Security analysis of Subterranean 2.0

AbstractSubterranean 2.0 is a cipher suite that can be used for hashing, authenticated encryption, MAC computation, etc. It was designed by Daemen, Massolino, Mehrdad, and Rotella, and has been selected as a candidate in the second round of NIST’s lightweight cryptography standardization process. Subterranean 2.0 is a duplex-based construction and utilizes a single-round permutation in the duplex. It is the simplicity of the round function that makes it an attractive target of cryptanalysis. In this paper, we examine the single-round permutation in various phases of Subterranean 2.0 and specify three related attack scenarios that deserve further investigation: keystream biases in the keyed squeezing phase, state collisions in the keyed absorbing phase, and one-round differential analysis in the nonce-misuse setting. To facilitate cryptanalysis in the first two scenarios, we novelly propose a set of size-reduced toy versions of Subterranean 2.0: Subterranean-m. Then we make an observation for the first time on the resemblance between the non-linear layer in the round function of Subterranean 2.0 and SIMON’s round function. Inspired by the existing work on SIMON, we propose explicit formulas for computing the exact correlation of linear trails of Subterranean 2.0 and other ciphers utilizing similar non-linear operations. We then construct our models for searching trails to be used in the keystream bias evaluation and state collision attacks. Our results show that most instances of Subterranean-m are secure in the first two attack scenarios but there exist instances that are not. Further, we find a flaw in the designers’ reasoning of Subterranean 2.0’s linear bias but support the designers’ claim that there is no linear bias measurable from at most $$2^{96}$$ 2 96 data blocks. Due to the time-consuming search, the security of Subterranean 2.0 against the state collision attack in keyed modes still remains an open question. Finally, we observe that one-round differentials allow to recover state bits in the nonce-misuse setting. By proposing nested one-round differentials, we obtain a sufficient number of state bits, leading to a practical state recovery with only 20 repetitions of the nonce and 88 blocks of data. It is noted that our work does not threaten the security of Subterranean 2.0.

Download Full-text

Security Analysis of Lightweight IoT Cipher: Chaskey

Cryptography ◽

10.3390/cryptography4030022 ◽

2020 ◽

Vol 4 (3) ◽

pp. 22 ◽

Cited By ~ 1

Author(s):

Ashutosh Dhar Dwivedi

Keyword(s):

State Space ◽

Security Analysis ◽

Block Size ◽

Differential Cryptanalysis ◽

Differential Attack ◽

Space Problem ◽

Research Areas ◽

Linear Layer ◽

Non Linear ◽

Constrained Devices

This paper presents the differential cryptanalysis of ARX based cipher Chaskey using tree search based heuristic approach. ARX algorithms are suitable for resource-constrained devices such as IoT and very resistant to standard cryptanalysis such as linear or differential. To make a differential attack, it is important to make differential characteristics of the cipher. Finding differential characteristics in ARX is the most challenging task nowadays. Due to the bigger block size, it is infeasible to calculate lookup tables for non-linear components. Transition through the non-linear layer of cipher faces a huge state space problem. The problem of huge state space is a serious research topic in artificial intelligence (AI). The proposed heuristic tool use such methods inspired by Nested Tree-based sampling to find differential paths in ARX cipher and successfully applied to get a state of art results for differential cryptanalysis with a very fast and simpler framework. The algorithm can also be applied in different research areas in cryptanalysis where such huge state space is a problem.

Download Full-text

VIBRATIONAL SPECTROSCOPY OF CO/Cu(211) WITH A CO TERMINATED TIP

Modern Physics Letters B ◽

10.1142/s0217984999000890 ◽

1999 ◽

Vol 13 (20) ◽

pp. 709-715 ◽

Cited By ~ 26

Author(s):

FRANCESCA MORESCO ◽

GERHARD MEYER ◽

KARL HEINZ RIEDER

Keyword(s):

Vibrational Spectroscopy ◽

Scanning Tunneling Microscope ◽

Scanning Tunneling ◽

Rotational Mode ◽

Tunneling Microscope ◽

Vibrational Excitations ◽

Translational Mode ◽

Inelastic Tunneling ◽

Open Question ◽

First Time

Vibrational excitations of an isolated CO molecule adsorbed on a Cu(211) surface have been, for the first time, observed with a CO terminated scanning tunneling microscope tip. Both the frustrated translational and rotational modes were observed, and in agreement with the case of a metallic tip. The presence of a CO molecule on the tip, transferred by controlled vertical manipulation, strongly influences the frustrated translational mode of the CO molecule, while it does not affect the frustrated rotational mode. The present work demonstrates that scanning tunneling vibrational spectroscopy is also possible with a molecule at the end of the tip, opening new interesting fields of research and putting some more light on the still open question of inelastic tunneling and its selection rules.

