Meet-in-the-middle Attack on the 6-round Variant of the Block Cipher PRINCE
|
|
- Brian Norman
- 5 years ago
- Views:
Transcription
1 Vol.5 (ITCS 204), pp Meet-in-the-middle Attack on the 6-round Variant of the Block Cipher PRINCE Yasutaka Igarashi, Toshinobu Kaneko 2, Satoshi Setoguchi, Seiji Fukushima, and Tomohiro Hachino Kagoshima University, Korimoto, Kagoshima, Japan 2 Tokyo University of Science, 264 Yamazaki, Noda, Chiba, Japan Abstract. We show a meet-in-the-middle (MITM) attack on the 6-round variant of the block cipher PRINCE. PRINCE is proposed by Borghoff et al. in 202, which applies substitution-permutation network (SPN) with 64-bit data block and 28-bit secret key. MITM attack was proposed by Diffie and Hellman in 977 as a generic method to analyze symmetric-key cryptographic algorithms. In this paper we show that PRINCE can be attacked with 2 32 words of memory, 9 pairs of known plain and cipher tets, and times of an encryption operation. Keywords: meet-in-the-middle attack, block cipher PRINCE Introduction We show a meet-in-the-middle (MITM) attack on the 6-round variant of the block cipher PRINCE. PRINCE is proposed by Borghoff et al. in 202, which applies substitutionpermutation network (SPN) with 64-bit data block and 28-bit secret key []. PRINCE is optimized with respect to latency when implemented in hardware for many future pervasive applications with real-time security needs. The designers assessed the resistance of PRINCE core function against MITM attack at up to 4 rounds. MITM attack was proposed by Diffie and Hellman in 977 as a generic method to analyze symmetric-key cryptographic algorithms [2], [3], [4]. Its basic idea is that if a target algorithm can be decomposed into two small consecutive segments and the computation of each segment only involves portions of a master key, then we can check the consistence of the intermediate data of each segment. Because separately analyzing two small segments does not require much effort, the overall time compleity to analyze the whole algorithm could decrease significantly compared to a brute force attack. In this article we decompose 6-round PRINCE into a 3-round forward segment and a 3-round backward segment, and show that PRINCE can be attacked with 2 32 words of memory, 9 pairs of known plain and cipher tets, and times of an encryption operation. 2 Overview of PRINCE Figure shows the encryption process of PRINCE, which consists of XOR ( ), R and R functions, S and S layers, and M layer. RC i (i = 0,,, ) denotes a 64-bit ISSN: ASTL Copyright 204 SERSC
2 Vol.5 (ITCS 204) Fig.. Encryption process of PRINCE []. round constant given by []. k 0 and k denote 64-bit secret keys being independent from each other. k 0 is also a 64-bit key given by k 0 = (k 0 >>> ) (k 0 >> 63) () where ( >>> i) and ( >> i) represent i-bit cyclic and non-cyclic right shifts of a bit string, respectively. Because () is a bijective linear transformation, we can inversely derive k 0 from k 0. S layer consists of 6 pieces of parallel 4-bit S-bo that is a bijective nonlinear function, and S layer is the inverse function of S layer. M layer is a involutional matri given by ˆM (0) M = M 0 ˆM = () ˆM (), (2) ˆM (0) M 0 M M 2 M 3 ˆM (0) = ˆM (0) M = M 2 M 3 M 0 M 2 M 3 M 0 M M 3 M 0 M M M 0 = , M = , ˆM () = ˆM () =, M 2 = M M 2 M 3 M 0 M 2 M 3 M 0 M M 3 M 0 M M 2 M 0 M M 2 M , M 3 = 0 0 0, (3). (4) 0 in (2) is a 6 6 zero matri. Figure 2 shows R function that consists of S layer, M layer, and S R layer. In the case of R the input (output) becomes the output (input). 3 Outline of Meet-in-the-middle Attack and its application to the 6-round variant of PRINCE MITM attack is based on the primary idea that we decompose a cipher algorithm into two consecutive parts. Each part of them only involves partial information of a secret key. We encrypt/decrypt each part separately and check whether the intermediate data from each part correspond to each other. Because separately cryptanalyzing each part requires low computational compleity, the overall compleity to cryptanalyze the whole algorithm could decrease significantly. Figure 3 shows the general model of MITM attack. We suppose an encryption algorithm E(k, P) = C can be decomposed into two consecutive parts E f (k f, P) and E b (k b, C) Copyright 204 SERSC 25
