Anonymous data exchange is in great demand in many situations, especially in remote control systems, in which a stable, secure, and secret data channel must be established between the controlling and controlled parties to distribute control commands and return data. In the previous work, we built a two-level Virtual-Space anonymous communication scheme based on the Crowds System for performing secret data exchange in remote control systems. However, as an essential part of security and anonymity, participating nodes’ identity declaration and session key agreement phases were not well designed. In this paper, we redesign the identity agreement and declaration process and design an identity-based Virtual-Space agreement method using the extended Chebyshev Chaotic Maps. In this approach, we transform the identity declaration process into a multilevel Virtual-Space agreement problem, where a series of security-progressive Virtual-Space addresses are negotiated between the controller and the controlled nodes. The protocol can handle the case where there are multiple controllers in the system, and the negotiated Virtual-Space depends on the identity of the controller and the controlled node, so different controllers do not affect each other. The designed protocol is verified on Freenet, and we conclude this paper with a detailed security analysis of the method to prove that the method satisfies forward security.
{"title":"A Secure Anonymous Identity-Based Virtual-Space Agreement Method for Crowds-Based Anonymous Communicate Scheme","authors":"Kai Lin, Kaiyu Wang, Jin Shang, Qindong Sun","doi":"10.1049/2023/8234537","DOIUrl":"https://doi.org/10.1049/2023/8234537","url":null,"abstract":"Anonymous data exchange is in great demand in many situations, especially in remote control systems, in which a stable, secure, and secret data channel must be established between the controlling and controlled parties to distribute control commands and return data. In the previous work, we built a two-level Virtual-Space anonymous communication scheme based on the Crowds System for performing secret data exchange in remote control systems. However, as an essential part of security and anonymity, participating nodes’ identity declaration and session key agreement phases were not well designed. In this paper, we redesign the identity agreement and declaration process and design an identity-based Virtual-Space agreement method using the extended Chebyshev Chaotic Maps. In this approach, we transform the identity declaration process into a multilevel Virtual-Space agreement problem, where a series of security-progressive Virtual-Space addresses are negotiated between the controller and the controlled nodes. The protocol can handle the case where there are multiple controllers in the system, and the negotiated Virtual-Space depends on the identity of the controller and the controlled node, so different controllers do not affect each other. The designed protocol is verified on Freenet, and we conclude this paper with a detailed security analysis of the method to prove that the method satisfies forward security.","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"64 1","pages":""},"PeriodicalIF":1.4,"publicationDate":"2023-12-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138995363","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper focuses on similarity properties and extension of the classical slide property of block ciphers. Taking FESH, an award-winning block cipher of the National Cryptographic Algorithm Design Competition 2019, as an example, similarity properties of the encryption and key transformation are found, owing to the similar structures that the encryption and key transformation adopted, and the constants generation. Based on the similarity properties, extended slide properties can be constructed for FESH. Slide attacks of FESH are then proposed. The similarity properties and extended slide property are immune to the increasing of iterated rounds, i.e., it cannot be avoided by increasing the round number of FESH. Furthermore, extended slide property helps relaxing the strict requirements of the subkeys in slide attacks. Taking Feistel and SPN structures as examples, frameworks of slide attacks based on the extended slide properties are presented. Slide attack of FESH is exactly a concrete example of SPN structure.
