an improved cryptanalysis of lightweight stream cipher
play

An Improved Cryptanalysis of Lightweight Stream Cipher Grain-v1 - PowerPoint PPT Presentation

Nov 22, 2023 •306 likes •809 views

An Improved Cryptanalysis of Lightweight Stream Cipher Grain-v1 Miodrag J. Mihaljevi 1 , Nishant Sinha 2 , Sugata Gangopadhyay 2 , Subhamoy Maitra 3 , Goutam Paul 3 and Kanta Matsuura 4 1 Mathematical Institute, Serbian Academy of Sciences and

  1. An Improved Cryptanalysis of Lightweight Stream Cipher Grain-v1 Miodrag J. Mihaljević 1 , Nishant Sinha 2 , Sugata Gangopadhyay 2 , Subhamoy Maitra 3 , Goutam Paul 3 and Kanta Matsuura 4 1 Mathematical Institute, Serbian Academy of Sciences and Arts, Belgeade 2 Indian Institute of Technology, Roorkee 3 Indian Statistical Institute, Kolkata 4 The University of Tokyo, Tokyo - COST CRYPTACUS Workshop - 16-18 November 2017, Nijmegen – Netherlands 1 1 1 1

  2. Roadmap • Part I : Why Grain-v1 is interesting and motivation for the work • Part II : Summary of our recent results on Grain- v1 cryptanalysis • Part III: Work in progress - An advanced approach for cryptanalysis of Grain-v1 2

  3. Part I Why Grain-v1 is interesting and motivation for the work - Grain family and academic interest -Lizard: A Grain like lightweight stream cipher reported at FSE 2017 - NIST project on lightweight cryptography (2017) 3

  4. A bird view (1) cryptographic components Recently, Infrastructure for PRIVACY security & privacy has appeared as an issue of top interest 4

  5. A bird view (2): A neverending story • Development of • Development of advanced advanced techniques cryptographic for security evaluation components for of cryptographic information (cyber) components for security & privacy. information (cyber) security & privacy. 5

  6. Motivation for our further work • Grain-v1 is a • Security evaluation of representative of an Grain-v1 also interesting and provides certain important framework guidelines for design for design of of secure lightweight lightweight stream stream ciphers. ciphers. 6

  7. Why Grain Family is Interesting ACADEMIC REFERENCES 7

  8. Grain-v1: A Member of Grain Family initialization keystream generation 8

  9. Some Recent References • Z. Ma, T. Tian, W.-F. Qi , “ Improved conditional differential attacks on Grain v1”, IET Inf. Secur., 2017, Vol. 11 Iss. 1, pp. 46-53. • M. Rahimi, M. Barmshory, M. H. Mansouri, M. R. Aref, “ Dynamic cube attack on Grain-v1 ”, IET Inf. Secur ., 2016, Vol. 10, Iss. 4, pp. 165–172. • S. Banik, “ Conditional differential cryptanalysis of 105 round Grain v1 ”, Cryptogr. Commun . (2016) 8: 113–137. • Z. Ma, T. Tian, W.-F. Qi, “ Conditional differential attacks on Grain-128a stream cipher”, IET Inf. Secur., 2017, Vol. 11 Iss. 3, pp. 139-145. 9

  10. Very Recent References: Improvements Originated from Grain Family • M. Hamann, M. Krause, W. Meier, “ LIZARD – A Lightweight Stream Cipher for Power- constrained Devices ”, FSE 2017, to appear in IACR Transactions on Symmetric Cryptology . • E. Dubrova, Martin Hell, “ Espresso: A stream cipher for 5G wireless communication systems ”, Cryptogr. Commun. (2017) 9: 273– 289 10

  11. Some of Our References on Grain Family • M.J. Mihaljevic, S. Gangopadhyay, G. Paul and H. Imai, " State Recovery of Grain-v1 Employing Normality Order of the Filter Function ", IET Information Security , vol. 6, no. 2, pp. 55-64, June 2012. • M.J. Mihaljevic, S. Gangopadhyay, G. Paul and H. Imai, " Generic Cryptographic Weakness of k-normal Boolean Functions in Certain Stream Ciphers and Cryptanalysis of Grain-128 ", Periodica Mathematica Hungarica , vol. 65, no. 2, pp. 205-227, Dec. 2012. • M.J. Mihaljevic, N. Sinha, S. Gangopadhyay , S. Maitra, G. Paul, K. Matsuura, “ Internal State Recovery of Grain-v1 Stream Cipher Employing Conditional Time-Memory-Data Trade-Off ”, to be submitted. 11

