Bounds for Balanced and Generalized Feistel Constructions
|
|
- Dana Vivian Green
- 8 years ago
- Views:
Transcription
1 Bounds for Balanced and Generalized Feistel Constructions Andrey Bogdanov Katholieke Universiteit Leuven, Belgium ECRYPT II SymLab Bounds 2010
2 Outline Feistel Constructions Efficiency Metrics Bounds for Feistel Ciphers Efficiency Comparison
3 Balanced and Generalized Feistel Networks High-Level Constructions BFN Type-I GFN Type-II GFN Type-III GFN Feistel
4 Balanced and Generalized Feistel Networks High-Level Constructions BFN Type-I GFN Type-II GFN Type-III GFN Feistel almost identical encryption and decryption functions
5 Balanced and Generalized Feistel Networks High-Level Constructions BFN Type-I GFN Type-II GFN Type-III GFN Feistel almost identical encryption and decryption functions easy extension of smaller non-linear functions to bigger permutations
6 Balanced and Generalized Feistel Networks High-Level Constructions BFN Type-I GFN Type-II GFN Type-III GFN Feistel almost identical encryption and decryption functions easy extension of smaller non-linear functions to bigger permutations some security proofs available
7 Balanced and Generalized Feistel Functions: SP vs SPS k i SP k i SPS s s s... M i vs s M i s s k i
8 Balanced and Generalized Feistel Functions: SP vs SPS k i SP k i SPS s s s... M i vs s M i s s k i Which one is more efficient for Feistel?
9 Balanced and Generalized Feistel Functions: SP vs SPS k i SP k i SPS s s s... M i vs s M i s s k i Which one is more efficient for Feistel? in terms of resistance against differential and linear cryptanalysis
10 Balanced and Generalized Feistel Functions: SP vs SPS k i SP k i SPS s s s... M i vs s M i s s k i Which one is more efficient for Feistel? in terms of resistance against differential and linear cryptanalysis SP has less S-boxes per function than SPS
11 Balanced and Generalized Feistel Functions: SP vs SPS k i SP k i SPS s s s... M i vs s M i s s k i Which one is more efficient for Feistel? in terms of resistance against differential and linear cryptanalysis SP has less S-boxes per function than SPS SPS turns out consistently more efficient than SP for Feistel!
12 Active S-Boxes
13 Active S-Boxes Differential and linear cryptanalysis
14 Active S-Boxes Differential and linear cryptanalysis two crucial types of attacks
15 Active S-Boxes Differential and linear cryptanalysis two crucial types of attacks tell in a sense how fast the cipher gets close to idealized cipher
16 Active S-Boxes Differential and linear cryptanalysis two crucial types of attacks tell in a sense how fast the cipher gets close to idealized cipher used as subroutines in numerous cryptanalytic extensions
17 Active S-Boxes Differential and linear cryptanalysis two crucial types of attacks tell in a sense how fast the cipher gets close to idealized cipher used as subroutines in numerous cryptanalytic extensions Active S-box
18 Active S-Boxes Differential and linear cryptanalysis two crucial types of attacks tell in a sense how fast the cipher gets close to idealized cipher used as subroutines in numerous cryptanalytic extensions Active S-box involved into the propagation of differential and linear patterns along differential and linear trails
19 Active S-Boxes Differential and linear cryptanalysis two crucial types of attacks tell in a sense how fast the cipher gets close to idealized cipher used as subroutines in numerous cryptanalytic extensions Active S-box involved into the propagation of differential and linear patterns along differential and linear trails contributes to the reduction of the trail probability
20 Active S-Boxes Differential and linear cryptanalysis two crucial types of attacks tell in a sense how fast the cipher gets close to idealized cipher used as subroutines in numerous cryptanalytic extensions Active S-box involved into the propagation of differential and linear patterns along differential and linear trails contributes to the reduction of the trail probability most clear and elaborated tool for security evaluation
21 Active S-Boxes Differential and linear cryptanalysis two crucial types of attacks tell in a sense how fast the cipher gets close to idealized cipher used as subroutines in numerous cryptanalytic extensions Active S-box involved into the propagation of differential and linear patterns along differential and linear trails contributes to the reduction of the trail probability most clear and elaborated tool for security evaluation Limits
22 Active S-Boxes Differential and linear cryptanalysis two crucial types of attacks tell in a sense how fast the cipher gets close to idealized cipher used as subroutines in numerous cryptanalytic extensions Active S-box involved into the propagation of differential and linear patterns along differential and linear trails contributes to the reduction of the trail probability most clear and elaborated tool for security evaluation Limits no evidence against impossible differential attacks