{"title":"Similarity Property and Slide Attack of Block Cipher FESH","authors":"Yafei Zheng, Wenling Wu","doi":"10.1049/2023/7171600","DOIUrl":"https://doi.org/10.1049/2023/7171600","url":null,"abstract":"This paper focuses on similarity properties and extension of the classical slide property of block ciphers. Taking FESH, an award-winning block cipher of the National Cryptographic Algorithm Design Competition 2019, as an example, similarity properties of the encryption and key transformation are found, owing to the similar structures that the encryption and key transformation adopted, and the constants generation. Based on the similarity properties, extended slide properties can be constructed for FESH. Slide attacks of FESH are then proposed. The similarity properties and extended slide property are immune to the increasing of iterated rounds, i.e., it cannot be avoided by increasing the round number of FESH. Furthermore, extended slide property helps relaxing the strict requirements of the subkeys in slide attacks. Taking Feistel and SPN structures as examples, frameworks of slide attacks based on the extended slide properties are presented. Slide attack of FESH is exactly a concrete example of SPN structure.","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"92 2","pages":""},"PeriodicalIF":1.4,"publicationDate":"2023-12-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138975520","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Since their introduction in early 2000, CPA (correlation power analysis), as a cryptographic tool, has been widely used in the cryptanalysis of cryptographic algorithms (being applicable to both symmetric key ciphers as well as to public key encryption schemes). An application of the classical CPA method, along with its variants, to cryptographic algorithms that use parallel implementation of its substitution boxes (S-boxes) commonly requires more power traces to extract the secret key compared to the case when serial implementation of S-boxes is employed. To reduce the amount of power traces in this scenario, we propose a modification of the standard CPA approaches and demonstrate practically that our method performs better than the existing ones in this respect. To verify the efficiency of our improved CPA method, we apply it to the public databases of DPA Contest V2. In particular, the experimental results show that only 495 power traces are required to recover the secret key of AES. We also compare the performance of our attack to the relevant methods whose parameters are available at DPA Contest V2. The results show that compared to the best nonprofiling side-channel attack (SCA) attack, our method reduces the number of power traces required to recover the secret key by 6,566. Also, our new method performs almost similarly as the best profiling SCA attack of Benoit Gerard (in terms of the required number of power traces), thus reducing the gap in the performance of profiling and nonprofiling SCA attacks.
{"title":"Improving the Performance of CPA Attacks for Ciphers Using Parallel Implementation of S-Boxes","authors":"Fu Yao, Yongzhuang Wei, Hua Chen, E. Pasalic","doi":"10.1049/2023/6653956","DOIUrl":"https://doi.org/10.1049/2023/6653956","url":null,"abstract":"Since their introduction in early 2000, CPA (correlation power analysis), as a cryptographic tool, has been widely used in the cryptanalysis of cryptographic algorithms (being applicable to both symmetric key ciphers as well as to public key encryption schemes). An application of the classical CPA method, along with its variants, to cryptographic algorithms that use parallel implementation of its substitution boxes (S-boxes) commonly requires more power traces to extract the secret key compared to the case when serial implementation of S-boxes is employed. To reduce the amount of power traces in this scenario, we propose a modification of the standard CPA approaches and demonstrate practically that our method performs better than the existing ones in this respect. To verify the efficiency of our improved CPA method, we apply it to the public databases of DPA Contest V2. In particular, the experimental results show that only 495 power traces are required to recover the secret key of AES. We also compare the performance of our attack to the relevant methods whose parameters are available at DPA Contest V2. The results show that compared to the best nonprofiling side-channel attack (SCA) attack, our method reduces the number of power traces required to recover the secret key by 6,566. Also, our new method performs almost similarly as the best profiling SCA attack of Benoit Gerard (in terms of the required number of power traces), thus reducing the gap in the performance of profiling and nonprofiling SCA attacks.","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"8 6","pages":""},"PeriodicalIF":1.4,"publicationDate":"2023-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139007622","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
WARP, an efficient lightweight block cipher presented by Banik et al., offers a viable alternative to AES with its 128-bit block and a 128-bit key. It adopts a 32-nibble type-II generalized Feistel network (GFN) structure, incorporating a nibble permutation optimized for both security and efficiency. Notably, WARP has achieved the lowest hardware implementation among 128-bit block ciphers. Its bit-serial encryption-only circuit is only 763 gate equivalents (GEs). Consequently, WARP has received significant attention since its inception. The designers evaluated the number of active Sboxes for linear trails in WARP to establish its security. To further investigate WARP’s resistance against linear attacks, we employed an automated model to analyze the optimal linear trails/hulls of WARP. To achieve this, the problem will be transformed into a Boolean satisfiability problem (SAT). The constraints in conjunctive normal form (CNF) are used to describe the mask propagation of WARP and invoke the SAT solver to find valid solutions. The results allowed us to obtain the optimal correlation of the initial 21-round linear trails for WARP. Furthermore, by enumerating the linear trails within a linear hull, the distribution of linear trails is revealed, and the probability of the linear hull is improved to be more accurate. This work extends the linear distinguisher from 18 to 21 rounds. Additionally, the first independent analysis of WARP’s linear properties is presented, offering a more precise evaluation of its resistance against linear cryptanalysis.