  12. Why Grain Family is Interesting AN ORIGIN FOR ADVANCED DESIGNS 12

  13. Grain-v1 Keystream Generator

  14. LIZARD – A Lightweight Stream Cipher for Power-constrained Devices Matthias Hamann 1 Matthias Krause 1 Willi Meier 2 1 University of Mannheim, Germany 2 FH Nordwestschweiz, Switzerland 07.03.2017 LIZARD – A Lightweight Stream Cipher for Power-constrained Devices Page 14 FSE 2017 (Tokyo, Japan)

  15. Difference to Grain v1 • Smaller state size: 121 bit (compared to 160 bit). • Larger key size: 120 bit (rather than 80 bit), necessary assumption for security proof. • Key is introduced not only once, but twice in initialization. • Quite different output function: Inspired by FLIP stream cipher , uses many (53) inputs. • Both register feedbacks now nonlinear. • Efficiently parallelizable up to a factor of 6 (compared to 16). 07.03.2017 LIZARD – A Lightweight Stream Cipher for Power-constrained Devices Page 15 FSE 2017 (Tokyo, Japan)

  16. L IZARD in keystream generation mode

  17. Hardware Results • Clock speed of 100 kHz . • * indicates serialized key/IV loading . • Load/Ini : Number of clock cycles needed to perform the state initialization. • After state initialization, all designs produce one keystream bit per clock cycle (i.e., 100 kbit/s ). 07.03.2017 LIZARD – A Lightweight Stream Cipher for Power-constrained Devices Page 17 FSE 2017 (Tokyo, Japan)

  18. Why Grain Family is Interesting NIST RECOGNITION 18

  19. NIST Lightweight Cryptograpy Project

  20. NISTIR 8114 REPORT ON LIGHTWEIGHT CRYPTOGRAPHY This publication is available free of charge from: https://doi.org/10.6028/NIST.IR.8114 • Stream ciphers are also promising primitives for constrained environments . The eSTREAM competition, organized by the European Network of Excellence for Cryptology, aimed to identify new stream ciphers that might be suitable for widespread adoption. The finalists of the competition were announced in 2008 and included three stream ciphers for hardware applications with restricted resources: • Grain is widely analyzed and provides implementation flexibility, and also has a version that supports authentication. • Trivium is a widely analyzed design; however, it only supports 80-bit keys. • Mickey is less analyzed compared to Grain and Trivium. It provides less implementation flexibility and is susceptible to timing and power analysis, due to irregular clocking. 20

  21. 21

  22. 22

  23. 23

  24. Part II A summary of our recent results on recent Grain-v1 cryptanalysis 24

  25. Considered Model of Stream Ciphers

  26. Underlying Ideas for Cryptanalysis

  27. Linearized Model (nonlinear) state updating function special internal state (which reduces algebraic degree of the output Boolean function) LINEARIZED or REDUCED ALGEBRAIC DEGREE nonlinear B oolean function output

  28. Grain-v1 Keystream Generator nonlinear function linear function + + NFSR LFSR 80 1 80 1 nonlinear function h(.) … + +

  29. Algebraic Description of Grain-v1

  30. The proposed cryptanalysis is based on the following approach: • employment of a dedicated restricted guess and determine approach; • employment of a dedicated BSW sampling which provides efficient recovery of a part of the internal state (under a dedicated restricted guess) based on the given keystream segment; • employment of a dedicated time-memory trade-off approach.

