References of "Roy, Arnab 40021058"
     in
Bookmark and Share    
Full Text
See detailSecurity Aspects of Symmetric-Key Primitives
Roy, Arnab UL

Doctoral thesis (2014)

In this thesis we discuss security aspects of three symmetric-key primitives – Block Cipher, Hash function and MAC (Message Authentication Codes). More specifically, we present the results of our analysis ... [more ▼]

In this thesis we discuss security aspects of three symmetric-key primitives – Block Cipher, Hash function and MAC (Message Authentication Codes). More specifically, we present the results of our analysis on some ARX based hash functions and block ciphers. We analyse the security of recently proposed light-weight block ciphers – SIMON and SPECK. We give a generic graph based method to compute differential probability of bitwise AND with independent and rotationally dependent inputs. Using this algorithm we apply the automatic differential trail searching method for SIMON. We show the results of this search technique, extended for searching differential and applied to both SIMON and SPECK. Using this differential analysis we could perform key recovery attacks on reduced rounds of SIMON and SPECK for different key sizes. We present the results on boomerang analysis of the SHA-3 candidates Skein and BLAKE. Using some modifications to the classic boomerang analysis technique we show second order differential attacks on both the hash functions for reduced rounds. As a result of this analysis we also identify a problem in applying boomerang attacks to ARX designs, which is the reason for non-returning boomerangs in such attacks. For the security analysis of MACs, we show related-key attacks on some popular MACs using a class of (claw-free) related-key deriving functions defined by adversary. In context to several related key attacks on well known block ciphers including AES, a natural concern is the related-key security of MAC which could be designed using such ciphers. We show that using related-key unpredictable function(or permutation) it is possible to design a related-key secure MAC. This is also equivalent to the secure domain extension under related-key unforgeability. We propose a variant Merkle-Damgård iteration to achieve this. We also analyse and improve a generic masking technique, which is used to prevent block cipher implementations from side-channel attacks. We present results of our analysis of a generic higher-order masking technique for S-boxes. This generic masking technique is efficient in software.Itrequiresefficientevaluationofpolynomialsinfinitefield,specificallyinF2n because every S-box can be expressed as a polynomial in a suitable finite field. More specifically, the efficiency of the masking algorithm depends on the number of multiplications(non-squaring) in a finite field. We propose an efficient polynomial evaluation technique to give an improved generic higher-order masking scheme. Using our method we show that we can improve the masking scheme for DES, CLEFIA, CAMELLIA. [less ▲]

Detailed reference viewed: 171 (22 UL)
Full Text
Peer Reviewed
See detailAnalysis and Improvement of the Generic Higher-Order Masking Scheme of FSE 2012
Roy, Arnab UL; Venkatesh, Srinivas Vivek UL

in Bertoni, Guido; Coron, Jean-Sébastien (Eds.) Cryptographic Hardware and Embedded Systems - CHES 2013 (2013)

Masking is a well-known technique used to prevent block cipher implementations from side-channel attacks. Higher-order side channel attacks (e.g. higher-order DPA attack) on widely used block cipher like ... [more ▼]

Masking is a well-known technique used to prevent block cipher implementations from side-channel attacks. Higher-order side channel attacks (e.g. higher-order DPA attack) on widely used block cipher like AES have motivated the design of efficient higher-order masking schemes. Indeed, it is known that as the masking order increases, the difficulty of side-channel attack increases exponentially. However, the main problem in higher-order masking is to design an efficient and secure technique for S-box computations in block cipher implementations. At FSE 2012, Carlet et al. proposed a generic masking scheme that can be applied to any S-box at any order. This is the first generic scheme for efficient software implementations. Analysis of the running time, or masking complexity, of this scheme is related to a variant of the well-known problem of efficient exponentiation (addition chain), and evaluation of polynomials. In this paper we investigate optimal methods for exponentiation in TeX by studying a variant of addition chain, which we call cyclotomic-class addition chain, or CC-addition chain. Among several interesting properties, we prove lower bounds on min-length CC-addition chains. We define the notion of TeX -polynomial chain, and use it to count the number of non-linear multiplications required while evaluating polynomials over TeX . We also give a lower bound on the length of such a chain for any polynomial. As a consequence, we show that a lower bound for the masking complexity of DES S-boxes is three, and that of PRESENT S-box is two. We disprove a claim previously made by Carlet et al. regarding min-length CC-addition chains. Finally, we give a polynomial evaluation method, which results into an improved masking scheme (compared to the technique of Carlet et al.) for DES S-boxes. As an illustration we apply this method to several other S-boxes and show significant improvement for them. [less ▲]

Detailed reference viewed: 193 (6 UL)
Full Text
Peer Reviewed
See detailCryptanalysis of the "Kindle" Cipher
Biryukov, Alex UL; Leurent, Gaëtan UL; Roy, Arnab UL

in Selected Areas in Cryptography (2012)

In this paper we study a 128-bit-key cipher called PC1 which is used as part of the DRM system of the Amazon Kindle e-book reader. This is the first academic cryptanalysis of this cipher and it shows that ... [more ▼]

In this paper we study a 128-bit-key cipher called PC1 which is used as part of the DRM system of the Amazon Kindle e-book reader. This is the first academic cryptanalysis of this cipher and it shows that PC1 is a very weak stream cipher, and can be practically broken in a known-plaintext and even in a ciphertext-only scenario. A hash function based on this cipher has also been proposed and is implemented in the binary editor WinHex. We show that this hash function is also vulnerable to a practical attack, which can produce meaningful collisions or second pre-images. [less ▲]

Detailed reference viewed: 263 (8 UL)
Full Text
Peer Reviewed
See detailBoomerang Attacks on BLAKE-32
Biryukov, Alex UL; Nikolic, Ivica UL; Roy, Arnab UL

in Fast Software Encryption - 18th International Workshop (2011)

We present high probability differential trails on 2 and 3 rounds of BLAKE-32. Using the trails we are able to launch boomerang attacks on up to 8 round-reduced keyed permutation of BLAKE-32. Also, we ... [more ▼]

We present high probability differential trails on 2 and 3 rounds of BLAKE-32. Using the trails we are able to launch boomerang attacks on up to 8 round-reduced keyed permutation of BLAKE-32. Also, we show that boomerangs can be used as distinguishers for hash/compression functions and present such distinguishers for the compression function of BLAKE-32 reduced to 7 rounds. Since our distinguishers on up to 6 round-reduced keyed permutation of BLAKE-32 are practical (complexity of only 212 encryptions), we are able to find boomerang quartets on a PC. [less ▲]

Detailed reference viewed: 66 (0 UL)