On Fault Injections in Generalized Feistel Networks
|
|
- Tyler Thompson
- 6 years ago
- Views:
Transcription
1 On Fault Injections in Generalized Feistel Networks Hélène Le Bouder 1, Gaël Thomas 2, Yanis Linge 3, Assia Tria 4 1 École Nationale Supérieure des Mines de Saint-Étienne 2 XLIM Université de Limoges 3 STMicroelectronics 4 CEA-Tech Fault Diagnosis and Tolerance in Cryptography 2014 On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
2 Introduction Security is a key component for information technologies and communication Even securely designed algorithm may be vulnerable to physical attacks Fault injection attacks (FIA): disrupt and exploit the circuit behaviour But FIA can damage the circuit The number of fault injections is a critical aspect of FIA On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
3 This Paper FIA on Generalized Feistel Networks Single-bit fault model Find the most critical locations for FIA Assess the number of faults needed Generic Approach On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
4 Plan 1 Introduction 2 Context Generalized Feistel Networks Differential Fault Analysis 3 Our methodology At the Feistel network level At the Feistel function level Algorithm 4 Results on examples DES MIBS TWINE CLEFIA 5 Conclusion On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
5 Generalized Feistel Networks The Original Feistel Structure Designed by Horst Feistel at IBM in the 1970 s Used in DES, Camellia, MIBS, Simon,... L r R r Build 2n-bit permutation from n-bit to n-bit (Feistel) functions Similar encryption and decryption up to subkeys order F L r+1 R r+1 On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
6 Generalized Feistel Networks Generalized Feistel Networks Introduced by Zheng, Matsumoto, and Imai at CRYPTO 89 Splits the message into b 2 n-bit-long blocks B 0 r B 1 r B 2 r B 3 r B 4 r B 5 r B 6 r B 7 r non-linear functions block permutation B 0 r+1 B 1 r+1 B 2 r+1 B 3 r+1 B 4 r+1 B 5 r+1 B 6 r+1 B 7 r+1 On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
7 Differential Fault Analysis Differential Fault Analysis (DFA) on GFNs DFA is a powerful cryptanalytic technique that exploits differences between the correct ciphertext and erroneous results due to fault injections. B o r = F ( ) ( ) Br 1, i Kr λ F Br 1, i Kr λ B j r 1 B j r 1, Bj r 1 B i r 1, B i r 1 F K λ r B o r, B o r On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
8 At the Feistel network level Diffusion Full Diffusion Delay: minimum number of rounds d for every inputs to influence every outputs On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
9 At the Feistel network level Diffusion Full Diffusion Delay: minimum number of rounds d for every inputs to influence every outputs A matrix M to represent the diffusion in the network: On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
10 At the Feistel network level Diffusion Full Diffusion Delay: minimum number of rounds d for every inputs to influence every outputs A matrix M to represent the diffusion in the network: 0: Br+1 i is influenced by Bj r directly 1: Br+1 i is influenced by Bj r via the Feistel function F : not influenced (noted. ) M = On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
11 At the Feistel function level Feistel function Xor with the subkey S-boxes: non linear Layers of linear functions Diffusion in the Feistel function A divide-and-conquer approach at the S-box level Influence of the fault on B j Goals: B o r = F ( B i r 1, K λ r r 1 ) F ( B i r 1, K λ r 1 Number of pieces of subkey attacked 2 Number of possible differences 3 Number of faults required ) B j r 1 On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
12 Algorithm For each block and each round where the fault can be injected: On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
13 Algorithm For each block and each round where the fault can be injected: 1 Use M to compute: On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
14 Algorithm For each block and each round where the fault can be injected: 1 Use M to compute: V F vector of the number of passages of the fault in the Feistel function on the penultimate round On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
15 Algorithm For each block and each round where the fault can be injected: 1 Use M to compute: V F vector of the number of passages of the fault in the Feistel function on the penultimate round W F = M V F vector of the number of passages of the fault in the Feistel function on the last round On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
