Fast implementations of secret-key block ciphers using mixed inner- and outer-round pipelining

Block Ciphers: Analysis, Design and Applications

DAIMI Report Series ◽

10.7146/dpb.v23i485.6978 ◽

1994 ◽

Vol 23 (485) ◽

Cited By ~ 26

Author(s):

Lars Ramkilde Knudsen

Keyword(s):

Block Ciphers ◽

Important Class ◽

Secret Key ◽

Key Block ◽

Analysis Design ◽

Feistel Ciphers

In this thesis we study cryptanalysis, applications and design of secret key block ciphers. In particular, the important class of <em> Feistel ciphers</em> is studied, which has a number of rounds, where in each round one applies a cryptographically weak function.

Download Full-text

Cryptanalytic Attacks on IDEA Block Cipher

Defence Science Journal ◽

10.14429/dsj.66.10798 ◽

2016 ◽

Vol 66 (6) ◽

pp. 582 ◽

Cited By ~ 5

Author(s):

Harish Kumar Sahu ◽

Vikas Jadhav ◽

Shefali Sonavane ◽

R.K. Sharma

Keyword(s):

Block Cipher ◽

Data Encryption ◽

Secret Key ◽

Data Confidentiality ◽

Data Encryption Standard ◽

Financial Application ◽

Time Requirements ◽

International Data ◽

Key Block ◽

Symmetric Key

International data encryption algorithm (IDEA) is a secret key or symmetric key block cipher. The purpose of IDEA was to replace data encryption standard (DES) cipher, which became practically insecure due to its small key size of 56 bits and increase in computational power of systems. IDEA cipher mainly to provide data confidentiality in variety of applications such as commercial and financial application e.g. pretty good privacy (PGP) protocol. Till 2015, no successful linear or algebraic weaknesses IDEA of have been reported. In this paper, author explained IDEA cipher, its application in PGP and did a systematic survey of various attacks attempted on IDEA cipher. The best cryptanalysis result which applied to all keys could break IDEA up to 6 rounds out of 8.5 rounds of the full IDEA cipher1. But the attack requires 264 known plaintexts and 2126.8 operations for reduced round version. This attack is practically not feasible due to above mention mammoth data and time requirements. So IDEA cipher is still completely secure for practical usage. PGP v2.0 uses IDEA cipher in place of BassOmatic which was found to be insecure for providing data confidentiality.

Download Full-text

A Novel Structure with Dynamic Operation Mode for Symmetric-Key Block Ciphers

International Journal of Network Security & Its Applications ◽

10.5121/ijnsa.2013.5102 ◽

2013 ◽

Vol 5 (1) ◽

pp. 17-36 ◽

Cited By ~ 3

Author(s):

Kuo Tsang Huang

Keyword(s):

Operation Mode ◽

Block Ciphers ◽

Dynamic Operation ◽

Novel Structure ◽

Key Block ◽

Symmetric Key

Download Full-text

Detecting faults in four symmetric key block ciphers

Proceedings. 15th IEEE International Conference on Application-Specific Systems, Architectures and Processors, 2004. ◽

10.1109/asap.2004.1342476 ◽

2004 ◽

Cited By ~ 2

Author(s):

L. Breveglieri ◽

I. Koren ◽

P. Maistri

Keyword(s):

Block Ciphers ◽

Key Block ◽

Symmetric Key

Download Full-text

VINCI: VLSI implementation of the new secret-key block cipher IDEA

Proceedings of IEEE Custom Integrated Circuits Conference - CICC '93 ◽

10.1109/cicc.1993.590722 ◽

2002 ◽

Cited By ~ 11

Author(s):

A. Curiger ◽

H. Bonnenberg ◽

R. Zimmermann ◽

N. Felber ◽

H. Kaeslin ◽

...