Download Full-text

Orthros: A Low-Latency PRF

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2021.i1.37-77 ◽

2021 ◽

pp. 37-77

Author(s):

Subhadeep Banik ◽

Takanori Isobe ◽

Fukang Liu ◽

Kazuhiko Minematsu ◽

Kosei Sakamoto

Keyword(s):

Hardware Implementation ◽

Block Cipher ◽

State Of The Art ◽

Security Analysis ◽

Parallel Structure ◽

Low Latency ◽

Round Function ◽

Minimum Latency ◽

Primary Focus ◽

Pseudorandom Function

We present Orthros, a 128-bit block pseudorandom function. It is designed with primary focus on latency of fully unrolled circuits. For this purpose, we adopt a parallel structure comprising two keyed permutations. The round function of each permutation is similar to Midori, a low-energy block cipher, however we thoroughly revise it to reduce latency, and introduce different rounds to significantly improve cryptographic strength in a small number of rounds. We provide a comprehensive, dedicated security analysis. For hardware implementation, Orthros achieves the lowest latency among the state-of-the-art low-latency primitives. For example, using the STM 90nm library, Orthros achieves a minimum latency of around 2.4 ns, while other constructions like PRINCE, Midori-128 and QARMA9-128- σ0 achieve 2.56 ns, 4.10 ns, 4.38 ns respectively.

Download Full-text

Non-linear evolution of the resonant drag instability in magnetized gas

Monthly Notices of the Royal Astronomical Society ◽

10.1093/mnras/stz666 ◽

2019 ◽

Vol 485 (3) ◽

pp. 3991-3998 ◽

Cited By ~ 6

Author(s):

Darryl Seligman ◽

Philip F Hopkins ◽

Jonathan Squire

Keyword(s):

Linear Theory ◽

Coherent Structures ◽

Magnetic Energy ◽

Density Fluctuations ◽

Linear Evolution ◽

Drag Forces ◽

Non Linear ◽

Magnetohydrodynamic Simulations ◽

First Time ◽

Different Parts

Abstract We investigate, for the first time, the non-linear evolution of the magnetized ‘resonant drag instabilities’ (RDIs). We explore magnetohydrodynamic simulations of gas mixed with (uniform) dust grains subject to Lorentz and drag forces, using the gizmo code. The magnetized RDIs exhibit fundamentally different behaviour than purely acoustic RDIs. The dust organizes into coherent structures and the system exhibits strong dust–gas separation. In the linear and early non-linear regime, the growth rates agree with linear theory and the dust self-organizes into 2D planes or ‘sheets.’ Eventually the gas develops fully non-linear, saturated Alfvénic, and compressible fast-mode turbulence, which fills the underdense regions with a small amount of dust, and drives a dynamo that saturates at equipartition of kinetic and magnetic energy. The dust density fluctuations exhibit significant non-Gaussianity, and the power spectrum is strongly weighted towards the largest (box scale) modes. The saturation level can be understood via quasi-linear theory, as the forcing and energy input via the instabilities become comparable to saturated tension forces and dissipation in turbulence. The magnetized simulation presented here is just one case; it is likely that the magnetic RDIs can take many forms in different parts of parameter space.

Download Full-text

Limit theorems for first-passage times in linear and non-linear renewal theory

Advances in Applied Probability ◽

10.1017/s000186780002293x ◽

1984 ◽

Vol 16 (04) ◽

pp. 766-803 ◽

Cited By ~ 6

Author(s):

S. P. Lalley

Keyword(s):

Limit Theorems ◽

Large Deviation ◽

Local Limit Theorem ◽

Renewal Theory ◽

Local Limit ◽

Linear Boundary ◽

First Passage ◽

Non Linear ◽

First Time ◽

Passage Times

A local limit theorem for is obtained, where τ a is the first time a random walk Sn with positive drift exceeds a. Applications to large-deviation probabilities and to the crossing of a non-linear boundary are given.