16 Algorithm For each block and each round where the fault can be injected: 1 Use M to compute: V F vector of the number of passages of the fault in the Feistel function on the penultimate round W F = M V F vector of the number of passages of the fault in the Feistel function on the last round 2 Deduce the number n λ of blocks K λ r that can be attacked On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
17 Algorithm For each block and each round where the fault can be injected: 1 Use M to compute: V F vector of the number of passages of the fault in the Feistel function on the penultimate round W F = M V F vector of the number of passages of the fault in the Feistel function on the last round 2 Deduce the number n λ of blocks K λ r that can be attacked 3 Use F to find the number of possible differential B j r 1 On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
18 Algorithm For each block and each round where the fault can be injected: 1 Use M to compute: V F vector of the number of passages of the fault in the Feistel function on the penultimate round W F = M V F vector of the number of passages of the fault in the Feistel function on the last round 2 Deduce the number n λ of blocks K λ r that can be attacked 3 Use F to find the number of possible differential B j r 1 4 Deduce the number n l of pieces K λ,l r attacked On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
19 Algorithm For each block and each round where the fault can be injected: 1 Use M to compute: V F vector of the number of passages of the fault in the Feistel function on the penultimate round W F = M V F vector of the number of passages of the fault in the Feistel function on the last round 2 Deduce the number n λ of blocks K λ r that can be attacked 3 Use F to find the number of possible differential B j r 1 4 Deduce the number n l of pieces K λ,l r attacked 5 Estimate the number n J of faults required to attack that subkey block On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
20 DES Description NIST standard from 1977 to 2001 A 16-round Feistel cipher Lr Rr Starts by a 64-bit permutation IP and finishes by its inverse IP 1 E Kr Feistel function consists in 4 steps: Expansion E which maps 32 bits in 48 bits by duplicating half of the bits S1 S2 S3 S4 S5 P S6 S7 S 8 Xor with the 48 bits of subkey K r 8 S-boxes 6 4 Lr+1 Rr+1 Bit permutation P of 32 bits On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
21 DES Results Full diffusion delay: d = 2 ( ). 0 M = 0 1 Number of subkey blocks: Λ = 1 Number of pieces in subkey blocks: L = 8 Number of faults required to retrieve a piece of subkey: n = 3 Table: Results of our analysis on the DES Blocks B V F W F n l R 15 (., 0) (1, 0) 1 n l 2 1 R 14 (0, 1) (2, 1) 2 n l 8 2 R 13 (1, 2) (3, 2) 2 n l On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
22 MIBS Description Presented at CANS 09 Lr Rr A 32-round Feistel cipher Kr Key of 64 or 80 bits Feistel function operates in 3 steps: Xor with the subkey S0 S1 S2 S3 S4 MC S5 S6 S 7 8 S-boxes 4 4 A linear mixing layer MC acting at nibble level Lr+1 On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
23 MIBS Results Full diffusion delay: d = 2 ( ) 1 0 M = 0. Number of subkey blocks: Λ = 1 Number of pieces in subkey blocks: L = 8 Number of faults required to retrieve a piece of subkey: n = 2 Table: Results of our analysis on MIBS Blocks B V F W F n l L 31 (0,.) (0, 1) 1 1 L 30 (1, 0) (1, 2) 5 n l 6 4 L 29 (2, 1) (2, 3) On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
24 TWINE Description 64-bit block cipher presented at SAC 12 GFN with 16 blocks, 4 bits each, and with 80 or 128-bit keys 36 rounds for both key lengths Feistel function used 8 times per round and consecutively made of: 4-bit Xor with a subkey block A single S-box 4 4 Br 0 Br 1 Br 2 Br 3 Br 4 Br 5 Br 6 Br 7 Br 8 Br 9 Br 10 Br 11 Br 12 Br 13 Br 14 Br 15 B 0 r+1 B 1 r+1 B 2 r+1 B 3 r+1 B 4 r+1 B 5 r+1 B 6 r+1 B 7 r+1 B 8 r+1 B 9 r+1 B 10 r+1 B 11 r+1 B 12 r+1 B 13 r+1 B 14 r+1 B 15 r+1 On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
25 TWINE Results Full diffusion delay: d = M = Number of subkey blocks: Λ = 8 Number of pieces in subkey blocks: L = 1 Number of faults required to retrieve a piece of subkey: n = 2 On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
26 TWINE Results Full diffusion delay: d = 8 Number of subkey blocks: Λ = 8 Number of pieces in subkey blocks: L = 1 Number of faults required to retrieve a piece of subkey: n = 2 Summary of Results Best case achievable: inject a fault at round 31 Attack n λ = 5 functions (4 with non faulted B j r 1 with #{B j r 1 } = 7) If injected earlier at most 4 functions If injected after only up to 3 functions and one On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
