Provable Security Against a Differential Attack

Differential Cryptanalysis (DC) is one of the oldest known attacks on block ciphers. DC is based on tracking of changes in the differences between two messages as they pass through the consecutive rounds of encryption. However DC remains very poorly understood. In his textbook written in the late 1990s Schneier wrote that against differential cryptanalysis, GOST is “probably stronger than DES”. In fact Knudsen have soon proposed more powerful advanced differential attacks however the potential space of such attacks is truly immense. To this day there is no method which allows to evaluate the security of a cipher against such attacks in a systematic way. Instead, attacks are designed and improved in ad-hoc ways with heuristics [6–13,21]. The best differential attack known has time complexity of 2179 [13]. In this paper we show that for a given block cipher there exists an optimal size for advanced differential properties. This new understanding allows to considerably reduce the space to be searched for “good” truncated differential properties suitable for an attack.

Download Full-text

Complexity analysis and hardware implementation of extensible modulo addition for lightweight block cipher in Internet of Things (IOT)

10.32920/ryerson.14647617.v1 ◽

2021 ◽

Author(s):

Sheraz Raza Siddique

Keyword(s):

Internet Of Things ◽

Hardware Implementation ◽

Block Cipher ◽

Complexity Analysis ◽

National Security Agency ◽

Round Function ◽

Lightweight Block Cipher ◽

Differential Attacks ◽

The Internet Of Things ◽

Feistel Structure

This project presents complexity analysis and hardware implementation of extensible modulo addition [15] encryption algorithm on a 32-bit lightweight FPGA based block cipher called INFLEX, which is designed for the internet of things (IoT) environment, supporting 64-bits key. It is designed for constrained hardware resources yet providing a highly secure scalable configuration for the variety of applications. This characteristic is obtained by the use of generalized Feistel structure combined with an improved block inflation feature. INFLEX follows a typical ARX (Add, Rotate, XOR) round function with a distinguished feature of block expansion and collapse as per user selected control string, which makes INFLEX act as a tweakable Cipher. We have shown comparison of INFLEX algorithm robustness and immunity against linear and differential attacks and demonstrated that it outperforms one of the benchmark block Ciphers Speck32/64 proposed by national security agency (NSA).

Download Full-text

Partial and Higher Order Differentials and Applications to the DES

BRICS Report Series ◽

10.7146/brics.v2i9.19512 ◽

1995 ◽

Vol 2 (9) ◽

Cited By ~ 1

Author(s):

Lars Ramkilde Knudsen

Keyword(s):

Block Cipher ◽

Higher Order ◽

Differential Attack ◽

Running Time ◽

Differential Attacks ◽

Derivatives Of ◽

Discrete Functions

In 1994 Lai considered higher order derivatives of discrete functions and introduced the concept of higher order differentials. We introduce the concept of partial differentials and present attacks on ciphers presumably secure against differential attacks, but vulnerable to attacks using higher order and partial differentials. Also we examine the DES for partial and higher order differentials and give a differential attack using partial differentials on DES reduced to 6 rounds using only 46 chosen plaintexts with an expected running time of about the time of 3,500 encryptions. Finally it is shown how to find a minimum nonlinear order of a block cipher using higher order differentials.

Download Full-text

Towards Provable Security of Rijndael-Like Spn Ciphers Against Differential Attacks

Tatra Mountains Mathematical Publications ◽

10.2478/v10127-012-0046-4 ◽

2012 ◽

Vol 53 (1) ◽

pp. 189-199

Author(s):

Victor Ruzhentsev ◽

Victor Dolgov

Keyword(s):

Provable Security ◽

Differential Attack ◽

Differential Attacks ◽

Truncated Differential

ABSTRACT The strength of Rijndael-like ciphers to the truncated differential attack is considered. Theorems about the absence of effective truncated (byte) differential characteristics and effective truncated (byte) differentials for ciphers with sufficient number of rounds are proved.

Download Full-text

Seven New Block Cipher Structures with Provable Security against Differential Cryptanalysis

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences ◽

10.1093/ietfec/e91-a.10.3047 ◽

2008 ◽

Vol E91-A (10) ◽

pp. 3047-3058 ◽

Cited By ~ 4

Author(s):

J. KIM ◽

C. LEE ◽

J. SUNG ◽

S. HONG ◽

S. LEE ◽

...

Keyword(s):

Provable Security ◽

Block Cipher ◽

Differential Cryptanalysis

Download Full-text

Security of a New Cryptographic Hash Function - Titanium

Indonesian Journal of Electrical Engineering and Computer Science ◽

10.11591/ijeecs.v10.i3.pp1244-1250 ◽

2018 ◽

Vol 10 (3) ◽

pp. 1244

Author(s):

Abdullah Nazeeh Saleh ◽

Mohammad A. Al-Ahmad

Keyword(s):

Hash Function ◽

Random Function ◽

Block Cipher ◽

Security Analysis ◽

Differential Cryptanalysis ◽

Brute Force ◽

Cryptographic Hash Function ◽

Design Choice ◽

Differential Attacks

This paper introduces the security analysis of Titanium hash function that uses SF block cipher and follows sponge construction. A brief description of the sponge function and the design choice of Titanium are introduced. Basic security criteria of random function have been presented and studied on Titanium and then, differential cryptanalysis on Titanium has been performed and showed the resistance of it on the most recent differential attacks. A table of security discussions finalizes the paper and describes the complexity of Titanium on brute force cryptanalysis.