{"title":"SAT-Based Security Evaluation for WARP against Linear Cryptanalysis","authors":"Jiali Shi, Guoqiang Liu, Chao Li","doi":"10.1049/2023/5323380","DOIUrl":"https://doi.org/10.1049/2023/5323380","url":null,"abstract":"WARP, an efficient lightweight block cipher presented by Banik et al., offers a viable alternative to AES with its 128-bit block and a 128-bit key. It adopts a 32-nibble type-II generalized Feistel network (GFN) structure, incorporating a nibble permutation optimized for both security and efficiency. Notably, WARP has achieved the lowest hardware implementation among 128-bit block ciphers. Its bit-serial encryption-only circuit is only 763 gate equivalents (GEs). Consequently, WARP has received significant attention since its inception. The designers evaluated the number of active Sboxes for linear trails in WARP to establish its security. To further investigate WARP’s resistance against linear attacks, we employed an automated model to analyze the optimal linear trails/hulls of WARP. To achieve this, the problem will be transformed into a Boolean satisfiability problem (SAT). The constraints in conjunctive normal form (CNF) are used to describe the mask propagation of WARP and invoke the SAT solver to find valid solutions. The results allowed us to obtain the optimal correlation of the initial 21-round linear trails for WARP. Furthermore, by enumerating the linear trails within a linear hull, the distribution of linear trails is revealed, and the probability of the linear hull is improved to be more accurate. This work extends the linear distinguisher from 18 to 21 rounds. Additionally, the first independent analysis of WARP’s linear properties is presented, offering a more precise evaluation of its resistance against linear cryptanalysis.","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"23 3","pages":""},"PeriodicalIF":1.4,"publicationDate":"2023-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138596857","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Randomized butterfly architecture of fast Fourier transform for key cipher (RBFK) is the lightweight block cipher for Internet of things devices in an edge computing environment. Although the authors claimed that RBFK is secure against differential cryptanalysis, linear cryptanalysis, impossible differential attack, and zero correlation linear cryptanalysis, the details were not explained in the literature. Therefore, we have evaluated the security of RBFK by application of differential cryptanalysis, linear cryptanalysis, and meet-in-the-middle (MITM) attack and have found that RBFK is not secure against these attacks. This paper introduces not only a distinguish attack but also key recovery attacks on full-round RBFK. In the distinguish attack scenario, data for differential cryptanalysis are two, and the time complexity is one for an exclusive-OR operation. In the key recovery attack scenario, the data for linear cryptanalysis are one pair of known plaintext–ciphertext. The time complexity is one operation for a linear sum. Data for an MITM attack are two. The time complexity is 2 48 encryptions; the memory complexity is 2 45 bytes. Because the vulnerabilities are identified in the round function and the key scheduling part, we propose some improvements for RBFK against these attacks.
