Du är här

On Some Symmetric Lightweight Cryptographic Designs

Författare:
  • Martin Ågren
Publiceringsår: 2012
Språk: Engelska
Sidor: 212
Dokumenttyp: Doktorsavhandling

Sammanfattning

This dissertation presents cryptanalysis of several symmetric lightweight primitives, both stream ciphers and block ciphers. Further, some aspects of authentication in combination with a keystream generator is investigated, and a new member of the Grain family of stream ciphers, Grain-128a, with built-in support for authentication is presented.

The first contribution is an investigation of how authentication can be provided at a low additional cost, assuming a synchronous stream cipher is already implemented and used for encryption.

These findings are then used when presenting the latest addition to the Grain family of stream ciphers, Grain-128a. It uses a 128-bit key and a 96-bit initialization vector to generate keystream, and to possibly also authenticate the plaintext.

Next, the stream cipher BEAN, superficially similar to Grain, but notably using a weak output function and two feedback with carry shift registers (FCSRs) rather than linear and (non-FCSR) nonlinear feedback shift registers, is cryptanalyzed. An efficient distinguisher and a state-recovery attack is given. It is shown how knowledge of the state can be used to recover the key in a straightforward way.

The remainder of this dissertation then focuses on block ciphers. First, a related-key attack on KTANTAN is presented. The attack notably uses only a few related keys, runs in less than half a minute on a current computer, and directly contradicts the designers' claims. It is discussed why this is, and what can be learned from this.

Next, PRINTcipher is subjected to linear cryptanalysis. Several weak key classes are identified and it is shown how several observations of the same statistical property can be made for each plaintext--ciphertext pair.

Finally, the invariant subspace property, first observed for certain key classes in PRINTcipher, is investigated. In particular, its connection to large linear biases is studied through an eigenvector which arises inside the cipher and leads to trail clustering in the linear hull which, under reasonable assumptions, causes a significant number of large linear biases. Simulations on several versions of PRINTcipher are compared to the theoretical findings.

Disputation

2012-11-28
13:15
Lecture hall E:1406, E-building, Ole Römers väg 3, Lund University Faculty of Engineering
  • Vincent Rijmen (Prof.)

Nyckelord

  • Technology and Engineering
  • Lightweight cryptography
  • integrity
  • authentication
  • symmetric cryptography
  • stream ciphers
  • block ciphers
  • Grain-128a
  • BEAN
  • KTANTAN
  • \textsc{PRINTcipher}
  • FCSR combiner
  • related-key attack
  • linear cryptanalysis
  • linear correlations
  • invariant subspace attack.

Övriga

  • Stiftelsen för Strategisk Forskning
  • EIT_HSWC:Coding Coding, modulation, security and their implementation
  • Crypto and Security
  • Thomas Johansson (Prof.)
  • Martin Hell (Dr)
  • ISSN: 1654-790X; No. 46
  • ISBN: 978-91-7473-391-4

Box 117, 221 00 LUND
Telefon 046-222 00 00 (växel)
Telefax 046-222 47 20
lu [at] lu [dot] se

 

Fakturaadress: Box 188, 221 00 LUND
Organisationsnummer: 202100-3211
Om webbplatsen