Key-dependent side-channel cube attack on CRAFT

CRAFT is a tweakable block cipher introduced in 2019 that aims to provide strong protection against differential fault analysis. In this paper, we show that CRAFT is vulnerable to side-channel cube attacks. We apply side-channel cube attacks to CRAFT with the Hamming weight leakage assumption. We found that the first half of the secret key can be recovered from the Hamming weight leakage after the first round. Next, using the recovered key bits, we continue our attack to recover the second half of the secret key. We show that the set of equations that are solvable varies depending on the value of the key bits. Our result shows that 99.90% of the key space can be fully recovered within a practical time.     

Celebrating ten years of KRYPTOS: a series of cryptanalysis

Abstract

The KRYPTOS competition is an annual codebreaking competition for undergraduates. Debuting in 2011 with 49 participants from three states, after nine years we have seen over 1,000 students from 32 states and seven different countries. KRYPTOS will hold its tenth competition in April of 2020. Here we present some of the puzzles participants have found most elusive and challenge you to beat the clock on our fastest solver.     

Construction of a polynomial invariant annihilation attack of degree 7 for T-310

Abstract

Cryptographic attacks are typically constructed by black-box methods and combinations of simpler properties, for example in [Generalised] Linear Cryptanalysis. In this article, we work with a more recent white-box algebraic-constructive methodology. Polynomial invariant attacks on a block cipher are constructed explicitly through the study of the space of Boolean polynomials which does not have a unique factorisation and solving the so-called Fundamental Equation (FE). Some recent invariant attacks are quite symmetric and exhibit some sort of clear structure, or work only when the Boolean function is degenerate. As a proof of concept, we construct an attack where a highly irregular product of seven polynomials is an invariant for any number of rounds for T-310 under certain conditions on the long term key and for any key and any IV. A key feature of our attack is that it works for any Boolean function which satisfies a specific annihilation property. We evaluate very precisely the probability that our attack works when the Boolean function is chosen uniformly at random.     

A SIMPLIFIED AES ALGORITHM AND ITS LINEAR AND DIFFERENTIAL CRYPTANALYSES

In this paper, we describe a simplified version of the Advanced Encryption Standard algorithm. This version can be used in the classroom for explaining the Advanced Encryption Standard. After presentation of the simplified version, it is easier for students to understand the real version. This simplified version has the advantage that examples can be worked by hand. We also describe attacks on this version using both linear and differential cryptanalysis. These too can be used in the classroom as a way of explaining those kinds of attacks.     

Modern breaking of Enigma ciphertexts

“Breaking German Army Ciphers” is the title of a Cryptologia article from 2005, describing the lucky survival of several hundred authentic Enigma messages of World War II, and an account of a ciphertext-only cryptanalysis of a large number of these messages, leaving only a few (mostly short messages) unbroken. After reviewing the work done, and investigating the reasons for both lucky breaks and close misses, the modern ciphertext-only attack on Enigma messages is improved, especially on genuine ones with short lengths and/or many garbles. The difficulties of a proper measure for the candidate’s closeness to a plaintext are clarified. The influence on the decryption process of an empty plugboard and one with only a few correct plugs is examined. The method is extended by a partial exhaustion of the plugboard combined with an optimized hillclimbing strategy. The newly designed software succeeds in breaking formerly unbroken messages.     

MY RECOLLECTIONS OF G.2 A.6

Abstract

In this article, we consider an attack on the SIGABA cipher under the assumption that the largest practical keyspace is used. The attack highlights various strengths and weaknesses of SIGABA and provides insight into the inherent level of security provided by the cipher.     

An Effective Differential Fault Analysis on the Serpent Cryptosystem in the Internet of Things

Due to the strong attacking ability, fast speed, simple implementation and other characteristics, differential fault analysis has become an important method to evaluate the security of cryptosystem in the Internet of Things. As one of the AES finalists, the Serpent is a 128-bit Substitution-Permutation Network （SPN） cryptosystem. It has 32 rounds with the variable key length between 0 and 256 bits, which is flexible to provide security in the Internet of Things. On the basis of the byte-oriented model and the differential analysis, we propose an effective differential fault attack on the Serpent cryptosystem. Mathematical analysis and simulating experiment show that the attack could recover its secret key by introducing 48 faulty ciphertexts. The result in this study describes that the Serpent is vulnerable to differential fault analysis in detail. It will be beneficial to the analysis of the same type of other iterated cryptosystems.     

FPGA上抗侧信道攻击的密码算法实现

密码算法在运行时可能会受到侧信道攻击,抗侧信道攻击的FPGA密码算法实现是目前研究的一个热点。通过随机数保护关键数据的S盒移位掩码法被认为是一种有效的防御手段。采用该方式实现的密码算法在提高运行安全性的同时,可能会带来硬件资源开销的增加及加解密速度的降低。通过对SM4算法的实现表明,采用合适的实现方式时S盒移位掩码法抗侧信道攻击实现对算法硬件资源开销及加解密速度影响不是太大,具有一定的实用价值。     

THE CONTROL OF PUBLIC CRYPTOGRAPHY AND FREEDOM OF SPEECH - A REVIEW

Abstract

This article presents the original draft of the Zimmermann telegram from 1917 in facsimile. Its various annotations provide interesting insights, such as the idea to promise California to Japan and instructions concerning transmission and encryption. Further documents clarify how the telegram was sent and put various alternatives suggested in the literature to rest. The political background and fallout in Germany are discussed, as well.