  31. Probabilistic Background (1)

  32. Probabilistic Background (2)

  33. Towards Internal State Recovery: Guess & Linearise nonlinear function linear function + + LFSR NFSR 80 1 80 1 linear function … + +

  34. “Enforcing” h(.) to be linear

  35. “Enforcing” h(.) to be constant (a consequence of its k-normality)

  36. BSW Sampling and a Part of Internal State Recovery under Linearization Guess nonlinear function linear function + + NFSR LFSR 80 1 80 1 linear function … + + keystream

  37. Framework for Advanced Cryptanalysis (1)

  39. Framework for Advanced Cryptanalysis (2)

  40. Advanced Algorithm for Cryptanalysis (1)

  41. Advanced Algorithm for Cryptanalysis (2)

  42. Part III Novelties in the Advanced Approach 42

  43. Novelties in the Advanced Approach • Construction and • Development of a employment of a dedicated BSW novel dedicated sampling TMD-TO system of equations based on multiple for the guess & prefix patterns determine approach 43

  44. Construction and employment of a novel dedicated system of equations for the guess & determine approach 44

  45. 45

  46. 46

  47. 47

  48. 48

  49. Thank You Very Much for the Attention, and QUESTIONS Please! 49

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lightweight S Stream C Cipher Scheme f for R Resource- Constrained I IoT D Devices WIMOB

Lightweight S Stream C Cipher Scheme f for R Resource- Constrained I IoT D Devices WIMOB

Lightweight S Stream C Cipher Scheme f for R Resource- Constrained I IoT D Devices WIMOB 2019 October 21st 23rd, 2019 Casa Convalescncia, Barcelona, Spain Authors: Hassan Noura, Raphal Couturier, CongDuc Pham and Ali Chehab

149 views • 13 slides
Block Cipher Cryptanalysis II: Block Cipher Cryptanalysis II: Linear Cryptanalysis yp y Andrey

Block Cipher Cryptanalysis II: Block Cipher Cryptanalysis II: Linear Cryptanalysis yp y Andrey

Block Cipher Cryptanalysis II: Block Cipher Cryptanalysis II: Linear Cryptanalysis yp y Andrey Bogdanov Andrey Bogdanov K.U.Leuven, ESAT/COSIC Outline Outline Distribution of Correlation Data Complexity Linear Hulls Zero

659 views • 30 slides
Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY Plaintext Cyphertext More definitions block cipher stream cipher hash function shared key public key digital signature

383 views • 16 slides
The Salsa20 stream cipher Salsa20: additive stream cipher, expanding key and nonce D. J.

The Salsa20 stream cipher Salsa20: additive stream cipher, expanding key and nonce D. J.

The Salsa20 stream cipher Salsa20: additive stream cipher, expanding key and nonce D. J. Bernstein into long stream of bytes Thanks to: to add to plaintext. University of Illinois at Chicago Key : 16 or 32 bytes. NSF CCR9983950 Same

714 views • 43 slides
Linear Cryptanalysis of Stream Ciphers T-79.514 Special Course on Cryptology Seminar talk Emilia

Linear Cryptanalysis of Stream Ciphers T-79.514 Special Course on Cryptology Seminar talk Emilia

Linear Cryptanalysis of Stream Ciphers T-79.514 Special Course on Cryptology Seminar talk Emilia K asper 1 Overview Basic concept of correlation attacks on stream ciphers A correlation attack on the GSM cipher A5/1 A correlation

256 views • 22 slides
Improved Cryptanalysis of Py Paul Crowley LShift Ltd State of the Art in Stream Ciphers 2006 Py

Improved Cryptanalysis of Py Paul Crowley LShift Ltd State of the Art in Stream Ciphers 2006 Py

Py SPP attack Improving on the attack Improved Cryptanalysis of Py Paul Crowley LShift Ltd State of the Art in Stream Ciphers 2006 Py SPP attack Improving on the attack Py eSTREAM entrant by Eli Biham and Jennifer Seberry Fast in

870 views • 38 slides
Statistics in Cryptanalysis Subhabrata Samajder Indian Statistical Institute, Kolkata 24 th May,

Statistics in Cryptanalysis Subhabrata Samajder Indian Statistical Institute, Kolkata 24 th May,

