A simple power analysis attack against the key schedule of the Camellia block cipher

This paper presents a simple power analysis attack against the key schedule of Camellia. The attack works for the smart card environment which leaks the Hamming weight of data being processed, making use of the Hamming weight to deduce all key bits. It is shown that determining the cipher key given accurate power analysis data is very fast and does not require any pair of plaintext and ciphertext.     

Differential attack on nine rounds of the SEED block cipher

The SEED block cipher has a 128-bit block length, a 128-bit user key and a total number of 16 rounds. It is an ISO international standard. In this letter, we describe two 7-round differentials with a trivially larger probability than the best previously known one on SEED, and present a differential cryptanalysis attack on a 9-round reduced version of SEED. The attack requires a memory of 2^69.71 bytes, and has a time complexity of 2^126.36 encryptions with a success probability of 99.9% when using 2¹²⁵ chosen plaintexts, or a time complexity of 2^125.36 encryptions with a success probability of 97.8% when using 2¹²⁴ chosen plaintexts. Our result is better than any previously published cryptanalytic results on SEED in terms of the numbers of attacked rounds, and it suggests for the first time that the safety margin of SEED decreases below half of the number of rounds.     

Related-key rectangle attack on 36 rounds of the XTEA block cipher

XTEA is a 64-round block cipher with a 64-bit block size and a 128-bit user key, which was designed as a short C program that would run safely on most computers. In this paper, we present a related-key rectangle attack on a series of inner 36 rounds of XTEA without making a weak key assumption, and a related-key rectangle attack on the first 36 rounds of XTEA under certain weak key assumptions. These are better than any previously published cryptanalytic results on XTEA in terms of the numbers of attacked rounds.

What is the effective key length for a block cipher: an attack on every practical block cipher

Recently,several important block ciphers are considered to be broken by the brute-force-like cryptanalysis,with a time complexity faster than the exhaustive key search by going over the entire key space but performing less than a full encryption for each possible key.Motivated by this observation,we describe a meetin-the-middle attack that can always be successfully mounted against any practical block ciphers with success probability one.The data complexity of this attack is the smallest according to the unicity distance.The time complexity can be written as 2k(1-),where>0 for all practical block ciphers.Previously,the security bound that is commonly accepted is the length k of the given master key.From our result we point out that actually this k-bit security is always overestimated and can never be reached because of the inevitable loss of the key bits.No amount of clever design can prevent it,but increments of the number of rounds can reduce this key loss as much as possible.We give more insight into the problem of the upper bound of effective key bits in block ciphers,and show a more accurate bound.A suggestion about the relationship between the key size and block size is given.That is,when the number of rounds is fixed,it is better to take a key size equal to the block size.Also,effective key bits of many well-known block ciphers are calculated and analyzed,which also confirms their lower security margins than thought before.The results in this article motivate us to reconsider the real complexity that a valid attack should compare to.     

分组密码算法抗功耗攻击和故障攻击的方法

为同时抵御差分功耗攻击和故障攻击,提出了一种有效的防护方法,采用流水线技术增加了正常加解密运算的噪声,比较同一输入依次进入不同级的流水线的运算结果是否一致,可以抗故障攻击。通过仿真实验分析,该方法具有良好的抗攻击性能。     

A new impossible differential attack on SAFER ciphers

This paper presents an improved impossible differential cryptanalysis of SAFER ciphers, which uses the miss-in-the-middle technique developed by Biham et al. We analyze 3.75-round SAFER SK-64,¹ using 2⁴⁵ chosen plaintexts, 2³⁸ bytes memory and 2⁴² half round computations. Furthermore, the new impossible differential attack on 3.75-round SAFER+/128 uses 2⁷⁸ chosen plaintexts, 2⁷⁵ half round computations and 2⁶⁸ bytes memory. And attack on 3.75-round SAFER++/128 uses 2⁷⁸ data, 2⁶⁶ time, and 2⁶² memory.     

AKF: A key alternating Feistel scheme for lightweight cipher designs

In the classical Feistel structure the usage of alternating keys makes the cipher insecure against the related key attacks. In this work, we propose a new block cipher scheme, AKF, based on a Feistel structure with alternating keys but resistant against related key attacks. AKF leads constructions of lightweight block ciphers suitable for resource restricted devices such as RFID tags and wireless sensor nodes.     

