Optimal PRFs from Blockcipher Designs

Cryptographic modes built on top of a blockcipher usually rely on the assumption that this primitive behaves like a pseudorandom permutation (PRP). For many of these modes, including counter mode and GCM, stronger security guarantees could be derived if they were based on a PRF design. We propose a heuristic method of transforming a dedicated blockcipher design into a dedicated PRF design. Intuitively, the method consists of evaluating the blockcipher once, with one or more intermediate state values fed-forward. It shows strong resemblance with the optimally secure EDMD construction by Mennink and Neves (CRYPTO 2017), but the use of internal state values make their security analysis formally inapplicable. In support of its security, we give the rationale of relying on the EDMD function (as opposed to alternatives), and present analysis of simplified versions of our conversion method applied to the AES. We conjecture that our main proposal AES-PRF, AES with a feed-forward of the middle state, achieves close to optimal security. We apply the design to GCM and GCM-SIV, and demonstrate how it entails significant security improvements. We furthermore demonstrate how the technique extends to tweakable blockciphers and allows for security improvements in, for instance, PMAC1.

Download Full-text

Tradeoff Attacks on Symmetric Ciphers

10.5772/intechopen.96627 ◽

2021 ◽

Author(s):

Orhun Kara

Keyword(s):

Internal State ◽

Security Analysis ◽

Stream Ciphers ◽

Open Problems ◽

Key Recovery ◽

State Recovery ◽

Internal States ◽

Symmetric Ciphers ◽

Iot Devices ◽

State Size

Tradeoff attacks on symmetric ciphers can be considered as the generalization of the exhaustive search. Their main objective is reducing the time complexity by exploiting the memory after preparing very large tables at a cost of exhaustively searching all the space during the precomputation phase. It is possible to utilize data (plaintext/ciphertext pairs) in some cases like the internal state recovery attacks for stream ciphers to speed up further both online and offline phases. However, how to take advantage of data in a tradeoff attack against block ciphers for single key recovery cases is still unknown. We briefly assess the state of art of tradeoff attacks on symmetric ciphers, introduce some open problems and discuss the security criterion on state sizes. We discuss the strict lower bound for the internal state size of keystream generators and propose more practical and fair bound along with our reasoning. The adoption of our new criterion can break a fresh ground in boosting the security analysis of small keystream generators and in designing ultra-lightweight stream ciphers with short internal states for their usage in specially low source devices such as IoT devices, wireless sensors or RFID tags.

Download Full-text

Tweakable Blockciphers for Efficient Authenticated Encryptions with Beyond the Birthday-Bound Security

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2017.i2.1-26 ◽

2017 ◽

pp. 1-26 ◽

Cited By ~ 2

Author(s):

Yusuke Naito

Keyword(s):

Modular Design ◽

Data Block ◽

Authenticated Encryption ◽

Pseudorandom Permutation ◽

Beyond Birthday Bound ◽

Tweakable Blockciphers ◽

Associated Data

Modular design via a tweakable blockcipher (TBC) offers efficient authenticated encryption (AE) schemes (with associated data) that call a blockcipher once for each data block (of associated data or a plaintext). However, the existing efficient blockcipher-based TBCs are secure up to the birthday bound, where the underlying keyed blockcipher is a secure strong pseudorandom permutation. Existing blockcipher-based AE schemes with beyond-birthday-bound (BBB) security are not efficient, that is, a blockcipher is called twice or more for each data block. In this paper, we present a TBC, XKX, that offers efficient blockcipher-based AE schemes with BBB security, by combining with efficient TBC-based AE schemes such as ΘCB3 and

Download Full-text

Cryptanalysis of AES-PRF and Its Dual

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2018.i2.161-191 ◽

2018 ◽

pp. 161-191

Author(s):

Patrick Derbez ◽

Tetsu Iwata ◽

Ling Sun ◽

Siwei Sun ◽

Yosuke Todo ◽

...

Keyword(s):

Security Analysis ◽

Security Evaluation ◽

Input State ◽

Differential Attack ◽

Feed Forward ◽

Output State ◽

Distinguishing Attack ◽

Zero Correlation ◽

Linear Attack ◽

Pseudorandom Function

A dedicated pseudorandom function (PRF) called AES-PRF was proposed by Mennink and Neves at FSE 2018 (ToSC 2017, Issue 3). AES-PRF is obtained from AES by using the output of the 5-th round as the feed-forward to the output state. This paper presents extensive security analysis of AES-PRF and its variants. Specifically, we consider unbalanced variants where the output of the s-th round is used as the feed-forward. We also analyze the security of “dual” constructions of the unbalanced variants, where the input state is used as the feed-forward to the output of the s-th round. We apply an impossible differential attack, zero-correlation linear attack, traditional differential attack, zero correlation linear distinguishing attack and a meet-in-the-middle attack on these PRFs and reduced round versions. We show that AES-PRF is broken whenever s ≤ 2 or s ≥ 6, or reduced to 7 rounds, and Dual-AES-PRF is broken whenever s ≤ 4 or s ≥ 8. Our results on AES-PRF improve the initial security evaluation by the designers in various ways, and our results on Dual-AES-PRF give the first insight to its security.