Download Full-text

Clustering Related-Tweak Characteristics: Application to MANTIS-6

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2018.i2.111-132 ◽

2018 ◽

pp. 111-132

Author(s):

Maria Eichlseder ◽

Daniel Kales

Keyword(s):

Block Cipher ◽

Differential Cryptanalysis ◽

Differential Attack ◽

Key Recovery ◽

Popular Approach ◽

Differential Characteristic ◽

Clustering Approach ◽

Tweakable Block Cipher ◽

Key Recovery Attack ◽

Truncated Differential

The TWEAKEY/STK construction is an increasingly popular approach for designing tweakable block ciphers that notably uses a linear tweakey schedule. Several recent attacks have analyzed the implications of this approach for differential cryptanalysis and other attacks that can take advantage of related tweakeys. We generalize the clustering approach of a recent differential attack on the tweakable block cipher MANTIS5 and describe a tool for efficiently finding and evaluating such clusters. More specifically, we consider the set of all differential characteristics compatible with a given truncated characteristic, tweak difference, and optional constraints for the differential. We refer to this set as a semi-truncated characteristic and estimate its probability by analyzing the distribution of compatible differences at each step. We apply this approach to find a semi-truncated differential characteristic for MANTIS6 with probability about 2−67.73 and derive a key-recovery attack with a complexity of about 255.09 chosen-plaintext queries and 255.52 computations. The data-time product is 2110.61 << 2126.

Download Full-text

Accurate Estimate of the Advantage of Impossible Differential Attacks

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2017.i3.169-191 ◽

2017 ◽

pp. 169-191 ◽

Cited By ~ 1

Author(s):

Céline Blondeau

Keyword(s):

Time Complexity ◽

Block Cipher ◽

Poisson Approximation ◽

Accurate Estimate ◽

Random Permutations ◽

Differential Attack ◽

Impossible Differential ◽

Impossible Differential Attack ◽

Differential Attacks ◽

Multivariate Hypergeometric Distribution

Impossible differential attacks, which are taking advantage of differentials that cannot occur, are powerful attacks for block cipher primitives. The power of such attacks is often measured in terms of the advantage — number of key-bits found during the key sieving phase — which determines the time complexity of the exhaustive key search phase. The statistical model used to compute this advantage has been introduced in the seminal work about the resistance of the DEAL cipher to impossible differential attacks. This model, which has not been modified since the end of the 1990s, is implicitly based on the Poisson approximation of the binomial distribution. In this paper, we investigate this commonly used model and experimentally illustrate that random permutations do not follow it. Based on this observation, we propose more accurate estimates of the advantage of an impossible differential attack. The experiments illustrate the accuracy of the estimate derived from the multivariate hypergeometric distribution. The maximal advantage –using the full codebook– of an impossible differential attack is also derived.

Download Full-text

Complexity analysis and hardware implementation of extensible modulo addition for lightweight block cipher in Internet of Things (IOT)

10.32920/ryerson.14647617 ◽

2021 ◽

Author(s):

Sheraz Raza Siddique

Keyword(s):

Internet Of Things ◽

Hardware Implementation ◽

Block Cipher ◽

Complexity Analysis ◽

National Security Agency ◽

Round Function ◽

Lightweight Block Cipher ◽

Differential Attacks ◽

The Internet Of Things ◽

Feistel Structure

This project presents complexity analysis and hardware implementation of extensible modulo addition [15] encryption algorithm on a 32-bit lightweight FPGA based block cipher called INFLEX, which is designed for the internet of things (IoT) environment, supporting 64-bits key. It is designed for constrained hardware resources yet providing a highly secure scalable configuration for the variety of applications. This characteristic is obtained by the use of generalized Feistel structure combined with an improved block inflation feature. INFLEX follows a typical ARX (Add, Rotate, XOR) round function with a distinguished feature of block expansion and collapse as per user selected control string, which makes INFLEX act as a tweakable Cipher. We have shown comparison of INFLEX algorithm robustness and immunity against linear and differential attacks and demonstrated that it outperforms one of the benchmark block Ciphers Speck32/64 proposed by national security agency (NSA).

Download Full-text

Towards Key-recovery-attack Friendly Distinguishers: Application to GIFT-128

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2021.i1.156-184 ◽

2021 ◽

pp. 156-184

Author(s):

Rui Zong ◽

Xiaoyang Dong ◽

Huaifeng Chen ◽

Yiyuan Luo ◽

Si Wang ◽

...

Keyword(s):

Block Cipher ◽

Recovery Process ◽

Low Complexity ◽

Differential Cryptanalysis ◽

Linear Cryptanalysis ◽

Linear Hull ◽

Differential Attack ◽

Key Recovery ◽

Key Recovery Attack

When analyzing a block cipher, the first step is to search for some valid distinguishers, for example, the differential trails in the differential cryptanalysis and the linear trails in the linear cryptanalysis. A distinguisher is advantageous if it can be utilized to attack more rounds and the amount of the involved key bits during the key-recovery process is small, as this leads to a long attack with a low complexity. In this article, we propose a two-step strategy to search for such advantageous distinguishers. This strategy is inspired by the intuition that if a differential is advantageous only when some properties are satisfied, then we can predefine some constraints describing these properties and search for the differentials in the small set.As applications, our strategy is used to analyze GIFT-128, which was proposed in CHES 2017. Based on some 20-round differentials, we give the first 27-round differential attack on GIFT-128, which covers one more round than the best previous result. Also, based on two 17-round linear trails, we give the first linear hull attack on GIFT-128, which covers 22 rounds. In addition, we also give some results on two GIFT-128 based AEADs GIFT-COFB and SUNDAE-GIFT.

Download Full-text