scholarly journals Improved Rectangle Attacks on SKINNY and CRAFT

2021 ◽  
pp. 140-198
Author(s):  
Hosein Hadipour ◽  
Nasour Bagheri ◽  
Ling Song
Keyword(s):  
General Framework ◽  
Block Cipher ◽  
Security Analysis ◽  
Differential Cryptanalysis ◽  
Advanced Method ◽  
Model Based ◽  
Tweakable Block Cipher ◽  
First Time

The boomerang and rectangle attacks are adaptions of differential cryptanalysis that regard the target cipher E as a composition of two sub-ciphers, i.e., E = E1 ∘ E0, to construct a distinguisher for E with probability p2q2 by concatenating two short differential trails for E0 and E1 with probability p and q respectively. According to the previous research, the dependency between these two differential characteristics has a great impact on the probability of boomerang and rectangle distinguishers. Dunkelman et al. proposed the sandwich attack to formalise such dependency that regards E as three parts, i.e., E = E1 ∘ Em ∘ E0, where Em contains the dependency between two differential trails, satisfying some differential propagation with probability r. Accordingly, the entire probability is p2q2r. Recently, Song et al. have proposed a general framework to identify the actual boundaries of Em and systematically evaluate the probability of Em with any number of rounds, and applied their method to accurately evaluate the probabilities of the best SKINNY’s boomerang distinguishers. In this paper, using a more advanced method to search for boomerang distinguishers, we show that the best previous boomerang distinguishers for SKINNY can be significantly improved in terms of probability and number of rounds. More precisely, we propose related-tweakey boomerang distinguishers for up to 19, 21, 23, and 25 rounds of SKINNY-64-128, SKINNY-128-256, SKINNY-64-192 and SKINNY-128-384 respectively, which improve the previous boomerang distinguishers of these variants of SKINNY by 1, 2, 1, and 1 round respectively. Based on the improved boomerang distinguishers for SKINNY, we provide related-tweakey rectangle attacks on 23 rounds of SKINNY-64-128, 24 rounds of SKINNY-128-256, 29 rounds of SKINNY-64-192, and 30 rounds of SKINNY-128-384. It is worth noting that our improved related-tweakey rectangle attacks on SKINNY-64-192, SKINNY-128-256 and SKINNY-128-384 can be directly applied for the same number of rounds of ForkSkinny-64-192, ForkSkinny-128-256 and ForkSkinny-128-384 respectively. CRAFT is another SKINNY-like tweakable block cipher for which we provide the security analysis against rectangle attack for the first time. As a result, we provide a 14-round boomerang distinguisher for CRAFT in the single-tweak model based on which we propose a single-tweak rectangle attack on 18 rounds of this cipher. Moreover, following the previous research regarding the evaluation of switching in multiple rounds of boomerang distinguishers, we also introduce new tools called Double Boomerang Connectivity Table (DBCT), LBCT⫤, and UBCT⊨ to evaluate the boomerang switch through the multiple rounds more accurately.

scholarly journals Security of a New Cryptographic Hash Function - Titanium

2018 ◽  
Vol 10 (3) ◽  
pp. 1244
Author(s):  
Abdullah Nazeeh Saleh ◽  
Mohammad A. Al-Ahmad
Keyword(s):  
Hash Function ◽  
Random Function ◽  
Block Cipher ◽  
Security Analysis ◽  
Differential Cryptanalysis ◽  
Brute Force ◽  
Cryptographic Hash Function ◽  
Design Choice ◽  
Differential Attacks

This paper introduces the security analysis of Titanium hash function that uses SF block cipher and follows sponge construction. A brief description of the sponge function and the design choice of Titanium are introduced. Basic security criteria of random function have been presented and studied on Titanium and then, differential cryptanalysis on Titanium has been performed and showed the resistance of it on the most recent differential attacks. A table of security discussions finalizes the paper and describes the complexity of Titanium on brute force cryptanalysis.

scholarly journals Clustering Related-Tweak Characteristics: Application to MANTIS-6

2018 ◽  
pp. 111-132
Author(s):  
Maria Eichlseder ◽  
Daniel Kales
Keyword(s):  
Block Cipher ◽  
Differential Cryptanalysis ◽  
Differential Attack ◽  
Key Recovery ◽  
Popular Approach ◽  
Differential Characteristic ◽  
Clustering Approach ◽  
Tweakable Block Cipher ◽  
Key Recovery Attack ◽  
Truncated Differential

The TWEAKEY/STK construction is an increasingly popular approach for designing tweakable block ciphers that notably uses a linear tweakey schedule. Several recent attacks have analyzed the implications of this approach for differential cryptanalysis and other attacks that can take advantage of related tweakeys. We generalize the clustering approach of a recent differential attack on the tweakable block cipher MANTIS5 and describe a tool for efficiently finding and evaluating such clusters. More specifically, we consider the set of all differential characteristics compatible with a given truncated characteristic, tweak difference, and optional constraints for the differential. We refer to this set as a semi-truncated characteristic and estimate its probability by analyzing the distribution of compatible differences at each step. We apply this approach to find a semi-truncated differential characteristic for MANTIS6 with probability about 2−67.73 and derive a key-recovery attack with a complexity of about 255.09 chosen-plaintext queries and 255.52 computations. The data-time product is 2110.61 << 2126.