Download Full-text

Blockchain Security as “People Security”: Applying Sociotechnical Security to Blockchain Technology

Frontiers in Computer Science ◽

10.3389/fcomp.2020.599406 ◽

2021 ◽

Vol 2 ◽

Author(s):

Kelsie Nabben

Keyword(s):

Case Studies ◽

Security Analysis ◽

Social Software ◽

Security Framework ◽

Public And Private ◽

Blockchain Technology ◽

Digital Infrastructure ◽

The Social ◽

Different Types ◽

Security Guarantees

The notion that blockchains offer decentralized, “trustless” guarantees of security through technology is a fundamental misconception held by many advocates. This misconception hampers participants from understanding the security differences between public and private blockchains and adopting blockchain technology in suitable contexts. This paper introduces the notion of “people security” to argue that blockchains hold inherent limitations in offering accurate security guarantees to people as participants in blockchain-based infrastructure, due to the differing nature of the threats to participants reliant on blockchain as secure digital infrastructure, as well as the technical limitations between different types of blockchain architecture. This paper applies a sociotechnical security framework to assess the social, software, and infrastructural layers of blockchain applications to reconceptualize “blockchain security” as “people security.” A sociotechnical security analysis of existing macrosocial level blockchain systems surfaces discrepancies between the social, technical, and infrastructural layers of a blockchain network, the technical and governance decisions that characterize the network, and the expectations of, and threats to, participants using the network. The results identify a number of security and trust assumptions against various blockchain architectures, participants, and applications. Findings indicate that private blockchains have serious limitations for securing the interests of users in macrosocial contexts, due to their centralized nature. In contrast, public blockchains reveal trust and security shortcomings at the micro and meso-organizational levels, yet there is a lack of suitable desktop case studies by which to analyze sociotechnical security at the macrosocial level. These assumptions need to be further investigated and addressed in order for blockchain security to more accurately provide “people security”.

Download Full-text

Reconsidering the Security Bound of AES-GCM-SIV

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2017.i4.240-267 ◽

2017 ◽

pp. 240-267 ◽

Cited By ~ 1

Author(s):

Tetsu Iwata ◽

Yannick Seurin

Keyword(s):

Research Group ◽

Security Analysis ◽

Encryption Scheme ◽

Authenticated Encryption ◽

Simple Modification ◽

Security Guarantees ◽

Security Bound ◽

Key Derivation

We make a number of remarks about the AES-GCM-SIV nonce-misuse resistant authenticated encryption scheme currently considered for standardization by the Crypto Forum Research Group (CFRG). First, we point out that the security analysis proposed in the ePrint report 2017/168 is incorrect, leading to overly optimistic security claims. We correct the bound and re-assess the security guarantees offered by the scheme for various parameters. Second, we suggest a simple modification to the key derivation function which would improve the security of the scheme with virtually no efficiency penalty.

Download Full-text

Integrating Classical Preprocessing into an Optical Encryption Scheme

Entropy ◽

10.3390/e21090872 ◽

2019 ◽

Vol 21 (9) ◽

pp. 872

Author(s):

Hai Pham ◽

Rainer Steinwandt ◽

Adriana Suárez Corona

Keyword(s):

Coherent States ◽

Communication Channel ◽

Quantum Noise ◽

Security Analysis ◽

Cryptographic Protocols ◽

Optical Channel ◽

Classical Communication ◽

Trade Offs ◽

Starting Point ◽

Security Guarantees

Traditionally, cryptographic protocols rely on mathematical assumptions and results to establish security guarantees. Quantum cryptography has demonstrated how physical properties of a communication channel can be leveraged in the design of cryptographic protocols, too. Our starting point is the AlphaEta protocol, which was designed to exploit properties of coherent states of light to transmit data securely over an optical channel. AlphaEta aims to draw security from the uncertainty of any measurement of the transmitted coherent states due to intrinsic quantum noise. We present a technique to combine AlphaEta with classical preprocessing, taking into account error-correction for the optical channel. This enables us to establish strong provable security guarantees. In addition, the type of hybrid encryption we suggest, enables trade-offs between invoking a(n inexpensive) classical communication channel and a (more complex to implement) optical channel, without jeopardizing security. Our design can easily incorporate fast state-of-the-art authenticated encryption, but in this case the security analysis requires heuristic reasoning.

Download Full-text

Estimating the State of Health of Lead-Acid Battery Using Feed-Forward Neural Network

Journal of Circuits System and Computers ◽

10.1142/s0218126622500815 ◽

2021 ◽

Author(s):

D. Selvabharathi ◽

N. Muruganantham

Keyword(s):

Neural Network ◽

Heuristic Method ◽

Conventional Technique ◽

Open Circuit ◽

The State ◽

Battery Management System ◽

Battery Management ◽

State Of Health ◽

Feed Forward Neural Network ◽

Feed Forward

A Battery Management System (BMS) can prolong the life of the battery but it depends on the accuracy of the adopted scheme. Different techniques have been developed to enhance the BMS by monitoring the State of Health (SOH) of the battery. In this paper, the detection of battery voltage is analyzed by using the cycle counting method, which is a conventional technique and compared with Artificial Neural Network (ANN), a heuristic method. The advantage of the proposed ANN method is that SOH can be monitored without disconnecting the battery from the load. Also, the sampling data to the ANN are derived from various techniques including Open Circuit Voltage (OCV) method, Ambient temperature measurement, and valley point detection. A feed-forward backpropagation algorithm is used to achieve the purpose of real-time monitoring of the LAB. The results show that the precise estimation of SOH can be obtained by Feed-Forward Neural Network (FFNN) when trained with more sampling data.

Download Full-text