References of "IACR Transactions on Symmetric Cryptology"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailFinding Bit-Based Division Property for Ciphers with Complex Linear Layers
Hu, Kai; Wang, Qingju UL; Wang, Meiqin

in IACR Transactions on Symmetric Cryptology (2020), (1),

Detailed reference viewed: 20 (0 UL)
Full Text
Peer Reviewed
See detailLinks between Division Property and Other Cube Attack Variants
Hao, Yonglin; Jiao, Lin; Li, Chaoyun et al

in IACR Transactions on Symmetric Cryptology (2020), (1),

Detailed reference viewed: 40 (4 UL)
Full Text
Peer Reviewed
See detailCRAFT: Lightweight Tweakable Block Cipher with Efficient Protection Against DFA Attacks
Beierle, Christof UL; Leander, Gregor; Moradi, Amir et al

in IACR Transactions on Symmetric Cryptology (2019), 2019(1), 5-45

Traditionally, countermeasures against physical attacks are integrated into the implementation of cryptographic primitives after the algorithms have been designed for achieving a certain level of ... [more ▼]

Traditionally, countermeasures against physical attacks are integrated into the implementation of cryptographic primitives after the algorithms have been designed for achieving a certain level of cryptanalytic security. This picture has been changed by the introduction of PICARO, ZORRO, and FIDES, where efficient protection against Side-Channel Analysis (SCA) attacks has been considered in their design. In this work we present the tweakable block cipher CRAFT: the efficient protection of its implementations against Differential Fault Analysis (DFA) attacks has been one of the main design criteria, while we provide strong bounds for its security in the related-tweak model. Considering the area footprint of round-based hardware implementations, CRAFT outperforms the other lightweight ciphers with the same state and key size. This holds not only for unprotected implementations but also when fault-detection facilities, side-channel protection, and their combination are integrated into the implementation. In addition to supporting a 64-bit tweak, CRAFT has the additional property that the circuit realizing the encryption can support the decryption functionality as well with very little area overhead. [less ▲]

Detailed reference viewed: 173 (4 UL)
Full Text
Peer Reviewed
See detailLightweight AEAD and Hashing using the Sparkle Permutation Family
Beierle, Christof UL; Biryukov, Alex UL; Cardoso Dos Santos, Luan UL et al

in IACR Transactions on Symmetric Cryptology (2019)

Detailed reference viewed: 39 (9 UL)
Full Text
Peer Reviewed
See detailNonlinear Approximations in Cryptanalysis Revisited
Beierle, Christof UL; Canteaut, Anne; Leander, Gregor

in IACR Transactions on Symmetric Cryptology (2018), 2018(4), 80-101

This work studies deterministic and non-deterministic nonlinear approximations for cryptanalysis of block ciphers and cryptographic permutations and embeds it into the well-understood framework of linear ... [more ▼]

This work studies deterministic and non-deterministic nonlinear approximations for cryptanalysis of block ciphers and cryptographic permutations and embeds it into the well-understood framework of linear cryptanalysis. For a deterministic (i.e., with correlation ±1) nonlinear approximation we show that in many cases, such a nonlinear approximation implies the existence of a highly-biased linear approximation. For non-deterministic nonlinear approximations, by transforming the cipher under consideration by conjugating each keyed instance with a fixed permutation, we are able to transfer many methods from linear cryptanalysis to the nonlinear case. Using this framework we in particular show that there exist ciphers for which some transformed versions are significantly weaker with regard to linear cryptanalysis than their original counterparts. [less ▲]

Detailed reference viewed: 39 (2 UL)
Full Text
Peer Reviewed
See detailExponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog
Perrin, Léo Paul UL; Udovenko, Aleksei UL

in IACR Transactions on Symmetric Cryptology (2017), 2016(2), 99-124

The block cipher Kuznyechik and the hash function Streebog were recently standardized by the Russian Federation. These primitives use a common 8-bit S-Box, denoted 𝜋, which is given only as a look-up ... [more ▼]

The block cipher Kuznyechik and the hash function Streebog were recently standardized by the Russian Federation. These primitives use a common 8-bit S-Box, denoted 𝜋, which is given only as a look-up table. The rationale behind its design is, for all practical purposes, kept secret by its authors. In a paper presented at Eurocrypt 2016, Biryukov et al. reverse-engineered this S-Box and recovered an unusual Feistel-like structure relying on finite field multiplications. In this paper, we provide a new decomposition of this S-Box and describe how we obtained it. The first step was the analysis of the 8-bit S-Box of the current standard block cipher of Belarus, BelT. This S-Box is a variant of a so-called exponential substitution, a concept we generalize into pseudo-exponential substitution. We derive distinguishers for such permutations based on properties of their linear approximation tables and notice that 𝜋 shares some of them. We then show that 𝜋 indeed has a decomposition based on a pseudo-exponential substitution. More precisely, we obtain a simpler structure based on an 8-bit finite field exponentiation, one 4-bit S-Box, a linear layer and a few modular arithmetic operations. We also make several observations which may help cryptanalysts attempting to reverse-engineer other S-Boxes. For example, the visual pattern used in the previous work as a starting point to decompose 𝜋 is mathematically formalized and the use of differential patterns involving operations other than exclusive-or is explored. [less ▲]

Detailed reference viewed: 181 (9 UL)
Full Text
Peer Reviewed
See detailNew Constructions of MACs from (Tweakable) Block Ciphers
Cogliati, Benoît-Michel UL; Lee, Jooyoung; Seurin, Yannick

in IACR Transactions on Symmetric Cryptology (2017)

We propose new constructions of Message Authentication Codes (MACs) from tweakable or conventional block ciphers. Our new schemes are either stateless and deterministic, nonce-based, or randomized, and ... [more ▼]

We propose new constructions of Message Authentication Codes (MACs) from tweakable or conventional block ciphers. Our new schemes are either stateless and deterministic, nonce-based, or randomized, and provably secure either in the standard model for tweakable block cipher-based ones, or in the ideal cipher model for block cipher-based ones. All our constructions are very efficient, requiring only one call to the underlying (tweakable) block cipher in addition to universally hashing the message. Moreover, the security bounds we obtain are quite strong: they are beyond the birthday bound, and nonce-based/randomized variants provide graceful security degradation in case of misuse, i.e., the security bound degrades linearly with the maximal number of repetitions of nonces/random values. [less ▲]

Detailed reference viewed: 23 (1 UL)
Full Text
Peer Reviewed
See detailMultiset-Algebraic Cryptanalysis of Reduced Kuznyechik, Khazad, and secret SPNs
Biryukov, Alex UL; Khovratovich, Dmitry UL; Perrin, Léo Paul UL

in IACR Transactions on Symmetric Cryptology (2016), 2016(2), 226-247

We devise the first closed formula for the number of rounds of a blockcipher with secret components so that these components can be revealed using multiset, algebraic-degree, or division-integral ... [more ▼]

We devise the first closed formula for the number of rounds of a blockcipher with secret components so that these components can be revealed using multiset, algebraic-degree, or division-integral properties, which in this case are equivalent. Using the new result, we attack 7 (out of 9) rounds of Kuznyechik, the recent Russian blockcipher standard, thus halving its security margin. With the same technique we attack 6 (out of 8) rounds of Khazad, the legacy 64-bit blockcipher. Finally, we show how to cryptanalyze and find a decomposition of generic SPN construction for which the inner-components are secret. All the attacks are the best to date. [less ▲]

Detailed reference viewed: 166 (9 UL)