scholarly journals Errata to Sound Hashing Modes of Arbitrary Functions, Permutations, and Block Ciphers

2020 ◽  
pp. 362-366
Author(s):  
Aldo Gunsing ◽  
Joan Daemen ◽  
Bart Mennink
Keyword(s):  
Block Cipher ◽  
Block Size ◽  
Block Ciphers ◽  
Query Complexity ◽  
Extra Term ◽  
Security Bound

In ToSC 2018(4), Daemen et al. performed an in-depth investigation of sound hashing modes based on arbitrary functions, permutations, or block ciphers. However, for the case of invertible primitives, there is a glitch. In this errata, we formally fix this glitch by adding an extra term to the security bound, q/2b−n, where q is query complexity, b the width of the permutation or the block size of the block cipher, and n the size of the hash digest. For permutations that are wider than two times the chaining value this term is negligible. For block cipher based hashing modes where the block size is close to the digest size, the term degrades the security significantly.

LM-DAE: Low-Memory Deterministic Authenticated Encryption for 128-bit Security

2020 ◽  
pp. 1-38
Author(s):  
Yusuke Naito ◽  
Yu Sasaki ◽  
Takeshi Sugawara
Keyword(s):  
Block Cipher ◽  
State Of The Art ◽  
Block Size ◽  
Query Complexity ◽  
Side Channel ◽  
Authenticated Encryption ◽  
Implementation Cost ◽  
Tweakable Block Cipher ◽  
Deterministic Authenticated Encryption ◽  
State Size

This paper proposes a new lightweight deterministic authenticated encryption (DAE) scheme providing 128-bit security. Lightweight DAE schemes are practically important because resource-restricted devices sometimes cannot afford to manage a nonce properly. For this purpose, we first design a new mode LM-DAE that has a minimal state size and uses a tweakable block cipher (TBC). The design can be implemented with low memory and is advantageous in threshold implementations (TI) as a side-channel attack countermeasure. LM-DAE further reduces the implementation cost by eliminating the inverse tweak schedule needed in the previous TBC-based DAE modes. LM-DAE is proven to be indistinguishable from an ideal DAE up to the O(2n) query complexity for the block size n. To achieve 128-bit security, an underlying TBC must handle a 128-bit block, 128-bit key, and 128+4-bit tweak, where the 4-bit tweak comes from the domain separation. To satisfy this requirement, we extend SKINNY-128-256 with an additional 4-bit tweak, by applying the elastic-tweak proposed by Chakraborti et al. We evaluate the hardware performances of the proposed scheme with and without TI. Our LM-DAE implementation achieves 3,717 gates, roughly 15% fewer than state-of-the-art nonce-based schemes, thanks to removing the inverse tweak schedule.

scholarly journals Iterative Block Ciphers from Tweakable Block Ciphers with Long Tweaks

2020 ◽  
pp. 54-80
Author(s):  
Ryota Nakamichi ◽  
Tetsu Iwata
Keyword(s):  
Block Cipher ◽  
Block Ciphers ◽  
Simple Iteration ◽  
Tweakable Block Cipher ◽  
Beyond Birthday Bound ◽  
Security Bound

We consider a problem of constructing a secure block cipher from a tweakable block cipher (TBC) with long tweaks. Given a TBC with n-bit blocks and Γn-bit tweaks for Γ ≥ 1, one of the constructions by Minematsu in DCC 2015 shows that a simple iteration of the TBC for 3d rounds yields a block cipher with dn-bit blocks that is secure up to 2dn/2 queries, where d = Γ + 1. In this paper, we show three results.1. Iteration of 3d − 2 rounds is enough for the security up to 2dn/2 queries, i.e., the security remains the same even if we reduce the number of rounds by two.2. When the number of queries is limited to 2n, d+1 rounds are enough, and with d + l rounds for 1 ≤ l ≤ d − 1, the security bound improves as l grows.3. A d-round construction gives a block cipher secure up to 2n/2 queries, i.e., it achieves the classical birthday-bound security. Our results show that a block cipher with beyond-birthday-bound (BBB) security (with respect to n) is obtained as low as d + 1 rounds, and we draw the security spectrum of d + l round version in the range of 1 ≤ l ≤ d−1 and l = 2d−2 for BBB security, and l = 0 for birthday-bound security.

scholarly journals Improved Security Bound of (E/D)WCDM

2021 ◽  
pp. 138-176
Author(s):  
Nilanjan Datta ◽  
Avijit Dutta ◽  
Kushankur Dutta
Keyword(s):  
Block Cipher ◽  
Block Size ◽  
Number Of Solutions ◽  
Security Proofs ◽  
Mirror Theory ◽  
Security Bound