3 Vol.5 (ITCS 204) Fig. 2. R function. where P and C are plain/cipher tets, and k f and k b are subkeys used in E f and E b. f and b denote forward and backward processes. k f and k b are given by k f = (k f, k c) and k b = (k b, k c), respectively where k c is the dependent (common) key on both k f and k b. k f (k b ) is the independent key from k b (k f ). The number of bits of k f and k b are given by k f = k f + k c and k b = k b + k c, respectively where denotes the number of bits of data. v and v are intermediate data of an encryption process. r is the total number of S-boes in the whole algorithm. r f and r b represent the total numbers of S-boes that must be calculated to derive v and v through E f (k f, P) and E b (k b, C), respectively. The detailed steps of MITM attack are as follows [3], [4]:. Prepare one known pair of P and C. 2. For each guess of the common key k c (a) Compute all possible values of v through E f (k f, P) for all possible key k f. And then collect all k f in a set T indeed by v. (b) Compute v through E b (k b, C) for all values of k b and check whether v T. If so output the corresponding key pair (k f, k b ) as a possible key. The time compleity for the step 2(a) in terms of complete encryption/decryption is given by 2 k f r f /r. Similarly the time compleity of the step 2(b) is given by 2 k b r b /r. The memory compleity of T is given by 2 k f. The memory compleity to store possible keys is given by 2 k c + k f + k b v because the total number of possible keys 2 k c + k f + k b is reduced to /2 v through the steps and 2. When we perform these steps n times with different n pairs of P and C, the total number of possible keys is reduced to 2 k c + k f + k b n v. If the following equation (5) is satisfied, we check the remaining possible keys by ehaustive search with a few different m (described later) pairs of P and C. 2 k c + k f + k b n v (2 k f r f /r + 2 k b r b /r). (5) Figure 4 shows the 6-round variant of PRINCE, to which we apply MITM attack. Bold data lines are necessary for the attack. According to the designers recommendation we omit 3 pieces of R with RC i (i = 3, 4, 5) and 3 pieces of R with RC i (i = 6, 7, 8) from the original in order to keep the symmetry around the middle. E f (k f, P) 252 Copyright 204 SERSC
4 Vol.5 (ITCS 204) Fig. 3. General model of MITM attack [3], [4]. consists of the rounds, 2, and 3. E b (k b, C) consists of the rounds 4, 5, and 6. X and Y represent the 64-bit intermediate data at the output of the round 3 and at the input of the round 4, respectively. We set variables k and k y as k = k 0 k at the input part and k y = k 0 k at the output part of Fig. 4. And we decompose k as k = k (5) k (4) k (3) k () k (0) (6) where y represents concatenation of two data and y. k (i) data that is further decomposed as k (i) = k (i,3) k (i,2) k (i,) (i = 0,,, 5) is 4-bit k (i,0) (7) (i, j) where k ( j = 0,, 2, 3) represents -bit data. We also apply these decompositions and notations to k y, k, X, and Y. From Fig. 4 we can derive that k f = k b = 96, k f = k b = 32, k c = 64, and v = v = 2. These reasons are as follows. k f has 96 bits on the bold line in E f (k f, P) given by k f = (k, k (5), k (4), k (3), k (2), k (3), k(2), k() k b also has 96 bits on the bold line in E b (k b, C) given by k b = (k y, k (5), k (4), k (3), k (2), k (3), k(2), k(), k(0), k(0) ). (8) ). (9) k (i) (i = 5, 4, 3, 2, 3, 2,, 0) is common to both k f and k b. Furthermore there are 32-bit common keys, which are and (k c of k f ) (k (5), k (4), k (3), k (2), k (3), k (2), k (), k (0) ) (0) (k c of k b ) (k (5) y, k (4) y, k (3) y, k (2) y, k (2) y, k () y, k (0) y, k (,3) y, k (3,2) y, k (3,) y, k (3,0) y ). () The reason why (0) and () hold is that k c of k y (k c of k ) is uniquely determined by () with k c of k (k c of k y ) and the common key k (i) (i = 5, 4, 3, 2, 3, 2,, 0). Therefore the independent keys k f and k b have the 32 bits given by and k f = (k (), k (0), k (9), k (8), k (7), k (6), k (5), k (4) ) (2) k b = (k(0), k (9), k (8), k (7), k (6), k (5), k (4), k (,2), k (,), k (,0), k (3,3) ). (3) Copyright 204 SERSC 253
