scholarly journals Improved Security Bound of (E/D)WCDM

2021 ◽  
pp. 138-176
Author(s):  
Nilanjan Datta ◽  
Avijit Dutta ◽  
Kushankur Dutta
Keyword(s):  
Block Cipher ◽  
Block Size ◽  
Number Of Solutions ◽  
Security Proofs ◽  
Mirror Theory ◽  
Security Bound

In CRYPTO’16, Cogliati and Seurin proposed a block cipher based nonce based MAC, called Encrypted Wegman-Carter with Davies-Meyer (EWCDM), that gives 2n/3 bit MAC security in the nonce respecting setting and n/2 bit security in the nonce misuse setting, where n is the block size of the underlying block cipher. However, this construction requires two independent block cipher keys. In CRYPTO’18, Datta et al. came up with a single-keyed block cipher based nonce based MAC, called Decrypted Wegman-Carter with Davies-Meyer (DWCDM), that also provides 2n/3 bit MAC security in the nonce respecting setting and n/2 bit security in the nonce misuse setting. However, the drawback of DWCDM is that it takes only 2n/3 bit nonce. In fact, authors have shown that DWCDM cannot achieve beyond the birthday bound security with n bit nonces. In this paper, we prove that DWCDM with 3n/4 bit nonces provides MAC security up to O(23n/4) MAC queries against all nonce respecting adversaries. We also improve the MAC bound of EWCDM from 2n/3 bit to 3n/4 bit. The backbone of these two results is a refined treatment of extended mirror theory that systematically estimates the number of solutions to a system of bivariate affine equations and non-equations, which we apply on the security proofs of the constructions to achieve 3n/4 bit security.

scholarly journals Errata to Sound Hashing Modes of Arbitrary Functions, Permutations, and Block Ciphers

2020 ◽  
pp. 362-366
Author(s):  
Aldo Gunsing ◽  
Joan Daemen ◽  
Bart Mennink
Keyword(s):  
Block Cipher ◽  
Block Size ◽  
Block Ciphers ◽  
Query Complexity ◽  
Extra Term ◽  
Security Bound

In ToSC 2018(4), Daemen et al. performed an in-depth investigation of sound hashing modes based on arbitrary functions, permutations, or block ciphers. However, for the case of invertible primitives, there is a glitch. In this errata, we formally fix this glitch by adding an extra term to the security bound, q/2b−n, where q is query complexity, b the width of the permutation or the block size of the block cipher, and n the size of the hash digest. For permutations that are wider than two times the chaining value this term is negligible. For block cipher based hashing modes where the block size is close to the digest size, the term degrades the security significantly.

scholarly journals On Length Independent Security Bounds for the PMAC Family

2021 ◽  
pp. 423-445
Author(s):  
Bishwajit Chakraborty ◽  
Soumya Chattopadhyay ◽  
Ashwin Jha ◽  
Mridul Nandi
Keyword(s):  
Block Cipher ◽  
Block Size ◽  
Gray Code ◽  
Tight Bound ◽  
Simple Modification ◽  
Security Proof ◽  
Tight Security ◽  
Pseudorandom Function ◽  
Exact Security ◽  
Query Length

At FSE 2017, Gaži et al. demonstrated a pseudorandom function (PRF) distinguisher (Gaži et al., ToSC 2016(2)) on PMAC with Ω(lq2/2n) advantage, where q, l, and n, denote the number of queries, maximum permissible query length (in terms of n-bit blocks), and block size of the underlying block cipher. This, in combination with the upper bounds of Ο(lq2/2n) (Minematsu and Matsushima, FSE 2007) and Ο(qσ/2n) (Nandi and Mandal, J. Mathematical Cryptology 2008(2)), resolved the long-standing problem of exact security of PMAC. Gaži et al. also showed that the dependency on l can be dropped (i.e. O(q2/2n) bound up to l ≤ 2n/2) for a simplified version of PMAC, called sPMAC, by replacing the Gray code-based masking in PMAC with any 4-wise independent universal hash-based masking. Recently, Naito proposed another variant of PMAC with two powering-up maskings (Naito, ToSC 2019(2)) that achieves l-free bound of O(q2/2n), provided l ≤ 2n/2. In this work, we first identify a flaw in the analysis of Naito’s PMAC variant that invalidates the security proof. Apparently, the flaw is not easy to fix under the existing proof setup. We then formulate an equivalent problem which must be solved in order to achieve l-free security bounds for this variant. Second, we show that sPMAC achieves O(q2/2n) bound for a weaker notion of universality as compared to the earlier condition of 4-wise independence. Third, we analyze the security of PMAC1 (a popular variant of PMAC) with a simple modification in the linear combination of block cipher outputs. We show that this simple modification of PMAC1 has tight security O(q2/2n) provided l ≤ 2n/4. Even if l < 2n/4, we still achieve same tight bound as long as total number of blocks in all queries is less than 22n/3.