Download Full-text

Suggested Integral Analysis for Chaos-Based Image Cryptosystems

Entropy ◽

10.3390/e21080815 ◽

2019 ◽

Vol 21 (8) ◽

pp. 815 ◽

Cited By ~ 12

Author(s):

Miguel Angel Murillo-Escobar ◽

Manuel Omar Meranza-Castillón ◽

Rosa Martha López-Gutiérrez ◽

César Cruz-Hernández

Keyword(s):

Security Analysis ◽

Analysis Framework ◽

Integral Analysis ◽

Aes Algorithm ◽

Digital Chaos ◽

Important Challenge ◽

Encryption Algorithms ◽

And Performance ◽

First Time ◽

New Algorithms

Currently, chaos-based cryptosystems are being proposed in the literature to provide confidentiality for digital images, since the diffusion effect in the Advance Encryption Standard (AES) algorithm is weak. Security is the most important challenge to assess in cryptosystems according to the National Institute of Standard and Technology (NIST), then cost and performance, and finally algorithm and implementation. Recent chaos-based image encryption algorithms present basic security analysis, which could make them insecure for some applications. In this paper, we suggest an integral analysis framework related to comprehensive security analysis, cost and performance, and the algorithm and implementation for chaos-based image cryptosystems. The proposed guideline based on 20 analysis points can assist new cryptographic designers to present an integral analysis of new algorithms. Future comparisons of new schemes can be more consistent in terms of security and efficiency. In addition, we present aspects regarding digital chaos implementation, chaos validation, and key definition to improve the security of the overall cryptosystem. The suggested guideline does not guarantee security, and it does not intend to limit the liberty to implement new analysis. However, it provides for the first time in the literature a solid basis about integral analysis for chaos-based image cryptosystems as an effective approach to improve security.

Download Full-text

The Creation of Pakistan

Oxford Research Encyclopedia of Asian History ◽

10.1093/acrefore/9780190277727.013.114 ◽

2017 ◽

Cited By ~ 1

Author(s):

Ayesha Jalal

Keyword(s):

Religious Affiliation ◽

Self Determination ◽

Colonial Rule ◽

Indian Territory ◽

Identity Based ◽

Muslim Majority ◽

British Colonial ◽

The Moment ◽

Open Question ◽

First Time

The All-India Muslim League first voiced the demand for a Muslim homeland based on India’s northwestern and northeastern provinces in March 1940. Seven years later at the moment of British decolonization in the subcontinent, Pakistan emerged on the map of the world, an anomaly in the international community of nations with its two wings separated by a thousand miles of Indian territory. Over a million people died in the violence that accompanied partition while another 14½ million moved both ways across frontiers demarcated along ostensibly religious lines for the first time in India’s six millennia history. Commonly attributed to the age-old religious divide between Hindus, Muslims, and Sikhs, the causes of Pakistan’s creation are better traced to the federal problems created in India under British colonial rule. Despite sharing a common identity based on religious affiliation, Indian Muslims were divided along regional, linguistic, class, sectarian, and ideological lines. More Muslims live in India and Bangladesh than in Pakistan today, highlighting the clear disjunction between religiously informed identities and territorial sovereignty. Mohammad Ali Jinnah, the leader of the All-India Muslim League, tried resolving the problem by claiming in 1940 that Indian Muslims were not a minority but a nation, entitled to the principle of self-determination. He envisaged a “Pakistan” based on undivided Punjab and Bengal. Since this left Muslims in the Hindu-majority provinces out of the reckoning, Jinnah left it an open question whether “Pakistan” and Hindustan would form a confederation covering the whole of India or make treaty arrangements as two separate sovereign states. In the end Jinnah was unable to achieve his larger aims and had to settle for a Pakistan based on the Muslim-majority districts of Punjab and Bengal, something he had rejected out of hand in 1944 and then again in 1946.

Download Full-text

Improving Matsui’s Search Algorithm For The Best Differential/Linear Trails And Its Applications For DES, DESL And GIFT

The Computer Journal ◽

10.1093/comjnl/bxaa090 ◽

2020 ◽

Author(s):

Fulei Ji ◽

Wentao Zhang ◽

Tianyou Ding

Keyword(s):

