scholarly journals Cryptanalysis of a Proposal Based on the Discrete Logarithm Problem Inside Sn

Cryptography ◽  
2018 ◽  
Vol 2 (3) ◽  
pp. 16
Author(s):  
María González Vasco ◽  
Angela Robinson ◽  
Rainer Steinwandt
Keyword(s):  
Symmetric Group ◽  
Efficient Method ◽  
Chinese Remainder Theorem ◽  
Discrete Logarithm ◽  
Discrete Logarithm Problem ◽  
Encryption Scheme ◽  
Secret Key ◽  
Natural Representation ◽  
Key Recovery ◽  
Key Recovery Attack

In 2008, Doliskani et al. proposed an ElGamal-style encryption scheme using the symmetric group Sn as mathematical platform. In 2012, an improvement of the cryptosystem’s memory requirements was suggested by Othman. The proposal by Doliskani et al. in particular requires the discrete logarithm problem in Sn, using its natural representation, to be hard. Making use of the Chinese Remainder Theorem, we describe an efficient method to solve this discrete logarithm problem, yielding a polynomial time secret key recovery attack against Doliskani et al.’s proposal.

scholarly journals Improved Cryptanalysis of a Fully Homomorphic Symmetric Encryption Scheme

2019 ◽  
Vol 2019 ◽  
pp. 1-6
Author(s):  
Quanbo Qu ◽  
Baocang Wang ◽  
Yuan Ping ◽  
Zhili Zhang
Keyword(s):  
Cloud Computing ◽  
Big Data ◽  
Homomorphic Encryption ◽  
Encryption Scheme ◽  
Symmetric Encryption ◽  
Secret Key ◽  
Fully Homomorphic Encryption ◽  
Key Recovery ◽  
Key Recovery Attack ◽  
Outsourced Databases

Homomorphic encryption is widely used in the scenarios of big data and cloud computing for supporting calculations on ciphertexts without leaking plaintexts. Recently, Li et al. designed a symmetric homomorphic encryption scheme for outsourced databases. Wang et al. proposed a successful key-recovery attack on the homomorphic encryption scheme but required the adversary to know some plaintext/ciphertext pairs. In this paper, we propose a new ciphertext-only attack on the symmetric fully homomorphic encryption scheme. Our attack improves the previous Wang et al.’s attack by eliminating the assumption of known plaintext/ciphertext pairs. We show that the secret key of the user can be recovered by running lattice reduction algorithms twice. Experiments show that the attack successfully and efficiently recovers the secret key of the randomly generated instances with an overwhelming probability.

scholarly journals Cryptanalysis of Loiss Stream Cipher-Revisited

2014 ◽  
Vol 2014 ◽  
pp. 1-7
Author(s):  
Lin Ding ◽  
Chenhui Jin ◽  
Jie Guan ◽  
Qiuyan Wang
Keyword(s):  
Time Complexity ◽  
Stream Cipher ◽  
Linear Equations ◽  
Data Complexity ◽  
Secret Key ◽  
Key Recovery ◽  
Systems Of Linear Equations ◽  
Key Recovery Attack ◽  
Better Than

Loiss is a novel byte-oriented stream cipher proposed in 2011. In this paper, based on solving systems of linear equations, we propose an improved Guess and Determine attack on Loiss with a time complexity of 2231and a data complexity of 268, which reduces the time complexity of the Guess and Determine attack proposed by the designers by a factor of 216. Furthermore, a related key chosenIVattack on a scaled-down version of Loiss is presented. The attack recovers the 128-bit secret key of the scaled-down Loiss with a time complexity of 280, requiring 264chosenIVs. The related key attack is minimal in the sense that it only requires one related key. The result shows that our key recovery attack on the scaled-down Loiss is much better than an exhaustive key search in the related key setting.

