2 2 − 5 · 2 4 and algebraic degree n − 1, where n ≡ 2 (mod 4) and n ≥ 46. While the bound n ≥ 46 is required for proving the generic result, our construction starts from n = 18 and we n n−1 n could obtain balanced functions with ∆f < 2 2 and nonlinearity > 2 − 2 2 for n = 18; 22 and 26. Index Terms Absolute Indicator, Autocorrelation Spectrum, Balancedness, Boolean function, Nonlinearity. I. INTRODUCTION Symmetric-key cryptography, which includes stream ciphers and block ciphers, plays a very important role in modern cryptography. The fundamental and generally accepted design principles for symmetric-key cryptography are confusion and diffusion, introduced by Shannon [23].
    [Show full text]
  • Higher Order Correlation Attacks, XL Algorithm and Cryptanalysis of Toyocrypt
    Higher Order Correlation Attacks, XL Algorithm and Cryptanalysis of Toyocrypt Nicolas T. Courtois Cryptography research, Schlumberger Smart Cards, 36-38 rue de la Princesse, BP 45, 78430 Louveciennes Cedex, France http://www.nicolascourtois.net [email protected] Abstract. Many stream ciphers are built of a linear sequence generator and a non-linear output function f. There is an abundant literature on (fast) correlation attacks, that use linear approximations of f to attack the cipher. In this paper we explore higher degree approximations, much less studied. We reduce the cryptanalysis of a stream cipher to solv- ing a system of multivariate equations that is overdefined (much more equations than unknowns). We adapt the XL method, introduced at Eurocrypt 2000 for overdefined quadratic systems, to solving equations of higher degree. Though the exact complexity of XL remains an open problem, there is no doubt that it works perfectly well for such largely overdefined systems as ours, and we confirm this by computer simula- tions. We show that using XL, it is possible to break stream ciphers that were known to be immune to all previously known attacks. For exam- ple, we cryptanalyse the stream cipher Toyocrypt accepted to the second phase of the Japanese government Cryptrec program. Our best attack on Toyocrypt takes 292 CPU clocks for a 128-bit cipher. The interesting feature of our XL-based higher degree correlation attacks is, their very loose requirements on the known keystream needed. For example they may work knowing ONLY that the ciphertext is in English. Key Words: Algebraic cryptanalysis, multivariate equations, overde- fined equations, Reed-Muller codes, correlation immunity, XL algorithm, Gr¨obner bases, stream ciphers, pseudo-random generators, nonlinear fil- tering, ciphertext-only attacks, Toyocrypt, Cryptrec.
    [Show full text]
  • FPGA Implementation Using VHDL of the AES-GCM 256-Bit Authenticated Encryption Algorithm
    NATIONAL AND KAPODISTRIAN UNIVERSITY OF ATHENS DEPARTMENT OF INFORMATICS AND TELECOMMUNICATIONS THESIS FPGA Implementation using VHDL of the AES-GCM 256-bit Authenticated Encryption Algorithm Ioannis-T. - Stavrou Supervisor: Antonis Paschalis, Professor ATHENS NOVEMBER 2016 ΕΘΝΙΚΟ ΚΑΙ ΚΑΠΟΔΙΣΤΡΙΑΚΟ ΠΑΝΕΠΙΣΤΗΜΙΟ ΑΘΗΝΩΝ ΣΧΟΛΗ ΘΕΤΙΚΩΝ ΕΠΙΣΤΗΜΩΝ ΤΜΗΜΑ ΠΛΗΡΟΦΟΡΙΚΗΣ ΚΑΙ ΤΗΛΕΠΙΚΟΙΝΩΝΙΩΝ ΠΤΥΧΙΑΚΗ ΕΡΓΑΣΙΑ Υλοποίηση σε FPGA με τη Χρήση VHDL του Αλγόριθμου Κρυπτογράφησης με Πιστοποίηση Αυθεντικότητας AES-GCM 256-bit Ιωάννης - Θ. - Σταύρου Επιβλέπων: Αντώνης Πασχάλης, Καθηγητής ΑΘΗΝΑ ΝΟΕΜΒΡΙΟΣ 2016 THESIS FPGA Implementation using VHDL of the AES-GCM 256-bit Authenticated Encryption Algorithm Ioannis - T. - Stavrou Α.Μ.: 1115200700128 Supervisor: Antonis Paschalis, Professor ΠΤΥΧΙΑΚΗ ΕΡΓΑΣΙΑ Υλοποίηση σε FPGA με τη Χρήση VHDL του Αλγόριθμου Κρυπτογράφησης με Πιστοποίηση Αυθεντικότητας AES-GCM 256-bit Ιωάννης - Θ. - Σταύρου Α.Μ.:1115200700128 Επιβλέπων: Αντώνης Πασχάλης, Καθηγητής ABSTRACT Achieving high-speed network performance along with data integrity and security was always a challenge. The necessity to communicate through public channels securely led to the use of asymmetric key cryptography algorithms that commonly use a “hand- shake” mechanism allowing the implementation of a “trust” system that could quarantine the security of the transaction and the integrity of the data as long as the algorithm could provide strong resistance to cryptographic attacks. Although, there is no mathematical proof that these algorithms are invulnerable to attacks there is strong indication that they are highly resistant to most of them, making brute force the only attack that can have a 100% success rate which is countered by the huge computational power someone needs to succeed. While asymmetric key cryptography algorithms where the solution to public communication, the ongoing demand for higher bandwidth made the use of them inefficient, because the complexity of the algorithms demanded a processing cost that were creating latency gaps.
    [Show full text]
  • A Novel Construction of Efficient Substitution-Boxes Using Cubic
    entropy Article A Novel Construction of Efficient Substitution-Boxes Using Cubic Fractional Transformation Amjad Hussain Zahid 1,2, Muhammad Junaid Arshad 2 and Musheer Ahmad 3,* 1 Department of Computer Science, University of Management and Technology, Lahore 54000, Pakistan; [email protected] 2 Department of Computer Science, University of Engineering and Technology, Lahore 54000, Pakistan; [email protected] 3 Department of Computer Engineering, Jamia Millia Islamia, New Delhi 110025, India * Correspondence: [email protected]; Tel.: +91-112-698-0281 Received: 27 January 2019; Accepted: 28 February 2019; Published: 5 March 2019 Abstract: A symmetric block cipher employing a substitution–permutation duo is an effective technique for the provision of information security. For substitution, modern block ciphers use one or more substitution boxes (S-Boxes). Certain criteria and design principles are fulfilled and followed for the construction of a good S-Box. In this paper, an innovative technique to construct substitution-boxes using our cubic fractional transformation (CFT) is presented. The cryptographic strength of the proposed S-box is critically evaluated against the state of the art performance criteria of strong S-boxes, including bijection, nonlinearity, bit independence criterion, strict avalanche effect, and linear and differential approximation probabilities. The performance results of the proposed S-Box are compared with recently investigated S-Boxes to prove its cryptographic strength. The simulation and comparison analyses validate that the proposed S-Box construction method has adequate efficacy to generate efficient candidate S-Boxes for usage in block ciphers. Keywords: substitution box; cubic fractional transformation; block ciphers; security 1. Introduction Cryptography helps individuals and organizations to protect their data.
    [Show full text]