scholarly journals Provably Quantum-Secure Tweakable Block Ciphers

2021 ◽  
pp. 337-377
Author(s):  
Akinori Hosoyamada ◽  
Tetsu Iwata
Keyword(s):  
Polynomial Time ◽  
Provable Security ◽  
Block Cipher ◽  
Block Ciphers ◽  
Quantum Superposition ◽  
Quantum Cryptanalysis ◽  
Classical Setting ◽  
Time Quantum ◽  
Symmetric Key ◽  
Arbitrary Quantum

Recent results on quantum cryptanalysis show that some symmetric key schemes can be broken in polynomial time even if they are proven to be secure in the classical setting. Liskov, Rivest, and Wagner showed that secure tweakable block ciphers can be constructed from secure block ciphers in the classical setting. However, Kaplan et al. showed that their scheme can be broken by polynomial time quantum superposition attacks, even if underlying block ciphers are quantum-secure. Since then, it remains open if there exists a mode of block ciphers to build quantum-secure tweakable block ciphers. This paper settles the problem in the reduction-based provable security paradigm. We show the first design of quantum-secure tweakable block ciphers based on quantum-secure block ciphers, and present a provable security bound. Our construction is simple, and when instantiated with a quantum-secure n-bit block cipher, it is secure against attacks that query arbitrary quantum superpositions of plaintexts and tweaks up to O(2n/6) quantum queries. Our security proofs use the compressed oracle technique introduced by Zhandry. More precisely, we use an alternative formalization of the technique introduced by Hosoyamada and Iwata.

scholarly journals Efficient Implementation of PRESENT and GIFT on Quantum Computers

2021 ◽  
Vol 11 (11) ◽  
pp. 4776
Author(s):  
Kyungbae Jang ◽  
Gyeongju Song ◽  
Hyunjun Kim ◽  
Hyeokdong Kwon ◽  
Hyunji Kim ◽  
...  
Keyword(s):  
Block Cipher ◽  
Search Algorithm ◽  
Block Ciphers ◽  
Quantum Circuits ◽  
Security Level ◽  
Symmetric Key ◽  
Grover Search ◽  
Target Block ◽  
Symmetric Key Cryptography ◽  
Grover Search Algorithm

Grover search algorithm is the most representative quantum attack method that threatens the security of symmetric key cryptography. If the Grover search algorithm is applied to symmetric key cryptography, the security level of target symmetric key cryptography can be lowered from n-bit to n2-bit. When applying Grover’s search algorithm to the block cipher that is the target of potential quantum attacks, the target block cipher must be implemented as quantum circuits. Starting with the AES block cipher, a number of works have been conducted to optimize and implement target block ciphers into quantum circuits. Recently, many studies have been published to implement lightweight block ciphers as quantum circuits. In this paper, we present optimal quantum circuit designs of symmetric key cryptography, including PRESENT and GIFT block ciphers. The proposed method optimized PRESENT and GIFT block ciphers by minimizing qubits, quantum gates, and circuit depth. We compare proposed PRESENT and GIFT quantum circuits with other results of lightweight block cipher implementations in quantum circuits. Finally, quantum resources of PRESENT and GIFT block ciphers required for the oracle of the Grover search algorithm were estimated.

scholarly journals Minimizing Key Materials: The Even–Mansour Cipher Revisited and Its Application to Lightweight Authenticated Encryption

2020 ◽  
Vol 2020 ◽  
pp. 1-6
Author(s):  
Ping Zhang ◽  
Qian Yuan
Keyword(s):  
Open Problem ◽  
Provable Security ◽  
Simple Structure ◽  
Block Ciphers ◽  
Authenticated Encryption ◽  
Maximal Multiplicity ◽  
Symmetric Key ◽  
Security Bound

The Even–Mansour cipher has been widely used in block ciphers and lightweight symmetric-key ciphers because of its simple structure and strict provable security. Its research has been a hot topic in cryptography. This paper focuses on the problem to minimize the key material of the Even–Mansour cipher while its security bound remains essentially the same. We introduce four structures of the Even–Mansour cipher with a short key and derive their security by Patarin’s H-coefficients technique. These four structures are proven secure up to O˜2k/μ adversarial queries, where k is the bit length of the key material and μ is the maximal multiplicity. Then, we apply them to lightweight authenticated encryption modes and prove their security up to about minb/2,c,k−log μ-bit adversarial queries, where b is the size of the permutation and c is the capacity of the permutation. Finally, we leave it as an open problem to settle the security of the t-round iterated Even–Mansour cipher with short keys.