In CRYPTO’16, Cogliati and Seurin proposed a block cipher based nonce based MAC, called Encrypted Wegman-Carter with Davies-Meyer (EWCDM), that gives 2n/3 bit MAC security in the nonce respecting setting and n/2 bit security in the nonce misuse setting, where n is the block size of the underlying block cipher. However, this construction requires two independent block cipher keys. In CRYPTO’18, Datta et al. came up with a single-keyed block cipher based nonce based MAC, called Decrypted Wegman-Carter with Davies-Meyer (DWCDM), that also provides 2n/3 bit MAC security in the nonce respecting setting and n/2 bit security in the nonce misuse setting. However, the drawback of DWCDM is that it takes only 2n/3 bit nonce. In fact, authors have shown that DWCDM cannot achieve beyond the birthday bound security with n bit nonces. In this paper, we prove that DWCDM with 3n/4 bit nonces provides MAC security up to O(23n/4) MAC queries against all nonce respecting adversaries. We also improve the MAC bound of EWCDM from 2n/3 bit to 3n/4 bit. The backbone of these two results is a refined treatment of extended mirror theory that systematically estimates the number of solutions to a system of bivariate affine equations and non-equations, which we apply on the security proofs of the constructions to achieve 3n/4 bit security.

scholarly journals Six shades lighter: a bit-serial implementation of the AES family

2021 ◽  
Author(s):  
Sergio Roldán Lombardía ◽  
Fatih Balli ◽  
Subhadeep Banik
Keyword(s):  
Block Cipher ◽  
Block Ciphers ◽  
Authenticated Encryption ◽  
Current Standard ◽  
Asic Circuit ◽  
The Family ◽  
Encryption And Decryption ◽  
Preliminary Version ◽  
Reduction In Area ◽  
Bit Serial

AbstractRecently, cryptographic literature has seen new block cipher designs such as , or that aim to be more lightweight than the current standard, i.e., . Even though family of block ciphers were designed two decades ago, they still remain as the de facto encryption standard, with being the most widely deployed variant. In this work, we revisit the combined one-in-all implementation of the family, namely both encryption and decryption of each as a single ASIC circuit. A preliminary version appeared in Africacrypt 2019 by Balli and Banik, where the authors design a byte-serial circuit with such functionality. We improve on their work by reducing the size of the compact circuit to 2268 GE through 1-bit-serial implementation, which achieves 38% reduction in area. We also report stand-alone bit-serial versions of the circuit, targeting only a subset of modes and versions, e.g., and . Our results imply that, in terms of area, and can easily compete with the larger members of recently designed family, e.g., , . Thus, our implementations can be used interchangeably inside authenticated encryption candidates such as , or in place of .

scholarly journals Efficient Implementation of PRESENT and GIFT on Quantum Computers

2021 ◽  
Vol 11 (11) ◽  
pp. 4776
Author(s):  
Kyungbae Jang ◽  
Gyeongju Song ◽  
Hyunjun Kim ◽  
Hyeokdong Kwon ◽  
Hyunji Kim ◽  
...  
Keyword(s):  
Block Cipher ◽  
Search Algorithm ◽  
Block Ciphers ◽  
Quantum Circuits ◽  
Security Level ◽  
Symmetric Key ◽  
Grover Search ◽  
Target Block ◽  
Symmetric Key Cryptography ◽  
Grover Search Algorithm

Grover search algorithm is the most representative quantum attack method that threatens the security of symmetric key cryptography. If the Grover search algorithm is applied to symmetric key cryptography, the security level of target symmetric key cryptography can be lowered from n-bit to n2-bit. When applying Grover’s search algorithm to the block cipher that is the target of potential quantum attacks, the target block cipher must be implemented as quantum circuits. Starting with the AES block cipher, a number of works have been conducted to optimize and implement target block ciphers into quantum circuits. Recently, many studies have been published to implement lightweight block ciphers as quantum circuits. In this paper, we present optimal quantum circuit designs of symmetric key cryptography, including PRESENT and GIFT block ciphers. The proposed method optimized PRESENT and GIFT block ciphers by minimizing qubits, quantum gates, and circuit depth. We compare proposed PRESENT and GIFT quantum circuits with other results of lightweight block cipher implementations in quantum circuits. Finally, quantum resources of PRESENT and GIFT block ciphers required for the oracle of the Grover search algorithm were estimated.

scholarly journals A New Block Cipher Based on Finite Automata Systems

2016 ◽  
Vol 2 (1) ◽  
Author(s):  
Gh Khaleel ◽  
SHERZOD TURAEV ◽  
M.I.M. Tamrin ◽  
Imad F. Al-Shaikhli
Keyword(s):  
Block Cipher ◽  
Finite Automata ◽  
Parallel Computations ◽  
Block Ciphers ◽  
Central Importance ◽  
High Security ◽  
Encryption And Decryption

The performance and security have central importance of cryptography field. Therefore, theneed to use block ciphers are become very important. This paper presents a new block cipher based on finiteautomata system. The proposed cryptosystem is executed based on parallel computations to reduce thedelay time. Moreover, to achieve high security, we use different machines (variant non-deterministicautomata accepters) as keys for encryption and decryption.

scholarly journals On Length Independent Security Bounds for the PMAC Family

2021 ◽  
pp. 423-445
Author(s):  
Bishwajit Chakraborty ◽  
Soumya Chattopadhyay ◽  
Ashwin Jha ◽  
Mridul Nandi
Keyword(s):  
Block Cipher ◽  
Block Size ◽  
Gray Code ◽  
Tight Bound ◽  
Simple Modification ◽  
Security Proof ◽  
Tight Security ◽  
Pseudorandom Function ◽  
Exact Security ◽  
Query Length