23 Active S-Boxes Differential and linear cryptanalysis two crucial types of attacks tell in a sense how fast the cipher gets close to idealized cipher used as subroutines in numerous cryptanalytic extensions Active S-box involved into the propagation of differential and linear patterns along differential and linear trails contributes to the reduction of the trail probability most clear and elaborated tool for security evaluation Limits no evidence against impossible differential attacks no evidence against multiset analysis/other structural attacks
24 Proportion of active S-boxes to all S-boxes [Shirai-Preneel04]
25 Proportion of active S-boxes to all S-boxes [Shirai-Preneel04] S-box layer is often the most costly operation of ciphers
26 Proportion of active S-boxes to all S-boxes [Shirai-Preneel04] S-box layer is often the most costly operation of ciphers A r,m = # active S-boxes over r rounds for block width m
27 Proportion of active S-boxes to all S-boxes [Shirai-Preneel04] S-box layer is often the most costly operation of ciphers A r,m = # active S-boxes over r rounds for block width m S r,m = # all S-boxes over r rounds for block width m
28 Proportion of active S-boxes to all S-boxes [Shirai-Preneel04] S-box layer is often the most costly operation of ciphers A r,m = # active S-boxes over r rounds for block width m S r,m = # all S-boxes over r rounds for block width m Proportion of active S-boxes over r rounds
29 Proportion of active S-boxes to all S-boxes [Shirai-Preneel04] S-box layer is often the most costly operation of ciphers A r,m = # active S-boxes over r rounds for block width m S r,m = # all S-boxes over r rounds for block width m Proportion of active S-boxes over r rounds E r,m = A r,m /S r,m
30 Proportion of active S-boxes to all S-boxes [Shirai-Preneel04] S-box layer is often the most costly operation of ciphers A r,m = # active S-boxes over r rounds for block width m S r,m = # all S-boxes over r rounds for block width m Proportion of active S-boxes over r rounds E r,m = A r,m /S r,m Asymptotic proportion of active S-boxes for r
31 Proportion of active S-boxes to all S-boxes [Shirai-Preneel04] S-box layer is often the most costly operation of ciphers A r,m = # active S-boxes over r rounds for block width m S r,m = # all S-boxes over r rounds for block width m Proportion of active S-boxes over r rounds E r,m = A r,m /S r,m Asymptotic proportion of active S-boxes for r E m = lim r E r,m
32 Proportion of active S-boxes to all S-boxes [Shirai-Preneel04] S-box layer is often the most costly operation of ciphers A r,m = # active S-boxes over r rounds for block width m S r,m = # all S-boxes over r rounds for block width m Proportion of active S-boxes over r rounds E r,m = A r,m /S r,m Asymptotic proportion of active S-boxes for r E m = lim r E r,m Asymptotic proportion of active S-boxes for r, m
33 Proportion of active S-boxes to all S-boxes [Shirai-Preneel04] S-box layer is often the most costly operation of ciphers A r,m = # active S-boxes over r rounds for block width m S r,m = # all S-boxes over r rounds for block width m Proportion of active S-boxes over r rounds E r,m = A r,m /S r,m Asymptotic proportion of active S-boxes for r E m = lim r E r,m Asymptotic proportion of active S-boxes for r, m E = lim m E m
34 Proportion of active S-boxes to all S-boxes [Shirai-Preneel04] S-box layer is often the most costly operation of ciphers A r,m = # active S-boxes over r rounds for block width m S r,m = # all S-boxes over r rounds for block width m Proportion of active S-boxes over r rounds E r,m = A r,m /S r,m Asymptotic proportion of active S-boxes for r E m = lim r E r,m Asymptotic proportion of active S-boxes for r, m E = lim m E m None of these metrics takes into account the linear operations!
35 Proportion of active S-boxes to all S-boxes [Shirai-Preneel04] S-box layer is often the most costly operation of ciphers A r,m = # active S-boxes over r rounds for block width m S r,m = # all S-boxes over r rounds for block width m Proportion of active S-boxes over r rounds E r,m = A r,m /S r,m Asymptotic proportion of active S-boxes for r E m = lim r E r,m Asymptotic proportion of active S-boxes for r, m E = lim m E m None of these metrics takes into account the linear operations! Large dense MDS matrices can also involve costly computation
36 Proportion of active S-Boxes to S-box and linear operations [Bogdanov09]
37 Proportion of active S-Boxes to S-box and linear operations [Bogdanov09] A r,m = # active S-boxes over r rounds
38 Proportion of active S-Boxes to S-box and linear operations [Bogdanov09] A r,m = # active S-boxes over r rounds S r,m = # all S-boxes over r rounds
39 Proportion of active S-Boxes to S-box and linear operations [Bogdanov09] A r,m = # active S-boxes over r rounds S r,m = # all S-boxes over r rounds L r,m = # all multiplications by constant in F 2 n over r rounds
40 Proportion of active S-Boxes to S-box and linear operations [Bogdanov09] A r,m = # active S-boxes over r rounds S r,m = # all S-boxes over r rounds L r,m = # all multiplications by constant in F 2 n over r rounds λ = cost of one multiplication by constant in F 2 n related to one S-box invocation