Keyword(s):

Block Cipher ◽

Vlsi Implementation ◽

Secret Key ◽

Key Block

Download Full-text

A Brief Review on Methodology of Cryptanalysis

International Journal of Scientific Research in Computer Science Engineering and Information Technology ◽

10.32628/cseit195412 ◽

2019 ◽

pp. 85-93

Author(s):

K V Srinivasa Rao ◽

M M Naidu ◽

R. Satya Prasad

Keyword(s):

Provable Security ◽

Block Ciphers ◽

Secret Key ◽

Rigorous Analysis ◽

Distinguishing Attack ◽

Cipher Text ◽

Security Models ◽

Cryptographic Primitive ◽

Symmetric Key

Cryptanalysis comes into deferent forms in order to support that rigorous analysis of the structure cryptographic primitive to evaluate and verify its claimed security margins. This analysis will follow the attack models represented previously in order to exploit possible weakness in the primitive. Thus, achieving the associated attack goals which will vary from a distinguishing attack to a total break that is deﬁned based on the security margins or claims of the primitive under study. For example, for a hash function, total break constitutes ﬁnding a collision or obtaining the message from the hash value. While in block ciphers it revolves around recovering the secret key. When it comes to the claimed security margins, the design approaches will follow certain security models as in provable security or practical security or a mixture of both. The role of cryptanalyst is to subject these primitives to diﬀerent existing categories of cryptanalysis approaches and tailor new ones that will push the design’s security margins if possible to new limits where these attacks are not applicable any more This chapter will introduce the prominent methods of cryptanalysis that utilize certain behavior in the cipher structure. Such behavior disturbs the assumed randomness of the output or the cipher text. This Paper will explore the basic deﬁnitions of prominent cryptanalysis methods that targets the speciﬁc structure of a cipher namely diﬀerential and linear cryptanalysis and their diﬀerent variants. It will also discuss other potential crytpanalytic methods that are usually used in symmetric-key ciphers analysis especially block ciphers.

Download Full-text

ExpFault: An Automated Framework for Exploitable Fault Characterization in Block Ciphers

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2018.i2.242-276 ◽

2018 ◽

pp. 242-276 ◽

Cited By ~ 3

Author(s):

Sayandeep Saha ◽

Debdeep Mukhopadhyay ◽

Pallab Dasgupta

Keyword(s):

Defense Mechanisms ◽

Block Ciphers ◽

Fault Analysis ◽

Proof Of Concept ◽

Secret Key ◽

Cryptographic Primitives ◽

Differential Fault Analysis ◽

Comprehensive Knowledge ◽

Fault Characterization ◽

First Time

Malicious exploitation of faults for extracting secrets is one of the most practical and potent threats to modern cryptographic primitives. Interestingly, not every possible fault for a cryptosystem is maliciously exploitable, and evaluation of the exploitability of a fault is nontrivial. In order to devise precise defense mechanisms against such rogue faults, a comprehensive knowledge is required about the exploitable part of the fault space of a cryptosystem. Unfortunately, the fault space is diversified and of formidable size even while a single cryptoprimitive is considered and traditional manual fault analysis techniques may often fall short to practically cover such a fault space within reasonable time. An automation for analyzing individual fault instances for their exploitability is thus inevitable. Such an automation is supposed to work as the core engine for analyzing the fault spaces of cryptographic primitives. In this paper, we propose an automation for evaluating the exploitability status of fault instances from block ciphers, mainly in the context of Differential Fault Analysis (DFA) attacks. The proposed framework is generic and scalable, which are perhaps the two most important features for covering diversified fault spaces of formidable size originating from different ciphers. As a proof-of-concept, we reconstruct some known attack examples on AES and PRESENT using the framework and finally analyze a recently proposed cipher GIFT [BPP+17] for the first time. It is found that the secret key of GIFT can be uniquely determined with 1 nibble fault instance injected at the beginning of the 25th round with a reasonable computational complexity of 214.

