The Experts below are selected from a list of 12444 Experts worldwide ranked by ideXlab platform
Adi Shamir - One of the best experts on this subject based on the ideXlab platform.
-
applying cube attacks to Stream Ciphers in realistic scenarios
Cryptography and Communications, 2012Co-Authors: Itai Dinur, Adi ShamirAbstract:Cube attacks were introduced in Dinur and Shamir (2009) as a cryptanalytic technique that requires only black box access to the underlying cryptosystem. The attack exploits the existence of low degree polynomial representation of a single output bit (as a function of the key and plaintext bits) in order to recover the secret key. Although cube attacks can be applied in principle to almost any cryptosystem, most block Ciphers iteratively apply a highly non-linear round function (based on Sboxes or arithmetic operations) a large number of times which makes them resistant to cube attacks. On the other hand, many Stream Ciphers (such as Trivium (De Canniere and Preneel 2008)), are built using linear or low degree components and are natural targets for cube attacks. In this paper, we describe in detail how to apply cube attacks to Stream Ciphers in various settings with different assumptions on the target Stream cipher and on the data available to the attacker.
-
Applying cube attacks to Stream Ciphers in realistic scenarios
Cryptography and Communications, 2012Co-Authors: Itai Dinur, Adi ShamirAbstract:Cube attacks were introduced in Dinur and Shamir ( 2009 ) as a cryptanalytic technique that requires only black box access to the underlying cryptosystem. The attack exploits the existence of low degree polynomial representation of a single output bit (as a function of the key and plaintext bits) in order to recover the secret key. Although cube attacks can be applied in principle to almost any cryptosystem, most block Ciphers iteratively apply a highly non-linear round function (based on Sboxes or arithmetic operations) a large number of times which makes them resistant to cube attacks. On the other hand, many Stream Ciphers (such as Trivium (De Cannière and Preneel 2008 )), are built using linear or low degree components and are natural targets for cube attacks. In this paper, we describe in detail how to apply cube attacks to Stream Ciphers in various settings with different assumptions on the target Stream cipher and on the data available to the attacker.
-
Stream Ciphers dead or alive
International Conference on the Theory and Application of Cryptology and Information Security, 2004Co-Authors: Adi ShamirAbstract:Secret key cryptography was traditionally divided into block Ciphers and Stream Ciphers, but over the last 30 years the balance had steadily shifted, and today Stream Ciphers have become an endangered species. In this talk I’ll survey the current state of the art in Stream Ciphers: who needs them, who uses them, how they are attacked, and how they can be protected by new types of constructions.
-
ASIACRYPT - Stream Ciphers: Dead or Alive?
Advances in Cryptology - ASIACRYPT 2004, 2004Co-Authors: Adi ShamirAbstract:Secret key cryptography was traditionally divided into block Ciphers and Stream Ciphers, but over the last 30 years the balance had steadily shifted, and today Stream Ciphers have become an endangered species. In this talk I’ll survey the current state of the art in Stream Ciphers: who needs them, who uses them, how they are attacked, and how they can be protected by new types of constructions.
-
Fault analysis of Stream Ciphers
Lecture Notes in Computer Science, 2004Co-Authors: Jonathan J. Hoch, Adi ShamirAbstract:A fault attack is a powerful cryptanalytic tool which can be applied to many types of cryptosystems which are not vulnerable to direct attacks. The research literature contains many examples of fault attacks on public key cryptosystems and block Ciphers, but surprisingly we could not find any systematic study of the applicability of fault attacks to Stream Ciphers. Our goal in this paper is to develop general techniques which can be used to attack the standard constructions of Stream Ciphers based on LFSR's, as well as more specialized techniques which can be used against specific Stream Ciphers such as RC4, LILI-128 and SOBER-t32. While most of the schemes can be successfully attacked, we point out several interesting open problems such as an attack on FSM filtered constructions and the analysis of high Hamming weight faults in LFSR's.
Ingrid Verbauwhede - One of the best experts on this subject based on the ideXlab platform.
-
fault analysis of the chacha and salsa families of Stream Ciphers
Smart Card Research and Advanced Application Conference, 2017Co-Authors: Arthur Beckers, Benedikt Gierlichs, Ingrid VerbauwhedeAbstract:We present a fault analysis study of the ChaCha and Salsa families of Stream Ciphers. We first show that attacks like differential fault analysis that are common in the block cipher setting are not applicable against these families of Stream Ciphers. Then we propose two novel fault attacks that can be used against any variant of the Ciphers. We base our attacks on two different fault models: the stuck-at fault model and the biased fault model. Each of them is exploited differently by the attacker. If the attacker knows the plaintexts and the ciphertexts both fault models can be successfully exploited. If the Ciphers operate on fixed yet unknown plaintexts only the biased fault model can be successfully exploited. We evaluate exemplary attacks using both models in simulation. Their low complexity confirms that they are practical. To the best of our knowledge these are the first fault attacks against ChaCha and Salsa that do not require faults in the control flow (e.g. instruction skip).
-
Hardware/software co-design for Stream Ciphers
International Journal of Information Security, 2014Co-Authors: Patrick Schaumont, Ingrid VerbauwhedeAbstract:The EStream project has identified two profiles for Stream Ciphers: a hardware profile and a software profile. The software profile is directly applicable to many computer systems. The hardware profile, on the other hand, does not reflect a complete system design, but instead represents a stand-alone component. In this paper we consider the integration of hardware Stream Ciphers in software systems for the case of Trivium, Salsa20 and Phelix. We review the different categories of hardware/software interfaces and then present performanceand implementation results for several Stream-cipher configurations. Our conclusion is that the wide variety of possible hardware/software interfaces has substantial impact on the resulting performance of the design. We therefore conclude that the hardware profile should consider not only the intrinsic performance and area cost of a Stream cipher, but also the required input-output bandwidth for that given encryption performance.
-
power analysis of synchronous Stream Ciphers with resynchronization mechanism
Intelligent Information Technology Application, 2008Co-Authors: Joseph Lano, Nele Mentens, Bart Preneel, Ingrid VerbauwhedeAbstract:In this paper we discuss power analysis of Stream Ciphers. In such attacks, one measures the power consumption of the algorithm and tries to extract the secret key from these measurements. Power attacks have been mounted against block Ciphers and public key algorithms but not yet against Stream Ciphers. In this paper we give a theoretical framework that shows that power analysis of Stream Ciphers with resynchronization mechanism is feasible and describe possible attack methodologies against A5/1 and E0.
-
energy performance area versus security trade offs for Stream Ciphers
ECRYPT workshop SASC - the state-of-the art of stream ciphers, 2004Co-Authors: Lejla Batina, Joseph Lano, Nele Mentens, Bart Preneel, S B Ors, Ingrid VerbauwhedeAbstract:SASC - The State of the Art of Stream Ciphers, October 14-15, Brugge, Belgium : Special Workshop hosted by the ECRYPT Network of Excellence
Eric Filiol - One of the best experts on this subject based on the ideXlab platform.
-
Ciphertext only Reconstruction of Stream Ciphers Based on Combination Generators
Fast Software Encryption, 2001Co-Authors: Anne Canteaut, Eric FiliolAbstract:This paper presents an operational reconstruction technique of most Stream Ciphers. We primarily expose it for key-Stream generators which consist of several linear feedback shift registers combined by a nonlinear Boolean function. It is shown how to completely recover the different feedback polynomials and the combining function, when the algorithm is totally unknown. This attack only requires the knowledge of some ciphertexts, which may be generated from different secret keys. Estimates of necessary ciphertext length and experimental results are detailed.
-
Decimation Attack of Stream Ciphers
Progress in Cryptology —INDOCRYPT 2000, 2000Co-Authors: Eric FiliolAbstract:This paper presents a new attack called Decimation Attack of most Stream Ciphers. It exploits the property that multiple clocking (or equivalently d-th decimation) of a LFSR can simulate the behavior of many other LFSRs of possible shorter length. It yields then significant improvements of all the previous known correlation and fast correlation attacks. A new criterion on the length of the polynomial is then defined to resist to the decimation attack. Simulation results and complexity comparison are detailed for ciphertext only attacks.
-
Decimation Attack of Stream Ciphers
2000Co-Authors: Eric FiliolAbstract:his report presents a new attack called Decimation Attack of most Stream Ciphers. It exploits the property that multiple clocking (or equivalently d-th decimation) of a LFSR can simulate the behavior of many other LFSRs of possible shorter length. It yields then significant improvements of all the previous known correlation and fast correlation attacks. A new criterion on the length is then defined to resist this new attack. Simulation results and complexity comparison are detailed for ciphertext only attack.
-
Ciphertext only Reconstruction of LFSR-based Stream Ciphers
2000Co-Authors: Anne Canteaut, Eric FiliolAbstract:This report presents an operational reconstruction technique of most Stream Ciphers. We primarily expose it for systems where several linear feedback shift registers (LFSR) are combined by a nonlinear Boolean function. With only short ciphertexts, it is shown how to completely recover the different feedback polynomials and the combining function, when the algorithm is totally unknown. Estimates of necessary cipherlength and experimental results are detailed.
Alex Biryukov - One of the best experts on this subject based on the ideXlab platform.
-
block Ciphers and Stream Ciphers the state of the art
IACR Cryptol. ePrint Arch., 2004Co-Authors: Alex BiryukovAbstract:In these lecture notes we survey the state of the art in symmetric key encryption, in particular in the block Ciphers and Stream Ciphers area. The area of symmetric key encryption has been very active in the last five years due to growing interest from academic and industry research, standardization efforts like AES, NESSIE and CRYPTREC, as well as due to ease of government control over export of cryptography.