scholarly journals BRISK: Dynamic Encryption Based Cipher for Long Term Security

Sensors ◽  
2021 ◽  
Vol 21 (17) ◽  
pp. 5744
Author(s):  
Ashutosh Dhar Dwivedi
Keyword(s):  
Block Cipher ◽  
Block Size ◽  
Distributed Networks ◽  
Large Pool ◽  
Dynamic Encryption ◽  
Small Pool ◽  
The Internet Of Things ◽  
Resource Constrained Devices ◽  
Constrained Devices

Several emerging areas like the Internet of Things, sensor networks, healthcare and distributed networks feature resource-constrained devices that share secure and privacy-preserving data to accomplish some goal. The majority of standard cryptographic algorithms do not fit with these constrained devices due to heavy cryptographic components. In this paper, a new block cipher, BRISK, is proposed with a block size of 32-bit. The cipher design is straightforward due to simple round operations, and these operations can be efficiently run in hardware and suitable for software. Another major concept used with this cipher is dynamism during encryption for each session; that is, instead of using the same encryption algorithm, participants use different ciphers for each session. Professor Lars R. Knudsen initially proposed dynamic encryption in 2015, where the sender picks a cipher from a large pool of ciphers to encrypt the data and send it along with the encrypted message. The receiver does not know about the encryption technique used before receiving the cipher along with the message. However, in the proposed algorithm, instead of choosing a new cipher, the process uses the same cipher for each session, but varies the cipher specifications from a given small pool, e.g., the number of rounds, cipher components, etc. Therefore, the dynamism concept is used here in a different way.

scholarly journals Implementasi Algoritma Data Encryption Standard Pada Penyandian Record Database

2018 ◽  
Vol 2 (1) ◽  
pp. 23
Author(s):  
Neti Rusri Yanti ◽  
Alimah Alimah ◽  
Desi Afrida Ritonga
Keyword(s):  
Block Cipher ◽  
Block Size ◽  
Data Encryption ◽  
Data Encryption Standard ◽  
Cryptographic Algorithms ◽  
Secure Data ◽  
Cryptographic System

Record databases are generally still often displayed in text form as information for users, so it can facilitate cryptanalyst to access and provide opportunities to do the leak, distribute or modify the database records. One of the cryptographic algorithms used to secure data is using the DES algorithm to encrypt the data to be stored or sent. The DES algorithm belongs to a cryptographic system of symmetry and is a type of block cipher. DES operates on a 64-bit block size. DES describes 64 bits of plaintext to 64 bits of ciphertext using 56 bits of internal key (internal key) or up-key (subkey). The internal key is generated from an external key 64-bit length. This research describes the process of securing database records by encrypting it based on DES algorithm, resulting in text record databases in the form of passwords that are difficult to understand and understand by others. This is done in an attempt to minimize the misuse of database records.

scholarly journals Highly Secure Nonce-based MACs from the Sum of Tweakable Block Ciphers

2020 ◽  
pp. 39-70
Author(s):  
Wonseok Choi ◽  
Akiko Inoue ◽  
Byeonghak Lee ◽  
Jooyoung Lee ◽  
Eik List ◽  
...  
Keyword(s):  
Hash Functions ◽  
Block Size ◽  
Block Ciphers ◽  
Modular Approach ◽  
Security Proofs ◽  
High Security ◽  
Authentication Schemes ◽  
Security Guarantees