At FSE 2017, Gaži et al. demonstrated a pseudorandom function (PRF) distinguisher (Gaži et al., ToSC 2016(2)) on PMAC with Ω(lq2/2n) advantage, where q, l, and n, denote the number of queries, maximum permissible query length (in terms of n-bit blocks), and block size of the underlying block cipher. This, in combination with the upper bounds of Ο(lq2/2n) (Minematsu and Matsushima, FSE 2007) and Ο(qσ/2n) (Nandi and Mandal, J. Mathematical Cryptology 2008(2)), resolved the long-standing problem of exact security of PMAC. Gaži et al. also showed that the dependency on l can be dropped (i.e. O(q2/2n) bound up to l ≤ 2n/2) for a simplified version of PMAC, called sPMAC, by replacing the Gray code-based masking in PMAC with any 4-wise independent universal hash-based masking. Recently, Naito proposed another variant of PMAC with two powering-up maskings (Naito, ToSC 2019(2)) that achieves l-free bound of O(q2/2n), provided l ≤ 2n/2. In this work, we first identify a flaw in the analysis of Naito’s PMAC variant that invalidates the security proof. Apparently, the flaw is not easy to fix under the existing proof setup. We then formulate an equivalent problem which must be solved in order to achieve l-free security bounds for this variant. Second, we show that sPMAC achieves O(q2/2n) bound for a weaker notion of universality as compared to the earlier condition of 4-wise independence. Third, we analyze the security of PMAC1 (a popular variant of PMAC) with a simple modification in the linear combination of block cipher outputs. We show that this simple modification of PMAC1 has tight security O(q2/2n) provided l ≤ 2n/4. Even if l < 2n/4, we still achieve same tight bound as long as total number of blocks in all queries is less than 22n/3.

scholarly journals Crypto-Archaeology: unearthing design methodology of DES s-boxes

2017 ◽  
Author(s):  
Sankhanil Dey ◽  
Ranjan Ghosh
Keyword(s):  
Boolean Function ◽  
Boolean Functions ◽  
Design Methodology ◽  
Block Cipher ◽  
Block Ciphers ◽  
Public Domain ◽  
Differential Cryptanalysis ◽  
Linear Cryptanalysis ◽  
Strict Avalanche Criterion ◽  
Independence Criterion

US defence sponsored the DES program in 1974 and released it in 1977. It remained as a well-known and well accepted block cipher until 1998. Thirty-two 4-bit DES S-Boxes are grouped in eight each with four and are put in public domain without any mention of their design methodology. S-Boxes, 4-bit, 8-bit or 32-bit, find a permanent seat in all future block ciphers. In this paper, while looking into the design methodology of DES S-Boxes, we find that S-Boxes have 128 balanced and non-linear Boolean Functions, of which 102 used once, while 13 used twice and 92 of 102 satisfy the Boolean Function-level Strict Avalanche Criterion. All the S-Boxes satisfy the Bit Independence Criterion. Their Differential Cryptanalysis exhibits better results than the Linear Cryptanalysis. However, no S-Boxes satisfy the S-Box-level SAC analyses. It seems that the designer emphasized satisfaction of Boolean-Function-level SAC and S-Box-level BIC and DC, not the S-Box-level LC and SAC.

scholarly journals Provably Quantum-Secure Tweakable Block Ciphers

2021 ◽  
pp. 337-377
Author(s):  
Akinori Hosoyamada ◽  
Tetsu Iwata
Keyword(s):  
Polynomial Time ◽  
Provable Security ◽  
Block Cipher ◽  
Block Ciphers ◽  
Quantum Superposition ◽  
Quantum Cryptanalysis ◽  
Classical Setting ◽  
Time Quantum ◽  
Symmetric Key ◽  
Arbitrary Quantum

Recent results on quantum cryptanalysis show that some symmetric key schemes can be broken in polynomial time even if they are proven to be secure in the classical setting. Liskov, Rivest, and Wagner showed that secure tweakable block ciphers can be constructed from secure block ciphers in the classical setting. However, Kaplan et al. showed that their scheme can be broken by polynomial time quantum superposition attacks, even if underlying block ciphers are quantum-secure. Since then, it remains open if there exists a mode of block ciphers to build quantum-secure tweakable block ciphers. This paper settles the problem in the reduction-based provable security paradigm. We show the first design of quantum-secure tweakable block ciphers based on quantum-secure block ciphers, and present a provable security bound. Our construction is simple, and when instantiated with a quantum-secure n-bit block cipher, it is secure against attacks that query arbitrary quantum superpositions of plaintexts and tweaks up to O(2n/6) quantum queries. Our security proofs use the compressed oracle technique introduced by Zhandry. More precisely, we use an alternative formalization of the technique introduced by Hosoyamada and Iwata.

Sign in / Sign up

Export Citation Format

Share Document