scholarly journals Automatic Search for the Linear (Hull) Characteristics of ARX Ciphers: Applied to SPECK, SPARX, Chaskey, and CHAM-64

2020 ◽  
Vol 2020 ◽  
pp. 1-14 ◽  
Author(s):  
Mingjiang Huang ◽  
Liming Wang
Keyword(s):  
Evaluation Method ◽  
Search Algorithm ◽  
Search Space ◽  
Linear Potential ◽  
Linear Hull ◽  
Key Recovery ◽  
Large Correlation ◽  
Optimal Linear ◽  
Automatic Search ◽  
Key Recovery Attack

Linear cryptanalysis is an important evaluation method for cryptographic primitives against key recovery attack. In this paper, we revisit the Walsh transformation for linear correlation calculation of modular addition, and an efficient algorithm is proposed to construct the input-output mask space of specified correlation weight. By filtering out the impossible large correlation weights in the first round, the search space of the first round can be substantially reduced. We introduce a concept of combinational linear approximation table (cLAT) for modular addition with two inputs. When one input mask is fixed, another input mask and the output mask can be obtained by the Splitting-Lookup-Recombination approach. We first split the n-bit fixed input mask into several subvectors and then find the corresponding bits of other masks, and in the recombination phase, pruning conditions can be used. By this approach, a large number of search branches in the middle rounds can be pruned. With the combination of the optimization strategies and the branch-and-bound search algorithm, we can improve the search efficiency for linear characteristics on ARX ciphers. The linear hulls for SPECK32/48/64 with a higher average linear potential (ALP) than existing results have been obtained. For SPARX variants, an 11-round linear trail and a 10-round linear hull have been found for SPARX-64 and a 10-round linear trail and a 9-round linear hull are obtained for SPARX-128. For Chaskey, a 5-round linear trail with a correlation of 2−61 has been obtained. For CHAM-64, 34/35-round optimal linear characteristics with a correlation of 2−31/2−33 are found.

Improving Matsui’s Search Algorithm For The Best Differential/Linear Trails And Its Applications For DES, DESL And GIFT

2020 ◽  
Author(s):  
Fulei Ji ◽  
Wentao Zhang ◽  
Tianyou Ding
Keyword(s):  
Search Algorithm ◽  
Search Space ◽  
Search Methods ◽  
New Methods ◽  
Linear Layer ◽  
Speed Up ◽  
Automatic Search ◽  
The Cost ◽  
First Time ◽  
Improved Algorithm

Abstract Automatic search methods have been widely used for cryptanalysis of block ciphers, especially for the most classic cryptanalysis methods—differential and linear cryptanalysis. However, the automatic search methods, no matter based on MILP, SMT/SAT or CP techniques, can be inefficient when the search space is too large. In this paper, we propose three new methods to improve Matsui’s branch-and-bound search algorithm, which is known as the first generic algorithm for finding the best differential and linear trails. The three methods, named reconstructing DDT and LAT according to weight, executing linear layer operations in minimal cost and merging two 4-bit S-boxes into one 8-bit S-box, respectively, can efficiently speed up the search process by reducing the search space as much as possible and reducing the cost of executing linear layer operations. We apply our improved algorithm to DESL and GIFT, which are still the hard instances for the automatic search methods. As a result, we find the best differential trails for DESL (up to 14-round) and GIFT-128 (up to 19-round). The best linear trails for DESL (up to 16-round), GIFT-128 (up to 10-round) and GIFT-64 (up to 15-round) are also found. To the best of our knowledge, these security bounds for DESL and GIFT under single-key scenario are given for the first time. Meanwhile, it is the longest exploitable (differential or linear) trails for DESL and GIFT. Furthermore, benefiting from the efficiency of the improved algorithm, we do experiments to demonstrate that the clustering effect of differential trails for 13-round DES and DESL are both weak.

scholarly journals Automatic Search of Cubes for Attacking Stream Ciphers

2021 ◽  
pp. 100-123
Author(s):  
Yao Sun
Keyword(s):  
Heuristic Method ◽  
Stream Ciphers ◽  
Divide And Conquer ◽  
Key Recovery ◽  
Cube Attack ◽  
Automatic Search ◽  
The Common ◽  
Key Recovery Attack ◽  
First Time ◽  
Key Recovery Attacks