Tweakable block ciphers (TBCs) have proven highly useful to boost the security guarantees of authentication schemes. In 2017, Cogliati et al. proposed two MACs combining TBC and universal hash functions: a nonce-based MAC called NaT and a deterministic MAC called HaT. While both constructions provide high security, their properties are complementary: NaT is almost fully secure when nonces are respected (i.e., n-bit security, where n is the block size of the TBC, and no security degradation in terms of the number of MAC queries when nonces are unique), while its security degrades gracefully to the birthday bound (n/2 bits) when nonces are misused. HaT has n-bit security and can be used naturally as a nonce-based MAC when a message contains a nonce. However, it does not have full security even if nonces are unique.This work proposes two highly secure and efficient MACs to fill the gap: NaT2 and eHaT. Both provide (almost) full security if nonces are unique and more than n/2-bit security when nonces can repeat. Based on NaT and HaT, we aim at achieving these properties in a modular approach. Our first proposal, Nonce-as-Tweak2 (NaT2), is the sum of two NaT instances. Our second proposal, enhanced Hash-as-Tweak (eHaT), extends HaT by adding the output of an additional nonce-depending call to the TBC and prepending nonce to the message. Despite the conceptual simplicity, the security proofs are involved. For NaT2 in particular, we rely on the recent proof framework for Double-block Hash-then-Sum by Kim et al. from Eurocrypt 2020.

Đánh giá chính xác cận an toàn cho mã xác thực LightMAC

2020 ◽  
Vol 7 (1) ◽  
pp. 59-64
Author(s):  
Nguyễn Tuấn Anh
Keyword(s):  
Block Size ◽  
Message Authentication ◽  
Message Authentication Code ◽  
Resource Constrained ◽  
Authentication Code ◽  
On Demand ◽  
Message Length ◽  
Constrained Environments ◽  
Security Bound

Tóm tắt— LightMAC là mã xác thực thông điệp được Atul Luykx đề xuất sử dụng trong các môi trường có tài nguyên hạn chế và có cận an toàn không phụ thuộc vào độ dài thông điệp. Thuật toán LightMAC sinh ra nhãn xác thực có độ dài tùy theo yêu cầu của người sử dụng. Tuy nhiên, đánh giá an toàn trong [1] lại sử dụng trực tiếp kết quả dành cho độ dài nhãn xác thực bằng kích cỡ mã khối cơ sở của Dodis [2]. Trong bài báo này, đầu tiên, chúng tôi đánh giá cận an toàn của mã xác thực LightMAC trong trường hợp độ dài nhãn xác thực nhỏ hơn kích cỡ của mã khối cơ sở. Sau đó, sự phụ thuộc vào độ dài thông điệp trong cận an toàn của LightMAC được xem xét lại. Abstract— The message authentication code mode, LightMAC, which was proposed to use in resource-constrained environments by Atul Luykx has security bound independ on message length. The tag length in LightMAC algorithm depend on demand of user’s. However, the security analysis’s Atul [1] directly uses the Dodis’s result [2] which presents for the case that tag length is the block size. In this paper, we first evaluate the security bound of LightMAC when tag length is less than the block size. Then, the dependence on the message length of LightMAC’s security bound is reviewed. 

IMPROVED RELATED-KEY RECTANGLE ATTACK ON THE FULL HAS-160 ENCRYPTION MODE

2012 ◽  
Vol 23 (03) ◽  
pp. 733-747
Author(s):  
YUECHUAN WEI ◽  
CHAO LI ◽  
DAN CAO
Keyword(s):  
Block Cipher ◽  
Block Size ◽  
Key Recovery ◽  
Key Recovery Attacks ◽  
Mode A