41 Proportion of active S-Boxes to S-box and linear operations [Bogdanov09] A r,m = # active S-boxes over r rounds S r,m = # all S-boxes over r rounds L r,m = # all multiplications by constant in F 2 n over r rounds λ = cost of one multiplication by constant in F 2 n related to one S-box invocation Proportion of active S-boxes over r rounds A r,m E r,m = S r,m + λl r,m
42 Proportion of active S-Boxes to S-box and linear operations [Bogdanov09] A r,m = # active S-boxes over r rounds S r,m = # all S-boxes over r rounds L r,m = # all multiplications by constant in F 2 n over r rounds λ = cost of one multiplication by constant in F 2 n related to one S-box invocation Proportion of active S-boxes over r rounds A r,m E r,m = S r,m + λl r,m Asymptotic proportion of active S-boxes for r E m = lim r E r,m
43 Proportion of active S-Boxes to S-box and linear operations [Bogdanov09] A r,m = # active S-boxes over r rounds S r,m = # all S-boxes over r rounds L r,m = # all multiplications by constant in F 2 n over r rounds λ = cost of one multiplication by constant in F 2 n related to one S-box invocation Proportion of active S-boxes over r rounds A r,m E r,m = S r,m + λl r,m Asymptotic proportion of active S-boxes for r E m = lim r E r,m Asymptotic proportion of active S-boxes for r, m E = lim m E m
44 Bounds for Feistel Ciphers Minimum # active S-boxes for SP-functions from literature: [Kanda01], [Shirai-Preneel04], [Wu-Zhang-Lin06], [Shibutani10] BFN-SP GFNI-SP GFNII-SP single-round diffusion M i = M round 4R rounds BR + R 2 16R rounds (3B + 1)R 6R rounds (2B + 2)R multiple-round diffusion M i distinct 3R rounds B R
45 Bounds for Feistel Ciphers Minimum # active S-boxes for SPS-functions: [Bogdanov10], [Bogdanov-Shibutani10] BFN-SPS GFNI-SPS GFNII-SPS GFNIII-SPS 3R rounds 2B 14R rounds 7BR 6R rounds 6BR 14R rounds 7BR
46 Bounds for Feistel Ciphers Minimum # active S-boxes for SPS-functions: [Bogdanov10], [Bogdanov-Shibutani10] BFN-SPS GFNI-SPS GFNII-SPS GFNIII-SPS 3R rounds 2B 14R rounds 7BR 6R rounds 6BR 14R rounds 7BR all single-round diffusion with M i = M in each round
47 Bounds for Feistel Ciphers Minimum # active S-boxes for SPS-functions: [Bogdanov10], [Bogdanov-Shibutani10] BFN-SPS GFNI-SPS GFNII-SPS GFNIII-SPS 3R rounds 2B 14R rounds 7BR 6R rounds 6BR 14R rounds 7BR all single-round diffusion with M i = M in each round proofs basically derive lower bounds on # active function
48 Bounds for Feistel Ciphers Minimum # active S-boxes for SPS-functions: [Bogdanov10], [Bogdanov-Shibutani10] BFN-SPS GFNI-SPS GFNII-SPS GFNIII-SPS 3R rounds 2B 14R rounds 7BR 6R rounds 6BR 14R rounds 7BR all single-round diffusion with M i = M in each round proofs basically derive lower bounds on # active function string-based approach to proofs
49 Bounds for Feistel Ciphers Minimum # active S-boxes for SPS-functions: [Bogdanov10], [Bogdanov-Shibutani10] BFN-SPS GFNI-SPS GFNII-SPS GFNIII-SPS 3R rounds 2B 14R rounds 7BR 6R rounds 6BR 14R rounds 7BR all single-round diffusion with M i = M in each round proofs basically derive lower bounds on # active function string-based approach to proofs all bounds are actually tight
50 Efficiency Comparison SP vs SPS: E = lim r,m A r,m/s r,m, MDS diffusion
51 Efficiency Comparison SP vs SPS: E m = lim r A r,m/s r,m, MDS diffusion
52 Efficiency Comparison SP vs SPS: E m = lim r A r,m/(s r,m + λl r,m), λ = 0.1, m = 8, MDS diffusion
53 Efficiency Comparison SP vs SPS: E m = lim r A r,m/(s r,m + λl r,m), λ = 0.1, m = 16, MDS diffusion
54 Efficiency Comparison SP vs SPS: E m = lim r A r,m/(s r,m + λl r,m), λ = 0.1, m = 32, MDS diffusion
55 Efficiency Comparison SP vs SPS: E m = lim r A r,m/(s r,m + λl r,m), λ = 0.1, m = 64, MDS diffusion
56 Conjecture Instead of Conclusion Conjecture BFN-SPS is optimal with respect to E in the class of all BFN, GFNI, GFNII, and GFNIII designs with SP-, SPS-, SPSP-, SPSPS-,... -type functions instantiated with MDS matrices.
Cryptography and Network Security Chapter 3
Cryptography and Network Security Chapter 3 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 3 Block Ciphers and the Data Encryption Standard All the afternoon
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Lecture No. # 11 Block Cipher Standards (DES) (Refer Slide
More informationThe 128-bit Blockcipher CLEFIA Design Rationale
The 128-bit Blockcipher CLEFIA Design Rationale Revision 1.0 June 1, 2007 Sony Corporation NOTICE THIS DOCUMENT IS PROVIDED AS IS, WITH NO WARRANTIES WHATSOVER, INCLUDING ANY WARRANTY OF MERCHANTABIL-
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Secret Key Cryptography (I) 1 Introductory Remarks Roadmap Feistel Cipher DES AES Introduction
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 3: Block ciphers and DES Ion Petre Department of IT, Åbo Akademi University January 17, 2012 1 Data Encryption Standard
More informationA New 128-bit Key Stream Cipher LEX
A New 128-it Key Stream Cipher LEX Alex Biryukov Katholieke Universiteit Leuven, Dept. ESAT/SCD-COSIC, Kasteelpark Arenerg 10, B 3001 Heverlee, Belgium http://www.esat.kuleuven.ac.e/~airyuko/ Astract.