Cube attack was proposed by Dinur and Shamir, and it has become an important tool for analyzing stream ciphers. As the problem that how to recover the superpolys accurately was resolved by Hao et al. in EUROCRYPT 2020, another important problem is how to find “good” superpolys, which is equivalent to finding “good” cubes. However, there are two difficulties in finding “good” cubes. Firstly, the number of candidate cubes is enormous and most of the cubes are not “good”. Secondly, it is costly to evaluate whether a cube is “good”.In this paper, we present a new algorithm to search for a kind of “good” cubes, called valuable cubes. A cube is called valuable, if its superpoly has (at least) a balanced secret variable. A valuable cube is “good”, because its superpoly brings in 1 bit of information about the key. More importantly, the superpolys of valuable cubes could be used in both theoretical and practical analyses. To search for valuable cubes, instead of testing a set of cubes one by one, the new algorithm deals with the set of cubes together, such that the common computations can be done only once for all candidate cubes and duplicated computations are avoided. Besides, the new algorithm uses a heuristic method to reject useless cubes efficiently. This heuristic method is based on the divide-and-conquer strategy as well as an observation.For verifications of this new algorithm, we applied it to Trivium and Kreyvium, and obtained three improvements. Firstly, we found two valuable cubes for 843-round Trivium, such that we proposed, as far as we know, the first theoretical key-recovery attack against 843-round Trivium, while the previous highest round of Trivium that can be attacked was 842, given by Hao et al. in EUROCRYPT 2020. Secondly, by finding many small valuable cubes, we presented practical attacks against 806- and 808-round Trivium for the first time, while the previous highest round of Trivium that can be attacked practically was 805. Thirdly, based on the cube used to attack 892-round Kreyvium in EUROCRYPT 2020, we found more valuable cubes and mounted the key-recovery attacks against Kreyvium to 893-round.

scholarly journals Accelerating the Search of Differential and Linear Characteristics with the SAT Method

2021 ◽  
pp. 269-315
Author(s):  
Ling Sun ◽  
Wei Wang ◽  
Meiqin Wang
Keyword(s):  
Satisfiability Modulo Theories ◽  
Mixed Integer ◽  
Key Recovery ◽  
Differential Probability ◽  
Boolean Satisfiability Problem ◽  
Boolean Formulas ◽  
Automatic Search ◽  
Key Recovery Attack ◽  
Original Objective ◽  
Encoding Method

The introduction of the automatic search boosts the cryptanalysis of symmetric-key primitives to some degree. However, the performance of the automatic search is not always satisfactory for the search of long trails or ciphers with large state sizes. Compared with the extensive attention on the enhancement for the search with the mixed integer linear programming (MILP) method, few works care for the acceleration of the automatic search with the Boolean satisfiability problem (SAT) or satisfiability modulo theories (SMT) method. This paper intends to fill this vacancy. Firstly, with the additional encoding variables of the sequential counter circuit for the original objective function in the standard SAT method, we put forward a new encoding method to convert the Matsui’s bounding conditions into Boolean formulas. This approach does not rely on new auxiliary variables and significantly reduces the consumption of clauses for integrating multiple bounding conditions into one SAT problem. Then, we evaluate the accelerating effect of the novel encoding method under different sets of bounding conditions. With the observations and experience in the tests, a strategy on how to create the sets of bounding conditions that probably achieve extraordinary advances is proposed. The new idea is applied to search for optimal differential and linear characteristics for multiple ciphers. For PRESENT, GIFT-64, RECTANGLE, LBlock, TWINE, and some versions in SIMON and SPECK families of block ciphers, we obtain the complete bounds (full rounds) on the number of active S-boxes, the differential probability, as well as the linear bias. The acceleration method is also employed to speed up the search of related-key differential trails for GIFT-64. Based on the newly identified 18-round distinguisher with probability 2−58, we launch a 26-round key-recovery attack with 260.96 chosen plaintexts. To our knowledge, this is the longest attack on GIFT-64. Lastly, we note that the attack result is far from threatening the security of GIFT-64 since the designers recommended users to double the number of rounds under the related-key attack setting.