5 Vol.5 (ITCS 204) v and v have the 2 bits given by v = (X (5,0) X (2,0), X (3,2) X (2,2) ) and v = (Y (5,0) Y (2,0), Y (3,2) Y (2,2) ). (4) We can derive v = v by (2). Because there are 96 pieces of S-bo in the whole algorithm in Figure 4, we can derive that r = 96. Similarly we can derive that r f = r b = 28 because there are respectively 28 pieces of S-bo on the bold lines in E f (k f, P) and in E b (k b, C). To satisfy (5), we set n as n = 7. In this case the total number of possible keys is reduced to = 2 94 < / These 2 94 pieces of possible key are furthermore reduced to = 2 34 when we check these keys by ehaustive search with different 2 (= m) pairs of P and C because the block size of PRINCE is 64 bits. However the true key definitely survives. Therefore the number of known plain/cipher tets pair required for this MITM attack is derived as 7+2=9. And the time compleity for the attack in terms of complete encryption/decryption is derived as 7 ( / /96) The memory compleity of a set T is derived as Conclusions We have shown MITM attack on the 6-round variant of the block cipher PRINCE. We reviewed the general model of MITM attack and applied it to PRINCE. We decomposed the 6-round PRINCE into a 3-round forward segment and a 3-round backward segment. As a result, we showed that PRINCE can be attacked with 2 32 words of memory, 9 pairs of known plain and cipher tets, and times of an encryption operation, which is more efficient than 2 28 times of simple ehaustive key search. References. Borghoff, J., Canteaut, A., Gneysu, T., et al.: PRINCE A Low-Latency Block Cipher for Pervasive Computing Applications. LNCS, vol. 7658, pp Springer, Heidelberg (202) 2. Diffie, M.E., Hellman, W.: Special Feature Ehaustive Cryptanalysis of the NBS Data Encryption Standard. Computer 0(6), (977) 3. Zhu, B., Gong, G.: Multidimensional Meet-in-the-Middle Attack and Its Applications to KATAN32/48/64. Cryptology eprint Archive: Report 20/69, org/20/69 4. Boztaş, Ö., Karakoç, F., Çoban, M.: Multidimensional Meet-in-the-Middle Attacks on Reduced-Round TWINE-28. LNCS, vol. 862, pp Springer, Heidelberg (203) 254 Copyright 204 SERSC
6 Vol.5 (ITCS 204) Fig round variant of PRINCE. Copyright 204 SERSC 255
Improved Multi-Dimensional Meet-in-the-Middle Cryptanalysis of KATAN
Improved Multi-Dimensional Meet-in-the-Middle Cryptanalysis of KATAN Shahram Rasoolzadeh and Håvard Raddum Simula Research Laboratory {shahram,haavardr}@simula.no Abstract. We study multidimensional meet-in-the-middle
More informationImproved Multi-Dimensional Meet-in-the-Middle Cryptanalysis of KATAN
Improved Multi-Dimensional Meet-in-the-Middle Cryptanalysis of KATAN Shahram Rasoolzadeh and Håvard Raddum Simula Research Laboratory Abstract. We study multidimensional meet-in-the-middle attacks on the
More informationBiclique Attack of the Full ARIA-256
Biclique Attack of the Full ARIA-256 Shao-zhen Chen Tian-min Xu Zhengzhou Information Science and Technology Institute Zhengzhou 450002, China January 8, 202 Abstract In this paper, combining the biclique
More informationMulti-Stage Fault Attacks
Multi-Stage Fault Attacks Applications to the Block Cipher PRINCE Philipp Jovanovic Department of Informatics and Mathematics University of Passau March 27, 2013 Outline 1. Motivation 2. The PRINCE Block
More informationTruncated Differential Analysis of Round-Reduced RoadRunneR Block Cipher
Truncated Differential Analysis of Round-Reduced RoadRunneR Block Cipher Qianqian Yang 1,2,3, Lei Hu 1,2,, Siwei Sun 1,2, Ling Song 1,2 1 State Key Laboratory of Information Security, Institute of Information
More informationGeneralized MitM Attacks on Full TWINE
Generalized MitM Attacks on Full TWINE Mohamed Tolba, Amr M. Youssef Concordia Institute for Information Systems Engineering, Concordia University, Montréal, Québec, Canada. Abstract TWINE is a lightweight
More informationComputer and Data Security. Lecture 3 Block cipher and DES
Computer and Data Security Lecture 3 Block cipher and DES Stream Ciphers l Encrypts a digital data stream one bit or one byte at a time l One time pad is example; but practical limitations l Typical approach
More informationImproved Meet-in-the-Middle Attacks on AES-192 and PRINCE
Improved Meet-in-the-Middle Attacks on AES-92 and PRINCE Leibo Li,2, Keting Jia 2 and Xiaoyun Wang,2,3 Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong
More informationAn Improved Truncated Differential Cryptanalysis of KLEIN
An Improved Truncated Differential Cryptanalysis of KLEIN hahram Rasoolzadeh 1, Zahra Ahmadian 2, Mahmoud almasizadeh 3, and Mohammad Reza Aref 3 1 imula Research Laboratory, Bergen, Norway, 2 hahid Beheshti
More informationPractical Key Recovery Attack on MANTIS 5
ractical Key Recovery Attack on ANTI Christoph Dobraunig, aria Eichlseder, Daniel Kales, and Florian endel Graz University of Technology, Austria maria.eichlseder@iaik.tugraz.at Abstract. ANTI is a lightweight
