scholarly journals Internal state recovery of Espresso stream cipher using conditional sampling resistance and TMDTO attack

2019 ◽  
Vol 0 (0) ◽  
pp. 0-0
Author(s):  
Nishant Sinha ◽  
Keyword(s):  
Stream Cipher ◽  
Internal State ◽  
Conditional Sampling ◽  
State Recovery

scholarly journals Breaking Trivium Stream Cipher Implemented in ASIC Using Experimental Attacks and DFA

Sensors ◽  
2020 ◽  
Vol 20 (23) ◽  
pp. 6909
Author(s):  
Francisco Eugenio Potestad-Ordóñez ◽  
Manuel Valencia-Barrero ◽  
Carmen Baena-Oliva ◽  
Pilar Parra-Fernández ◽  
Carlos Jesús Jiménez-Fernández
Keyword(s):  
Stream Cipher ◽  
Internal State ◽  
Clock Cycle ◽  
Fault Analysis ◽  
Invasive Technique ◽  
Sensitive Information ◽  
Secret Key ◽  
Key Recovery ◽  
Differential Fault Analysis ◽  
Secret Keys

One of the best methods to improve the security of cryptographic systems used to exchange sensitive information is to attack them to find their vulnerabilities and to strengthen them in subsequent designs. Trivium stream cipher is one of the lightweight ciphers designed for security applications in the Internet of things (IoT). In this paper, we present a complete setup to attack ASIC implementations of Trivium which allows recovering the secret keys using the active non-invasive technique attack of clock manipulation, combined with Differential Fault Analysis (DFA) cryptanalysis. The attack system is able to inject effective transient faults into the Trivium in a clock cycle and sample the faulty output. Then, the internal state of the Trivium is recovered using the DFA cryptanalysis through the comparison between the correct and the faulty outputs. Finally, a backward version of Trivium was also designed to go back and get the secret keys from the initial internal states. The key recovery has been verified with numerous simulations data attacks and used with the experimental data obtained from the Application Specific Integrated Circuit (ASIC) Trivium. The secret key of the Trivium were recovered experimentally in 100% of the attempts, considering a real scenario and minimum assumptions.

New state recovery attacks on the Grain v1 stream cipher

2016 ◽  
Vol 13 (11) ◽  
pp. 180-188 ◽  
Author(s):  
Lin Ding ◽  
Chenhui Jin ◽  
Jie Guan ◽  
Shaowu Zhang ◽  
Junzhi Li ◽  
...  
Keyword(s):  
Stream Cipher ◽  
State Recovery

scholarly journals Tradeoff Attacks on Symmetric Ciphers

2021 ◽  
Author(s):  
Orhun Kara
Keyword(s):  
Internal State ◽  
Security Analysis ◽  
Stream Ciphers ◽  
Open Problems ◽  
Key Recovery ◽  
State Recovery ◽  
Internal States ◽  
Symmetric Ciphers ◽  
Iot Devices ◽  
State Size

Tradeoff attacks on symmetric ciphers can be considered as the generalization of the exhaustive search. Their main objective is reducing the time complexity by exploiting the memory after preparing very large tables at a cost of exhaustively searching all the space during the precomputation phase. It is possible to utilize data (plaintext/ciphertext pairs) in some cases like the internal state recovery attacks for stream ciphers to speed up further both online and offline phases. However, how to take advantage of data in a tradeoff attack against block ciphers for single key recovery cases is still unknown. We briefly assess the state of art of tradeoff attacks on symmetric ciphers, introduce some open problems and discuss the security criterion on state sizes. We discuss the strict lower bound for the internal state size of keystream generators and propose more practical and fair bound along with our reasoning. The adoption of our new criterion can break a fresh ground in boosting the security analysis of small keystream generators and in designing ultra-lightweight stream ciphers with short internal states for their usage in specially low source devices such as IoT devices, wireless sensors or RFID tags.

ON GUESS AND DETERMINE ANALYSIS OF RABBIT

2011 ◽  
Vol 22 (06) ◽  
pp. 1283-1296 ◽  
Author(s):  
XIUTAO FENG ◽  
ZHENQING SHI ◽  
CHUANKUN WU ◽  
DENGGUO FENG
Keyword(s):  
Stream Cipher ◽  
Internal State ◽  
Original Data ◽  
State Function ◽  
Brute Force ◽  
View Point ◽  
New Techniques ◽  
Extraction Scheme ◽  
Data Granularity ◽  
Future Work

Rabbit is a stream cipher proposed by M. Boesgaard et al., and has been selected into the final portfolio after three evaluation phases of the ECRYPT Stream Cipher Project (eSTREAM). So far only a few papers studied its security besides a series of white papers by the designers of Rabbit. Recently we presented a new idea to evaluate the security of a word-oriented stream cipher algorithm from a smaller data granularity instead of its original data granularity and applied it successfully to the stream cipher SOSEMANUK. In this work we apply the same idea to the Rabbit algorithm and analyze its security in resistance against the guess and determine attack from the view point of byte units. As a result, we present two new approaches of solving all xj,t+1' s and gj,t' s from the next-state function and the extraction scheme of Rabbit, whose complexities are 2166 and 2140.68 respectively, which are dramatically lower than those proposed by Lu et al. (2192 and 2174 resp.) at ISC 2008. Finally based on the above new results we propose a byte-based guess and determine attack on Rabbit, which only needs a small segment of known keystream to recover the whole internal state of Rabbit with time complexity 2242. Though the complexity of our attack is far higher than that of a brute force (2128), we believe that some new techniques adopted in this paper are of interest for future work on Rabbit.

scholarly journals Information Theory Based Evaluation of the RC4 Stream Cipher Outputs

Entropy ◽  
2021 ◽  
Vol 23 (7) ◽  
pp. 896
Author(s):  
Evaristo José Madarro-Capó ◽  
Carlos Miguel Legón-Pérez ◽  
Omar Rojas ◽  
Guillermo Sosa-Gómez
Keyword(s):  
Information Theory ◽  
Stream Cipher ◽  
Internal State ◽  
Probability Distributions ◽  
Random Variables ◽  
Test Statistic ◽  
Output Sequence ◽  
Rc4 Stream Cipher ◽  
Average Information

This paper presents a criterion, based on information theory, to measure the amount of average information provided by the sequences of outputs of the RC4 on the internal state. The test statistic used is the sum of the maximum plausible estimates of the entropies H(jt|zt), corresponding to the probability distributions P(jt|zt) of the sequences of random variables (jt)t∈T and (zt)t∈T, independent, but not identically distributed, where zt are the known values of the outputs, while jt is one of the unknown elements of the internal state of the RC4. It is experimentally demonstrated that the test statistic allows for determining the most vulnerable RC4 outputs, and it is proposed to be used as a vulnerability metric for each RC4 output sequence concerning the iterative probabilistic attack.

Internal state recovery of Grain v1 employing guess-and-determine attack

2017 ◽  
Vol 11 (6) ◽  
pp. 363-368 ◽  
Author(s):  
Zhen Ma ◽  
Tian Tian ◽  
Wen-Feng Qi
Keyword(s):  
Internal State ◽  
State Recovery
Sign in / Sign up

Export Citation Format

Share Document