HAS-160, a Korean hash standard, has been widely used in the Korean industry. This paper aims to re-evaluate the security of HAS-160 in the encryption mode, a block cipher with the 512-bit key size and the 160-bit plaintext block size. A previous attack is based on a 71-round related-key distinguisher with probability 2-304. Using some delicate properties of HAS-160 and employing a bit-fixing technique, we present a 72-round related-key rectangle distinguisher with probability 2-290in this paper. Based on this new distinguisher, two key recovery attacks on the encryption mode of the full 80-round HAS-160 are performed, which improve the earlier results. The attacks presented in this paper are the best known results on HAS-160 in the encryption mode in terms of the number of attack rounds and the efficiency of attacks.

scholarly journals Encryption of DES Algorithm in Information Security

2018 ◽  
Author(s):  
Andysah Putera Utama Siahaan
Keyword(s):  
Information Security ◽  
Data Security ◽  
Block Cipher ◽  
Personal Data ◽  
Block Size ◽  
Data Encryption ◽  
Business Practices ◽  
Security Systems ◽  
Data Encryption Standard ◽  
Private Key

Information security is the protection of personal and non-personal data from various threats to guarantee privacy. For business practices, data security can reduce business risk, and increase the return of investment and business opportunities. In designing information system security systems, there are information security aspects that need to be considered. Many threats will come before the information circulating. Information is a matter that will be targeted by wild parties. Cryptographic algorithms are needed to protect data from these threats. Data Encryption Standard (DES) belongs to the symmetry cryptography system and is classified as a block cipher type. DES operates on 64-bit block size. DES encrypts 64 plaintext bits into 64-bit ciphertext using 56 private key bits or subkeys. The internal key is generated from an external key that is 64 bits long. The DES method is an excellent cryptographic technique used to secure data. DES has 16 rounds to ensure safer data against unexpected attacks. Applying DES to data encryption will be very useful for protecting data.

scholarly journals Alpha-DBL: A Reasonable High Secure Double-Block-Length Hash Function

2021 ◽  
Vol 2 (12) ◽  
pp. 11-17
Author(s):  
Hoang Dinh Linh ◽  
Tran Hong Thai
Keyword(s):  
Hash Function ◽  
Security Analysis ◽  
Block Size ◽  
Block Length ◽  
Preimage Resistance ◽  
Single Block ◽  
Double Block Length ◽  
Function Construction ◽  
Security Bound ◽  
Better Than

Abstract—We propose a new double-block-length compression function which is called Alpha-DBL. This scheme uses two parallel secure single block length schemes based on a block cipher with -bit key and -bit block size to compress a -bit string to a -bit one. We show that the Alpha-DBL scheme attains nearly optimal collision security and preimage security bounds (up to  and  queries for finding a collision and a preimage, respectively). More precisely, for , no adversary making less than  queries can find a collision with probability greater than 1/2. To our knowledge, this collision security bound is nearly better than other such compression functions. In addition, we provide a preimage security analysis of Alpha-DBL that shows security bound of  queries for . Using this scheme in the iterated hash function construction can preserve the collision resistance security and the preimage resistance security.Tóm tắt—Chúng tôi đề xuất một hàm nén độ dài khối kép mới được gọi là Alpha-DBL. Lược đồ này sử dụng hai lược đồ độ dài khối đơn an toàn song song dựa trên mã khối với khóa -bit và kích thước khối -bit để nén chuỗi -bit thành chuỗi -bit. Chúng tôi đã chứng minh rằng, lược đồ Alpha-DBL đạt được cận an toàn kháng va chạm và kháng tiền ảnh gần như tối ưu (tối đa  và  truy vấn tương ứng để tìm va chạm và tiền ảnh). Cụ thể với , một kẻ tấn công bất kỳ thực hiện ít hơn  truy vấn chỉ có thể tìm thấy một va chạm với xác suất nhỏ hơn 1/2. Theo hiểu biết của chúng tôi, cận an toàn kháng va chạm này tốt hơn so với các hàm nén khác. Ngoài ra, chúng tôi đã đưa ra phân tích độ an toàn kháng tiền ảnh của Alpha-DBL cho thấy cận an toàn là 2  truy vấn cho . Sử dụng lược đồ này trong việc xây dựng hàm băm được lặp có thể bảo toàn độ an toàn kháng va chạm và an toàn kháng tiền ảnh. 

Sign in / Sign up

Export Citation Format

Share Document