Cryptanalysis of Cramer-Shoup Like Cryptosystems Based on Index Exchangeable Family

2021 ◽  
pp. 1-19
Author(s):  
Jinhui liu ◽  
Yong Yu ◽  
Bo Yang ◽  
Jianwei Jia ◽  
Qiqi Lai
Keyword(s):  
Linear Equation ◽  
Linear Group ◽  
Personal Computer ◽  
Public Key ◽  
Encryption Scheme ◽  
Public Key Encryption ◽  
Key Recovery ◽  
Encryption And Decryption ◽  
Key Recovery Attack

The Cramer-Shoup (CS) like cryptosystem based on index exchangeable family (IEF) construction is a novel scheme introduced in Asiaccs 2016 by Li et al.. Its versatility was illustrated by building two public key encryption (PKE) schemes, a cramer-shoup encryption scheme based on IEFs, as well as an outsourcing technique based on non-abelian analog. However, the two schemes are not secure over the recommended linear group of Li et al. For them, we provide a new key-recovery attack by solving a linear equation respectively. Furthermore, we peel off complex encryption and decryption processes and propose more than three different attack methods. Finally, we give a corresponding example to illustrate the correctness of our attack methods. Our attack methods break an instance of claiming 80 bit security less than one minute under a personal computer.

scholarly journals Differential Attacks on CRAFT Exploiting the Involutory S-boxes and Tweak Additions

2020 ◽  
pp. 119-151
Author(s):  
Hao Guo ◽  
Siwei Sun ◽  
Danping Shi ◽  
Ling Sun ◽  
Yao Sun ◽  
...  
Keyword(s):  
Low Cost ◽  
Success Probability ◽  
Schedule Algorithm ◽  
Invariant Property ◽  
Differential Analysis ◽  
Secret Key ◽  
Key Recovery ◽  
Weak Keys ◽  
Key Recovery Attack ◽  
Truncated Differential

CRAFT is a lightweight tweakable block cipher proposed at FSE 2019, which allows countermeasures against Differential Fault Attacks to be integrated into the cipher at the algorithmic level with ease. CRAFT employs a lightweight and involutory S-box and linear layer, such that the encryption function can be turned into decryption at a low cost. Besides, the tweakey schedule algorithm of CRAFT is extremely simple, where four 64-bit round tweakeys are generated and repeatedly used. Due to a combination of these features which makes CRAFT exceedingly lightweight, we find that some input difference at a particular position can be preserved through any number of rounds if the input pair follows certain truncated differential trails. Interestingly, in contrast to traditional differential analysis, the validity of this invariant property is affected by the positions where the constant additions take place. We use this property to construct “weak-tweakey” truncated differential distinguishers of CRAFT in the single-key model. Subsequently, we show how the tweak additions allow us to convert these weak-tweakey distinguishers into ordinary secret-key distinguishers based on which key-recovery attacks can be performed. Moreover, we show how to construct MILP models to search for truncated differential distinguishers exploiting this invariant property. As a result, we find a 15-round truncated differential distinguisher of CRAFT and extend it to a 19-round key-recovery attack with 260.99 data, 268 memory, 294.59 time complexity, and success probability 80.66%. Also, we find a 14-round distinguisher with probability 2−43 (experimentally verified), a 16-round distinguisher with probability 2−55, and a 20-round weak-key distinguisher (2118 weak keys) with probability 2−63. Experiments on round-reduced versions of the distinguishers show that the experimental probabilities are sometimes higher than predicted. Finally, we note that our result is far from threatening the security of the full CRAFT.

A Key Recovery Attack on Fully Homomorphic Encryption Scheme

2014 ◽  
Vol 35 (12) ◽  
pp. 2999-3004
Author(s):  
Yan Guang ◽  
Yue-fei Zhu ◽  
Chun-xiang Gu ◽  
Yong-hui Zheng ◽  
Quan-you Tang
Keyword(s):  
Homomorphic Encryption ◽  
Encryption Scheme ◽  
Fully Homomorphic Encryption ◽  
Key Recovery ◽  
Key Recovery Attack

scholarly journals A Novel Provably Secure Key-Agreement Using Secret Subgroup Generator

2021 ◽  
Author(s):  
Abdelhaliem Babiker
Keyword(s):  
Key Agreement ◽  
Cyclic Subgroup ◽  
Discrete Logarithm ◽  
Key Exchange ◽  
Discrete Logarithm Problem ◽  
Secret Key ◽  
Shared Secret ◽  
Shared Secret Key ◽  
Provably Secure

Abstract In this paper, a new key-agreement scheme is proposed and analyzed. In addition to being provably secure in shared secret key indistinguishability model, the scheme has an interesting feature: while using exponentiation over a cyclic subgroup to establish the key-agreement, the generator of that subgroup is hidden to secure the scheme against adversaries that are capable of solving the Discrete Logarithm Problem, which means that the scheme might be candidate as a post-quantum key exchange scheme.