scholarly journals A Brief Review on Methodology of Cryptanalysis

2019 ◽  
pp. 85-93
Author(s):  
K V Srinivasa Rao ◽  
M M Naidu ◽  
R. Satya Prasad
Keyword(s):  
Provable Security ◽  
Block Ciphers ◽  
Secret Key ◽  
Rigorous Analysis ◽  
Distinguishing Attack ◽  
Cipher Text ◽  
Security Models ◽  
Cryptographic Primitive ◽  
Symmetric Key

Cryptanalysis comes into deferent forms in order to support that rigorous analysis of the structure cryptographic primitive to evaluate and verify its claimed security margins. This analysis will follow the attack models represented previously in order to exploit possible weakness in the primitive. Thus, achieving the associated attack goals which will vary from a distinguishing attack to a total break that is defined based on the security margins or claims of the primitive under study. For example, for a hash function, total break constitutes finding a collision or obtaining the message from the hash value. While in block ciphers it revolves around recovering the secret key. When it comes to the claimed security margins, the design approaches will follow certain security models as in provable security or practical security or a mixture of both. The role of cryptanalyst is to subject these primitives to different existing categories of cryptanalysis approaches and tailor new ones that will push the design’s security margins if possible to new limits where these attacks are not applicable any more This chapter will introduce the prominent methods of cryptanalysis that utilize certain behavior in the cipher structure. Such behavior disturbs the assumed randomness of the output or the cipher text. This Paper will explore the basic definitions of prominent cryptanalysis methods that targets the specific structure of a cipher namely differential and linear cryptanalysis and their different variants. It will also discuss other potential crytpanalytic methods that are usually used in symmetric-key ciphers analysis especially block ciphers.

scholarly journals Six shades lighter: a bit-serial implementation of the AES family

2021 ◽  
Author(s):  
Sergio Roldán Lombardía ◽  
Fatih Balli ◽  
Subhadeep Banik
Keyword(s):  
Block Cipher ◽  
Block Ciphers ◽  
Authenticated Encryption ◽  
Current Standard ◽  
Asic Circuit ◽  
The Family ◽  
Encryption And Decryption ◽  
Preliminary Version ◽  
Reduction In Area ◽  
Bit Serial

AbstractRecently, cryptographic literature has seen new block cipher designs such as , or that aim to be more lightweight than the current standard, i.e., . Even though family of block ciphers were designed two decades ago, they still remain as the de facto encryption standard, with being the most widely deployed variant. In this work, we revisit the combined one-in-all implementation of the family, namely both encryption and decryption of each as a single ASIC circuit. A preliminary version appeared in Africacrypt 2019 by Balli and Banik, where the authors design a byte-serial circuit with such functionality. We improve on their work by reducing the size of the compact circuit to 2268 GE through 1-bit-serial implementation, which achieves 38% reduction in area. We also report stand-alone bit-serial versions of the circuit, targeting only a subset of modes and versions, e.g., and . Our results imply that, in terms of area, and can easily compete with the larger members of recently designed family, e.g., , . Thus, our implementations can be used interchangeably inside authenticated encryption candidates such as , or in place of .

scholarly journals Marking Vertices to Find Graph Isomorphism Mapping Based on Continuous-Time Quantum Walk

Entropy ◽  
2018 ◽  
Vol 20 (8) ◽  
pp. 586 ◽  
Author(s):  
Xin Wang ◽  
Yi Zhang ◽  
Kai Lu ◽  
Xiaoping Wang ◽  
Kai Liu
Keyword(s):  
Polynomial Time ◽  
Continuous Time ◽  
Graph Isomorphism ◽  
Quantum Walk ◽  
Isomorphism Problem ◽  
Quantum Walks ◽  
Regular Graphs ◽  
Structure Preserving ◽  
Topological Structures ◽  
Time Quantum