27 CLEFIA Description 128-bit block cipher presented at FSE 07 Key sizes: 128, 192 or 256 bits Part of standard ISO/IEC B 0 r B 1 r GFN with 4 blocks, 32 bits each 2 slightly different Feistel functions: Xor with the subkey 4 S-boxes linear diffusion layers, MC 0 and MC 1 K 1 r S1 S0 S1 MC0 S0 B 0 r B 1 r B 2 r B 3 r F0 F1 B 0 r+1 B 0 r B 1 r+1 B 2 r+1 B 3 r+1 On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
28 CLEFIA Results Full diffusion delay d = M = Number of subkey blocks: Λ = 2 Number of pieces in subkey blocks: L = 4 Number of faults required to retrieve a piece of subkey: n = 2 On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
29 CLEFIA Results Full diffusion delay d = 4 Number of subkey blocks: Λ = 2 Number of pieces in subkey blocks: L = 4 Number of faults required to retrieve a piece of subkey: n = 2 Table: Results of our analysis on CLEFIA Blocks B V F W F n λ n l B17 0 (0,.,.,.) (0, 1,.,.) 1 (1, 0) (1, ) B16 0 (1,.,., 0) (1, 2,., 0) 1 (4, 0) (1, ) B15 0 (2,., 0, 1) (2, 3, 0, 1) 2 (4, 1) (1, 127) B14 0 (3, 0, 1, 2) (3, 4, 1, 2) 2 (4, 4) (4, huge) B13 0 (4, 1, 2, 3) (4, 5, 2, 3) 2 (4, 4) (946, huge) On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
30 Conclusion It has been shown that some blocks are more vulnerable to DFA than others in GFNs A method has been proposed to identify these blocks allowing attackers to minimize single-bit fault injections The vulnerability evaluation is not optimal but is generic and a method to assess the vulnerabilities automatically is possible Further work will include multi-bit faults injection On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
31 Acknowledgements The authors would like to thank Ronan Lashermes and Thierry P. Berger for their valuable contributions to the development and understanding of the issues discussed in the paper. This work was partially funded by the French DGCIS (Direction Générale de la Compétitivité de l Industrie et des Services) through the CALISSON 2 project; and partially supported by the French National Agency of Research: ANR-11-INS-011. On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
32 Thank you for your attention Do you have any questions? On Fault Injections on GFNs Le Bouder, Thomas, Linge, Tria FDTC /21
Block Ciphers and Data Encryption Standard. CSS Security and Cryptography
Block Ciphers and Data Encryption Standard CSS 322 - Security and Cryptography Contents Block Cipher Principles Feistel Structure for Block Ciphers DES Simplified DES Real DES DES Design Issues CSS 322
More informationPiret and Quisquater s DFA on AES Revisited
Piret and Quisquater s DFA on AES Revisited Christophe Giraud 1 and Adrian Thillard 1,2 1 Oberthur Technologies, 4, allée du doyen Georges Brus, 33 600 Pessac, France. c.giraud@oberthur.com 2 Université
More informationCryptography and Network Security. Sixth Edition by William Stallings
Cryptography and Network Security Sixth Edition by William Stallings Chapter 3 Block Ciphers and the Data Encryption Standard All the afternoon Mungo had been working on Stern's code, principally with
More informationComputer and Data Security. Lecture 3 Block cipher and DES
Computer and Data Security Lecture 3 Block cipher and DES Stream Ciphers l Encrypts a digital data stream one bit or one byte at a time l One time pad is example; but practical limitations l Typical approach
More informationCryptography and Network Security Block Ciphers + DES. Lectured by Nguyễn Đức Thái
Cryptography and Network Security Block Ciphers + DES Lectured by Nguyễn Đức Thái Outline Block Cipher Principles Feistel Ciphers The Data Encryption Standard (DES) (Contents can be found in Chapter 3,
More informationSecret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34
Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used for both encryption and decryption.
More informationICT 6541 Applied Cryptography. Hossen Asiful Mustafa
ICT 6541 Applied Cryptography Hossen Asiful Mustafa Encryption & Decryption Key (K) Plaintext (P) Encrypt (E) Ciphertext (C) C = E K (P) Same Key (K) Ciphertext (C) Decrypt (D) Plaintext (P) P = D K (C)
More informationCSCE 813 Internet Security Symmetric Cryptography
CSCE 813 Internet Security Symmetric Cryptography Professor Lisa Luo Fall 2017 Previous Class Essential Internet Security Requirements Confidentiality Integrity Authenticity Availability Accountability
More informationCryptographic Algorithms - AES
Areas for Discussion Cryptographic Algorithms - AES CNPA - Network Security Joseph Spring Department of Computer Science Advanced Encryption Standard 1 Motivation Contenders Finalists AES Design Feistel
More informationLecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 24
Assume encryption and decryption use the same key. Will discuss how to distribute key to all parties later Symmetric ciphers unusable for authentication of sender Lecturers: Mark D. Ryan and David Galindo.