More informationA PPENDIX H RITERIA FOR AES E VALUATION C RITERIA FOR
A PPENDIX H RITERIA FOR AES E VALUATION C RITERIA FOR William Stallings Copyright 20010 H.1 THE ORIGINS OF AES...2 H.2 AES EVALUATION...3 Supplement to Cryptography and Network Security, Fifth Edition
More informationThe Advanced Encryption Standard: Four Years On
The Advanced Encryption Standard: Four Years On Matt Robshaw Reader in Information Security Information Security Group Royal Holloway University of London September 21, 2004 The State of the AES 1 The
More informationHash Function JH and the NIST SHA3 Hash Competition
Hash Function JH and the NIST SHA3 Hash Competition Hongjun Wu Nanyang Technological University Presented at ACNS 2012 1 Introduction to Hash Function Hash Function Design Basics Hash function JH Design
More informationCryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 12 Block Cipher Standards
More informationBlock Ciphers that are Easier to Mask: How Far Can we Go?
Block Ciphers that are Easier to Mask: How Far Can we Go? Benoît Gérard 1,2, Vincent Grosso 1, María Naya-Plasencia 3, François-Xavier Standaert 1 1 ICTEAM/ELEN/Crypto Group, Université catholique de Louvain,
More informationHow To Encrypt With A 64 Bit Block Cipher
The Data Encryption Standard (DES) As mentioned earlier there are two main types of cryptography in use today - symmetric or secret key cryptography and asymmetric or public key cryptography. Symmetric
More information{(i,j) 1 < i,j < n} pairs, X and X i, such that X and X i differ. exclusive-or sums. ( ) ( i ) V = f x f x
ON THE DESIGN OF S-BOXES A. F. Webster and S. E. Tavares Department of Electrical Engineering Queen's University Kingston, Ont. Canada The ideas of completeness and the avalanche effect were first introduced
More informationWINTER SCHOOL ON COMPUTER SECURITY. Prof. Eli Biham
WINTR SCHOOL ON COMPUTR SCURITY Prof. li Biham Computer Science Department Technion, Haifa 3200003, Israel January 27, 2014 c li Biham c li Biham - January 27, 2014 1 Cryptanalysis of Modes of Operation
More informationBlock encryption. CS-4920: Lecture 7 Secret key cryptography. Determining the plaintext ciphertext mapping. CS4920-Lecture 7 4/1/2015
CS-4920: Lecture 7 Secret key cryptography Reading Chapter 3 (pp. 59-75, 92-93) Today s Outcomes Discuss block and key length issues related to secret key cryptography Define several terms related to secret
More informationThe Stream Cipher HC-128
The Stream Cipher HC-128 Hongjun Wu Katholieke Universiteit Leuven, ESAT/SCD-COSIC Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, Belgium wu.hongjun@esat.kuleuven.be Statement 1. HC-128 supports 128-bit
More information1 Data Encryption Algorithm
Date: Monday, September 23, 2002 Prof.: Dr Jean-Yves Chouinard Design of Secure Computer Systems CSI4138/CEG4394 Notes on the Data Encryption Standard (DES) The Data Encryption Standard (DES) has been
More informationSplit Based Encryption in Secure File Transfer
Split Based Encryption in Secure File Transfer Parul Rathor, Rohit Sehgal Assistant Professor, Dept. of CSE, IET, Nagpur University, India Assistant Professor, Dept. of CSE, IET, Alwar, Rajasthan Technical
More informationApplication of cube attack to block and stream ciphers
Application of cube attack to block and stream ciphers Janusz Szmidt joint work with Piotr Mroczkowski Military University of Technology Military Telecommunication Institute Poland 23 czerwca 2009 1. Papers
More informationlundi 1 octobre 2012 In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal
Symmetric Crypto Pierre-Alain Fouque Birthday Paradox In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal N=365, about 23 people are
More informationA Secure Software Implementation of Nonlinear Advanced Encryption Standard
IOSR Journal of VLSI and Signal Processing (IOSR-JVSP) ISSN: 2319 4200, ISBN No. : 2319 4197 Volume 1, Issue 5 (Jan. - Feb 2013), PP 44-48 A Secure Software Implementation of Nonlinear Advanced Encryption
More informationMAC. SKE in Practice. Lecture 5
MAC. SKE in Practice. Lecture 5 Active Adversary Active Adversary An active adversary can inject messages into the channel Active Adversary An active adversary can inject messages into the channel Eve
More informationTable of Contents. Bibliografische Informationen http://d-nb.info/996514864. digitalisiert durch
1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...