{"title":"Differential, Linear, and Meet-in-the-Middle Attacks on the Lightweight Block Cipher RBFK","authors":"Sugio Nobuyuki","doi":"10.1049/2023/6691726","DOIUrl":"https://doi.org/10.1049/2023/6691726","url":null,"abstract":"Randomized butterfly architecture of fast Fourier transform for key cipher (RBFK) is the lightweight block cipher for Internet of things devices in an edge computing environment. Although the authors claimed that RBFK is secure against differential cryptanalysis, linear cryptanalysis, impossible differential attack, and zero correlation linear cryptanalysis, the details were not explained in the literature. Therefore, we have evaluated the security of RBFK by application of differential cryptanalysis, linear cryptanalysis, and meet-in-the-middle (MITM) attack and have found that RBFK is not secure against these attacks. This paper introduces not only a distinguish attack but also key recovery attacks on full-round RBFK. In the distinguish attack scenario, data for differential cryptanalysis are two, and the time complexity is one for an exclusive-OR operation. In the key recovery attack scenario, the data for linear cryptanalysis are one pair of known plaintext–ciphertext. The time complexity is one operation for a linear sum. Data for an MITM attack are two. The time complexity is 2 48 encryptions; the memory complexity is 2 45 bytes. Because the vulnerabilities are identified in the round function and the key scheduling part, we propose some improvements for RBFK against these attacks.","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"130 1","pages":""},"PeriodicalIF":1.4,"publicationDate":"2023-11-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139244466","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
As a multireceiver variant of public key authenticated encryption with keyword search (PAEKS), broadcast authenticated encryption with keyword search (BAEKS) was proposed by Liu et al. (ACISP 2021). BAEKS focuses on receiver anonymity, where no information about the receiver is leaked from ciphertexts, which is reminiscent of the anonymous broadcast encryption. Here, there are rooms for improving their security definitions, e.g., two challenge sets of receivers are selected before the setup phase, and an adversary is not allowed to corrupt any receiver. In this paper, we propose a generic construction of BAEKS derived from PAEKS that provides ciphertext anonymity and consistency in a multireceiver setting. The proposed construction is an extension of the generic construction proposed by Libert et al. (PKC 2012) for the fully anonymous broadcast encryption and provides adaptive corruptions. We also demonstrate that the Qin et al. PAEKS scheme (ProvSec 2021) provides ciphertext anonymity and consistency in a multireceiver setting and can be employed as a building block of the proposed generic construction.
broadcast authenticated encryption with keyword search (BAEKS)是public key authentication encryption with PAEKS (public key authentication encryption with keyword search)的一种多接收方变体,Liu等人(ACISP 2021)提出了该算法。BAEKS侧重于接收者的匿名性,其中没有关于接收者的信息从密文中泄露,这让人想起匿名广播加密。在这里,存在改进其安全定义的空间,例如,在设置阶段之前选择两个接收器的挑战集,并且不允许攻击者破坏任何接收器。在本文中,我们提出了一种基于PAEKS的通用BAEKS结构,该结构在多接收者设置下提供密文匿名性和一致性。提出的构造是Libert等人(PKC 2012)提出的用于完全匿名广播加密的通用构造的扩展,并提供自适应损坏。我们也证明了秦等人。PAEKS方案(ProvSec 2021)在多接收者设置中提供密文匿名性和一致性,可以用作提议的通用结构的构建块。
{"title":"Generic Construction of Fully Anonymous Broadcast Authenticated Encryption with Keyword Search with Adaptive Corruptions","authors":"Keita Emura","doi":"10.1049/2023/9922828","DOIUrl":"https://doi.org/10.1049/2023/9922828","url":null,"abstract":"As a multireceiver variant of public key authenticated encryption with keyword search (PAEKS), broadcast authenticated encryption with keyword search (BAEKS) was proposed by Liu et al. (ACISP 2021). BAEKS focuses on receiver anonymity, where no information about the receiver is leaked from ciphertexts, which is reminiscent of the anonymous broadcast encryption. Here, there are rooms for improving their security definitions, e.g., two challenge sets of receivers are selected before the setup phase, and an adversary is not allowed to corrupt any receiver. In this paper, we propose a generic construction of BAEKS derived from PAEKS that provides ciphertext anonymity and consistency in a multireceiver setting. The proposed construction is an extension of the generic construction proposed by Libert et al. (PKC 2012) for the fully anonymous broadcast encryption and provides adaptive corruptions. We also demonstrate that the Qin et al. PAEKS scheme (ProvSec 2021) provides ciphertext anonymity and consistency in a multireceiver setting and can be employed as a building block of the proposed generic construction.","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"37 16","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135432911","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We present an inner-product matchmaking encryption (IP-ME) scheme achieving weak privacy and authenticity in prime-order groups under symmetric external Diffie–Hellman (SXDH) assumption in the standard model. We further present an IP-ME with Monotone Span Program Authenticity (IP-ME with MSP Auth) scheme, where the chosen sender policy is upgraded to MSP, and the scheme also achieves weak privacy and authenticity in prime-order groups under SXDH assumption in the standard model. Both of the schemes have more expressive functionalities than identity-based matchmaking encryption (IB-ME) scheme, and are simpler than Ateniese et al.’s modular ME scheme (Crypto’ 19). But our schemes only achieve a very limited flavor of security, which is reflected in the privacy.