More informationInternational Journal for Research in Applied Science & Engineering Technology (IJRASET) Performance Comparison of Cryptanalysis Techniques over DES
Performance Comparison of Cryptanalysis Techniques over DES Anupam Kumar 1, Aman Kumar 2, Sahil Jain 3, P Kiranmai 4 1,2,3,4 Dept. of Computer Science, MAIT, GGSIP University, Delhi, INDIA Abstract--The
More informationCOS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2018
COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2018 Previously on COS 433 Confusion/Diffusion Paradigm f 1 f 2 f 3 f 4 f 5 f 6 Round π 1 f 7 f 8 f 9 f 10 f 11 f 12 π 2 Substitution
More informationLecture 4: Symmetric Key Encryption
Lecture 4: Symmetric ey Encryption CS6903: Modern Cryptography Spring 2009 Nitesh Saxena Let s use the board, please take notes 2/20/2009 Lecture 1 - Introduction 2 Data Encryption Standard Encrypts by
More informationLecture 3: Symmetric Key Encryption
Lecture 3: Symmetric Key Encryption CS996: Modern Cryptography Spring 2007 Nitesh Saxena Outline Symmetric Key Encryption Continued Discussion of Potential Project Topics Project proposal due 02/22/07
More informationCSCE 813 Internet Security Symmetric Cryptography
CSCE 813 Internet Security Symmetric Cryptography Professor Lisa Luo Fall 2017 Previous Class Essential Internet Security Requirements Confidentiality Integrity Authenticity Availability Accountability
More informationBlock Ciphers and the Data Encryption Standard (DES) Modified by: Dr. Ramzi Saifan
Block Ciphers and the Data Encryption Standard (DES) Modified by: Dr. Ramzi Saifan Block ciphers Keyed, invertible Large key space, large block size A block of plaintext is treated as a whole and used
More informationRelated-key Attacks on Triple-DES and DESX Variants
Related-key Attacks on Triple-DES and DESX Variants Raphael C.-W. han Department of Engineering, Swinburne Sarawak Institute of Technology, 1st Floor, State Complex, 93576 Kuching, Malaysia rphan@swinburne.edu.my
More informationA New Improved Key-Scheduling for Khudra
A New Improved Key-Scheduling for Khudra Secure Embedded Architecture Laboratory, Indian Institute of Technology, Kharagpur, India Rajat Sadhukhan, Souvik Kolay, Shashank Srivastava, Sikhar Patranabis,
More informationLinear Cryptanalysis of Reduced Round Serpent
Linear Cryptanalysis of Reduced Round Serpent Eli Biham 1, Orr Dunkelman 1, and Nathan Keller 2 1 Computer Science Department, Technion Israel Institute of Technology, Haifa 32000, Israel, {biham,orrd}@cs.technion.ac.il,
More informationLecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 24
Assume encryption and decryption use the same key. Will discuss how to distribute key to all parties later Symmetric ciphers unusable for authentication of sender Lecturers: Mark D. Ryan and David Galindo.
More informationRecent Meet-in-the-Middle Attacks on Block Ciphers
ASK 2012 Nagoya, Japan Recent Meet-in-the-Middle Attacks on Block Ciphers Takanori Isobe Sony Corporation (Joint work with Kyoji Shibutani) Outline 1. Meet-in-the-Middle (MitM) attacks on Block ciphers
More informationSecret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34
Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used for both encryption and decryption.
More informationPrivate-Key Encryption
Private-Key Encryption Ali El Kaafarani Mathematical Institute Oxford University 1 of 50 Outline 1 Block Ciphers 2 The Data Encryption Standard (DES) 3 The Advanced Encryption Standard (AES) 4 Attacks
More informationIntroduction to Cryptology. Lecture 17
Introduction to Cryptology Lecture 17 Announcements HW7 due Thursday 4/7 Looking ahead: Practical constructions of CRHF Start Number Theory background Agenda Last time SPN (6.2) This time Feistel Networks
More informationA Related Key Attack on the Feistel Type Block Ciphers
International Journal of Network Security, Vol.8, No.3, PP.221 226, May 2009 221 A Related Key Attack on the Feistel Type Block Ciphers Ali Bagherzandi 1,2, Mahmoud Salmasizadeh 2, and Javad Mohajeri 2
More informationA Meet in the Middle Attack on Reduced Round Kuznyechik
IEICE TRANS. FUNDAMENTALS, VOL.Exx??, NO.xx XXXX 200x 1 LETTER Special Section on Cryptography and Information Security A Meet in the Middle Attack on Reduced Round Kuznyechik Riham ALTAWY a), Member and
More informationThis document is downloaded from DR-NTU, Nanyang Technological University Library, Singapore.
