Security Aspects of Symmetric-Key Primitives

In this thesis we discuss security aspects of three symmetric-key primitives – Block Cipher, Hash function and MAC (Message Authentication Codes).
More specifically, we present the results of our analysis on some ARX based hash functions and block ciphers. We analyse the security of recently proposed light-weight block ciphers – SIMON and SPECK. We give a generic graph based method to compute differential probability of bitwise AND with independent and rotationally dependent inputs. Using this algorithm we apply the automatic differential trail searching method for SIMON. We show the results of this search technique, extended for searching differential and applied to both SIMON and SPECK. Using this differential analysis we could perform key recovery attacks on reduced rounds of SIMON and SPECK for different key sizes.
We present the results on boomerang analysis of the SHA-3 candidates Skein and BLAKE. Using some modifications to the classic boomerang analysis technique we show second order differential attacks on both the hash functions for reduced rounds. As a result of this analysis we also identify a problem in applying boomerang attacks to ARX designs, which is the reason for non-returning boomerangs in such attacks.
For the security analysis of MACs, we show related-key attacks on some popular MACs using a class of (claw-free) related-key deriving functions defined by adversary. In context to several related key attacks on well known block ciphers including AES, a natural concern is the related-key security of MAC which could be designed using such ciphers. We show that using related-key unpredictable function(or permutation) it is possible to design a related-key secure MAC. This is also equivalent to the secure domain extension under related-key unforgeability. We propose a variant Merkle-Damgård iteration to achieve this.
We also analyse and improve a generic masking technique, which is used to prevent block cipher implementations from side-channel attacks. We present results of our analysis of a generic higher-order masking technique for S-boxes. This generic masking technique is efficient in software.Itrequiresefficientevaluationofpolynomialsinfinitefield,specificallyinF2n because every S-box can be expressed as a polynomial in a suitable finite field. More specifically, the efficiency of the masking algorithm depends on the number of multiplications(non-squaring) in a finite field. We propose an efficient polynomial evaluation technique to give an improved generic higher-order masking scheme. Using our method we show that we can improve the masking scheme for DES, CLEFIA, CAMELLIA.