More informationSecret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General Considerations:
Secret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General Considerations: Secret Key Systems Encrypting a small block of text (say 64 bits) General Considerations: 1. Encrypted
More informationIntroduction to Modern Symmetric-Key Ciphers
Introduction to Modern Symmetric-Key Ciphers 1 Objectives Review a short history of DES. Define the basic structure of DES. List DES alternatives. Introduce the basic structure of AES. 2 Data Encryption
More informationExternal Encodings Do not Prevent Transient Fault Analysis
External Encodings Do not Prevent Transient Fault Analysis Christophe Clavier Gemalto, Security Labs CHES 2007 Vienna - September 12, 2007 Christophe Clavier CHES 2007 Vienna September 12, 2007 1 / 20
More informationFault Detection of the Camellia Cipher against Single Byte Differential Fault Analysis
Appl. Math. Inf. Sci. 6-3S, No. 3, 951-957 (2012) 951 Applied Mathematics & Information Sciences An International Journal Fault Detection of the Camellia Cipher against Single Byte Differential Fault Analysis
More informationSymmetric Cryptography. Chapter 6
Symmetric Cryptography Chapter 6 Block vs Stream Ciphers Block ciphers process messages into blocks, each of which is then en/decrypted Like a substitution on very big characters 64-bits or more Stream
More informationCPS2323. Block Ciphers: The Data Encryption Standard (DES)
Block Ciphers: The Data Encryption Standard (DES) Content Block Ciphers: Constructing Pseudo Random Permutations using confusion/diffusion A call for an industry standard... and the NSA Lucifer and Feistel
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Secret Key Cryptography Block cipher DES 3DES
More informationJordan University of Science and Technology
Jordan University of Science and Technology Cryptography and Network Security - CPE 542 Homework #III Handed to: Dr. Lo'ai Tawalbeh By: Ahmed Saleh Shatnawi 20012171020 On: 8/11/2005 Review Questions RQ3.3
More informationChapter 3 Block Ciphers and the Data Encryption Standard
Chapter 3 Block Ciphers and the Data Encryption Standard Last Chapter have considered: terminology classical cipher techniques substitution ciphers cryptanalysis using letter frequencies transposition
More informationFundamentals of Cryptography
Fundamentals of Cryptography Topics in Quantum-Safe Cryptography June 23, 2016 Part III Data Encryption Standard The Feistel network design m m 0 m 1 f k 1 1 m m 1 2 f k 2 2 DES uses a Feistel network
More informationWenling Wu, Lei Zhang
LBlock: A Lightweight Block Cipher Wenling Wu, Lei Zhang Institute t of Software, Chinese Academy of Sciences 09-Jun-2011 Outline Background and Previous Works LBlock: Specification Design Rationale Security
More informationLinear Cryptanalysis of Reduced Round Serpent
Linear Cryptanalysis of Reduced Round Serpent Eli Biham 1, Orr Dunkelman 1, and Nathan Keller 2 1 Computer Science Department, Technion Israel Institute of Technology, Haifa 32000, Israel, {biham,orrd}@cs.technion.ac.il,
More informationCIS 6930/4930 Computer and Network Security. Project requirements
CIS 6930/4930 Computer and Network Security Project requirements Project Requirement Form a team of 3 people to complete the course project. The project has 100pts + 20pts (extra credit) Report requirement:
More informationA Chosen-key Distinguishing Attack on Phelix
A Chosen-key Distinguishing Attack on Phelix Yaser Esmaeili Salehani* and Hadi Ahmadi** * Zaeim Electronic Industries Co., Tehran, Iran. ** School of Electronic Engineering, Sharif University of Technology,
More informationA SIMPLIFIED IDEA ALGORITHM
A SIMPLIFIED IDEA ALGORITHM NICK HOFFMAN Abstract. In this paper, a simplified version of the International Data Encryption Algorithm (IDEA) is described. This simplified version, like simplified versions
More informationELECTROMAGNETIC FAULT INJECTION ON MICROCONTROLLERS
ELECTROMAGNETIC FAULT INJECTION ON MICROCONTROLLERS Nicolas Moro 1,3, Amine Dehbaoui 2, Karine Heydemann 3, Bruno Robisson 1, Emmanuelle Encrenaz 3 1 CEA Commissariat à l Energie Atomique et aux Energies
More informationCryptography MIS
Cryptography MIS-5903 http://community.mis.temple.edu/mis5903sec011s17/ Cryptography History Substitution Monoalphabetic Polyalphabetic (uses multiple alphabets) uses Vigenere Table Scytale cipher (message
More informationSecret Key Algorithms (DES)
Secret Key Algorithms (DES) G. Bertoni L. Breveglieri Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard
Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of
More informationBLIND FAULT ATTACK AGAINST SPN CIPHERS FDTC 2014
BLIND FAULT ATTACK AGAINST SPN CIPHERS FDTC 2014 Roman Korkikian, Sylvain Pelissier, David Naccache September 23, 2014 IN BRIEF Substitution Permutation Networks (SPN) Fault attacks Blind fault attack
More informationCSc 466/566. Computer Security. 6 : Cryptography Symmetric Key
1/56 CSc 466/566 Computer Security 6 : Cryptography Symmetric Key Version: 2012/02/22 16:14:16 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian Collberg
More information6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1