-
cryptanalytic time memory data tradeoffs for Stream Ciphers
International Conference on the Theory and Application of Cryptology and Information Security, 2000Co-Authors: Alex Biryukov, Adi ShamirAbstract:In 1980 Hellman introduced a general technique for breaking arbitrary block Ciphers with N possible keys in time T and memory M related by the tradeoff curve TM2 = N2 for 1 ≤ T ≤ N. Recently, Babbage and Golic pointed out that a different TM = N tradeoff attack for 1 ≤ T ≤ D is applicable to Stream Ciphers, where D is the amount of output data available to the attacker. In this paper we show that a combination of the two approaches has an improved time/memory/data tradeoff for Stream Ciphers of the form TM2D2 = N2 for any D2 ≤ T ≤ N. In addition, we show that Stream Ciphers with low sampling resistance have tradeoff attacks with fewer table lookups and a wider choice of parameters.
Guang Gong - One of the best experts on this subject based on the ideXlab platform.
-
time memory data trade off attack on Stream Ciphers based on maiorana mcfarland functions
IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences, 2009Co-Authors: Khoongming Khoo, Guanhan Chew, Guang GongAbstract:In this paper, we present the time-memory-data (TMD) trade-o attack on Stream Ciphers filter function generators and filter cominers based on Maiorana-McFarland functions. This can be considered as a generalization of the time-memory-data trade-o attack of Mihaljevic and Imai on Toyocrypt. First, we substitute the filter function in Toyocrypt (which has the same size as the LFSR) with a general Maiorana-McFarland function. This allows us to apply the attack to a wider class of Stream Ciphers. Second, we highlight how the choice of dierent Maiorana-McFarland functions can aect the eectiveness of our attack. Third, we show that the attack can be modified to apply on filter functions which are smaller than the LFSR and on filter-combiner Stream Ciphers. This allows us to cryptanalyze other configurations commonly found in practice. Finally, filter functions with vector output are sometimes used in Stream Ciphers to improve the throughput. Therefore the case when the Maiorana-McFarland functions have vector output is investigated. We found that the extra speed comes at the price of additional weaknesses which make the attacks easier.
-
ACNS - The rainbow attack on Stream Ciphers based on maiorana-mcfarland functions
RoboCup 2005: Robot Soccer World Cup IX, 2006Co-Authors: Khoongming Khoo, Guang GongAbstract:In this paper, we present the rainbow attack on Stream Ciphers filtered by Maiorana-McFarland functions. This can be considered as a generalization of the time-memory-data trade-off attack of Mihaljevic and Imai on Toyocrypt. First, we substitute the filter function in Toyocrypt (which has the same size as the LFSR) with a general Maiorana-McFarland function. This allows us to apply the attack to a wider class of Stream Ciphers. Moreover, our description replaces the time-memory-data trade-off attack with the rainbow attack of Oeshlin, which offers better performance and implementation advantages. Second, we highlight how the choice of different Maiorana-McFarland functions can affect the effectiveness of our attack. Third, we show that the attack can be modified to apply on filter functions which are smaller than the LFSR or on filter-combiner Stream Ciphers. This allows us to cryptanalyze other configurations commonly found in practice. Finally, filter functions with vector output are sometimes used in Stream Ciphers to improve the throughput. Therefore the case when the Maiorana-McFarland functions have vector output is investigated. We found that the extra speed comes at the price of additional weaknesses which make the attacks easier.
-
the rainbow attack on Stream Ciphers based on maiorana mcfarland functions
Lecture Notes in Computer Science, 2006Co-Authors: Khoongming Khoo, Guang GongAbstract:In this paper, we present the rainbow attack on Stream Ciphers filtered by Maiorana-McFarland functions. This can be considered as a generalization of the time-memory-data trade-off attack of Mihaljevic and Imai on Toyocrypt. First, we substitute the filter function in Toyocrypt (which has the same size as the LFSR) with a general Maiorana-McFarland function. This allows us to apply the attack to a wider class of Stream Ciphers. Moreover, our description replaces the time-memory-data trade-off attack with the rainbow attack of Oeshlin, which offers better performance and implementation advantages. Second, we highlight how the choice of different Maiorana-McFarland functions can affect the effectiveness of our attack. Third, we show that the attack can be modified to apply on filter functions which are smaller than the LFSR or on filter-combiner Stream Ciphers. This allows us to crypt-analyze other configurations commonly found in practice. Finally, filter functions with vector output are sometimes used in Stream Ciphers to improve the throughput. Therefore the case when the Maiorana-McFarland functions have vector output is investigated. We found that the extra speed comes at the price of additional weaknesses which make the attacks easier.