Statistics in Cryptanalysis Subhabrata Samajder Indian Statistical Institute, Kolkata 24 th May, 2017 0/35 Cryptanalysis of Affine Cipher Outline Cryptanalysis of Affine Cipher 1 Hypothesis Testing 2 Linear Cryptanalysis 3 0/35

1.52k views • 110 slides
/ 33 1 Cryptanalysis of Reduced round SKINNY Block Cipher Outline A brief description of

/ 33 1 Cryptanalysis of Reduced round SKINNY Block Cipher Outline A brief description of

/ 33 1 Cryptanalysis of Reduced round SKINNY Block Cipher Outline A brief description of SKINNY Zero-Correlation Linear Cryptanalysis of SKINNY MILP model for SKINNY64 cipher Using MILP in Impossible differential

420 views • 31 slides
Cryptanalysis of Lightweight Block Ciphers: Theory Meets Dependencies Orr Dunkelman Computer

Cryptanalysis of Lightweight Block Ciphers: Theory Meets Dependencies Orr Dunkelman Computer

Dependency Other Win Open Cryptanalysis of Lightweight Block Ciphers: Theory Meets Dependencies Orr Dunkelman Computer Science Department University of Haifa, Israel December 14th, 2019 Orr Dunkelman Cryptanalysis of Lightweight Block

322 views • 31 slides
Cryptanalysis of the Kindle Cipher Conclusion Ciphertext only key-recovery Known-plaintext

Cryptanalysis of the Kindle Cipher Conclusion Ciphertext only key-recovery Known-plaintext

1 / 22 Introduction SAC 2012 Cryptanalysis of the Kindle Cipher A. Biryukov, G. Leurent, A. Roy (uni.lu) Cryptanalysis of the Kindle Cipher Conclusion Ciphertext only key-recovery Known-plaintext key-recovery PC1 . . . . . . .

556 views • 29 slides
Comparison of Cipher implementations from cipher authors 256-bit stream ciphers D. J.

Comparison of Cipher implementations from cipher authors 256-bit stream ciphers D. J.

Comparison of Cipher implementations from cipher authors 256-bit stream ciphers D. J. Bernstein Timing tools Thanks to: (De Canni` ere) University of Illinois at Chicago Denmark Technical University

602 views • 13 slides
Summary We present a new stream cipher Spritz (generating a pseudo-random stream of

Summary We present a new stream cipher Spritz (generating a pseudo-random stream of

S PRITZ A SPONGY RC4- LIKE STREAM CIPHER AND HASH FUNCTION Ronald L. Rivest 1 Jacob C. N. Schuldt 2 1 Vannevar Bush Professor of EECS MIT CSAIL Cambridge, MA 02139 rivest@mit.edu 2 Research Institute for Secure Systems AIST, Japan

603 views • 37 slides
Differential Cryptanalysis of Round-Reduced PRINT CIPHER : Computing Roots of Permutations

Differential Cryptanalysis of Round-Reduced PRINT CIPHER : Computing Roots of Permutations

Description of PRINT CIPHER Differential Cryptanalysis Computing roots of permutations Summary Differential Cryptanalysis of Round-Reduced PRINT CIPHER : Computing Roots of Permutations Mohamed Abdelraheem, Gregor Leander and Erik Zenner DTU

639 views • 21 slides
Block Cipher Cryptanalysis: An Overview Subhabrata Samajder Indian Statistical Institute, Kolkata

Block Cipher Cryptanalysis: An Overview Subhabrata Samajder Indian Statistical Institute, Kolkata

Block Cipher Cryptanalysis: An Overview Subhabrata Samajder Indian Statistical Institute, Kolkata 17 th May, 2017 0/52 Iterated Block Cipher Outline Iterated Block Cipher 1 S-Boxes 2 A Basic Substitution Permutation Network 3 Linear

1.58k views • 113 slides
Cryptanalysis of PRINT CIPHER : The Invariant Subspace Attack Gregor Leander, Mohamed

Cryptanalysis of PRINT CIPHER : The Invariant Subspace Attack Gregor Leander, Mohamed

Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Cryptanalysis of PRINT CIPHER : The Invariant Subspace Attack Gregor Leander, Mohamed Abdelraheem, Huda AlKhzaimi, and Erik Zenner DTU Mathematics

598 views • 37 slides
Block Cipher Cryptanalysis: Basic and Advanced Techniques I

Block Cipher Cryptanalysis: Basic and Advanced Techniques I

Block Cipher Cryptanalysis: Basic and Advanced Techniques I & II Andrey Bogdanov KU Leuven, ESAT/COSIC Outline I. Block Ciphers II.