scholarly journals Automated Search Oriented to Key Recovery on Ciphers with Linear Key Schedule

2021 ◽  
pp. 249-291
Author(s):  
Lingyue Qin ◽  
Xiaoyang Dong ◽  
Xiaoyun Wang ◽  
Keting Jia ◽  
Yunwen Liu
Keyword(s):  
High Probability ◽  
Block Cipher ◽  
Secret Key ◽  
Key Recovery ◽  
Key Schedule ◽  
Before And After ◽  
Two Phases ◽  
Key Recovery Attack ◽  
Key Recovery Attacks ◽  
Automated Search

Automatic modelling to search distinguishers with high probability covering as many rounds as possible, such as MILP, SAT/SMT, CP models, has become a very popular cryptanalysis topic today. In those models, the optimizing objective is usually the probability or the number of rounds of the distinguishers. If we want to recover the secret key for a round-reduced block cipher, there are usually two phases, i.e., finding an efficient distinguisher and performing key-recovery attack by extending several rounds before and after the distinguisher. The total number of attacked rounds is not only related to the chosen distinguisher, but also to the extended rounds before and after the distinguisher. In this paper, we try to combine the two phases in a uniform automatic model.Concretely, we apply this idea to automate the related-key rectangle attacks on SKINNY and ForkSkinny. We propose some new distinguishers with advantage to perform key-recovery attacks. Our key-recovery attacks on a few versions of round-reduced SKINNY and ForkSkinny cover 1 to 2 more rounds than the best previous attacks.

scholarly journals Fast Correlation Attacks on Grain-like Small State Stream Ciphers

2017 ◽  
pp. 58-81 ◽  
Author(s):  
Bin Zhang ◽  
Xinxin Gong ◽  
Willi Meier
Keyword(s):  
Internal State ◽  
Stream Ciphers ◽  
Small Scale ◽  
Secret Key ◽  
Small State ◽  
Key Recovery ◽  
Key Recovery Attack ◽  
Correlation Attacks ◽  
Fast Correlation Attacks

In this paper, we study the security of Grain-like small state stream ciphers by fast correlation attacks, which are commonly regarded as classical cryptanalytic methods against LFSR-based stream ciphers. We extend the cascaded structure adopted in such primitives in general and show how to restore the full internal state part-by-part if the non-linear combining function meets some characteristic. As a case study, we present a key recovery attack against Fruit, a tweaked version of Sprout that employs key-dependent state updating in the keystream generation phase. Our attack requires 262.8 Fruit encryptions and 222.3 keystream bits to determine the 80-bit secret key. Practical simulations on a small-scale version confirmed our results.

scholarly journals Some cryptanalytic results on Lizard

2017 ◽  
pp. 82-98
Author(s):  
Subhadeep Banik ◽  
Takanori Isobe ◽  
Tingting Cui ◽  
Jian Guo
Keyword(s):  
Stream Cipher ◽  
Secret Key ◽  
Key Recovery ◽  
Key Recovery Attack ◽  
Key Recovery Attacks

Lizard is a lightweight stream cipher proposed by Hamann, Krause and Meier in IACR ToSC 2017. It has a Grain-like structure with two state registers of size 90 and 31 bits. The cipher uses a 120-bit secret key and a 64-bit IV. The authors claim that Lizard provides 80-bit security against key recovery attacks and a 60-bit security against distinguishing attacks. In this paper, we present an assortment of results and observations on Lizard. First, we show that by doing 258 random trials it is possible to find a set of 264 triplets (K, IV0, IV1) such that the Key-IV pairs (K, IV0) and (K, IV1) produce identical keystream bits. Second, we show that by performing only around 228 random trials it is possible to obtain 264 Key-IV pairs (K0, IV0) and (K1, IV1) that produce identical keystream bits. Thereafter, we show that one can construct a distinguisher for Lizard based on IVs that produce shifted keystream sequences. The process takes around 251.5 random IV encryptions (with encryption required to produce 218 keystream bits) and around 276.6 bits of memory. Next, we propose a key recovery attack on a version of Lizard with the number of initialization rounds reduced to 223 (out of 256) based on IV collisions. We then outline a method to extend our attack to 226 rounds. Our results do not affect the security claims of the designers.

Sign in / Sign up

Export Citation Format

Share Document