在标准模型中,在对称外部Diffie-Hellman (SXDH)假设下,提出了一种内积配对加密(IP-ME)方案,实现了质数群中的弱隐私性和弱真实性。在此基础上,提出了一种IP-ME with Monotone Span Program Authenticity (IP-ME with MSP Auth)方案,将选择的发送方策略升级为MSP,并在标准模型的SXDH假设下实现了素阶群的弱隐私性和弱真实性。这两种方案都比基于身份的配对加密(IB-ME)方案具有更多的表达功能,并且比Ateniese等人的模块化ME方案(Crypto ' 19)更简单。但是我们的方案只能实现非常有限的安全性,这反映在隐私上。
{"title":"Inner-Product Matchmaking Encryption: Bilateral Access Control and Beyond Equality","authors":"Qiaohan Chu, Anmin Fu, Haifeng Qian, Jie Chen","doi":"10.1049/2023/8829580","DOIUrl":"https://doi.org/10.1049/2023/8829580","url":null,"abstract":"We present an inner-product matchmaking encryption (IP-ME) scheme achieving weak privacy and authenticity in prime-order groups under symmetric external Diffie–Hellman (SXDH) assumption in the standard model. We further present an IP-ME with Monotone Span Program Authenticity (IP-ME with MSP Auth) scheme, where the chosen sender policy is upgraded to MSP, and the scheme also achieves weak privacy and authenticity in prime-order groups under SXDH assumption in the standard model. Both of the schemes have more expressive functionalities than identity-based matchmaking encryption (IB-ME) scheme, and are simpler than Ateniese et al.’s modular ME scheme (Crypto’ 19). But our schemes only achieve a very limited flavor of security, which is reflected in the privacy.","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"15 8","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135933620","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
With the deepening of research, how to construct a fully homomorphic signcryption scheme based on standard assumptions is a problem that we need to solve. For this question, recently, Jin et al. proposed a leveled fully homomorphic signcryption scheme from standard lattices. However, when verifying, it is supposed to unsigncrypt first as they utilize sign-then-encrypt method. This leads to users being unable to verify the authenticity of the data first, which resulting in the waste of resources. This raises another question of how to construct an fully homomorphic signcryption (FHSC) scheme with public verifiability. To solve this problem, we propose a leveled fully homomorphic signcryption scheme that can be publicly verified and show its completeness, IND-CPA security, and strong unforgeability.
{"title":"A Publicly Verifiable Leveled Fully Homomorphic Signcryption Scheme","authors":"Zhaoxuan Bian, Fuqun Wang, Renjun Zhang, Bin Lian, Lidong Han, Kefei Chen","doi":"10.1049/2023/1377042","DOIUrl":"https://doi.org/10.1049/2023/1377042","url":null,"abstract":"With the deepening of research, how to construct a fully homomorphic signcryption scheme based on standard assumptions is a problem that we need to solve. For this question, recently, Jin et al. proposed a leveled fully homomorphic signcryption scheme from standard lattices. However, when verifying, it is supposed to unsigncrypt first as they utilize sign-then-encrypt method. This leads to users being unable to verify the authenticity of the data first, which resulting in the waste of resources. This raises another question of how to construct an fully homomorphic signcryption (FHSC) scheme with public verifiability. To solve this problem, we propose a leveled fully homomorphic signcryption scheme that can be publicly verified and show its completeness, IND-CPA security, and strong unforgeability.","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"68 ","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135872344","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Facing the potential threat raised by quantum computing, a great deal of research from many groups and industrial giants has gone into building public-key post-quantum cryptographic primitives that are resistant to the quantum attackers. Among them, there is a large number of post-quantum key encapsulation mechanisms (KEMs), whose purpose is to provide a secure key exchange, which is a very crucial component in public-key cryptography. This paper presents a formal security analysis of three lattice-based KEMs including Kyber, Saber, and SK-MLWR. We use Maude, a specification language supporting equational and rewriting logic and a high-performance tool equipped with many advanced features, such as a reachability analyzer that can be used as a model checker for invariant properties, to model the three KEMs as state machines. Because they all belong to the class of lattice-based KEMs, they share many common parts in their designs, such as polynomials, vectors, and message exchange patterns. We first model these common parts and combine them into a specification, called base specification. After that, for each of the three KEMs, by extending the base specification, we just need to model some additional parts and the mechanism execution. Once completing the three specifications, we conduct invariant model checkings with the Maude search command, pointing out a similar man-in-the-middle attack. The occurrence of this attack is due to the fact that authentication is not part of the KEMs, and therefore an active attacker can modify all communication between two honest parties.
