Generic attacks on small-state stream cipher constructions in the multi-user setting

IF 3.9 4区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS Cybersecurity Pub Date : 2023-10-08 DOI:10.1186/s42400-023-00188-3
Jianfu Huang, Ye Luo, Qinggan Fu, Yincen Chen, Chao Wang, Ling Song
{"title":"Generic attacks on small-state stream cipher constructions in the multi-user setting","authors":"Jianfu Huang, Ye Luo, Qinggan Fu, Yincen Chen, Chao Wang, Ling Song","doi":"10.1186/s42400-023-00188-3","DOIUrl":null,"url":null,"abstract":"Abstract Small-state stream ciphers (SSCs), which violate the principle that the state size should exceed the key size by a factor of two, still demonstrate robust security properties while maintaining a lightweight design. These ciphers can be classified into several constructions and their basic security requirement is to resist generic attacks, i.e., the time–memory–data tradeoff (TMDTO) attack. In this paper, we investigate the security of small-state constructions in the multi-user setting. Based on it, the TMDTO distinguishing attack and the TMDTO key recovery attack are developed for such a setting. It is shown that SSCs which continuously use the key can not resist the TMDTO distinguishing attack. Moreover, SSCs based on the continuous-IV-key-use construction cannot withstand the TMDTO key recovery attack when the key length is shorter than the IV length, no matter whether the keystream length is limited or not. Finally, we apply these two generic attacks to TinyJAMBU and DRACO in the multi-user setting. The TMDTO distinguishing attack on TinyJAMBU with a 128-bit key can be mounted with time, memory, and data complexities of $$2^{64}$$ <mml:math xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"> <mml:msup> <mml:mn>2</mml:mn> <mml:mn>64</mml:mn> </mml:msup> </mml:math> , $$2^{48}$$ <mml:math xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"> <mml:msup> <mml:mn>2</mml:mn> <mml:mn>48</mml:mn> </mml:msup> </mml:math> , and $$2^{32}$$ <mml:math xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"> <mml:msup> <mml:mn>2</mml:mn> <mml:mn>32</mml:mn> </mml:msup> </mml:math> , respectively. This attack is comparable with a recent work on ToSC 2022, where partial key bits of TinyJAMBU are recovered with more than $$2^{50}$$ <mml:math xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"> <mml:msup> <mml:mn>2</mml:mn> <mml:mn>50</mml:mn> </mml:msup> </mml:math> users (or keys). As DRACO’s IV length is smaller than its key length, it is vulnerable to the TMDTO key recovery attack. The resulting attack has a time and memory complexity of both $$2^{112}$$ <mml:math xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"> <mml:msup> <mml:mn>2</mml:mn> <mml:mn>112</mml:mn> </mml:msup> </mml:math> , which means DRACO does not provide 128-bit security in the multi-user setting.","PeriodicalId":36402,"journal":{"name":"Cybersecurity","volume":"80 1","pages":"0"},"PeriodicalIF":3.9000,"publicationDate":"2023-10-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Cybersecurity","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1186/s42400-023-00188-3","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Abstract Small-state stream ciphers (SSCs), which violate the principle that the state size should exceed the key size by a factor of two, still demonstrate robust security properties while maintaining a lightweight design. These ciphers can be classified into several constructions and their basic security requirement is to resist generic attacks, i.e., the time–memory–data tradeoff (TMDTO) attack. In this paper, we investigate the security of small-state constructions in the multi-user setting. Based on it, the TMDTO distinguishing attack and the TMDTO key recovery attack are developed for such a setting. It is shown that SSCs which continuously use the key can not resist the TMDTO distinguishing attack. Moreover, SSCs based on the continuous-IV-key-use construction cannot withstand the TMDTO key recovery attack when the key length is shorter than the IV length, no matter whether the keystream length is limited or not. Finally, we apply these two generic attacks to TinyJAMBU and DRACO in the multi-user setting. The TMDTO distinguishing attack on TinyJAMBU with a 128-bit key can be mounted with time, memory, and data complexities of $$2^{64}$$ 2 64 , $$2^{48}$$ 2 48 , and $$2^{32}$$ 2 32 , respectively. This attack is comparable with a recent work on ToSC 2022, where partial key bits of TinyJAMBU are recovered with more than $$2^{50}$$ 2 50 users (or keys). As DRACO’s IV length is smaller than its key length, it is vulnerable to the TMDTO key recovery attack. The resulting attack has a time and memory complexity of both $$2^{112}$$ 2 112 , which means DRACO does not provide 128-bit security in the multi-user setting.

Abstract Image

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
多用户环境下小状态流密码结构的通用攻击
小状态流密码(ssc)违反了状态大小应超过密钥大小两倍的原则,但在保持轻量级设计的同时仍具有强大的安全性。这些密码可以分为几种结构,它们的基本安全要求是抵抗通用攻击,即时间-内存-数据权衡(TMDTO)攻击。本文研究了多用户环境下小状态结构的安全性问题。在此基础上,开发了TMDTO识别攻击和TMDTO密钥恢复攻击。结果表明,连续使用该密钥的ssc无法抵抗TMDTO识别攻击。此外,无论是否限制密钥流长度,基于连续IV-key-use结构的ssc在密钥长度小于IV长度的情况下都无法抵御TMDTO密钥恢复攻击。最后,我们将这两种通用攻击应用于多用户环境下的《TinyJAMBU》和《DRACO》。使用128位密钥对TinyJAMBU进行TMDTO区分攻击时,时间、内存和数据复杂度分别为$$2^{64}$$ 2 64、$$2^{48}$$ 2 48和$$2^{32}$$ 2 32。这种攻击与ToSC 2022最近的工作相当,其中TinyJAMBU的部分密钥位被$$2^{50}$$ 250多个用户(或密钥)恢复。由于DRACO的IV长度小于其密钥长度,因此容易受到TMDTO密钥恢复攻击。由此产生的攻击具有$$2^{112}$$ 2 112的时间和内存复杂性,这意味着DRACO在多用户设置中不提供128位安全性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Cybersecurity
Cybersecurity Computer Science-Information Systems
CiteScore
7.30
自引率
0.00%
发文量
77
审稿时长
9 weeks
期刊最新文献
Cloud EMRs auditing with decentralized (t, n)-threshold ownership transfer SIFT: Sifting file types—application of explainable artificial intelligence in cyber forensics Modelling user notification scenarios in privacy policies FLSec-RPL: a fuzzy logic-based intrusion detection scheme for securing RPL-based IoT networks against DIO neighbor suppression attacks New partial key exposure attacks on RSA with additive exponent blinding
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1