scholarly journals Crypto-Archaeology: unearthing design methodology of DES s-boxes

2017 ◽  
Author(s):  
Sankhanil Dey ◽  
Ranjan Ghosh
Keyword(s):  
Boolean Function ◽  
Boolean Functions ◽  
Design Methodology ◽  
Block Cipher ◽  
Block Ciphers ◽  
Public Domain ◽  
Differential Cryptanalysis ◽  
Linear Cryptanalysis ◽  
Strict Avalanche Criterion ◽  
Independence Criterion

US defence sponsored the DES program in 1974 and released it in 1977. It remained as a well-known and well accepted block cipher until 1998. Thirty-two 4-bit DES S-Boxes are grouped in eight each with four and are put in public domain without any mention of their design methodology. S-Boxes, 4-bit, 8-bit or 32-bit, find a permanent seat in all future block ciphers. In this paper, while looking into the design methodology of DES S-Boxes, we find that S-Boxes have 128 balanced and non-linear Boolean Functions, of which 102 used once, while 13 used twice and 92 of 102 satisfy the Boolean Function-level Strict Avalanche Criterion. All the S-Boxes satisfy the Bit Independence Criterion. Their Differential Cryptanalysis exhibits better results than the Linear Cryptanalysis. However, no S-Boxes satisfy the S-Box-level SAC analyses. It seems that the designer emphasized satisfaction of Boolean-Function-level SAC and S-Box-level BIC and DC, not the S-Box-level LC and SAC.

scholarly journals BLOCK CIPHERS ON THE BASIS OF REVERSIBLE CELLULAR AUTOMATA

2020 ◽  
Vol 10 (1) ◽  
pp. 8-11
Author(s):  
Yuliya Tanasyuk ◽  
Petro Burdeinyi
Keyword(s):  
Cellular Automata ◽  
Block Cipher ◽  
Key Generation ◽  
One Dimensional ◽  
C Programming Language ◽  
C Programming ◽  
Shared Secret ◽  
Reversible Cellular Automata ◽  
The Given ◽  
First Time

The given paper is devoted to the software development of block cipher based on reversible one-dimensional cellular automata and the study of its statistical properties. The software implementation of the proposed encryption algorithm is performed in C# programming language in Visual Studio 2017. The paper presents specially designed approach for key generation. To ensure desired cryptographic stability, the shared secret parameters can be adjusted to contain information needed for creating substitution tables, defining reversible rules, and hiding final data. For the first time, it is suggested to create substitution tables based on iterations of a cellular automaton that is initialized by the key data.

scholarly journals Cryptanalysis of PMACx, PMAC2x, and SIVx

2017 ◽  
pp. 162-176
Author(s):  
Kazuhiko Minematsu ◽  
Tetsu Iwata
Keyword(s):  
Provable Security ◽  
Block Cipher ◽  
Query Complexity ◽  
Block Length ◽  
Encryption Scheme ◽  
Authenticated Encryption ◽  
Pseudorandom Functions ◽  
Tweakable Block Cipher ◽  
Deterministic Authenticated Encryption ◽  
Provably Secure

At CT-RSA 2017, List and Nandi proposed two variable input length pseudorandom functions (VI-PRFs) called PMACx and PMAC2x, and a deterministic authenticated encryption scheme called SIVx. These schemes use a tweakable block cipher (TBC) as the underlying primitive, and are provably secure up to the query complexity of 2n, where n denotes the block length of the TBC. In this paper, we falsify the provable security claims by presenting concrete attacks. We show that with the query complexity of O(2n/2), i.e., with the birthday complexity, PMACx, PMAC2x, and SIVx are all insecure.

scholarly journals Orthros: A Low-Latency PRF

2021 ◽  
pp. 37-77
Author(s):  
Subhadeep Banik ◽  
Takanori Isobe ◽  
Fukang Liu ◽  
Kazuhiko Minematsu ◽  
Kosei Sakamoto
Keyword(s):  
Hardware Implementation ◽  
Block Cipher ◽  
State Of The Art ◽  
Security Analysis ◽  
Parallel Structure ◽  
Low Latency ◽  
Round Function ◽  
Minimum Latency ◽  
Primary Focus ◽  
Pseudorandom Function

We present Orthros, a 128-bit block pseudorandom function. It is designed with primary focus on latency of fully unrolled circuits. For this purpose, we adopt a parallel structure comprising two keyed permutations. The round function of each permutation is similar to Midori, a low-energy block cipher, however we thoroughly revise it to reduce latency, and introduce different rounds to significantly improve cryptographic strength in a small number of rounds. We provide a comprehensive, dedicated security analysis. For hardware implementation, Orthros achieves the lowest latency among the state-of-the-art low-latency primitives. For example, using the STM 90nm library, Orthros achieves a minimum latency of around 2.4 ns, while other constructions like PRINCE, Midori-128 and QARMA9-128- σ0 achieve 2.56 ns, 4.10 ns, 4.38 ns respectively.

Sign in / Sign up

Export Citation Format

Share Document