More informationLecture 4 Data Encryption Standard (DES)
Lecture 4 Data Encryption Standard (DES) 1 Block Ciphers Map n-bit plaintext blocks to n-bit ciphertext blocks (n = block length). For n-bit plaintext and ciphertext blocks and a fixed key, the encryption
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. #01 Lecture No. #10 Symmetric Key Ciphers (Refer
More informationNetwork Security. Chapter 3 Symmetric Cryptography. Symmetric Encryption. Modes of Encryption. Symmetric Block Ciphers - Modes of Encryption ECB (1)
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 3 Symmetric Cryptography General Description Modes of ion Data ion Standard (DES)
More informationCryptanalysis of Symmetric Block Ciphers Breaking Reduced KHAZAD and SAFER++
NADA Numerisk analys och datalogi Department of Numerical Analysis Kungl Tekniska Högskolan and Computer Science 100 44 STOCKHOLM Royal Institute of Technology SE-100 44 Stockholm, SWEDEN Cryptanalysis
More informationFSE 2011 - A Case Study on PUFFIN2
Differential Cryptanalysis of PUFFIN and PUFFIN2 Céline Blondeau 1 and Benoît Gérard 2 1 Aalto University School of Science, Department of Information and Computer Science 2 Université catholique de Louvain,
More informationVALLIAMMAI ENGINEERING COLLEGE
VALLIAMMAI ENGINEERING COLLEGE (A member of SRM Institution) SRM Nagar, Kattankulathur 603203. DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING Year and Semester : I / II Section : 1 Subject Code : NE7202
More informationSecret File Sharing Techniques using AES algorithm. C. Navya Latha 200201066 Garima Agarwal 200305032 Anila Kumar GVN 200305002
Secret File Sharing Techniques using AES algorithm C. Navya Latha 200201066 Garima Agarwal 200305032 Anila Kumar GVN 200305002 1. Feature Overview The Advanced Encryption Standard (AES) feature adds support
More informationThe Advanced Encryption Standard (AES)
The Advanced Encryption Standard (AES) All of the cryptographic algorithms we have looked at so far have some problem. The earlier ciphers can be broken with ease on modern computation systems. The DES
More informationCryptography and Network Security Block Cipher
Cryptography and Network Security Block Cipher Xiang-Yang Li Modern Private Key Ciphers Stream ciphers The most famous: Vernam cipher Invented by Vernam, ( AT&T, in 1917) Process the message bit by bit
More informationLecture Note 8 ATTACKS ON CRYPTOSYSTEMS I. Sourav Mukhopadhyay
Lecture Note 8 ATTACKS ON CRYPTOSYSTEMS I Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Attacks on Cryptosystems Up to this point, we have mainly seen how ciphers are implemented. We
More informationEnhancing Advanced Encryption Standard S-Box Generation Based on Round Key
Enhancing Advanced Encryption Standard S-Box Generation Based on Round Key Julia Juremi Ramlan Mahmod Salasiah Sulaiman Jazrin Ramli Faculty of Computer Science and Information Technology, Universiti Putra
More informationHow To Understand And Understand The History Of Cryptography
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professors Jaeger Lecture 5 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/
More informationModern Block Cipher Standards (AES) Debdeep Mukhopadhyay
Modern Block Cipher Standards (AES) Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Introduction
More informationKeywords Web Service, security, DES, cryptography.
Volume 3, Issue 10, October 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Provide the
More informationEXAM questions for the course TTM4135 - Information Security May 2013. Part 1
EXAM questions for the course TTM4135 - Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question
More informationAnalysis of Non-fortuitous Predictive States of the RC4 Keystream Generator
Analysis of Non-fortuitous Predictive States of the RC4 Keystream Generator Souradyuti Paul and Bart Preneel Katholieke Universiteit Leuven, Dept. ESAT/COSIC, Kasteelpark Arenberg 10, B 3001 Leuven-Heverlee,
More informationA Comparative Study Of Two Symmetric Encryption Algorithms Across Different Platforms.
A Comparative Study Of Two Symmetric Algorithms Across Different Platforms. Dr. S.A.M Rizvi 1,Dr. Syed Zeeshan Hussain 2 and Neeta Wadhwa 3 Deptt. of Computer Science, Jamia Millia Islamia, New Delhi,
More informationLightweight Block Ciphers Revisited: Cryptanalysis of Reduced Round PRESENT and HIGHT
Lightweight Block Ciphers Revisited: Cryptanalysis of Reduced Round PRESENT and HIGHT Onur Özen1, Kerem Varıcı 2, Cihangir Tezcan 3, and Çelebi Kocair 4 1 EPFL IC LACAL Station 14. CH-1015 Lausanne, Switzerland
More information6 Data Encryption Standard (DES)
6 Data Encryption Standard (DES) Objectives In this chapter, we discuss the Data Encryption Standard (DES), the modern symmetric-key block cipher. The following are our main objectives for this chapter:
More informationCAESAR candidate PiCipher
CAESAR candidate PiCipher Danilo Gligoroski, ITEM, NTNU, Norway Hristina Mihajloska, FCSE, UKIM, Macedonia Simona Samardjiska, ITEM, NTNU, Norway and FCSE, UKIM, Macedonia Håkon Jacobsen, ITEM, NTNU, Norway
More informationLS-Designs: Bitslice Encryption for Efficient Masked Software Implementations
LS-Designs: Bitslice Encryption for Efficient Masked Software Implementations Vincent Grosso 1, Gaëtan Leurent 1,2, François-Xavier Standaert 1, Kerem Varici 1 1 ICTEAM/ELEN/Crypto Group, Université catholique
More informationSurvey on Enhancing Cloud Data Security using EAP with Rijndael Encryption Algorithm
Global Journal of Computer Science and Technology Software & Data Engineering Volume 13 Issue 5 Version 1.0 Year 2013 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals
More informationCS 758: Cryptography / Network Security
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
More informationSHA3 WHERE WE VE BEEN WHERE WE RE GOING
SHA3 WHERE WE VE BEEN WHERE WE RE GOING Bill Burr May 1, 2013 updated version of John Kelsey s RSA2013 presentation Overview of Talk Where We ve Been: Ancient history 2004 The Competition Where We re Going
More information6.857 Computer and Network Security Fall Term, 1997 Lecture 4 : 16 September 1997 Lecturer: Ron Rivest Scribe: Michelle Goldberg 1 Conditionally Secure Cryptography Conditionally (or computationally) secure
More informationTriathlon of Lightweight Block Ciphers for the Internet of Things
Triathlon of Lightweight Block Ciphers for the Internet of Things Daniel Dinu, Yann Le Corre, Dmitry Khovratovich, Léo Perrin, Johann Großschädl, Alex Biryukov University of Luxembourg {dumitru-daniel.dinu,
More informationK 2r+8 PHT <<<1 MDS MDS
)*.1,(/-+032 THE INSTITUTE OF ELECTRONICS, INFORMATION AND COMMUNICATION ENGINEERS 034- TECHNICAL REPORT OF IEICE. 7865'9 Twosh ;? @A 3 B&C y 3 NTT FRUX_a[\]Ye`khE f 239-0847 Gnql #Hw~ ˆ g 1-1
More informationMessage Authentication
Message Authentication message authentication is concerned with: protecting the integrity of a message validating identity of originator non-repudiation of origin (dispute resolution) will consider the
More informationA NEW DNA BASED APPROACH OF GENERATING KEY-DEPENDENT SHIFTROWS TRANSFORMATION
A NEW DNA BASED APPROACH OF GENERATING KEY-DEPENDENT SHIFTROWS TRANSFORMATION Auday H. Al-Wattar 1, Ramlan Mahmod 2, Zuriati Ahmad Zukarnain3, and Nur Izura Udzir4, 1 Faculty of Computer Science and Information
More informationA PPENDIX G S IMPLIFIED DES
A PPENDIX G S IMPLIFIED DES William Stallings opyright 2010 G.1 OVERVIEW...2! G.2 S-DES KEY GENERATION...3! G.3 S-DES ENRYPTION...4! Initial and Final Permutations...4! The Function f K...5! The Switch
More informationKALE: A High-Degree Algebraic-Resistant Variant of The Advanced Encryption Standard
KALE: A High-Degree Algebraic-Resistant Variant of The Advanced Encryption Standard Dr. Gavekort c/o Vakiopaine Bar Kauppakatu 6, 41 Jyväskylä FINLAND mjos@iki.fi Abstract. We have discovered that the
More information1) Explain the following evolutionary process models: a) The spiral model. b) The concurrent development model.
(DMSIT 21) ASSIGNMENT - 1, MAY-2014. PAPER- I : SOFTWARE ENGINEERING 1) Explain the following evolutionary process models: a) The spiral model. b) The concurrent development model. 2) What are requirements
More informationRC6. Marcel Felipe Weschenfelder
RC6 Marcel Felipe Weschenfelder Introduction Operations Algorithm Performance Crypto analyse Highlight/lowlight Conclusion References Agenda RC6 Introduction Designed by: Ron Rivest, Matt Robshaw, Ray
More informationA NEW DNA BASED APPROACH OF GENERATING KEY- DEPENDENTMIXCOLUMNS TRANSFORMATION
A NEW DNA BASED APPROACH OF GENERATING KEY- DEPENDENTMIXCOLUMNS TRANSFORMATION Auday H. Al-Wattar 1, Ramlan Mahmod 2,Zuriati Ahmad Zukarnain 3 and NurIzura Udzir 4 1 Faculty of Computer Science and Information
More informationDesign of a New Stream Cipher LEX
Design of a New Stream Cipher LEX Alex Biryukov University of Luxemourg, FSTC, 6, rue Richard Coudenhove-Kalergi, L-1359 Luxemourg-Kircherg Luxemourg Astract. In this paper we define a notion of leak extraction
More informationLightweight Cryptography From an Engineers Perspective
Lightweight Cryptography From an Engineers Perspective ECC 2007 Acknowledgement Christof Paar A. Bogdanov, L. Knudsen, G. Leander, M. Robshaw, Y. Seurin, C. Vikkelsoe S. Kumar 2 Outline Motivation Hardware
More informationAC76/AT76 CRYPTOGRAPHY & NETWORK SECURITY DEC 2014
Q.2a. Define Virus. What are the four phases of Viruses? In addition, list out the types of Viruses. A virus is a piece of software that can infect other programs by modifying them; the modification includes
More informationLecture 3: Block Ciphers and the Data Encryption Standard. Lecture Notes on Computer and Network Security. by Avi Kak (kak@purdue.
Lecture 3: Block Ciphers and the Data Encryption Standard Lecture Notes on Computer and Network Security by Avi Kak (kak@purdue.edu) January 15, 2016 12:28am c 2016 Avinash Kak, Purdue University Goals:
More informationHash Function of Finalist SHA-3: Analysis Study
International Journal of Advanced Computer Science and Information Technology (IJACSIT) Vol. 2, No. 2, April 2013, Page: 1-12, ISSN: 2296-1739 Helvetic Editions LTD, Switzerland www.elvedit.com Hash Function
More informationIntroduction to SHA-3 and Keccak
Introduction to SHA-3 and Keccak Joan Daemen STMicroelectronics and Radboud University Crypto summer school 2015 Šibenik, Croatia, May 31 - June 5, 2015 1 / 45 Outline 1 The SHA-3 competition 2 The sponge
More informationEffective software oriented cryptosystem in complex PC security software
Computer Science Journal of Moldova, vol.2, no.3(6), 1994 Effective software oriented cryptosystem in complex PC security software A.Moldovyan N.Moldovyan P.Moldovyan Abstract To ensure high encryption
More informationCryptanalysis of Grain using Time / Memory / Data Tradeoffs
Cryptanalysis of Grain using Time / Memory / Data Tradeoffs v1.0 / 2008-02-25 T.E. Bjørstad The Selmer Center, Department of Informatics, University of Bergen, Pb. 7800, N-5020 Bergen, Norway. Email :
More informationResearch Article. ISSN 2347-9523 (Print) *Corresponding author Shi-hai Zhu Email:
Scholars Journal of Engineering and Technology (SJET) Sch. J. Eng. Tech., 2014; 2(3A):352-357 Scholars Academic and Scientific Publisher (An International Publisher for Academic and Scientific Resources)
More informationSolutions to Problem Set 1
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Handout #8 Zheng Ma February 21, 2005 Solutions to Problem Set 1 Problem 1: Cracking the Hill cipher Suppose
More informationOn the Key Schedule Strength of PRESENT
On the Key Schedule Strength of PRESENT Julio Cesar Hernandez-Castro 1, Pedro Peris-Lopez 2 Jean-Philippe Aumasson 3 1 School of Computing, Portsmouth University, UK 2 Information Security & Privacy Lab,
More informationError oracle attacks and CBC encryption. Chris Mitchell ISG, RHUL http://www.isg.rhul.ac.uk/~cjm
Error oracle attacks and CBC encryption Chris Mitchell ISG, RHUL http://www.isg.rhul.ac.uk/~cjm Agenda 1. Introduction 2. CBC mode 3. Error oracles 4. Example 1 5. Example 2 6. Example 3 7. Stream ciphers
More informationLOW-DEGREE PLANAR MONOMIALS IN CHARACTERISTIC TWO
LOW-DEGREE PLANAR MONOMIALS IN CHARACTERISTIC TWO PETER MÜLLER AND MICHAEL E. ZIEVE Abstract. Planar functions over finite fields give rise to finite projective planes and other combinatorial objects.
More informationReview Jeopardy. Blue vs. Orange. Review Jeopardy
Review Jeopardy Blue vs. Orange Review Jeopardy Jeopardy Round Lectures 0-3 Jeopardy Round $200 How could I measure how far apart (i.e. how different) two observations, y 1 and y 2, are from each other?
More informationOn the Influence of the Algebraic Degree of the Algebraic Degree of
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 59, NO. 1, JANUARY 2013 691 On the Influence of the Algebraic Degree of the Algebraic Degree of Christina Boura and Anne Canteaut on Abstract We present a
More informationComparing Performance of Software CLEFIA to Established Block Ciphers on 8-bit Devices
Comparing Performance of Software CLEFIA to Established Block Ciphers on 8-bit Devices Rembrand van Lakwijk University of Twente P.O. Box 217, 7500AE Enschede The Netherlands r.g.j.f.o.vanlakwijk@student.utwente.nl
More informationCryptography & Network Security. Introduction. Chester Rebeiro IIT Madras
Cryptography & Network Security Introduction Chester Rebeiro IIT Madras The Connected World 2 Information Storage 3 Increased Security Breaches 81% more in 2015 http://www.pwc.co.uk/assets/pdf/2015-isbs-executive-summary-02.pdf
More informationLinear (Hull) and Algebraic Cryptanalysis of the Block Cipher PRESENT
Linear (Hull) and Algebraic Cryptanalysis of the Block Cipher PRESENT Jorge Nakahara Jr 1, Pouyan Sepehrdad 1, Bingsheng Zhang 2, Meiqin Wang 3 1 EPFL, Lausanne, Switzerland 2 Cybernetica AS, Estonia and
More informationNetwork Security. Omer Rana
Network Security Omer Rana CM0255 Material from: Cryptography Components Sender Receiver Plaintext Encryption Ciphertext Decryption Plaintext Encryption algorithm: Plaintext Ciphertext Cipher: encryption
More informationMONTHLY REPORT OF DISBURSEMENTS For the month of January, 2013 In Pesos
For the month of January, 2013 (1) (2) (3) (4) (5) MDS Check Issued 6,436,361.00 60,639.00-6,497,000.00 - - 6,436,361.00 60,639.00-6,497,000.00 Tax Remittance Advices Issued 680,298.86 - - 680,298.86 680,298.86
More informationCIS433/533 - Computer and Network Security Cryptography
CIS433/533 - Computer and Network Security Cryptography Professor Kevin Butler Winter 2011 Computer and Information Science A historical moment Mary Queen of Scots is being held by Queen Elizabeth and
More informationAhsay Online Backup. Whitepaper Data Security
Ahsay Online Backup Version 5.x Jun 2006 Table of Content 1 Introduction...3 2 Server Secure, Robust and Reliable...4 2.1 Secure 128-bit SSL communication...4 2.2 Backup data are securely encrypted...4
More informationHardware Implementation of AES Encryption and Decryption System Based on FPGA
Send Orders for Reprints to reprints@benthamscience.ae The Open Cybernetics & Systemics Journal, 2015, 9, 1373-1377 1373 Open Access Hardware Implementation of AES Encryption and Decryption System Based
More informationA Study of New Trends in Blowfish Algorithm
A Study of New Trends in Blowfish Algorithm Gurjeevan Singh*, Ashwani Kumar**, K. S. Sandha*** *(Department of ECE, Shaheed Bhagat Singh College of Engg. & Tech. (Polywing), Ferozepur-152004) **(Department
More informationSecurePass: Guarding sensitive information from un-trusted machines. Justin Martineau, Palanivel Kodeswaran {jm1,palanik1}@umbc.edu.
