scholarly journals Tradeoff Attacks on Symmetric Ciphers

2021 ◽  
Author(s):  
Orhun Kara
Keyword(s):  
Internal State ◽  
Security Analysis ◽  
Stream Ciphers ◽  
Open Problems ◽  
Key Recovery ◽  
State Recovery ◽  
Internal States ◽  
Symmetric Ciphers ◽  
Iot Devices ◽  
State Size

Tradeoff attacks on symmetric ciphers can be considered as the generalization of the exhaustive search. Their main objective is reducing the time complexity by exploiting the memory after preparing very large tables at a cost of exhaustively searching all the space during the precomputation phase. It is possible to utilize data (plaintext/ciphertext pairs) in some cases like the internal state recovery attacks for stream ciphers to speed up further both online and offline phases. However, how to take advantage of data in a tradeoff attack against block ciphers for single key recovery cases is still unknown. We briefly assess the state of art of tradeoff attacks on symmetric ciphers, introduce some open problems and discuss the security criterion on state sizes. We discuss the strict lower bound for the internal state size of keystream generators and propose more practical and fair bound along with our reasoning. The adoption of our new criterion can break a fresh ground in boosting the security analysis of small keystream generators and in designing ultra-lightweight stream ciphers with short internal states for their usage in specially low source devices such as IoT devices, wireless sensors or RFID tags.

scholarly journals Fast Correlation Attacks on Grain-like Small State Stream Ciphers

2017 ◽  
pp. 58-81 ◽  
Author(s):  
Bin Zhang ◽  
Xinxin Gong ◽  
Willi Meier
Keyword(s):  
Internal State ◽  
Stream Ciphers ◽  
Small Scale ◽  
Secret Key ◽  
Small State ◽  
Key Recovery ◽  
Key Recovery Attack ◽  
Correlation Attacks ◽  
Fast Correlation Attacks

In this paper, we study the security of Grain-like small state stream ciphers by fast correlation attacks, which are commonly regarded as classical cryptanalytic methods against LFSR-based stream ciphers. We extend the cascaded structure adopted in such primitives in general and show how to restore the full internal state part-by-part if the non-linear combining function meets some characteristic. As a case study, we present a key recovery attack against Fruit, a tweaked version of Sprout that employs key-dependent state updating in the keystream generation phase. Our attack requires 262.8 Fruit encryptions and 222.3 keystream bits to determine the 80-bit secret key. Practical simulations on a small-scale version confirmed our results.

scholarly journals Weak Keys in the Rekeying Paradigm: Application to COMET and mixFeed

2020 ◽  
pp. 272-289
Author(s):  
Mustafa Khairallah
Keyword(s):  
Lower Bound ◽  
Security Analysis ◽  
Unified Model ◽  
The State ◽  
Key Recovery ◽  
Key Schedule ◽  
Weak Keys ◽  
Generic Attacks ◽  
State Size ◽  
Online Queries

In this paper, we study a group of AEAD schemes that use rekeying as a technique to increase efficiency by reducing the state size of the algorithm. We provide a unified model to study the behavior of the keys used in these schemes, called Rekey-and-Chain (RaC). This model helps understand the design of several AEAD schemes. We show generic attacks on these schemes based on the existence of certain types of weak keys. We also show that the borderline between multi-key and single-key analyses of these schemes is not solid and the analysis can be performed independent of the master key, leading sometimes to practical attacks in the multi-key setting. More importantly, the multi-key analysis can be applied in the single key setting, since each message is encrypted with a different key. Consequently, we show gaps in the security analysis of COMET and mixFeed in the single key setting, which led the designers to provide overly optimistic security claims. In the case of COMET, full key recovery can be performed with 264 online queries and 264 offline queries in the single-key setting, or 246 online queries per user and 264 offline queries in the multi-key setting with ∼ 0.5 million users. In the case of mixFeed, we enhance the forgery adversarial advantage in the single-key setting with a factor of 267 compared to what the designers claim. More importantly, our result is just a lower bound of this advantage, since we show that the gap in the analysis of mixFeed depends on properties of the AES Key Schedule that are not well understood and require more cryptanalytic efforts to find a more tight advantage. After reporting these findings, the designers updated their security analyses and accommodated the proposed attacks.

scholarly journals Catalog and Illustrative Examples of Lightweight Cryptographic Primitives

2021 ◽  
pp. 21-47
Author(s):  
Aleksandra Mileva ◽  
Vesna Dimitrova ◽  
Orhun Kara ◽  
Miodrag J. Mihaljević
Keyword(s):  
Stream Cipher ◽  
Block Cipher ◽  
Security Analysis ◽  
Stream Ciphers ◽  
Security Evaluation ◽  
Cryptographic Primitives ◽  
Internal States ◽  
Lightweight Block Cipher ◽  
Hardware Performance

AbstractThe main objective of this chapter is to offer to practitioners, researchers and all interested parties a brief categorized catalog of existing lightweight symmetric primitives with their main cryptographic features, ultimate hardware performance, and existing security analysis, so they can easily compare the ciphers or choose some of them according to their needs. Certain security evaluation issues have been addressed as well. In particular, the reason behind why modern lightweight block cipher designs have in the last decade overwhelmingly dominated stream cipher design is analyzed in terms of security against tradeoff attacks. It turns out that it is possible to design stream ciphers having much smaller internal states.

scholarly journals Atom: A Stream Cipher with Double Key Filter

2021 ◽  
pp. 5-36
Author(s):  
Subhadeep Banik ◽  
Andrea Caforio ◽  
Takanori Isobe ◽  
Fukang Liu ◽  
Willi Meier ◽  
...  
Keyword(s):  
Stream Cipher ◽  
Internal State ◽  
Common Knowledge ◽  
Basic Structure ◽  
Stream Ciphers ◽  
Security Level ◽  
Secret Key ◽  
Internal States ◽  
The Face

It has been common knowledge that for a stream cipher to be secure against generic TMD tradeoff attacks, the size of its internal state in bits needs to be at least twice the size of the length of its secret key. In FSE 2015, Armknecht and Mikhalev however proposed the stream cipher Sprout with a Grain-like architecture, whose internal state was equal in size with its secret key and yet resistant against TMD attacks. Although Sprout had other weaknesses, it germinated a sequence of stream cipher designs like Lizard and Plantlet with short internal states. Both these designs have had cryptanalytic results reported against them. In this paper, we propose the stream cipher Atom that has an internal state of 159 bits and offers a security of 128 bits. Atom uses two key filters simultaneously to thwart certain cryptanalytic attacks that have been recently reported against keystream generators. In addition, we found that our design is one of the smallest stream ciphers that offers this security level, and we prove in this paper that Atom resists all the attacks that have been proposed against stream ciphers so far in literature. On the face of it, Atom also builds on the basic structure of the Grain family of stream ciphers. However, we try to prove that by including the additional key filter in the architecture of Atom we can make it immune to all cryptanalytic advances proposed against stream ciphers in recent cryptographic literature.

scholarly journals Cryptanalysis of Plantlet

2019 ◽  
pp. 103-120
Author(s):  
Subhadeep Banik ◽  
Khashayar Barooti ◽  
Takanori Isobe
Keyword(s):  
Stream Cipher ◽  
Internal State ◽  
Polynomial Equations ◽  
Secret Key ◽  
Key Recovery ◽  
Internal States ◽  
Key Recovery Attack ◽  
System Of Polynomial Equations ◽  
The Given ◽  
Generic Time

Plantlet is a lightweight stream cipher designed by Mikhalev, Armknecht and Müller in IACR ToSC 2017. It has a Grain-like structure with two state registers of size 40 and 61 bits. In spite of this, the cipher does not seem to lose in security against generic Time-Memory-Data Tradeoff attacks due to the novelty of its design. The cipher uses a 80-bit secret key and a 90-bit IV. In this paper, we first present a key recovery attack on Plantlet that requires around 276.26 Plantlet encryptions. The attack leverages the fact that two internal states of Plantlet that differ in the 43rd LFSR location are guaranteed to produce keystream that are either equal or unequal in 45 locations with probability 1. Thus an attacker can with some probability guess that when 2 segments of keystream blocks possess the 45 bit difference just mentioned, they have been produced by two internal states that differ only in the 43rd LFSR location. Thereafter by solving a system of polynomial equations representing the keystream bits, the attacker can find the secret key if his guess was indeed correct, or reach some kind of contradiction if his guess was incorrect. In the latter event, he would repeat the procedure for other keystream blocks with the given difference. We show that the process when repeated a finite number of times, does indeed yield the value of the secret key. In the second part of the paper, we observe that the previous attack was limited to internal state differences that occurred at time instances that were congruent to 0 mod 80. We further observe that by generalizing the attack to include internal state differences that are congruent to all equivalence classed modulo 80, we lower the total number of keystream bits required to perform the attack and in the process reduce the attack complexity to 269.98 Plantlet encryptions.

Impaired discrimination of a subanesthetic dose of ketamine in a maternal immune activation model of schizophrenia risk

2021 ◽  
pp. 026988112110297
Author(s):  
Wayne Meighan ◽  
Thomas W Elston ◽  
David Bilkey ◽  
Ryan D Ward
Keyword(s):  
Animal Models ◽  
Drug Discrimination ◽  
Immune Activation ◽  
Internal State ◽  
Nmda Receptor Antagonist ◽  
Activation Model ◽  
Data Link ◽  
Maternal Immune Activation ◽  
Internal States ◽  
Reliable Methods