Search Algorithm ◽

Search Space ◽

Search Methods ◽

New Methods ◽

Linear Layer ◽

Speed Up ◽

Automatic Search ◽

The Cost ◽

First Time ◽

Improved Algorithm

Abstract Automatic search methods have been widely used for cryptanalysis of block ciphers, especially for the most classic cryptanalysis methods—differential and linear cryptanalysis. However, the automatic search methods, no matter based on MILP, SMT/SAT or CP techniques, can be inefficient when the search space is too large. In this paper, we propose three new methods to improve Matsui’s branch-and-bound search algorithm, which is known as the first generic algorithm for finding the best differential and linear trails. The three methods, named reconstructing DDT and LAT according to weight, executing linear layer operations in minimal cost and merging two 4-bit S-boxes into one 8-bit S-box, respectively, can efficiently speed up the search process by reducing the search space as much as possible and reducing the cost of executing linear layer operations. We apply our improved algorithm to DESL and GIFT, which are still the hard instances for the automatic search methods. As a result, we find the best differential trails for DESL (up to 14-round) and GIFT-128 (up to 19-round). The best linear trails for DESL (up to 16-round), GIFT-128 (up to 10-round) and GIFT-64 (up to 15-round) are also found. To the best of our knowledge, these security bounds for DESL and GIFT under single-key scenario are given for the first time. Meanwhile, it is the longest exploitable (differential or linear) trails for DESL and GIFT. Furthermore, benefiting from the efficiency of the improved algorithm, we do experiments to demonstrate that the clustering effect of differential trails for 13-round DES and DESL are both weak.

Download Full-text

Simple and Effective Secure Group Communications in Dynamic Wireless Sensor Networks

Sensors ◽

10.3390/s19081909 ◽

2019 ◽

Vol 19 (8) ◽

pp. 1909 ◽

Cited By ~ 5

Author(s):

Hisham N. AlMajed ◽

Ahmad S. AlMogren

Keyword(s):

Network Performance ◽

Security Analysis ◽

Wireless Sensor ◽

Group Key ◽

Security Research ◽

Group Members ◽

Shared Key ◽

Definition Of ◽

First Time ◽

Secure Group Communications

Wireless Sensor Network (WSN) is a growing area of research in terms of applications, life enhancement and security. Research interests vary from enhancing network performance and decreasing overhead computation to solving security flaws. Secure Group Communication (SGC) is gaining traction in the world of network security. Proposed solutions in this area focus on generating, sharing and distributing a group key among all group members in a timely manner to secure their communication and reduce the computation overhead. This method of security is called SGC-Shared Key. In this paper, we introduce a simple and effective way to secure the network through Hashed IDs (SGC-HIDs). In our proposed method, we distribute a shared key among the group of nodes in the network. Each node would have the ability to compute the group key each time it needs to. We provide a security analysis for our method as well as a performance evaluation. Moreover, to the best of our knowledge, we present for the first time a definition of joining or leaving attack. Furthermore, we describe several types of such an attack as well as the potential security impacts that occur when a network is being attacked.

Download Full-text

Exploring the formation by core accretion and the luminosity evolution of directly imaged planets

Astronomy and Astrophysics ◽

10.1051/0004-6361/201833597 ◽

2019 ◽

Vol 624 ◽

pp. A20 ◽

Cited By ~ 8

Author(s):

Gabriel-Dominique Marleau ◽

Gavin A. L. Coleman ◽

Adrien Leleu ◽

Christoph Mordasini

Keyword(s):

Mass Star ◽

Population Synthesis ◽

Direct Imaging ◽

Solar Mass ◽

High Eccentricity ◽

Body Dynamics ◽

Low Mass ◽

Open Question ◽

Core Accretion ◽

First Time

Context. A low-mass companion to the two-solar mass star HIP 65426 has recently been detected by SPHERE at around 100 au from its host. Explaining the presence of super-Jovian planets at large separations, as revealed by direct imaging, is currently an open question. Aims. We want to derive statistical constraints on the mass and initial entropy of HIP 65426 b and to explore possible formation pathways of directly imaged objects within the core-accretion paradigm, focusing on HIP 65426 b. Methods. Constraints on the planet’s mass and post-formation entropy are derived from its age and luminosity combined with cooling models. For the first time, the results of population synthesis are also used to inform the results. Then a formation model that includes N-body dynamics with several embryos per disc is used to study possible formation histories and the properties of possible additional companions. Finally, the outcomes of two- and three-planet scattering in the post-disc phase are analysed, taking tides into account for small-pericentre orbits. Results. The mass of HIP 65426 b is found to be mp = 9.9−1.8+1.1 MJ using the hot population and mp = 10.9−2.0+1.4 MJ with the cold-nominal population. We find that core formation at small separations from the star followed by outward scattering and runaway accretion at a few hundred astronomical units succeeds in reproducing the mass and separation of HIP 65426 b. Alternatively, systems having two or more giant planets close enough to be on an unstable orbit at disc dispersal are likely to end up with one planet on a wide HIP 65426 b-like orbit with a relatively high eccentricity (≳ 0.5). Conclusions. If this scattering scenario explains its formation, HIP 65426 b is predicted to have a high eccentricity and to be accompanied by one or several roughly Jovian-mass planets at smaller semi-major axes, which also could have a high eccentricity. This could be tested by further direct-imaging as well as radial-velocity observations.

Download Full-text