A parallel time-memory tradeoff attack on the Hill cipher

Leap et al. (2016 Leap, T., T. McDevitt, K. Novak, and N. Siermine. 2016. Further improvements to the Bauer-Millward attack on the Hill cipher. Cryptologia 40:1–16.[Taylor &; Francis Online], [Web of Science ®] , [Google Scholar]) reduced the time complexity of the Bauer-Millward (2007 Bauer, C., and K. Millward. 2007. Cracking matrix encryption row by row. Cryptologia 31(1):76–83.[Taylor &; Francis Online], [Web of Science ®] , [Google Scholar]) ciphertext-only attack on the Hill cipher from 𝒪(Lⁿ) to 𝒪(L^n?1), where L is the length of the alphabet, and n is the block size. This article presents an attack that reduces the complexity to 𝒪(L^n?1?s), 0?≤?s?≤?n???1. The practical limitation on the size of s is the memory available on the computer being used for the attack. Specifically, the computer must be able to hold L^s integer arrays of length N, where N is the number of blocks of ciphertext. The key idea is not to iterate over potential rows of the decryption matrix, but to iterate over randomly chosen characters in the plaintext. This attack also admits a straightforward parallel implementation on multiple processors to further decrease the run time of the attack.     

Multidimensional zero-correlation attacks on lightweight block cipher HIGHT: Improved cryptanalysis of an ISO standard

HIGHT is a block cipher designed in Korea with the involvement of Korea Information Security Agency. It was proposed at CHES 2006 for usage in lightweight applications such as sensor networks and RFID tags. Lately, it has been adopted as ISO standard. Though there is a great deal of cryptanalytic results on HIGHT, its security evaluation against the recent zero-correlation linear attacks is still lacking. At the same time, the Feistel-type structure of HIGHT suggests that it might be susceptible to this type of cryptanalysis. In this paper, we aim to bridge this gap.We identify zero-correlation linear approximations over 16 rounds of HIGHT. Based upon those, we attack 27-round HIGHT (round 4 to round 30) with improved time complexity and practical memory requirements. This attack of ours is the best result on HIGHT to date in the classical single-key setting. We also provide the first attack on 26-round HIGHT (round 4 to round 29) with the full whitening key.     

Weakness of lightweight block ciphers mCrypton and LED against biclique cryptanalysis

Peer-to-Peer Networking and Applications - In this paper, we evaluate the security of lightweight block ciphers mCrypton and LED against biclique cryptanalysis. In cases of mCryton-64/96/128, our...     

一种抵抗智能电网数据注入攻击的认证密钥机制

对智能电网中新兴的坏数据注入攻击进行了探讨,它通过篡改传感数据对电力系统进行欺骗。对此提出了一种以簇为分界线的两层加密认证机制,即簇内认证密钥加密采用同态加密的对称算法,簇间的认证采用密钥基于内容生成方式的对称加密技术。通过仿真验证,本机制性能良好,减少了密钥动态更新的开销,增强了网络结构上的认证性,能够有效地防御错误数据注入攻击。     

Fault analysis study of the block cipher FOX64

FOX is a family of symmetric block ciphers from MediaCrypt AG that helps to secure digital media, communications, and storage. The high-level structure of FOX is the so-called (extended) Lai–Massey scheme. This paper presents a detailed fault analysis of the block cipher FOX64, the 64-bit version of FOX, based on a differential property of two-round Lai–Massey scheme in a fault model. Previous fault attack on FOX64 shows that each round-key (resp. whole round-keys) could be recovered through 11.45 (resp. 183.20) faults on average. Our proposed fault attack, however, can deduce any round-key (except the first one) through 4.25 faults on average (4 in the best case), and retrieve the whole round-keys through 43.31 faults on average (38 in the best case). This implies that the number of needed faults in the fault attack on FOX64 can be significantly reduced. Furthermore, the technique introduced in this paper can be extended to other series of the block cipher family FOX.     

Security analysis of the full-round DDO-64 block cipher

DDO-64 is a 64-bit Feistel-like block cipher based on data-dependent operations (DDOs). It is composed of 8 rounds and uses a 128-bit key. There are two versions of DDO-64, named DDO-64V₁ and DDO-64V₂, according to the key schedule. They were designed under an attempt for improving the security and performance of DDP-based ciphers. In this paper, however, we show that like most of the existing DDP-based ciphers, DDO-64V₁ and DDO-64V₂ are also vulnerable to related-key attacks. The attack on DDO-64V₁ requires 2^35.5 related-key chosen plaintexts and 2^63.5 encryptions while the attack on DDO-64V₂ only needs 8 related-key chosen plaintexts and 2³¹ encryptions; our attacks are both mainly due to their simple key schedules and structural weaknesses. These works are the first known cryptanalytic results on DDO-64V₁ and DDO-64V₂ so far.     

