Building a block cipher mode of operation with feedback keys

2013 ◽  
Author(s):  
Yi-Li Huang ◽  
Fang-Yie Leu ◽  
Jung-Chun Liu ◽  
Jing-Hao Yang ◽  
Chih-Wei Yu ◽  
...  
Keyword(s):  
Block Cipher ◽  
Mode Of Operation

scholarly journals A New Design of Cryptographic Hash Function: Gear

2016 ◽  
Vol 1 (1) ◽  
Author(s):  
Abdulaziz M Alkandari ◽  
Khalil Ibrahim Alkandari ◽  
Imad Fakhri Alshaikhli ◽  
Mohammad A. AlAhmad
Keyword(s):  
Hash Function ◽  
Block Cipher ◽  
Hash Functions ◽  
Fixed Size ◽  
Compression Function ◽  
Cryptographic Hash Function ◽  
Mode Of Operation ◽  
Main Components ◽  
Map Data ◽  
And Diffusion

A hash function is any function that can be used to map data of arbitrary sizeto data of fixed size. A hash function usually has two main components: a permutationfunction or compression function and mode of operation. We will propose a new concretenovel design of a permutation based hash functions called Gear in this paper. It is a hashfunction based on block cipher in Davies-Meyer mode. It uses the patched version ofMerkle-Damgård, i.e. the wide pipe construction as its mode of operation. Thus, theintermediate chaining value has at least twice larger length than the output hash. Andthe permutations functions used in Gear are inspired from the SHA-3 finalist Grøestl hashfunction which is originally inspired from Rijndael design (AES). There is a very strongconfusion and diffusion in Gear as a result.

scholarly journals A Block Cipher Mode of Operation with Two Keys

2013 ◽  
pp. 392-398 ◽  
Author(s):  
Yi-Li Huang ◽  
Fang-Yie Leu ◽  
Jung-Chun Liu ◽  
Jing-Hao Yang
Keyword(s):  
Block Cipher ◽  
Mode Of Operation

scholarly journals The Area-Latency Symbiosis: Towards Improved Serial Encryption Circuits

2020 ◽  
pp. 239-278
Author(s):  
Fatih Balli ◽  
Andrea Caforio ◽  
Subhadeep Banik
Keyword(s):  
Block Cipher ◽  
Block Ciphers ◽  
Significant Loss ◽  
Authenticated Encryption ◽  
End User ◽  
Maximum Throughput ◽  
Mode Of Operation ◽  
Encryption Schemes ◽  
Bit Serial

The bit-sliding paper of Jean et al. (CHES 2017) showed that the smallest-size circuit for SPN based block ciphers such as AES, SKINNY and PRESENT can be achieved via bit-serial implementations. Their technique decreases the bit size of the datapath and naturally leads to a significant loss in latency (as well as the maximum throughput). Their designs complete a single round of the encryption in 168 (resp. 68) clock cycles for 128 (resp. 64) bit blocks. A follow-up work by Banik et al. (FSE 2020) introduced the swap-and-rotate technique that both eliminates this loss in latency and achieves even smaller footprints.In this paper, we extend these results on bit-serial implementations all the way to four authenticated encryption schemes from NIST LWC. Our first focus is to decrease latency and improve throughput with the use of the swap-and-rotate technique. Our block cipher implementations have the most efficient round operations in the sense that a round function of an n-bit block cipher is computed in exactly n clock cycles. This leads to implementations that are similar in size to the state of the art, but have much lower latency (savings up to 20 percent). We then extend our technique to 4- and 8-bit implementations. Although these results are promising, block ciphers themselves are not end-user primitives, as they need to be used in conjunction with a mode of operation. Hence, in the second part of the paper, we use our serial block ciphers to bootstrap four active NIST authenticated encryption candidates: SUNDAE-GIFT, Romulus, SAEAES and SKINNY-AEAD. In the wake of this effort, we provide the smallest block-cipher-based authenticated encryption circuits known in the literature so far.

scholarly journals ACE: ARIA-CTR Encryption for Low-End Embedded Processors

Sensors ◽  
2020 ◽  
Vol 20 (13) ◽  
pp. 3788 ◽  
Author(s):  
Hwajeong Seo ◽  
Hyeokdong Kwon ◽  
Hyunji Kim ◽  
Jaehoon Park
Keyword(s):  
Diffusion Layer ◽  
High Speed ◽  
Block Cipher ◽  
Embedded Processors ◽  
Embedded Processor ◽  
Modes Of Operation ◽  
Risc Processor ◽  
Mode Of Operation ◽  
Security Levels

In this paper, we present the first optimized implementation of ARIA block cipher on low-end 8-bit Alf and Vegard’s RISC processor (AVR) microcontrollers. To achieve high-speed implementation, primitive operations, including rotation operation, a substitute layer, and a diffusion layer, are carefully optimized for the target low-end embedded processor. The proposed ARIA implementation supports the electronic codebook (ECB) and the counter (CTR) modes of operation. In particular, the CTR mode of operation is further optimized with the pre-computed table of two add-round-key, one substitute layer, and one diffusion layer operations. Finally, the proposed ARIA-CTR implementations on 8-bit AVR microcontrollers achieved 187.1, 216.8, and 246.6 clock cycles per byte for 128-bit, 192-bit, and 256-bit security levels, respectively. Compared with previous reference implementations, the execution timing is improved by 69.8%, 69.6%, and 69.5% for 128-bit, 192-bit, and 256-bit security levels, respectively.

scholarly journals A fundamental flaw in the ++AE authenticated encryption mode

2018 ◽  
Vol 12 (1) ◽  
pp. 37-42
Author(s):  
Hassan Qahur Al Mahri ◽  
Leonie Simpson ◽  
Harry Bartlett ◽  
Ed Dawson ◽  
Kenneth Koon-Ho Wong
Keyword(s):  
Block Cipher ◽  
Authenticated Encryption ◽  
Forgery Attack ◽  
Mathematical Proofs ◽  
Mode Of Operation ◽  
Public Message ◽  
Integrity Check

Abstract In this article, we analyse a block cipher mode of operation for authenticated encryption known as ++AE (plus-plus-AE). We show that this mode has a fundamental flaw: the scheme does not verify the most significant bit of any block in the plaintext message. This flaw can be exploited by choosing a plaintext message and then constructing multiple forged messages in which the most significant bit of certain blocks is flipped. All of these plaintext messages will generate the same authentication tag. This forgery attack is deterministic and guaranteed to pass the ++AE integrity check. The success of the attack is independent of the underlying block cipher, key or public message number. We outline the mathematical proofs for the flaw in the ++AE algorithm. We conclude that ++AE is insecure as an authenticated encryption mode of operation.

Sign in / Sign up

Export Citation Format

Share Document