CA642: CRYPTOGRAPHY AND NUMBER THEORY 1 6 Block Ciphers 6.1 Block Ciphers Block Ciphers Plaintext is divided into blocks of fixed length and every block is encrypted one at a time. A block cipher is a
More informationModern Block Ciphers
Modern Block Ciphers now look at modern block ciphers one of the most widely used types of cryptographic algorithms provide secrecy /authentication services focus on DES (Data Encryption Standard) to illustrate
More informationA Simple Power Analysis Attack Against the Key Schedule of the Camellia Block Cipher
A Simple Power Analysis Attack Against the Key Schedule of the Camellia Block Cipher Lu Xiao and Howard M. Heys 2 QUALCOMM Incorporated, lxiao@qualcomm.com 2 Electrical and Computer Engineering, Faculty
More informationLecture 3: Symmetric Key Encryption
Lecture 3: Symmetric Key Encryption CS996: Modern Cryptography Spring 2007 Nitesh Saxena Outline Symmetric Key Encryption Continued Discussion of Potential Project Topics Project proposal due 02/22/07
More informationDifferential Cryptanalysis
Differential Cryptanalysis See: Biham and Shamir, Differential Cryptanalysis of the Data Encryption Standard, Springer Verlag, 1993. c Eli Biham - March, 28 th, 2012 1 Differential Cryptanalysis The Data
More informationBlock Ciphers Tutorial. c Eli Biham - May 3, Block Ciphers Tutorial (5)
Block Ciphers Tutorial c Eli Biham - May 3, 2005 146 Block Ciphers Tutorial (5) A Known Plaintext Attack on 1-Round DES After removing the permutations IP and FP we get: L R 48 K=? F L R c Eli Biham -
More informationTruncated Differential Analysis of Round-Reduced RoadRunneR Block Cipher
Truncated Differential Analysis of Round-Reduced RoadRunneR Block Cipher Qianqian Yang 1,2,3, Lei Hu 1,2,, Siwei Sun 1,2, Ling Song 1,2 1 State Key Laboratory of Information Security, Institute of Information
More informationSecret Key Cryptography
Secret Key Cryptography 1 Block Cipher Scheme Encrypt Plaintext block of length N Decrypt Secret key Cipher block of length N 2 Generic Block Encryption Convert a plaintext block into an encrypted block:
More informationA Related Key Attack on the Feistel Type Block Ciphers
International Journal of Network Security, Vol.8, No.3, PP.221 226, May 2009 221 A Related Key Attack on the Feistel Type Block Ciphers Ali Bagherzandi 1,2, Mahmoud Salmasizadeh 2, and Javad Mohajeri 2
More informationS-DES Encryption template. Input:
Page 1 of 5 S-DES (simplified Data Encryption Standard) Assignment template: ENCRYPTION TEMPLATE To the input (plaintext), apply initial permutation IP: IP 2 6 3 1 4 8 5 7 In the next steps, we will develop
More informationOn the Design of Secure Block Ciphers
On the Design of Secure Block Ciphers Howard M. Heys and Stafford E. Tavares Department of Electrical and Computer Engineering Queen s University Kingston, Ontario K7L 3N6 email: tavares@ee.queensu.ca
More informationImproved Linear Sieving Techniques with Applications to Step-Reduced LED-64
Improved Linear Sieving Techniques with Applications to Step-Reduced LED-64 Itai Dinur 1, Orr Dunkelman 2,4, Nathan eller 3 and Adi Shamir 4 1 École normale supérieure, France 2 University of Haifa, Israel
More informationElastic Block Ciphers: The Feistel Cipher Case
Elastic Block Ciphers: The Feistel Cipher Case Debra L. Cook Moti Yung Angelos D. Keromytis Department of Computer Science Columbia University, New York, NY dcook,moti,angelos @cs.columbia.edu Technical
More informationBlock Ciphers and the Data Encryption Standard (DES) Modified by: Dr. Ramzi Saifan
Block Ciphers and the Data Encryption Standard (DES) Modified by: Dr. Ramzi Saifan Block ciphers Keyed, invertible Large key space, large block size A block of plaintext is treated as a whole and used
More informationNetwork Security. Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar
Network Security Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar Modern Block Ciphers now look at modern block ciphers one of the most widely used types
More informationUsing Error Detection Codes to detect fault attacks on Symmetric Key Ciphers
Using Error Detection Codes to detect fault attacks on Symmetric Key Ciphers Israel Koren Department of Electrical and Computer Engineering Univ. of Massachusetts, Amherst, MA collaborating with Luca Breveglieri,
More informationLecture 4: Symmetric Key Encryption
Lecture 4: Symmetric ey Encryption CS6903: Modern Cryptography Spring 2009 Nitesh Saxena Let s use the board, please take notes 2/20/2009 Lecture 1 - Introduction 2 Data Encryption Standard Encrypts by
More informationComplementing Feistel Ciphers
Ivica Nikolić (joint work with Alex Biryukov) Nanyang Technological University, Singapore University of Luxembourg, Luxembourg 11 March 2013 1 Complementation Property 2 General Complementation Property
More informationCSCI 454/554 Computer and Network Security. Topic 3.1 Secret Key Cryptography Algorithms
CSCI 454/554 Computer and Network Security Topic 3.1 Secret Key Cryptography Algorithms Outline Introductory Remarks Feistel Cipher DES AES 2 Introduction Secret Keys or Secret Algorithms? Security by
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 3.1 Secret Key Cryptography Algorithms Instructor: Dr. Kun Sun Outline Introductory Remarks Feistel Cipher DES AES 2 Introduction Secret Keys or Secret Algorithms?