scholarly journals Linear Cryptanalyses of Three AEADs with GIFT-128 as Underlying Primitives

2021 ◽  
pp. 199-221
Author(s):  
Ling Sun ◽  
Wei Wang ◽  
Meiqin Wang
Keyword(s):  
Linear Approximation ◽  
Boolean Satisfiability ◽  
Satisfiability Problem ◽  
Linear Cryptanalysis ◽  
Key Recovery ◽  
Boolean Satisfiability Problem ◽  
Automatic Search ◽  
Key Recovery Attack ◽  
Key Recovery Attacks ◽  
Associated Data

This paper considers the linear cryptanalyses of Authenticated Encryptions with Associated Data (AEADs) GIFT-COFB, SUNDAE-GIFT, and HyENA. All of these proposals take GIFT-128 as underlying primitives. The automatic search with the Boolean satisfiability problem (SAT) method is implemented to search for linear approximations that match the attack settings concerning these primitives. With the newly identified approximations, we launch key-recovery attacks on GIFT-COFB, SUNDAE-GIFT, and HyENA when the underlying primitives are replaced with 16-round, 17-round, and 16-round versions of GIFT-128. The resistance of GIFT-128 against linear cryptanalysis is also evaluated. We present a 24-round key-recovery attack on GIFT-128 with a newly obtained 19-round linear approximation. We note that the attack results in this paper are far from threatening the security of GIFT-COFB, SUNDAE-GIFT, HyENA, and GIFT-128.

scholarly journals Towards Key-recovery-attack Friendly Distinguishers: Application to GIFT-128

2021 ◽  
pp. 156-184
Author(s):  
Rui Zong ◽  
Xiaoyang Dong ◽  
Huaifeng Chen ◽  
Yiyuan Luo ◽  
Si Wang ◽  
...  
Keyword(s):  
Block Cipher ◽  
Recovery Process ◽  
Low Complexity ◽  
Differential Cryptanalysis ◽  
Linear Cryptanalysis ◽  
Linear Hull ◽  
Differential Attack ◽  
Key Recovery ◽  
Key Recovery Attack

When analyzing a block cipher, the first step is to search for some valid distinguishers, for example, the differential trails in the differential cryptanalysis and the linear trails in the linear cryptanalysis. A distinguisher is advantageous if it can be utilized to attack more rounds and the amount of the involved key bits during the key-recovery process is small, as this leads to a long attack with a low complexity. In this article, we propose a two-step strategy to search for such advantageous distinguishers. This strategy is inspired by the intuition that if a differential is advantageous only when some properties are satisfied, then we can predefine some constraints describing these properties and search for the differentials in the small set.As applications, our strategy is used to analyze GIFT-128, which was proposed in CHES 2017. Based on some 20-round differentials, we give the first 27-round differential attack on GIFT-128, which covers one more round than the best previous result. Also, based on two 17-round linear trails, we give the first linear hull attack on GIFT-128, which covers 22 rounds. In addition, we also give some results on two GIFT-128 based AEADs GIFT-COFB and SUNDAE-GIFT.

Optimal linear cooperation spectrum sensing method based on chaos harmony search algorithm

2013 ◽  
Vol 32 (9) ◽  
pp. 2412-2417
Author(s):  
Yue-hong LI ◽  
Pin WAN ◽  
Yong-hua WANG ◽  
Jian YANG ◽  
Qin DENG
Keyword(s):  
Spectrum Sensing ◽  
Search Algorithm ◽  
Harmony Search ◽  
Harmony Search Algorithm ◽  
Optimal Linear

Localization of WSN using Distributed Particle Swarm Optimization algorithm with precise references

2016 ◽  
Vol 7 ◽  
pp. 1
Author(s):  
Ravichander Janapati ◽  
Ch. Balaswamy ◽  
K. Soundararajan
Keyword(s):  
Particle Swarm Optimization ◽  
Search Algorithm ◽  
Particle Swarm ◽  
Search Space ◽  
Research Area ◽  
Population Based ◽  
Wireless Sensor ◽  
Cooperative Localization ◽  
Localization Algorithm ◽  
Swarm Optimization

