No Arabic abstract
Lightweight stream ciphers are highly demanded in IoT applications. In order to optimize the hardware performance, a new class of stream cipher has been proposed. The basic idea is to employ a single Galois NLFSR with maximum period to construct the cipher. As a representative design of this kind of stream ciphers, Espresso is based on a 256-bit Galois NLFSR initialized by a 128-bit key. The $2^{256}-1$ maximum period is assured because the Galois NLFSR is transformed from a maximum length LFSR. However, we propose a Galois-to-Fibonacci transformation algorithm and successfully transform the Galois NLFSR into a Fibonacci LFSR with a nonlinear output function. The transformed cipher is broken by the standard algebraic attack and the Ro njom-Helleseth attack with complexity $mathcal{O}(2^{68.44})$ and $mathcal{O}(2^{66.86})$ respectively. The transformation algorithm is derived from a new Fibonacci-to-Galois transformation algorithm we propose in this paper. Compare to existing algorithms, proposed algorithms are more efficient and cover more general use cases. Moreover, the transformation result shows that the Galois NLFSR used in any Espresso-like stream ciphers can be easily transformed back into the original Fibonacci LFSR. Therefore, this kind of design should be avoided in the future.
We cast encryption via classical block ciphers in terms of operator spreading in a dual space of Pauli strings, a formulation which allows us to characterize classical ciphers by using tools well known in the analysis of quantum many-body systems. We connect plaintext and ciphertext attacks to out-of-time order correlators (OTOCs) and quantify the quality of ciphers using measures of delocalization in string space such as participation ratios and corresponding entropies obtained from the wave function amplitudes in string space. In particular, we show that in Feistel ciphers the entropy saturates its bound to exponential precision for ciphers with 4 or more rounds, consistent with the classic Luby-Rackoff result. The saturation of the string-space information entropy is accompanied by the vanishing of OTOCs. Together these signal irreversibility and chaos, which we take to be the defining properties of good classical ciphers. More precisely, we define a good cipher by requiring that the saturation of the entropy and the vanishing of OTOCs occurs to super-polynomial precision, implying that the cipher cannot be distinguished from a pseudorandom permutation with a polynomial number of queries. We argue that this criterion can be satisfied by $n$-bit block ciphers implemented via random reversible circuits with ${cal O}(n log n)$ gates. These circuits are composed of layers of $n/3$ non-overlapping non-local random 3-bit gates. In order to reach this speed limit we employ a two-stage circuit: this first stage deploys a set of linear inflationary gates that accelerate the growth of small individual strings; followed by a second stage implemented via universal gates that exponentially proliferate the number of macroscopic strings. We suggest that this two-stage construction would result in the scrambling of quantum states to similar precision and with circuits of similar size.
We describe generalized running key ciphers and apply them for analysis of two Shannons methods. In particular, we suggest some estimation of the cipher equivocation and the probability of correct deciphering without key.
This article discusses the decoding of Gabidulin codes and shows how to extend the usual decoder to any supercode of a Gabidulin code at the cost of a significant decrease of the decoding radius. Using this decoder, we provide polynomial time attacks on the rank-metric encryption schemes RAMESSES and LIGA.
we will present an estimation for the upper-bound of the amount of 16-bytes plaintexts for English texts, which indicates that the block ciphers with block length no more than 16-bytes will be subject to recover plaintext attacks in the occasions of plaintext -known or plaintext-chosen attacks.
The advances of the Internet of Things (IoT) have had a fundamental impact and influence in sharping our rich living experiences. However, since IoT devices are usually resource-constrained, lightweight block ciphers have played a major role in serving as a building block for secure IoT protocols. In CHES 2015, SIMECK, a family of block ciphers, was designed for resource-constrained IoT devices. Since its publication, there have been many analyses on its security. In this paper, under the one bit-flip model, we propose a new efficient fault analysis attack on SIMECK ciphers. Compared to those previously reported attacks, our attack can recover the full master key by injecting faults into only a single round of all SIMECK family members. This property is crucial, as it is infeasible for an attacker to inject faults into different rounds of a SIMECK implementation on IoT devices in the real world. Specifically, our attack is characterized by exercising a deep analysis of differential trail between the correct and faulty immediate ciphertexts. Extensive simulation evaluations are conducted, and the results demonstrate the effectiveness and correctness of our proposed attack.