Download Full-text

Technology to limit the available number of chosen-plaintext

10.7287/peerj.preprints.2534 ◽

2016 ◽

Author(s):

Ichiroh Kazawa

Keyword(s):

Block Ciphers ◽

Brute Force ◽

Secret Key ◽

Chosen Plaintext Attack ◽

Embedded Devices ◽

Upper Limit ◽

Reduction Of Costs

This technology sets an upper limit on the number of available pairs for chosen-plaintext and ciphertext in any chosen-plaintext-attack (CPA).By applying the typical implementation of 128-bit encryption, all CPAs cannot use more than 16 chosen-plaintexts.It does not encrypt the plaintext directly with this technique.256 kinds of variations are created from the plaintext. It then chooses one variation at random to encrypt. Unless the encryption key is used in decryption, it is impossible to find out which of the 256 kinds of variations was used for the ciphertext. A CPA when used for multiple chosen-plaintexts would need to repeat the comparison for the total amount of combinations of the chosen-plaintext.If the CPA increases the total amount of chosen-plaintexts by one, the number of generated encryption keys increased by 256 times.256^{16} (== 2^{128}) encryption keys will be generated from the 16 chosen-plaintexts.Since the the total key possibilities generated exceed the total number of encryption keys, it is not possible for CPA to win with a brute force attack.RC4 is no longer recommended.However, the compactness of RC4 in embedded devices (e.g. RF-ID) has a big advantage in regards to block ciphers such as AES. Secret Key Size(bit length) / Variations Count(bit length) > Chosen Plaintexts Count(useable count) ** Industrial significance ** RC4 is no longer recommended. However, the compactness of RC4 in embedded devices (e.g. RF-ID) has a big advantage in regards to block ciphers such as AES. RC4 can regain its security with this technology. Compacting embedded devices will lead mainly to the reduction of costs. It is believed that this technology will contribute greatly to the IoT. ”XORveR”, is this technologies codename.

Download Full-text

SITM: See-In-The-Middle Side-Channel Assisted Middle Round Differential Cryptanalysis on SPN Block Ciphers

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2020.i1.95-122 ◽

2019 ◽

pp. 95-122

Author(s):

Shivam Bhasin ◽

Jakub Breier ◽

Xiaolu Hou ◽

Dirmanto Jap ◽

Romain Poussier ◽

...

Keyword(s):

Block Cipher ◽

State Of The Art ◽

Block Ciphers ◽

Differential Cryptanalysis ◽

Side Channel ◽

Secret Key ◽

Side Channel Analysis ◽

Cryptographic Algorithms ◽

Channel Analysis ◽

Symmetric Block

Side-channel analysis constitutes a powerful attack vector against cryptographic implementations. Techniques such as power and electromagnetic side-channel analysis have been extensively studied to provide an efficient way to recover the secret key used in cryptographic algorithms. To protect against such attacks, countermeasure designers have developed protection methods, such as masking and hiding, to make the attacks harder. However, due to significant overheads, these protections are sometimes deployed only at the beginning and the end of encryption, which are the main targets for side-channel attacks.In this paper, we present a methodology for side-channel assisted differential cryptanalysis attack to target middle rounds of block cipher implementations. Such method presents a powerful attack vector against designs that normally only protect the beginning and end rounds of ciphers. We generalize the attack to SPN based ciphers and calculate the effort the attacker needs to recover the secret key. We provide experimental results on 8-bit and 32-bit microcontrollers. We provide case studies on state-of-the-art symmetric block ciphers, such as AES, SKINNY, and PRESENT. Furthermore, we show how to attack shuffling-protected implementations.

Download Full-text

The secret-key block cipher MKC1

Electronics and Communications in Japan (Part II Electronics) ◽

10.1002/ecjb.10123 ◽

2003 ◽

Vol 86 (2) ◽

pp. 68-83

Author(s):

Koichi Matsukawa ◽

Kunikatsu Kobayashi

Keyword(s):

Block Cipher ◽

Secret Key ◽

Key Block

Download Full-text