Localization is the key research area in wireless sensor networks. Finding the exact position of the node is known as localization. Different algorithms have been proposed. Here we consider a cooperative localization algorithm with censoring schemes using Crammer Rao bound (CRB). This censoring scheme  can improve the positioning accuracy and reduces computation complexity, traffic and latency. Particle swarm optimization (PSO) is a population based search algorithm based on the swarm intelligence like social behavior of birds, bees or a school of fishes. To improve the algorithm efficiency and localization precision, this paper presents an objective function based on the normal distribution of ranging error and a method of obtaining the search space of particles. In this paper  Distributed localization of wireless sensor networksis proposed using PSO with best censoring technique using CRB. Proposed method shows better results in terms of position accuracy, latency and complexity.  

Automatic Mining of Quantitative Association Rules with Gravitational Search Algorithm

2017 ◽  
Vol 27 (03) ◽  
pp. 343-372 ◽  
Author(s):  
Umit Can ◽  
Bilal Alatas
Keyword(s):  
Association Rules ◽  
Optimization Problems ◽  
Search Algorithm ◽  
Fitness Function ◽  
Optimization Algorithms ◽  
Gravitational Search Algorithm ◽  
Search Space ◽  
Search Method ◽  
Quantitative Association Rules ◽  
Gravitational Search

The classical optimization algorithms are not efficient in solving complex search and optimization problems. Thus, some heuristic optimization algorithms have been proposed. In this paper, exploration of association rules within numerical databases with Gravitational Search Algorithm (GSA) has been firstly performed. GSA has been designed as search method for quantitative association rules from the databases which can be regarded as search space. Furthermore, determining the minimum values of confidence and support for every database which is a hard job has been eliminated by GSA. Apart from this, the fitness function used for GSA is very flexible. According to the interested problem, some parameters can be removed from or added to the fitness function. The range values of the attributes have been automatically adjusted during the time of mining of the rules. That is why there is not any requirements for the pre-processing of the data. Attributes interaction problem has also been eliminated with the designed GSA. GSA has been tested with four real databases and promising results have been obtained. GSA seems an effective search method for complex numerical sequential patterns mining, numerical classification rules mining, and clustering rules mining tasks of data mining.

scholarly journals Binary Spring Search Algorithm for Solving Various Optimization Problems

2021 ◽  
Vol 11 (3) ◽  
pp. 1286 ◽  
Author(s):  
Mohammad Dehghani ◽  
Zeinab Montazeri ◽  
Ali Dehghani ◽  
Om P. Malik ◽  
Ruben Morales-Menendez ◽  
...  
Keyword(s):  
Optimization Algorithm ◽  
High Performance ◽  
Optimization Problems ◽  
Search Algorithm ◽  
Gravitational Search Algorithm ◽  
Bat Algorithm ◽  
Search Space ◽  
Binary Particle Swarm Optimization ◽  
Dragonfly Algorithm ◽  
Grasshopper Optimization Algorithm

One of the most powerful tools for solving optimization problems is optimization algorithms (inspired by nature) based on populations. These algorithms provide a solution to a problem by randomly searching in the search space. The design’s central idea is derived from various natural phenomena, the behavior and living conditions of living organisms, laws of physics, etc. A new population-based optimization algorithm called the Binary Spring Search Algorithm (BSSA) is introduced to solve optimization problems. BSSA is an algorithm based on a simulation of the famous Hooke’s law (physics) for the traditional weights and springs system. In this proposal, the population comprises weights that are connected by unique springs. The mathematical modeling of the proposed algorithm is presented to be used to achieve solutions to optimization problems. The results were thoroughly validated in different unimodal and multimodal functions; additionally, the BSSA was compared with high-performance algorithms: binary grasshopper optimization algorithm, binary dragonfly algorithm, binary bat algorithm, binary gravitational search algorithm, binary particle swarm optimization, and binary genetic algorithm. The results show the superiority of the BSSA. The results of the Friedman test corroborate that the BSSA is more competitive.

Sign in / Sign up

Export Citation Format

Share Document