This document is downloaded from DR-NTU, Nanyang Technological University Library, Singapore. Title Improved Meet-in-the-Middle cryptanalysis of KTANTAN (poster) Author(s) Citation Wei, Lei; Rechberger,
More informationImproved Attacks on Full GOST
Improved Attacks on Full GOST Itai Dinur 1, Orr Dunkelman 1,2 and Adi Shamir 1 1 Computer Science department, The Weizmann Institute, ehovot, Israel 2 Computer Science Department, University of Haifa,
More information(In)security of ecient tree-based group key agreement using bilinear map
Loughborough University Institutional Repository (In)security of ecient tree-based group key agreement using bilinear map This item was submitted to Loughborough University's Institutional Repository by
More informationImproved Attack on Full-round Grain-128
Improved Attack on Full-round Grain-128 Ximing Fu 1, and Xiaoyun Wang 1,2,3,4, and Jiazhe Chen 5, and Marc Stevens 6, and Xiaoyang Dong 2 1 Department of Computer Science and Technology, Tsinghua University,
More informationA Weight Based Attack on the CIKS-1 Block Cipher
A Weight Based Attack on the CIKS-1 Block Cipher Brian J. Kidney, Howard M. Heys, Theodore S. Norvell Electrical and Computer Engineering Memorial University of Newfoundland {bkidney, howard, theo}@engr.mun.ca
More informationDifferential-Linear Cryptanalysis of Serpent
Differential-Linear Cryptanalysis of Serpent Eli Biham 1, Orr Dunkelman 1, and Nathan Keller 2 1 Computer Science Department, Technion, Haifa 32000, Israel {biham,orrd}@cs.technion.ac.il 2 Mathematics
More informationCryptography and Network Security Block Ciphers + DES. Lectured by Nguyễn Đức Thái
Cryptography and Network Security Block Ciphers + DES Lectured by Nguyễn Đức Thái Outline Block Cipher Principles Feistel Ciphers The Data Encryption Standard (DES) (Contents can be found in Chapter 3,
More informationBlock Cipher Involving Key Based Random Interlacing and Key Based Random Decomposition
Journal of Computer Science 6 (2): 133-140, 2010 ISSN 1549-3636 2010 Science Publications Block Cipher Involving Key Based Random Interlacing and Key Based Random Decomposition K. Anup Kumar and V.U.K.
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 14: Folklore, Course summary, Exam requirements Ion Petre Department of IT, Åbo Akademi University 1 Folklore on
More informationCryptography Functions
Cryptography Functions Lecture 3 1/29/2013 References: Chapter 2-3 Network Security: Private Communication in a Public World, Kaufman, Perlman, Speciner Types of Cryptographic Functions Secret (Symmetric)
More informationOn the Security of the 128-Bit Block Cipher DEAL
On the Security of the 128-Bit Block Cipher DAL Stefan Lucks Theoretische Informatik University of Mannheim, 68131 Mannheim A5, Germany lucks@th.informatik.uni-mannheim.de Abstract. DAL is a DS-based block
More informationAnalysis of Involutional Ciphers: Khazad and Anubis
Analysis of Involutional Ciphers: Khazad and Anubis Alex Biryukov Katholieke Universiteit Leuven, Dept. ESAT/COSIC, Leuven, Belgium abiryuko@esat.kuleuven.ac.be Abstract. In this paper we study structural
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Secret Key Cryptography Block cipher DES 3DES
More informationSymmetric Key Encryption. Symmetric Key Encryption. Advanced Encryption Standard ( AES ) DES DES DES 08/01/2015. DES and 3-DES.
Symmetric Key Encryption Symmetric Key Encryption and 3- Tom Chothia Computer Security: Lecture 2 Padding Block cipher modes Advanced Encryption Standard ( AES ) AES is a state-of-the-art block cipher.
More informationCryptanalysis of Lightweight Block Ciphers
Cryptanalysis of Lightweight Block Ciphers María Naya-Plasencia INRIA, France Šibenik 2014 Outline Introduction Impossible Differential Attacks Meet-in-the-middle and improvements Multiple Differential
More information3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some
3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption
More informationImplementation of Full -Parallelism AES Encryption and Decryption
Implementation of Full -Parallelism AES Encryption and Decryption M.Anto Merline M.E-Commuication Systems, ECE Department K.Ramakrishnan College of Engineering-Samayapuram, Trichy. Abstract-Advanced Encryption
More informationDesign and Implementation of New Lightweight Encryption Technique
From the SelectedWorks of Sakshi Sharma May, 2016 Design and Implementation of New Lightweight Encryption Technique M. Sangeetha Dr. M. Jagadeeswari This work is licensed under a Creative Commons CC_BY-NC
More informationPUFFIN: A Novel Compact Block Cipher Targeted to Embedded Digital Systems
PUFFIN: A Novel Compact Block Cipher Targeted to Embedded Digital Systems Huiju Cheng, Howard M. Heys, and Cheng Wang Electrical and Computer Engineering Memorial University of Newfoundland St. John's,
More informationSecret Key Cryptography (Spring 2004)
Secret Key Cryptography (Spring 2004) Instructor: Adi Shamir Teaching assistant: Eran Tromer 1 Background Lecture notes: DES Until early 1970 s: little cryptographic research in industry and academcy.
More informationISSN: (Online) Volume 2, Issue 4, April 2014 International Journal of Advance Research in Computer Science and Management Studies
ISSN: 2321-7782 (Online) Volume 2, Issue 4, April 2014 International Journal of Advance Research in Computer Science and Management Studies Research Article / Paper / Case Study Available online at: www.ijarcsms.com
More informationSymmetric Cryptography. Chapter 6
Symmetric Cryptography Chapter 6 Block vs Stream Ciphers Block ciphers process messages into blocks, each of which is then en/decrypted Like a substitution on very big characters 64-bits or more Stream
More informationOn the Design of Secure Block Ciphers
On the Design of Secure Block Ciphers Howard M. Heys and Stafford E. Tavares Department of Electrical and Computer Engineering Queen s University Kingston, Ontario K7L 3N6 email: tavares@ee.queensu.ca
More informationAll Subkeys Recovery Attack on Block Ciphers: Extending Meet-in-the-Middle Approach
All Subkeys Recovery Attack on Block Ciphers: Extending Meet-in-the-Middle Approach Takanori Isobe and Kyoji Shibutani Sony Corporation 1-7-1 Konan, Minato-ku, Tokyo 108-0075, Japan {Takanori.Isobe,Kyoji.Shibutani}@jp.sony.com
More informationSecret Key Algorithms (DES)
Secret Key Algorithms (DES) G. Bertoni L. Breveglieri Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used
More informationAttack on DES. Jing Li
Attack on DES Jing Li Major cryptanalytic attacks against DES 1976: For a very small class of weak keys, DES can be broken with complexity 1 1977: Exhaustive search will become possible within 20 years,
More informationSymmetric Key Algorithms. Definition. A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting.