SecurePass: Guarding sensitive information from un-trusted machines Justin Martineau, Palanivel Kodeswaran {jm1,palanik1}@umbc.edu Abstract We propose a proxy based solution to secure web access from un-trusted
More informationSecurity Evaluation of the SPECTR-128. Block Cipher
pplied Mathematical Sciences, ol. 7,, no. 4, 6945-696 HIKI td, www.m-hikari.com http://dx.doi.org/.988/ams..584 Security Evaluation of the SPECT-8 Block Cipher Manh Tuan Pham, am T. u Posts and Telecommunications
More informationCSC474/574 - Information Systems Security: Homework1 Solutions Sketch
CSC474/574 - Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a one-round Feistel cipher
More informationData Superhero Online Backup Whitepaper Data Security
Data Superhero Online Backup Whitepaper Data Security Cottage Computers Ltd. Page 1 of 5 (April 15, 2008) Table of Contents Contents 1. Data Superhero Offsite Backup Server Secure, Robust and Reliable...
More informationNote on naming. Note on naming
Joan Daemen Vincent Rijmen Note on naming Rijndael 1. Introduction Note on naming After the selection of Rijndael as the AES, it was decided to change the names of some of its component functions in order
More informationA STUDY OF DES ALGORITHM WITH CELLULAR AUTOMATA
International Journal of Innovative Management, Information & Production ISME International c2013 ISSN 2185-5439 Volume 4, Number 1, June 2013 PP. 10-16 A STUDY OF DES ALGORITHM WITH CELLULAR AUTOMATA
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Introduction to Cryptography What is cryptography?
More informationComparison of CBC MAC Variants and Comments on NIST s Consultation Paper
Comparison of CBC MAC Variants and Comments on NIST s Consultation Paper Tetsu Iwata Department of Computer and Information Sciences, Ibaraki University 4 12 1 Nakanarusawa, Hitachi, Ibaraki 316-8511,
More informationF3 Symmetric Encryption
F3 Symmetric Encryption Cryptographic Algorithms: Overview During this course two main applications of cryptographic algorithms are of principal interest: Encryption of data: transforms plaintext data
More informationSecurity Evaluation of GOST 28147-89 In View Of International Standardisation
Security Evaluation of GOST 28147-89 In View Of International Standardisation Nicolas T. Courtois University College London, Gower Street, London, UK, n.courtois@cs.ucl.ac.uk Abstract. GOST 28147-89 is
More informationData Structure [Question Bank]
Unit I (Analysis of Algorithms) 1. What are algorithms and how they are useful? 2. Describe the factor on best algorithms depends on? 3. Differentiate: Correct & Incorrect Algorithms? 4. Write short note:
More informationFast Implementations of AES on Various Platforms
Fast Implementations of AES on Various Platforms Joppe W. Bos 1 Dag Arne Osvik 1 Deian Stefan 2 1 EPFL IC IIF LACAL, Station 14, CH-1015 Lausanne, Switzerland {joppe.bos, dagarne.osvik}@epfl.ch 2 Dept.
More informationThe SHAvite-3 Hash Function
The SHAvite-3 Hash Function Tweaked Version 23.11.2009 Eli Biham 1, and Orr Dunkelman 2,3 1 Computer Science Department, Technion Haifa 32000, Israel biham@cs.technion.ac.il 2 École Normale Supérieure
More informationParallel AES Encryption with Modified Mix-columns For Many Core Processor Arrays M.S.Arun, V.Saminathan
Parallel AES Encryption with Modified Mix-columns For Many Core Processor Arrays M.S.Arun, V.Saminathan Abstract AES is an encryption algorithm which can be easily implemented on fine grain many core systems.
More informationBattery Power-aware Encryption
Abstract 1 Minimizing power consumption is crucial in battery power limited secure wireless mobile networks. In this paper, we (a) introduce a hardware/software set-up to measure the battery power consumption
More informationAlgebraic Attacks on SOBER-t32 and SOBER-t16 without stuttering
Algebraic Attacks on SOBER-t32 and SOBER-t16 without stuttering Joo Yeon Cho and Josef Pieprzyk Center for Advanced Computing Algorithms and Cryptography, Department of Computing, Macquarie University,
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Karagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Karagpur Lecture No. #06 Cryptanalysis of Classical Ciphers (Refer
More information