More informationKey Separation in Twofish
Twofish Technical Report #7 Key Separation in Twofish John Kelsey April 7, 2000 Abstract In [Mur00], Murphy raises questions about key separation in Twofish. We discuss this property of the Twofish key
More informationBlock Ciphers. Lucifer, DES, RC5, AES. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk Block Ciphers 1
Block Ciphers Lucifer, DES, RC5, AES CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk Block Ciphers 1 ... Block Ciphers & S-P Networks Block Ciphers: Substitution ciphers
More informationComputational Security, Stream and Block Cipher Functions
Computational Security, Stream and Block Cipher Functions 18 March 2019 Lecture 3 Most Slides Credits: Steve Zdancewic (UPenn) 18 March 2019 SE 425: Communication and Information Security 1 Topics for
More informationP2_L6 Symmetric Encryption Page 1
P2_L6 Symmetric Encryption Page 1 Reference: Computer Security by Stallings and Brown, Chapter 20 Symmetric encryption algorithms are typically block ciphers that take thick size input. In this lesson,
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.2 Secret Key Cryptography CSC 474/574 Dr. Peng Ning 1 Agenda Generic block cipher Feistel cipher DES Modes of block ciphers Multiple encryptions Message
More informationNew Attacks on Feistel Structures with Improved Memory Complexities
New Attacks on Feistel Structures with Improved Memory Complexities Itai Dinur 1, Orr Dunkelman 2,4,, Nathan Keller 3,4,, and Adi Shamir 4 1 Département d Informatique, École Normale Supérieure, Paris,
More informationSymmetric Key Algorithms. Definition. A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting.
Symmetric Key Algorithms Definition A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting. 1 Block cipher and stream cipher There are two main families
More informationSymmetric Encryption. Thierry Sans
Symmetric Encryption Thierry Sans Design principles (reminder) 1. Kerkoff Principle The security of a cryptosystem must not rely on keeping the algorithm secret 2. Diffusion Mixing-up symbols 3. Confusion
More informationChapter 7 Advanced Encryption Standard (AES) 7.1
Chapter 7 Advanced Encryption Standard (AES) 7.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 7 Objectives To review a short history of AES To define
More informationAvalanche Analysis of Extended Feistel Network
Avalanche Analysis of Extended Feistel Network SUBARIAH IBRAHIM 1 MOHD AIZAINI MAAROF 2 NORBIK BASHAH IDRIS 3 1,2 Department of Communication and Computer System Faculty of Computer Science and Information
More informationModern Symmetric Block cipher
Modern Symmetric Block cipher 81 Shannon's Guide to Good Ciphers Amount of secrecy should determine amount of labour appropriate for encryption and decryption The set of keys and enciphering algorithm
More informationSymmetric Key Cryptosystems. Definition
Symmetric Key Cryptosystems Debdeep Mukhopadhyay IIT Kharagpur Definition Alice and Bob has the same key to encrypt as well as to decrypt The key is shared via a secured channel Symmetric Ciphers are of
More informationCryptography and Network Security. Sixth Edition by William Stallings
Cryptography and Network Security Sixth Edition by William Stallings Chapter 5 Advanced Encryption Standard Advance Encryption Standard Topics Origin of AES Basic AES Inside Algorithm Final Notes Origins
More informationA Methodology for Differential-Linear Cryptanalysis and Its Applications
A Methodology for Differential-Linear Cryptanalysis and Its Applications Jiqiang Lu Presenter: Jian Guo Institute for Infocomm Research, Agency for Science, Technology and Research, 1 Fusionopolis Way,
More informationFew Other Cryptanalytic Techniques
Few Other Cryptanalytic Techniques Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Boomerang Attack
More informationElastic Block Ciphers: The Feistel Cipher Case
Elastic Block Ciphers: The Feistel Cipher Case Debra L. Cook Moti Yung Angelos D. Keromytis Department of Computer Science Columbia University, New York, NY dcook,moti,angelos @cs.columbia.edu Technical
More informationCryptography and Network Security Chapter 3. Modern Block Ciphers. Block vs Stream Ciphers. Block Cipher Principles
Cryptography and Network Security Chapter 3 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 3 Block Ciphers and the Data Encryption Standard All the afternoon Mungo had been working
More informationSelected Areas in Cryptography 04 University of Waterloo (Canada), August 9, 2004
ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE Selected Areas in Cryptography 04 University of Waterloo (Canada), August 9, 2004 Outline of this talk of the ciphers results issues Do we really need new block
More informationAttack on DES. Jing Li
Attack on DES Jing Li Major cryptanalytic attacks against DES 1976: For a very small class of weak keys, DES can be broken with complexity 1 1977: Exhaustive search will become possible within 20 years,
More informationChapter 6: Contemporary Symmetric Ciphers
CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 6: Contemporary Symmetric Ciphers Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Why Triple-DES?