Symmetric Key Algorithms Definition A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting. 1 Block cipher and stream cipher There are two main families
More informationChapter 6: Contemporary Symmetric Ciphers
CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 6: Contemporary Symmetric Ciphers Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Why Triple-DES?
More informationDelegation Scheme based on Proxy Re-encryption in Cloud Environment
Vol.133 (Information Technology and Computer Science 2016), pp.122-126 http://dx.doi.org/10.14257/astl.2016. Delegation Scheme based on Proxy Re-encryption in Cloud Environment You-Jin Song Department
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard
Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of
More informationA New Technique for Sub-Key Generation in Block Ciphers
World Applied Sciences Journal 19 (11): 1630-1639, 2012 ISSN 1818-4952 IDOSI Publications, 2012 DOI: 10.5829/idosi.wasj.2012.19.11.1871 A New Technique for Sub-Key Generation in Block Ciphers Jamal N.
More informationPrecise Fault-Injections using Voltage and Temperature Manipulation for Differential Cryptanalysis
Precise Fault-Injections using Voltage and Temperature Manipulation for Differential Cryptanalysis Raghavan Kumar $, Philipp Jovanovic e and Ilia Polian e $ University of Massachusetts, 12 USA e University
More informationOptimized AES Algorithm Using FeedBack Architecture Chintan Raval 1, Maitrey Patel 2, Bhargav Tarpara 3 1, 2,
Optimized AES Algorithm Using FeedBack Architecture Chintan Raval 1, Maitrey Patel 2, Bhargav Tarpara 3 1, 2, Pursuing M.Tech., VLSI, U.V.Patel college of Engineering and Technology, Kherva, Mehsana, India
More informationMeet-in-the-Middle Attack on 8 Rounds of the AES Block Cipher under 192 Key Bits
Meet-in-the-Middle Attack on 8 Rounds of the AES Block Cipher under 192 Key Bits Yongzhuang Wei 1,3,, Jiqiang Lu 2,, and Yupu Hu 3 1 Guilin University of Electronic Technology, Guilin City, Guangxi Province
More informationSecret Key Cryptography
Secret Key Cryptography General Block Encryption: The general way of encrypting a 64-bit block is to take each of the: 2 64 input values and map it to a unique one of the 2 64 output values. This would
More informationAVRprince - An Efficient Implementation of PRINCE for 8-bit Microprocessors
AVprince - An Efficient Implementation of for 8-bit Microprocessors Aria hahverdi, Cong Chen, and Thomas Eisenbarth Worcester Polytechnic Institute, Worcester, MA, UA {ashahverdi,cchen3,teisenbarth}@wpi.edu
More informationUnderstanding Cryptography by Christof Paar and Jan Pelzl. Chapter 4 The Advanced Encryption Standard (AES) ver. October 28, 2009
Understanding Cryptography by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 4 The Advanced Encryption Standard (AES) ver. October 28, 29 These slides were prepared by Daehyun Strobel, Christof
More informationITUbee : A Software Oriented Lightweight Block Cipher
ITUbee : A Software Oriented Lightweight Block Cipher Ferhat Karakoç 1,2, Hüseyin Demirci 1, A. Emre Harmancı 2 1 TÜBİTAK-BİLGEM-UEKAE 2 Istanbul Technical University May 6, 2013 Outline Motivation ITUbee
More informationA New Attack with Side Channel Leakage during Exponent Recoding Computations
A New Attack with Side Channel Leakage during Exponent Recoding Computations Yasuyuki Sakai 1 and Kouichi Sakurai 2 1 Mitsubishi Electric Corporation, 5-1-1 Ofuna, Kamakura, Kanagawa 247-8501, Japan ysakai@iss.isl.melco.co.jp
More informationFrom AES-128 to AES-192 and AES-256, How to Adapt Differential Fault Analysis Attacks
From AES-128 to AES-192 and AES-256, How to Adapt Differential Fault Analysis Attacks Noémie Floissac and Yann L Hyver SERMA TECHNOLOGIES ITSEF 30, avenue Gustave Eiffel, 33608 Pessac, France Email: {n.floissac;y.lhyver}@serma.com
More informationCryptographic Algorithms - AES
Areas for Discussion Cryptographic Algorithms - AES CNPA - Network Security Joseph Spring Department of Computer Science Advanced Encryption Standard 1 Motivation Contenders Finalists AES Design Feistel
More informationTwo Attacks on Reduced IDEA (Extended Abstract)
1 Two Attacks on Reduced IDEA (Extended Abstract) Johan Borst 1, Lars R. Knudsen 2, Vincent Rijmen 2 1 T.U. Eindhoven, Discr. Math., P.O. Box 513, NL-5600 MB Eindhoven, borst@win.tue.nl 2 K.U. Leuven,
More informationArea Optimization in Masked Advanced Encryption Standard