A comparative study of hardware architectures for lightweight block ciphers

A hardware-based performance comparison of lightweight block ciphers is conducted in this paper. The DESL, DESXL, CURUPIRA-1, CURUPIRA-2, HIGHT, PUFFIN, PRESENT and XTEA block ciphers have been employed in this comparison. Our objective is to survey what ciphers are suitable for security in Radio Frequency Identification (RFID) and other security applications with demanding area restrictions. A general architecture option has been followed for the implementation of all ciphers. Specifically, a loop architecture has been used, where one basic round is used iteratively. The basic performance metrics are the area, power consumption and hardware resource cost associated with the implementation resulting throughput of each cipher. The most compact cipher is the 80-bit PRESENT block cipher with a count of 1704 GEs and 206.4 Kbps, while the largest in area cipher is the CURUPIRA-1. The CURUPIRA-1 cipher consumes the highest power of 118.1 μW, while the PRESENT cipher consumes the lowest power of 20 μW. All measurements have been taken at a 100 kHz clock frequency.     

Tweakable enciphering schemes using only the encryption function of a block cipher

A new construction of block cipher based tweakable enciphering schemes (TES) is described. The major improvement over existing TESs is that the construction uses only the encryption function of the underlying block cipher. Consequently, this leads to substantial savings in the size of hardware implementation of TES applications such as disk encryption. This improvement is achieved without loss in efficiency of encryption and decryption compared to previously known schemes. We further show that the same idea can also be used with a stream cipher which supports an initialization vector (IV) leading to the first example of a TES from such a primitive.     

On the security of the block cipher GOST suitable for the protection in U-business services

The paper revisits the security of the block cipher GOST, which is suitable for the protection in U-business services due to its simple design. Inspired from the reflection-meet-in-the-middle attack on GOST, we firstly find a large portion of weak keys on the full GOST: GOST has 2¹²⁸ weak keys in which key recovery attack is mounted with a data complexity of 2³² known plaintexts and a time complexity of 2^125.5. Secondly, we present a differential fault attack on the full GOST, which required 64 fault injections to recover the entire key. This is the first known side-channel attack on GOST.     

A novel secure solution of using mixed reality in data transmission for bowel and jaw surgical telepresence: enhanced rivest cipher RC6 block cipher

Security threats are crucial challenges that deter Mixed reality (MR) communication in medical telepresence. This research aims to improve the security by reducing the chances of types of various attacks occurring during the real-time data transmission in surgical telepresence as well as reduce the time of the cryptographic algorithm and keep the quality of the media used. The proposed model consists of an enhanced RC6 algorithm in combination. Dynamic keys are generated from the RC6 algorithm mixed with RC4 to create dynamic S-box and permutation table, preventing various known attacks during the real-time data transmission. For every next session, a new key is created, avoiding possible reuse of the same key from the attacker. The results obtained from our proposed system are showing better performance compared to the state of art. The resistance to the tested attacks is measured throughout the entropy, Pick to Signal Noise Ratio (PSNR) is decreased for the encrypted image than the state of art, structural similarity index (SSIM) closer to zero. The execution time of the algorithm is decreased for an average of 20%. The proposed system is focusing on preventing the brute force attack occurred during the surgical telepresence data transmission. The paper proposes a framework that enhances the security related to data transmission during surgeries with acceptable performance.

     

A CPU-GPU-based parallel search algorithm for the best differential characteristics of block ciphers

The Journal of Supercomputing - The differential characteristics with high probability are critical for differential cryptanalysis. The process of searching such differential characteristics,...     

Improving the security of arbitrated quantum signature against the forgery attack

As a feasible model for signing quantum messages, some cryptanalysis and improvement of arbitrated quantum signature (AQS) have received a great deal of attentions in recent years. However, in this paper we find the previous improvement is not suitable implemented in some typical AQS protocols in the sense that the receiver, Bob, can forge a valid signature under known message attack. We describe the forgery strategy and present some corresponding improved strategies to stand against the forgery attack by modifying the encryption algorithm, an important part of AQS. These works preserve the merits of AQS and lead some potential improvements of the security in quantum signature or other cryptography problems.     

基于状态机的入侵场景重构关键技术研究

分析了现有的各种安全事件关联算法,提出了一种基于状态机的攻击场景重构技术.基于状态机的攻击场景重构技术将聚类分析和因果分析统一起来对安全事件进行关联处理,为每一种可能发生的攻击场景构建一个状态机,利用状态机来跟踪、记录攻击活动的发展过程,以此来提高关联过程的实时性和准确性.最后通过DARPA2000入侵场景测试数据集对所提出的技术进行了分析验证.