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationConventional Encryption: Modern Technologies
Conventional Encryption: Modern Technologies We mentioned that the statistical weakness in substitution ciphers is that they don t change the frequency of alphabetic letters. For example, if a substitution
More informationComputer Security 3/23/18
s s encrypt a block of plaintext at a time and produce ciphertext Computer Security 08. Cryptography Part II Paul Krzyzanowski DES & AES are two popular block ciphers DES: 64 bit blocks AES: 128 bit blocks
More informationSoftware Performance Characterization of Block Cipher Structures Using S-boxes and Linear Mappings
Software Performance Characterization of Block Cipher Structures Using S-boxes and Linear Mappings Lu Xiao 1 and Howard M. Heys 2 1 QUALCOMM Incorporated, lxiao@qualcomm.com 2 Electrical and Computer Engineering,
More informationL3. An Introduction to Block Ciphers. Rocky K. C. Chang, 29 January 2015
L3. An Introduction to Block Ciphers Rocky K. C. Chang, 29 January 2015 Outline Product and iterated ciphers A simple substitution-permutation network DES and AES Modes of operations Cipher block chaining
More informationProtecting Last Four Rounds of CLEFIA is Not Enough Against Differential Fault Analysis
Protecting Last Four Rounds of CLEFIA is Not Enough Against Differential Fault Analysis Sk Subidh Ali and Debdeep Mukhopadhyay Dept. of Computer Science and Engineering Indian Institute of Technology Kharagpur,
More informationENEE 459-C Computer Security. Symmetric key encryption in practice: DES and AES algorithms
ENEE 459-C Computer Security Symmetric key encryption in practice: DES and AES algorithms A perfect encryption of a block Say you have a block of n bits You want to encrypt it You want to use the same
More informationBlock Ciphers Introduction
Technicalities Block Models Block Ciphers Introduction Orr Dunkelman Computer Science Department University of Haifa, Israel March 10th, 2013 Orr Dunkelman Cryptanalysis of Block Ciphers Seminar Introduction
More informationJaap van Ginkel Security of Systems and Networks
Jaap van Ginkel Security of Systems and Networks November 4, 2013 Part 4 Modern Crypto Block Ciphers (Iterated) Block Cipher Plaintext and ciphertext consist of fixed-sized blocks Ciphertext obtained from
More informationData Encryption Standard (DES)
Data Encryption Standard (DES) Best-known symmetric cryptography method: DES 1973: Call for a public cryptographic algorithm standard for commercial purposes by the National Bureau of Standards Goals:
More informationFault Attacks on AES with Faulty Ciphertexts Only
Fault Attacks on AES with Faulty Ciphertexts Only Thomas Fuhr, Eliane Jaulmes, Victor Lomné and Adrian Thillard ANSSI 51, Bd de la Tour-Maubourg, 75700 Paris 07 SP, France firstname.lastname@ssi.gouv.fr
More informationBlock Cipher Involving Key Based Random Interlacing and Key Based Random Decomposition
Journal of Computer Science 6 (2): 133-140, 2010 ISSN 1549-3636 2010 Science Publications Block Cipher Involving Key Based Random Interlacing and Key Based Random Decomposition K. Anup Kumar and V.U.K.
More informationPRNGs & DES. Luke Anderson. 16 th March University Of Sydney.