IOSR Journal of Engineering (IOSRJEN) ISSN (e): 2250-3021, ISSN (p): 2278-8719 Vol. 04, Issue 06 (June. 2014), V1 PP 25-29 www.iosrjen.org Area Optimization in Masked Advanced Encryption Standard R.Vijayabhasker,
More informationRECTIFIED DIFFERENTIAL CRYPTANALYSIS OF 16 ROUND PRESENT
RECTIFIED DIFFERENTIAL CRYPTANALYSIS OF 16 ROUND PRESENT Manoj Kumar 1, Pratibha Yadav, Meena Kumari SAG, DRDO, Metcalfe House, Delhi-110054, India mktalyan@yahoo.com 1 ABSTRACT In this paper, we have
More informationVortex: A New Family of One-way Hash Functions Based on AES Rounds and Carry-less Multiplication
Vortex: A New Family of One-way Hash Functions Based on AES Rounds and Carry-less ultiplication Shay Gueron 2, 3, 4 and ichael E. Kounavis 1 1 Corresponding author, Corporate Technology Group, Intel Corporation,
More informationDierential-Linear Cryptanalysis of Serpent? Haifa 32000, Israel. Haifa 32000, Israel
Dierential-Linear Cryptanalysis of Serpent Eli Biham, 1 Orr Dunkelman, 1 Nathan Keller 2 1 Computer Science Department, Technion. Haifa 32000, Israel fbiham,orrdg@cs.technion.ac.il 2 Mathematics Department,
More informationNarrow-Bicliques: Cryptanalysis of Full IDEA. Gaetan Leurent, University of Luxembourg Christian Rechberger, DTU MAT
Narrow-Bicliques: Cryptanalysis of Full IDEA Dmitry Khovratovich, h Microsoft Research Gaetan Leurent, University of Luxembourg Christian Rechberger, DTU MAT Cryptanalysis 101 Differential attacks Linear
More informationConventional Encryption: Modern Technologies
Conventional Encryption: Modern Technologies We mentioned that the statistical weakness in substitution ciphers is that they don t change the frequency of alphabetic letters. For example, if a substitution
More informationCS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES
CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES PREPARED BY R.CYNTHIA PRIYADHARSHINI AP/IT/SREC Block Ciphers A block cipher is an encryption/decryption scheme in which a block of plaintext is treated
More informationFPGA Implementation of WG Stream Cipher
FPGA Implementation of WG Stream Cipher Anna Johnson Assistant Professor,ECE Department, Jyothi Engineering College,Thrissur Abstract Cryptography is the technique of providing security to a network. The
More informationOn the Security of Stream Cipher CryptMT v3
On the Security of Stream Cipher CryptMT v3 Haina Zhang 1, and Xiaoyun Wang 1,2 1 Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan 250100,
More informationKeywords :Avalanche effect,hamming distance, Polynomial for S-box, Symmetric encryption,swapping words in S-box
Efficient Implementation of Aes By Modifying S-Box Vijay L Hallappanavar 1, Basavaraj P Halagali 2, Veena V Desai 3 1 KLES s College of Engineering & Technology, Chikodi, Karnataka 2 V S M Institute of
More informationA METHOD FOR SECURITY ESTIMATION OF THE SPN-BASED BLOCK CIPHER AGAINST RELATED-KEY ATTACKS
t m Mathematical Publications DOI: 10.2478/tmmp-2014-0023 Tatra Mt. Math. Publ. 60 (2014), 25 45 A METHOD FOR SECURITY ESTIMATION OF THE SPN-BASED BLOCK CIPHER AGAINST RELATED-KEY ATTACKS Dmytro Kaidalov
More informationUpdate on Tiger. Kasteelpark Arenberg 10, B 3001 Heverlee, Belgium
Update on Tiger Florian Mendel 1, Bart Preneel 2, Vincent Rijmen 1, Hirotaka Yoshida 3, and Dai Watanabe 3 1 Graz University of Technology Institute for Applied Information Processing and Communications
More informationThe CS 2 Block Cipher
The CS 2 Block Cipher Tom St Denis Secure Science Corporation tom@securescience.net Abstract. In this paper we describe our new CS 2 block cipher which is an extension of the original CS-Cipher. Our new
More informationOne round cipher algorithm for multimedia IoT devices
https://doi.org/10.1007/s11042-018-5660-y One round cipher algorithm for multimedia IoT devices Hassan Noura 1 Ali Chehab 1 Lama Sleem 2 Mohamad Noura 2 Raphaël Couturier 2 Mohammad M. Mansour 1 Received:
More informationImproved differential fault analysis on lightweight block cipher LBlock for wireless sensor networks
Jeong et al. EURASIP Journal on Wireless Communications and Networking 2013, 2013:151 RESEARCH Improved differential fault analysis on lightweight block cipher LBlock for wireless sensor networks Kitae
More informationJordan University of Science and Technology
Jordan University of Science and Technology Cryptography and Network Security - CPE 542 Homework #III Handed to: Dr. Lo'ai Tawalbeh By: Ahmed Saleh Shatnawi 20012171020 On: 8/11/2005 Review Questions RQ3.3
