Computational aspects of the expected differential probability of 4-round AES and AES-like ciphers

In this paper we study the security of the Advanced Encryption Standard (AES) and AES-like block ciphers against differential cryptanalysis. Differential cryptanalysis is one of the most powerful methods for analyzing the security of block ciphers. Even though no formal proofs for the security of AES against differential cryptanalysis have been provided to date, some attempts to compute the maximum expected differential probability (MEDP) for two and four rounds of AES have been presented recently. In this paper, we will improve upon existing approaches in order to derive better bounds on the EDP for two and four rounds of AES based on a slightly simplified S-box. More precisely, we are able to provide the complete distribution of the EDP for two rounds of this AES variant with five active S-boxes and methods to improve the estimates for the EDP in the case of six active S-boxes.     

Rotation symmetry in algebraically generated cryptographic substitution tables

Using some elementary properties of normal bases, we are able to show that bijective substitution tables generated from power maps or exponentiations over finite fields are linear equivalent to rotation-symmetric S-boxes. In the other direction, we show that rotation-symmetric S-boxes can always be described as a sum of power maps over finite fields.     

The NIST Cryptographic Workshop on Hash Functions

In light of recent breakthroughs on the cryptanalysis of hash functions, the US National Institute for Standards and Technology (NIST) organized a workshop to solicit input on the current status of the Secure Hash Algorithm-1 (SHA-1) family of hash functions.     

A nonlinear mixed model framework for item response theory.

Mixed models take the dependency between observations based on the same cluster into account by introducing 1 or more random effects. Common item response theory (IRT) models introduce latent person variables to model the dependence between responses of the same participant. Assuming a distribution for the latent variables, these IRT models are formally equivalent with nonlinear mixed models. It is shown how a variety of IRT models can be formulated as particular instances of nonlinear mixed models. The unifying framework offers the advantage that relations between different IRT models become explicit and that it is rather straightforward to see how existing IRT models can be adapted and extended. The approach is illustrated with a self-report study on anger. (PsycINFO Database Record (c) 2010 APA, all rights reserved)     

Mixed model estimation methods for the Rasch model

Mixed models take the dependency between observations based on the same person into account by introducing one or more random effects. After introducing the mixed model framework, it is explained, by taking the Rasch model as a generic example, how item response models can be conceptualized as generalized linear and nonlinear mixed models. Common estimation methods for generalized linear and nonlinear models are discussed. In a simulation study, the performance of four estimation methods is assessed for the Rasch model under different conditions regarding the number of items and persons, and the degree of interindividual differences. The estimation methods included in the study are: an approximation of the integral over the random effect by means of Gaussian quadrature; direct maximization with a sixth-order Laplace approximation to the integrand; a linearized approximation of the nonlinear model employing PQL2; and finally a Bayesian MCMC method. It is concluded that the estimation methods perform almost equally well, except for a slightly worse recovery of the variance parameter for PQL2 and MCMC.     

Secure Hardware Implementation of Nonlinear Functions in the Presence of Glitches

Hardware implementations of cryptographic algorithms are vulnerable to side-channel attacks. Side-channel attacks that are based on multiple measurements of the same operation can be countered by employing masking techniques. Many protection measures depart from an idealized hardware model that is very expensive to meet with real hardware. In particular, the presence of glitches causes many masking techniques to leak information during the computation of nonlinear functions. We discuss a recently introduced masking method which is based on secret sharing and multi-party computation methods. The approach results in implementations that are provably resistant against a wide range of attacks, while making only minimal assumptions on the hardware. We show how to use this method to derive secure implementations of some nonlinear building blocks for cryptographic algorithms. Finally, we provide a provable secure implementation of the block cipher Noekeon and verify the results by means of low-level simulations.     

Green Cryptography: Cleaner Engineering through Recycling

"Green cryptography" is an implementation-centric design paradigm that advocates mature (that is, secure) and minimalist (that is, simple) implementations by recycling cryptographic primitives, components, and design strategies. To exemplify the merits of this recycling-based approach, the authors turn to the Advanced Encryption Standard and examine the pedigree of its predecessors, successors, and various other primitives that it recycles from and that recycle from it. To vouch for its viability as a secure strategy for cryptographic design, the authors also outline a framework for recycling the AES in both message encryption and message authentication, to achieve the strongest notions of confidentiality and integrity.