{"title":"Kyber, Saber, and SK-MLWR Lattice-Based Key Encapsulation Mechanisms Model Checking with Maude","authors":"Duong Dinh Tran, Kazuhiro Ogata, Santiago Escobar, Sedat Akleylek, Ayoub Otmani","doi":"10.1049/2023/9399887","DOIUrl":"https://doi.org/10.1049/2023/9399887","url":null,"abstract":"Facing the potential threat raised by quantum computing, a great deal of research from many groups and industrial giants has gone into building public-key post-quantum cryptographic primitives that are resistant to the quantum attackers. Among them, there is a large number of post-quantum key encapsulation mechanisms (KEMs), whose purpose is to provide a secure key exchange, which is a very crucial component in public-key cryptography. This paper presents a formal security analysis of three lattice-based KEMs including Kyber, Saber, and SK-MLWR. We use Maude, a specification language supporting equational and rewriting logic and a high-performance tool equipped with many advanced features, such as a reachability analyzer that can be used as a model checker for invariant properties, to model the three KEMs as state machines. Because they all belong to the class of lattice-based KEMs, they share many common parts in their designs, such as polynomials, vectors, and message exchange patterns. We first model these common parts and combine them into a specification, called base specification. After that, for each of the three KEMs, by extending the base specification, we just need to model some additional parts and the mechanism execution. Once completing the three specifications, we conduct invariant model checkings with the Maude search command, pointing out a similar man-in-the-middle attack. The occurrence of this attack is due to the fact that authentication is not part of the KEMs, and therefore an active attacker can modify all communication between two honest parties.","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"64 6","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"136019437","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Xin Miao, Lu Li, Chun Guo, Meiqin Wang, Weijia Wang
SM4 is a popular block cipher issued by the Office of State Commercial Cryptography Administration (OSCCA) of China. In this paper, we use the bit-slicing technique that has been shown as a powerful strategy to achieve very fast software implementations of SM4. We investigate optimizations on two frontiers. First, we present a more efficient bit-sliced representation for SM4, which enables running 64 blocks in parallel with 256-bit registers. Second, we describe an optimized algorithm for data form transformations, also allowing efficient implementations of SM4 under Counter (CTR) mode and Galois/Counter mode. The above optimizations contribute to a significant performance gain on one core compared with the state-of-the-art results. This work is an extension of the conference paper at Inscrypt 2022, awarded the best paper award.
{"title":"Bit-Sliced Implementation of SM4 and New Performance Records","authors":"Xin Miao, Lu Li, Chun Guo, Meiqin Wang, Weijia Wang","doi":"10.1049/2023/1821499","DOIUrl":"https://doi.org/10.1049/2023/1821499","url":null,"abstract":"SM4 is a popular block cipher issued by the Office of State Commercial Cryptography Administration (OSCCA) of China. In this paper, we use the bit-slicing technique that has been shown as a powerful strategy to achieve very fast software implementations of SM4. We investigate optimizations on two frontiers. First, we present a more efficient bit-sliced representation for SM4, which enables running 64 blocks in parallel with 256-bit registers. Second, we describe an optimized algorithm for data form transformations, also allowing efficient implementations of SM4 under Counter (CTR) mode and Galois/Counter mode. The above optimizations contribute to a significant performance gain on one core compared with the state-of-the-art results. This work is an extension of the conference paper at Inscrypt 2022, awarded the best paper award.","PeriodicalId":50380,"journal":{"name":"IET Information Security","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"136234434","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: