Improved Meet-in-the-Middle Attacks on Reduced-Round Deoxys-BC-256

2020 ◽  
Vol 63 (12) ◽  
pp. 1859-1870
Author(s):  
Ya Liu ◽  
Bing Shi ◽  
Dawu Gu ◽  
Fengyu Zhao ◽  
Wei Li ◽  
...  

Abstract In ASIACRYPT 2014, Jean et al. proposed the authentication encryption scheme Deoxys, which is one of the third-round candidates in CAESAR competition. Its internal block cipher is called Deoxys-BC that adopts the tweakey frame. Deoxys-BC has two versions of the tweakey size that are 256 bits and 384 bits, denoted by Deoxys-BC-256 and Deoxys-BC-384, respectively. In this paper, we revaluate the security of Deoxys-BC-256 against the meet-in-the-middle attack to obtain some new results. First, we append one round at the top and two rounds at the bottom of a 6-round distinguisher to form a 9-round truncated differential path with the probability of $2^{-144}$. Based on it, the adversary can attack 9-round Deoxys-BC-256 with $2^{108}$ chosen plaintext-tweaks, $2^{113.6}$ encryptions and $2^{102}$ blocks. Second, we construct a new 6.5-round distinguisher to form 10-round attacking path with the probability of $2^{-152}$. On the basis of it, the adversary could attack 10-round Deoxys-BC-256 with $2^{115}$ chosen plaintext-tweaks, $2^{171}$ encryptions and $2^{152}$ blocks. These two attacks improve the previous cryptanalytic results on reduced-round Deoxys-BC-256 against the meet-in-the-middle attack.

Cryptanalysis is a very important challenge that faces cryptographers. It has several types that should be well studied by cryptographers to be able to design cryptosystem more secure and able to resist any type of attacks. This paper introduces six types of attacks: Linear, Differential , Linear-Differential, Truncated differential Impossible differential attack and Algebraic attacks. In this paper, algebraic attack is used to formulate the substitution box(S-box) of a block cipher to system of nonlinear equations and solve this system by using a classical method called Grobner  Bases . By Solving these equations, we made algebraic attack on S-box.


Author(s):  
Kazuhiko Minematsu ◽  
Tetsu Iwata

At CT-RSA 2017, List and Nandi proposed two variable input length pseudorandom functions (VI-PRFs) called PMACx and PMAC2x, and a deterministic authenticated encryption scheme called SIVx. These schemes use a tweakable block cipher (TBC) as the underlying primitive, and are provably secure up to the query complexity of 2n, where n denotes the block length of the TBC. In this paper, we falsify the provable security claims by presenting concrete attacks. We show that with the query complexity of O(2n/2), i.e., with the birthday complexity, PMACx, PMAC2x, and SIVx are all insecure.


Author(s):  
Luan Ibraimi ◽  
Qiang Tang ◽  
Pieter Hartel ◽  
Willem Jonker

Commercial Web-based Personal-Health Record (PHR) systems can help patients to share their personal health records (PHRs) anytime from anywhere. PHRs are very sensitive data and an inappropriate disclosure may cause serious problems to an individual. Therefore commercial Web-based PHR systems have to ensure that the patient health data is secured using state-of-the-art mechanisms. In current commercial PHR systems, even though patients have the power to define the access control policy on who can access their data, patients have to trust entirely the access-control manager of the commercial PHR system to properly enforce these policies. Therefore patients hesitate to upload their health data to these systems as the data is processed unencrypted on untrusted platforms. Recent proposals on enforcing access control policies exploit the use of encryption techniques to enforce access control policies. In such systems, information is stored in an encrypted form by the third party and there is no need for an access control manager. This implies that data remains confidential even if the database maintained by the third party is compromised. In this paper we propose a new encryption technique called a type-and-identity-based proxy re-encryption scheme which is suitable to be used in the healthcare setting. The proposed scheme allows users (patients) to securely store their PHRs on commercial Web-based PHRs, and securely share their PHRs with other users (doctors).


Author(s):  
N. Mohananthini ◽  
M. Y. Mohamed Parvees ◽  
J. Abdul Samath

Nowadays, lightweight cryptography attracts academicians, scientists and researchers to concentrate on its requisite with the increasing usage of low resource devices. In this paper, a new lightweight image encryption scheme is proposed using the Lorenz 3D super chaotic map. This encryption scheme is an addition–rotation–XOR block cipher designed for its supremacy, efficacy and speed execution. In this addition–rotation–XOR cipher, the equation for Lorenz 3D chaotic map is iteratively solved to generate double valued signals in a speedy manner using the Runge–Kutta and Euler methods. The addition, rotation and diffusion sequences are generated from the double valued signals, and the source pixels of the 8-bit plain test images are manipulated with the addition, rotation and diffusion of the bytes. Finally, the cipher images are constructed from the manipulated pixels and evaluated with various statistical as well as randomness tests. The results from various tests prove that the proposed chaotic addition–rotation–XOR block image cipher is efficient in terms of randomness and speed.


Author(s):  
Anne Canteaut ◽  
Eran Lambooij ◽  
Samuel Neves ◽  
Shahram Rasoolzadeh ◽  
Yu Sasaki ◽  
...  

The current paper studies the probability of differential characteristics for an unkeyed (or with a fixed key) construction. Most notably, it focuses on the gap between two probabilities of differential characteristics: probability with independent S-box assumption, pind, and exact probability, pexact. It turns out that pexact is larger than pind in Feistel network with some S-box based inner function. The mechanism of this gap is then theoretically analyzed. The gap is derived from interaction of S-boxes in three rounds, and the gap depends on the size and choice of the S-box. In particular the gap can never be zero when the S-box is bigger than six bits. To demonstrate the power of this improvement, a related-key differential characteristic is proposed against a lightweight block cipher RoadRunneR. For the 128-bit key version, pind of 2−48 is improved to pexact of 2−43. For the 80-bit key version, pind of 2−68 is improved to pexact of 2−62. The analysis is further extended to SPN with an almost-MDS binary matrix in the core primitive of the authenticated encryption scheme Minalpher: pind of 2−128 is improved to pexact of 2−96, which allows to extend the attack by two rounds.


2020 ◽  
Vol 4 (2) ◽  
pp. 9
Author(s):  
Angga Aditya Permana ◽  
Desi Nurnaningsih

Cryptography is the science of maintaining data confidentiality, where the original text (plaintext) is encrypted using an encryption key to be ciphertext (text that has been encrypted). In this case cryptography secures data from a third party so that the third party cannot know the original contents of the data because the one who holds the key for encryption and decryption is only the sender and receiver. There are several cryptographic methods that are commonly used, one of which is DES or Data Encryption Standard. DES is included in the key-symmetric cryptography and is classified as a block cipher type


2021 ◽  
Vol 2021 ◽  
pp. 1-14
Author(s):  
Muhammad Asif ◽  
Sibgha Mairaj ◽  
Zafar Saeed ◽  
M. Usman Ashraf ◽  
Kamal Jambi ◽  
...  

The nonlinear transformation concedes as S-box which is responsible for the certainty of contemporary block ciphers. Many kinds of S-boxes are planned by various authors in the literature. Construction of S-box with a powerful cryptographic analysis is the vital step in scheming block cipher. Through this paper, we give more powerful and worthy S-boxes and compare their characteristics with some previous S-boxes employed in cryptography. The algorithm program planned in this paper applies the action of projective general linear group P G L 2 , G F 2 8 on Galois field G F 2 8 . The proposed S-boxes are constructed by using Mobius transformation and elements of Galois field. By using this approach, we will encrypt an image which is the preeminent application of S-boxes. These S-boxes offer a strong algebraic quality and powerful confusion capability. We have tested the strength of the proposed S-boxes by using different tests, BIC, SAC, DP, LP, and nonlinearity. Furthermore, we have applied these S-boxes in image encryption scheme. To check the strength of image encryption scheme, we have calculated contrast, entropy, correlation, energy, and homogeneity. The results assured that the proposed scheme is better. The advantage of this scheme is that we can secure our confidential image data during transmission.


Author(s):  
Yu Long Chen ◽  
Atul Luykx ◽  
Bart Mennink ◽  
Bart Preneel

We present a length doubler, LDT, that turns an n-bit tweakable block cipher into an efficient and secure cipher that can encrypt any bit string of length [n..2n − 1]. The LDT mode is simple, uses only two cryptographic primitive calls (while prior work needs at least four), and is a strong length-preserving pseudorandom permutation if the underlying tweakable block ciphers are strong tweakable pseudorandom permutations. We demonstrate that LDT can be used to neatly turn an authenticated encryption scheme for integral data into a mode for arbitrary-length data.


Author(s):  
Wenying Zhang ◽  
Meichun Cao ◽  
Jian Guo ◽  
Enes Pasalic

In this paper, a new method for evaluating the integral property, truncated and impossible differentials for substitution-permutation network (SPN) block ciphers is proposed. The main assumption is an explicit description/expression of the internal state words in terms of the plaintext (ciphertext) words. By counting the number of times these words occur in the internal state expression, we can evaluate the resistance of a given block cipher to integral and impossible/truncated differential attacks more accurately than previous methods. More precisely, we explore the cryptographic consequences of uneven frequency of occurrences of plaintext (ciphertext) words appearing in the algebraic expression of the internal state words. This approach gives a new family of distinguishers employing different concepts such as the integral property, impossible/truncated differentials and the so-called zero-sum property. We then provide algorithms to determine the maximum number of rounds of such new types of distinguishers for SPN block ciphers. The potential and efficiency of this relatively simple method is confirmed through applications. For instance, in the case of SKINNY block cipher, several 10-round integral distinguishers, all of the 11-round impossible differentials, and a 7-round truncated differential could be determined. For the last case, using a single pair of plaintexts differing in three words so that (a = b = c) ≠ (a’ = b’ = c’), we are able to distinguish 7-round SKINNY from random permutations. More importantly, exploiting our distinguishers, we give the first practical attack on 11-round SKINNY-128-128 in the single-key setting (a theoretical attack reaches 16 rounds). Finally, using the same ideas, we provide a concise explanation on the existing distinguishers for round-reduced AES.


Author(s):  
Nilanjan Datta ◽  
Atul Luykx ◽  
Bart Mennink ◽  
Mridul Nandi

The authenticated encryption scheme COLM is a third-round candidate in the CAESAR competition. Much like its antecedents COPA, ELmE, and ELmD, COLM consists of two parallelizable encryption layers connected by a linear mixing function. While COPA uses plain XOR mixing, ELmE, ELmD, and COLM use a more involved invertible mixing function. In this work, we investigate the integrity of the COLM structure when unverified plaintext is released, and demonstrate that its security highly depends on the choice of mixing function. Our results are threefold. First, we discuss the practical nonce-respecting forgery by Andreeva et al. (ASIACRYPT 2014) against COPA’s XOR mixing. Then we present a noncemisusing forgery against arbitrary mixing functions with practical time complexity. Finally, by using significantly larger queries, we can extend the previous forgery to be nonce-respecting.


Sign in / Sign up

Export Citation Format

Share Document