The isomorphism problem involves judging whether two graphs are topologically the same and producing structure-preserving isomorphism mapping. It is widely used in various areas. Diverse algorithms have been proposed to solve this problem in polynomial time, with the help of quantum walks. Some of these algorithms, however, fail to find the isomorphism mapping. Moreover, most algorithms have very limited performance on regular graphs which are generally difficult to deal with due to their symmetry. We propose IsoMarking to discover an isomorphism mapping effectively, based on the quantum walk which is sensitive to topological structures. Firstly, IsoMarking marks vertices so that it can reduce the harmful influence of symmetry. Secondly, IsoMarking can ascertain whether the current candidate bijection is consistent with existing bijections and eventually obtains qualified mapping. Thirdly, our experiments on 1585 pairs of graphs demonstrate that our algorithm performs significantly better on both ordinary graphs and regular graphs.

scholarly journals A New Block Cipher Based on Finite Automata Systems

2016 ◽  
Vol 2 (1) ◽  
Author(s):  
Gh Khaleel ◽  
SHERZOD TURAEV ◽  
M.I.M. Tamrin ◽  
Imad F. Al-Shaikhli
Keyword(s):  
Block Cipher ◽  
Finite Automata ◽  
Parallel Computations ◽  
Block Ciphers ◽  
Central Importance ◽  
High Security ◽  
Encryption And Decryption

The performance and security have central importance of cryptography field. Therefore, theneed to use block ciphers are become very important. This paper presents a new block cipher based on finiteautomata system. The proposed cryptosystem is executed based on parallel computations to reduce thedelay time. Moreover, to achieve high security, we use different machines (variant non-deterministicautomata accepters) as keys for encryption and decryption.

scholarly journals Crypto-Archaeology: unearthing design methodology of DES s-boxes

2017 ◽  
Author(s):  
Sankhanil Dey ◽  
Ranjan Ghosh
Keyword(s):  
Boolean Function ◽  
Boolean Functions ◽  
Design Methodology ◽  
Block Cipher ◽  
Block Ciphers ◽  
Public Domain ◽  
Differential Cryptanalysis ◽  
Linear Cryptanalysis ◽  
Strict Avalanche Criterion ◽  
Independence Criterion

US defence sponsored the DES program in 1974 and released it in 1977. It remained as a well-known and well accepted block cipher until 1998. Thirty-two 4-bit DES S-Boxes are grouped in eight each with four and are put in public domain without any mention of their design methodology. S-Boxes, 4-bit, 8-bit or 32-bit, find a permanent seat in all future block ciphers. In this paper, while looking into the design methodology of DES S-Boxes, we find that S-Boxes have 128 balanced and non-linear Boolean Functions, of which 102 used once, while 13 used twice and 92 of 102 satisfy the Boolean Function-level Strict Avalanche Criterion. All the S-Boxes satisfy the Bit Independence Criterion. Their Differential Cryptanalysis exhibits better results than the Linear Cryptanalysis. However, no S-Boxes satisfy the S-Box-level SAC analyses. It seems that the designer emphasized satisfaction of Boolean-Function-level SAC and S-Box-level BIC and DC, not the S-Box-level LC and SAC.

scholarly journals Cryptanalysis of PMACx, PMAC2x, and SIVx

2017 ◽  
pp. 162-176
Author(s):  
Kazuhiko Minematsu ◽  
Tetsu Iwata
Keyword(s):  
Provable Security ◽  
Block Cipher ◽  
Query Complexity ◽  
Block Length ◽  
Encryption Scheme ◽  
Authenticated Encryption ◽  
Pseudorandom Functions ◽  
Tweakable Block Cipher ◽  
Deterministic Authenticated Encryption ◽  
Provably Secure

At CT-RSA 2017, List and Nandi proposed two variable input length pseudorandom functions (VI-PRFs) called PMACx and PMAC2x, and a deterministic authenticated encryption scheme called SIVx. These schemes use a tweakable block cipher (TBC) as the underlying primitive, and are provably secure up to the query complexity of 2n, where n denotes the block length of the TBC. In this paper, we falsify the provable security claims by presenting concrete attacks. We show that with the query complexity of O(2n/2), i.e., with the birthday complexity, PMACx, PMAC2x, and SIVx are all insecure.

Sign in / Sign up

Export Citation Format

Share Document