PRNGs & DES Luke Anderson luke@lukeanderson.com.au 16 th March 2018 University Of Sydney Overview 1. Pseudo Random Number Generators 1.1 Sources of Entropy 1.2 Desirable PRNG Properties 1.3 Real PRNGs
More informationNew Kid on the Block Practical Construction of Block Ciphers. Table of contents
New Kid on the Block Practical Construction of Block Ciphers Foundations of Cryptography Computer Science Department Wellesley College Fall 2016 Table of contents Introduction Substitution-permutation
More informationMeet-in-the-middle fault analysis on word-oriented substitution-permutation network block ciphers
SECURITY AND COUNICATION NETWORKS Security Comm. Networks 215; 8:672 681 Published online 5 ay 214 in Wiley Online Library (wileyonlinelibrary.com). DOI: 1.12/sec.115 RESEARCH ARTICLE eet-in-the-middle
More informationAutomatic Search for Related-Key Differential Characteristics in Byte-Oriented Block Ciphers
Automatic Search for Related-Key Differential Characteristics in Byte-Oriented Block Ciphers 1 June 2010 1 Block Ciphers 2 The tool 3 Applications 4 Conclusion Basics P Block cipher E K (P) Input: Plaintext
More informationAttacks on Advanced Encryption Standard: Results and Perspectives
Attacks on Advanced Encryption Standard: Results and Perspectives Dmitry Microsoft Research 29 February 2012 Design Cryptanalysis history Advanced Encryption Standard Design Cryptanalysis history AES 2
More information3 Symmetric Cryptography
CA4005: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 3 Symmetric Cryptography Symmetric Cryptography Alice Bob m Enc c = e k (m) k c c Dec m = d k (c) Symmetric cryptography uses the same secret key k for encryption
More informationImproved differential fault analysis on lightweight block cipher LBlock for wireless sensor networks
Jeong et al. EURASIP Journal on Wireless Communications and Networking 2013, 2013:151 RESEARCH Improved differential fault analysis on lightweight block cipher LBlock for wireless sensor networks Kitae
More informationImplementation and Performance analysis of Skipjack & Rijndael Algorithms. by Viswnadham Sanku ECE646 Project Fall-2001
Implementation and Performance analysis of Skipjack & Rijndael Algorithms by Viswnadham Sanku ECE646 Project Fall-2001 TABLE OF CONTENTS TABLE OF CONTENTS 2 1. OBJECTIVE 3 2. SKIPJACK CIPHER 3 2.1 CIPHER
More informationLecture 2: Secret Key Cryptography
T-79.159 Cryptography and Data Security Lecture 2: Secret Key Cryptography Helger Lipmaa Helsinki University of Technology helger@tcs.hut.fi 1 Reminder: Communication Model Adversary Eve Cipher, Encryption
More informationA Differential Fault Attack against Early Rounds of (Triple-)DES
A Differential Fault Attack against Early Rounds of (Triple-)DES Ludger Hemme Giesecke & Devrient GmbH Prinzregentenstr. 159, 81677 Munich, Germany ludger.hemme@de.gi-de.com Abstract. Previously proposed
More informationSymmetric Cryptography
CSE 484 (Winter 2010) Symmetric Cryptography Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials...
More informationCryptography Functions
Cryptography Functions Lecture 3 1/29/2013 References: Chapter 2-3 Network Security: Private Communication in a Public World, Kaufman, Perlman, Speciner Types of Cryptographic Functions Secret (Symmetric)
More informationMulti-Stage Fault Attacks
Multi-Stage Fault Attacks Applications to the Block Cipher PRINCE Philipp Jovanovic Department of Informatics and Mathematics University of Passau March 27, 2013 Outline 1. Motivation 2. The PRINCE Block
More informationCIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)
CIS 6930/4930 Computer and Network Security Topic 3.1 Secret Key Cryptography (Cont d) 1 Principles for S-Box Design S-box is the only non-linear part of DES Each row in the S-Box table should be a permutation
More informationFault injection attacks on cryptographic devices and countermeasures Part 1
Fault injection attacks on cryptographic devices and countermeasures Part 1 Israel Koren Department of Electrical and Computer Engineering University of Massachusetts Amherst, MA Outline Introduction -
More informationA General Analysis of the Security of Elastic Block Ciphers
A General Analysis of the Security of Elastic Block Ciphers Debra L. Cook and Moti Yung and Angelos Keromytis Department of Computer Science, Columbia University {dcook,moti,angelos}@cs.columbia.edu September
More informationELECTROMAGNETIC GLITCH ON THE AES ROUND COUNTER
ELECTROMAGNETIC GLITCH ON THE AES ROUND COUNTER Amine DEHBAOUI ¹, Amir-Pasha Mirbaha ², Nicolas MORO¹, Jean-Max DUTERTRE ², Assia TRIA ¹ COSADE 2013 Paris, France (1) (2) OUTLINE! Context! Round Modification
More information