More informationHomework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING
UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING ENEE 457 Computer Systems Security Instructor: Charalampos Papamanthou Homework 2 Out: 09/23/16 Due: 09/30/16 11:59pm Instructions
More informationHill Cipher with Parallel Processing Involving Column, Row Shuffling, Permutation and Iteration on Plaintext and Key
International Journal of Computer Networks and Security, ISSN:25-6878, Vol.23, Issue.2 7 Hill Cipher with Parallel Processing Involving Column, Row Shuffling, Permutation and Iteration on Plaintext and
More informationAdvanced Cryptography 1st Semester Symmetric Encryption
Advanced Cryptography 1st Semester 2007-2008 Pascal Lafourcade Université Joseph Fourrier, Verimag Master: October 22th 2007 1 / 58 Last Time (I) Security Notions Cyclic Groups Hard Problems One-way IND-CPA,
More informationIntroduction to Cryptology Dr. Sugata Gangopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Roorkee
Introduction to Cryptology Dr. Sugata Gangopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Roorkee Lecture 09 Cryptanalysis and its variants, linear attack Welcome
More informationBlock Ciphers. Secure Software Systems
1 Block Ciphers 2 Block Cipher Encryption function E C = E(k, P) Decryption function D P = D(k, C) Symmetric-key encryption Same key is used for both encryption and decryption Operates not bit-by-bit but
More informationCSCI 454/554 Computer and Network Security. Topic 3.1 Secret Key Cryptography Algorithms
CSCI 454/554 Computer and Network Security Topic 3.1 Secret Key Cryptography Algorithms Outline Introductory Remarks Feistel Cipher DES AES 2 Introduction Secret Keys or Secret Algorithms? Security by
More informationNetwork Security. Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar
Network Security Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar Modern Block Ciphers now look at modern block ciphers one of the most widely used types
More informationChapter 3 Block Ciphers and the Data Encryption Standard
Chapter 3 Block Ciphers and the Data Encryption Standard Last Chapter have considered: terminology classical cipher techniques substitution ciphers cryptanalysis using letter frequencies transposition
More informationPGP: An Algorithmic Overview
PGP: An Algorithmic Overview David Yaw 11/6/2001 VCSG-482 Introduction The purpose of this paper is not to act as a manual for PGP, nor is it an in-depth analysis of its cryptographic algorithms. It is
More informationNew Attacks on Feistel Structures with Improved Memory Complexities
New Attacks on Feistel Structures with Improved Memory Complexities Itai Dinur 1, Orr Dunkelman 2,4,, Nathan Keller 3,4,, and Adi Shamir 4 1 Département d Informatique, École Normale Supérieure, Paris,
More informationEfficient FPGA Implementations of PRINT CIPHER
Efficient FPGA Implementations of PRINT CIPHER 1 Tadashi Okabe Information Technology Group Tokyo Metropolitan Industrial Technology Research Institute, Tokyo, Japan Abstract This article presents field
More informationPiret and Quisquater s DFA on AES Revisited
Piret and Quisquater s DFA on AES Revisited Christophe Giraud 1 and Adrian Thillard 1,2 1 Oberthur Technologies, 4, allée du doyen Georges Brus, 33 600 Pessac, France. c.giraud@oberthur.com 2 Université
More informationData Encryption Standard (DES)
Data Encryption Standard (DES) Best-known symmetric cryptography method: DES 1973: Call for a public cryptographic algorithm standard for commercial purposes by the National Bureau of Standards Goals:
More informationLIGHTWEIGHT CRYPTOGRAPHY: A SURVEY
LIGHTWEIGHT CRYPTOGRAPHY: A SURVEY Shweta V. Pawar 1, T.R. Pattanshetti 2 1Student, Dept. of Computer engineering, College of Engineering Pune, Maharashtra, India 2 Professor, Dept. of Computer engineering,
More informationCryptography MIS
Cryptography MIS-5903 http://community.mis.temple.edu/mis5903sec011s17/ Cryptography History Substitution Monoalphabetic Polyalphabetic (uses multiple alphabets) uses Vigenere Table Scytale cipher (message
More informationFPGA Implementation and Evaluation of lightweight block cipher - BORON
FPGA Implementation and Evaluation of lightweight block cipher - BORON 1 Tadashi Okabe 1 Information Technology Group, Tokyo Metropolitan Industrial Technology Research Institute, Tokyo, Japan Abstract
More information