1.03k views • 79 slides
A New Version of Grain-128 with Authentication Martin Agren 1 Martin Hell 1 Thomas Johansson 1

A New Version of Grain-128 with Authentication Martin Agren 1 Martin Hell 1 Thomas Johansson 1

A New Version of Grain-128 with Authentication Martin Agren 1 Martin Hell 1 Thomas Johansson 1 Willi Meier 2 1 Lund University, Sweden 2 FHNW, Switzerland 110216 / Lyngby Outline 1 Introduction Motivation and Goals 2 The Old Grain-128 The

443 views • 23 slides
Darwin's finches: A full-blown statistical analysis Statistical Thinking in Python II Your

Darwin's finches: A full-blown statistical analysis Statistical Thinking in Python II Your

STATISTICAL THINKING IN PYTHON II Darwin's finches: A full-blown statistical analysis Statistical Thinking in Python II Your well-equipped toolbox Graphical and quantitative EDA Parameter estimation Confidence interval

608 views • 23 slides
Welcome to the course! Statistical Thinking in Python II You will be able to Estimate

Welcome to the course! Statistical Thinking in Python II You will be able to Estimate

STATISTICAL THINKING IN PYTHON II Welcome to the course! Statistical Thinking in Python II You will be able to Estimate parameters ! a t a Compute confidence intervals d l a Perform linear regressions e r h t

628 views • 37 slides
The Simba Simulation Romeel Dav (Edinburgh) CCA: Daniel Angls-Alczar (CCA) Florida: Desika

The Simba Simulation Romeel Dav (Edinburgh) CCA: Daniel Angls-Alczar (CCA) Florida: Desika

The Simba Simulation Romeel Dav (Edinburgh) CCA: Daniel Angls-Alczar (CCA) Florida: Desika Narayanan, Qi Li (Florida) UWC: Mika Rafieferantsoa, Nicole Thomas Edinburgh: Weiguang Cui, Katarina Kraljic, Sarah Appleby, Dylan Robson, Jacob

348 views • 18 slides
Model Building in Grand Unified Theories Tom as Gonzalo University College London 15 October

Model Building in Grand Unified Theories Tom as Gonzalo University College London 15 October

Model Building in Grand Unified Theories Tom as Gonzalo University College London 15 October 2014 1 Outline Motivation Review of Grand Unified Theories Overview of Group Theory Model Building Groups and Representations Theories and

1.13k views • 78 slides
Grand Unified Theory with SU (5) Modular Symmetry A 4 Predicting Fermion Mass Matrices Elena

Grand Unified Theory with SU (5) Modular Symmetry A 4 Predicting Fermion Mass Matrices Elena

<latexit

524 views • 36 slides
Axion predictions in Grand Unified Theories Axion-WIMP workshop 2018 DESY Hamburg, 19/06/18 Anne

Axion predictions in Grand Unified Theories Axion-WIMP workshop 2018 DESY Hamburg, 19/06/18 Anne

Axion predictions in Grand Unified Theories Axion-WIMP workshop 2018 DESY Hamburg, 19/06/18 Anne Ernst based on JHEP 02(2018)103 , in collaboration with Andreas Ringwald and Carlos Tamarit Motivation search for a well-motivated model solving

809 views • 62 slides
The Higgs Boson and Physics Beyond the Standard Model Marc Sher College of William and Mary

The Higgs Boson and Physics Beyond the Standard Model Marc Sher College of William and Mary

The Higgs Boson and Physics Beyond the Standard Model Marc Sher College of William and Mary HUGS Summer School, June 10-11, 2010 Outline 1. Introduction to the Higgs mechanism in the SM, theoretical bounds on the Higgs mass. 2.

1.55k views • 129 slides

More recommend