Background: Animal models of psychiatric diseases suffer from a lack of reliable methods for accurate assessment of subjective internal states in nonhumans. This gap makes translation of results from animal models to patients particularly challenging. Aims/methods: Here, we used the drug-discrimination paradigm to allow rats that model a risk factor for schizophrenia (maternal immune activation, MIA) to report on the subjective internal state produced by a subanesthetic dose of the N-methyl-D-aspartate (NMDA) receptor antagonist ketamine. Results/outcomes: The MIA rats’ discrimination of ketamine was impaired relative to controls, both in the total number of rats that acquired and the asymptotic level of discrimination accuracy. This deficit was not due to a general inability to learn to discriminate an internal drug cue or internal state generally, as MIA rats were unimpaired in the learning and acquisition of a morphine drug discrimination and were as sensitive to the internal state of satiety as controls. Furthermore, the deficit was not due to a decreased sensitivity to the physiological effects of ketamine, as MIA rats showed increased ketamine-induced locomotor activity. Finally, impaired discrimination of ketamine was only seen at subanesthetic doses which functionally correspond to psychotomimetic doses in humans. Conclusion: These data link changes in NMDA responses to the MIA model. Furthermore, they confirm the utility of the drug-discrimination paradigm for future inquiries into the subjective internal state produced in models of schizophrenia and other developmental diseases.

scholarly journals Autonomous Decision-Making While Drilling

Energies ◽  
2021 ◽  
Vol 14 (4) ◽  
pp. 969
Author(s):  
Eric Cayeux ◽  
Benoît Daireaux ◽  
Adrian Ambrus ◽  
Rodica Mihai ◽  
Liv Carlsen
Keyword(s):  
Decision Making ◽  
Internal State ◽  
Drilling Process ◽  
Autonomous Decision ◽  
Internal States ◽  
Markov Decision ◽  
Drilling Operations ◽  
Drilling System ◽  
Drilling Conditions ◽  
Erratic Behavior

The drilling process is complex because unexpected situations may occur at any time. Furthermore, the drilling system is extremely long and slender, therefore prone to vibrations and often being dominated by long transient periods. Adding the fact that measurements are not well distributed along the drilling system, with the majority of real-time measurements only available at the top side and having only access to very sparse data from downhole, the drilling process is poorly observed therefore making it difficult to use standard control methods. Therefore, to achieve completely autonomous drilling operations, it is necessary to utilize a method that is capable of estimating the internal state of the drilling system from parsimonious information while being able to make decisions that will keep the operation safe but effective. A solution enabling autonomous decision-making while drilling has been developed. It relies on an optimization of the time to reach the section total depth (TD). The estimated time to reach the section TD is decomposed into the effective time spent in conducting the drilling operation and the likely time lost to solve unexpected drilling events. This optimization problem is solved by using a Markov decision process method. Several example scenarios have been run in a virtual rig environment to test the validity of the concept. It is found that the system is capable to adapt itself to various drilling conditions, as for example being aggressive when the operation runs smoothly and the estimated uncertainty of the internal states is low, but also more cautious when the downhole drilling conditions deteriorate or when observations tend to indicate more erratic behavior, which is often observed prior to a drilling event.

scholarly journals Towards Secure Network Computing Services for Lightweight Clients Using Blockchain

2018 ◽  
Vol 2018 ◽  
pp. 1-12 ◽  
Author(s):  
Yang Xu ◽  
Guojun Wang ◽  
Jidian Yang ◽  
Ju Ren ◽  
Yaoxue Zhang ◽  
...  
Keyword(s):  
Service Providers ◽  
Security Analysis ◽  
Service Provisioning ◽  
Network Computing ◽  
Security Risks ◽  
Blockchain Technology ◽  
Computing Services ◽  
Viable Solution ◽  
Secure Network ◽  
Iot Devices

The emerging network computing technologies have significantly extended the abilities of the resource-constrained IoT devices through the network-based service sharing techniques. However, such a flexible and scalable service provisioning paradigm brings increased security risks to terminals due to the untrustworthy exogenous service codes loading from the open network. Many existing security approaches are unsuitable for IoT environments due to the high difficulty of maintenance or the dependencies upon extra resources like specific hardware. Fortunately, the rise of blockchain technology has facilitated the development of service sharing methods and, at the same time, it appears a viable solution to numerous security problems. In this paper, we propose a novel blockchain-based secure service provisioning mechanism for protecting lightweight clients from insecure services in network computing scenarios. We introduce the blockchain to maintain all the validity states of the off-chain services and edge service providers for the IoT terminals to help them get rid of untrusted or discarded services through provider identification and service verification. In addition, we take advantage of smart contracts which can be triggered by the lightweight clients to help them check the validities of service providers and service codes according to the on-chain transactions, thereby reducing the direct overhead on the IoT devices. Moreover, the adoptions of the consortium blockchain and the proof of authority consensus mechanism also help to achieve a high throughput. The theoretical security analysis and evaluation results show that our approach helps the lightweight clients get rid of untrusted edge service providers and insecure services effectively with acceptable latency and affordable costs.

Sign in / Sign up

Export Citation Format

Share Document