On the Practical Security Bound of GF-NLFSR Structure with SPN Round Function

2014 ◽  
pp. 40-54
Author(s):  
Guangyao Zhao ◽  
Lei Cheng ◽  
Chao Li ◽  
Ruilin Li ◽  
Xuan Shen
Keyword(s):  
Round Function ◽  
Security Bound ◽  
Practical Security

Known-Key Attacks on Generalized Feistel Schemes with SP Round Function

2012 ◽  
Vol E95.A (9) ◽  
pp. 1550-1560 ◽  
Author(s):  
HyungChul KANG ◽  
Deukjo HONG ◽  
Dukjae MOON ◽  
Daesung KWON ◽  
Jaechul SUNG ◽  
...  
Keyword(s):  
Round Function

Compact Hardware Implementations of MISTY1 Block Cipher

2017 ◽  
Vol 27 (03) ◽  
pp. 1850037 ◽  
Author(s):  
Yasir ◽  
Ning Wu ◽  
Xiaoqiang Zhang
Keyword(s):  
Low Power ◽  
Block Cipher ◽  
Comprehensive Analysis ◽  
The Other ◽  
Key Generation ◽  
Round Function ◽  
Other Hand ◽  
Hardware Implementations ◽  
Covered Area

This paper proposes compact hardware implementations of 64-bit NESSIE proposed MISTY1 block cipher for area constrained and low power ASIC applications. The architectures comprise only one round MISTY1 block cipher algorithm having optimized FO/FI function by re-utilizing S9/S7 substitution functions. A focus is also made on efficient logic implementations of S9 and S7 substitution functions using common sub-expression elimination (CSE) and parallel AND/XOR gates hierarchy. The proposed architecture 1 generates extended key with independent FI function and is suitable for MISTY1 8-rounds implementation. On the other hand, the proposed architecture 2 uses a single FO/FI function for both MISTY1 round function as well as extended key generation and can be employed for MISTY1 [Formula: see text] rounds. To analyze the performance and covered area for ASICs, Synopsys Design Complier, SMIC 0.18[Formula: see text][Formula: see text]m @ 1.8[Formula: see text]V is used. The hardware constituted 3041 and 2331 NAND gates achieving throughput of 171 and 166 Mbps for 8 rounds implementation of architectures 1 and 2, respectively. Comprehensive analysis of proposed designs is covered in this paper.

scholarly journals Rejection Sampling Revisit: How to Choose Parameters in Lattice-Based Signature

2021 ◽  
Vol 2021 ◽  
pp. 1-12
Author(s):  
Zhongxiang Zheng ◽  
Anyu Wang ◽  
Lingyue Qin
Keyword(s):  
Uniform Distribution ◽  
Sampling Theorem ◽  
New Method ◽  
Security Level ◽  
Rejection Sampling ◽  
Forgery Attack ◽  
Rejection Probability ◽  
Standardization Process ◽  
Security Levels ◽  
Security Bound

Rejection sampling technology is a core tool in the design of lattice-based signatures with ‘Fiat–Shamir with Aborts’ structure, and it is related to signing efficiency and signature, size as well as security. In the rejection sampling theorem proposed by Lyubashevsky, the masking vector of rejection sampling is chosen from discrete Gaussian distribution. However, in practical designs, the masking vector is more likely to be chosen from bounded uniform distribution due to better efficiency and simpler implementation. Besides, as one of the third-round candidate signatures in the NIST postquantum cryptography standardization process, the 3rd round version of CRYSTALS-Dilithium has proposed a new method to decrease the rejection probability in order to achieve better efficiency and smaller signature size by decreasing the number of nonzero coefficients of the challenge polynomial according to the security levels. However, it is seen that small entropies in this new method may lead to higher risk of forgery attack compared with former schemes proposed in its 2nd version. Thus, in this paper, we first analyze the complexity of forgery attack for small entropies and then introduce a new method to decrease the rejection probability without loss of security including the security against forgery attack. This method is achieved by introducing a new rejection sampling theorem with tighter bound by utilizing Rényi divergence where masking vector follows uniform distribution. By observing large gaps between the security claim and actual security bound in CRYSTALS-Dilithium, we propose two series of adapted parameters for CRYSTALS-Dilithium. The first set can improve the efficiency of the signing process in CRYSTALS-Dilithium by factors of 61.7 %  and  41.7 % , according to the security levels, and ensure the security against known attacks, including forgery attack. And, the second set can reduce the signature size by a factor of 14.09 % with small improvements in efficiency at the same security level.

scholarly journals Orthros: A Low-Latency PRF

2021 ◽  
pp. 37-77
Author(s):  
Subhadeep Banik ◽  
Takanori Isobe ◽  
Fukang Liu ◽  
Kazuhiko Minematsu ◽  
Kosei Sakamoto
Keyword(s):  
Hardware Implementation ◽  
Block Cipher ◽  
State Of The Art ◽  
Security Analysis ◽  
Parallel Structure ◽  
Low Latency ◽  
Round Function ◽  
Minimum Latency ◽  
Primary Focus ◽  
Pseudorandom Function

We present Orthros, a 128-bit block pseudorandom function. It is designed with primary focus on latency of fully unrolled circuits. For this purpose, we adopt a parallel structure comprising two keyed permutations. The round function of each permutation is similar to Midori, a low-energy block cipher, however we thoroughly revise it to reduce latency, and introduce different rounds to significantly improve cryptographic strength in a small number of rounds. We provide a comprehensive, dedicated security analysis. For hardware implementation, Orthros achieves the lowest latency among the state-of-the-art low-latency primitives. For example, using the STM 90nm library, Orthros achieves a minimum latency of around 2.4 ns, while other constructions like PRINCE, Midori-128 and QARMA9-128- σ0 achieve 2.56 ns, 4.10 ns, 4.38 ns respectively.

Sign in / Sign up

Export Citation Format

Share Document