118 research outputs found
Optimization of Advanced Encryption Standard on Graphics Processing Units
Graphics processing units (GPUs) are specially designed for parallel applications and perform parallel operations much faster than central processing units (CPUs). In this work, we focus on the performance of the Advanced Encryption Standard (AES) on GPUs. We present optimizations which remove bank conflicts in shared memory accesses and provide 878.6 Gbps throughput for AES-128 encryption on an RTX 2070 Super, which is equivalent to 4.1 Gbps per Watt. Our optimizations provide more than 2.56x speed-up against the best GPU results in the literature. Our optimized AES implementations on GPUs even outperform any CPU using the hardware level AES New Instructions (AES-NI) and legacy FPGA-based cluster architectures like COPACOBANA and RIVYERA. Even on a low-end GPU like MX 250, we obtained 60.0 Gbps throughput for AES-256 which is generally faster than the read/write speeds of solid disks. Thus, transition from AES-128 to AES-256 when using GPUs would provide military grade security with no visible performance loss. With these breakthrough performances, GPUs can be used as a cryptographic co-processor for file or full disk encryption to remove performance loss coming from CPU encryption. With a single GPU as a co-processor, busy SSL servers can be free from the burden of encryption and use their whole CPU power for other operations. Moreover, these optimizations can help GPUs to practically verify theoretically obtained cryptanalysis results or their reduced versions in reasonable time
Analysis of Ascon, DryGASCON, and Shamash Permutations
Ascon, DryGASCON, and Shamash are submissions to NIST\u27s lightweight cryptography standardization process and have similar designs. We analyze these algorithms against subspace trails, truncated differentials, and differential-linear distinguishers. We provide probability one 4-round subspace trails for DryGASCON-256, 3-round subspace trails for \DryGASCON-128, and 2-round subspace trails for \Shamash permutations. Moreover, we provide the first 3.5-round truncated differential and 5-round differential-linear distinguisher for DryGASCON-128. Finally, we improve the data and time complexity of the 4 and 5-round differential-linear attacks on Ascon
Truncated, Impossible, and Improbable Differential Analysis of ASCON
Ascon is an authenticated encryption algorithm which is recently qualified for the second-round of the Competition for Authenticated Encryption: Security, Applicability, and Robustness. So far, successful differential, differential-linear, and cube-like attacks on the reduced-round Ascon are provided. In this work, we provide the inverse of Ascon's linear layer in terms of rotations which can be used for constructing impossible differentials. We show that Ascon's S-box contains 35 undisturbed bits and we use them to construct 4 and 5-round truncated, impossible, and improbable differential distinguishers. Our results include practical 4-round truncated, impossible, and improbable differential attacks on Ascon. Our best attacks using these techniques break 5 out of 12 rounds. These are the first successful truncated, impossible, and improbable differential attacks on the reduced-round Ascon
Brute Force Cryptanalysis of MIFARE Classic Cards on GPU
MIFARE Classic is the most widely deployed contactless smartcard on the market. However, many active and passive attacks are provided after its proprietary stream cipher CRYPTO1 was reverse engineered. The short 48-bit key of the CRYPTO1 cipher, leaked parity bits and the encrypted error code that is sent after a failed authentication (which is corrected in the hardened new cards) allow the adversary to perform offline brute force attack and avoid detection. Such an attack requires wireless interaction with a card for less than a second and then a brute force attack which was shown to take around 9 days on a single GTX280 GPU. We optimized this brute force attack on modern GPUs by using bitsliced implementation technique and observed that a brute force attack on a GTX970 GPU can be performed in less than 5 hours. Although this attack is not applicable to hardened MIFARE Classic cards, a similar attack using the short key length and the leaked parity bits can be performed when a single key is known, possibly using the default keys for unused sectors. Such an attack requires wireless interaction with a card for less than a second and then a brute force attack which was shown to take approximately one month on a single GTX460 GPU. Our bitsliced implementation of this attack takes less than 7 hours on a GTX970 GPU
The Improbable Differential Attack: Cryptanalysis of Reduced Round CLEFIA
In this paper we present a new statistical cryptanalytic technique that we call improbable differential cryptanalysis which uses a differential that is less probable when the correct key is used. We provide data complexity estimates for this kind of attacks and we also show a method to expand impossible differentials to improbable differentials. By using this expansion method, we cryptanalyze 13, 14, and 15-round CLEFIA for the key sizes of length 128, 192, and 256 bits, respectively. These are the best cryptanalytic results on CLEFIA up to this date.I
Differential Factors Revisited: Corrected Attacks on PRESENT and SERPENT
Differential factors, which prevent the attacker to distinguish some of the guessed keys corresponding to an active S-box during a differential attack on a block cipher, are recently introduced at Lightsec 2014 and used to reduce the time complexities of the previous differential-linear attacks on Serpent. Key recovery attacks generally consists of two parts: Key guess using the distinguisher and exhaustive search on the remaining key bits. Thus, we show that differential factors can reduce the time complexity of the former and increase the latter since the attacker does not need to guess the keys which cannot be distinguished. As an example for the latter, we show that the best known differential attack on Present overlooked its six differential factors and the corrected attack actually requires a time complexity increased by a factor of 64. Moreover, we show that differential factors also reduce data complexity of the differential attacks since less number of pairs are required to distinguish the correct key when the key space is reduced. This reduction in data complexity also reduces the time complexity. By using Serpent's differential factors, we further reduce the data and time complexity of the differential-linear attacks on this cipher to obtain the best attacks
Relating Undisturbed Bits to Other Properties of Substitution Boxes?
Abstract. Recently it was observed that for a particular nonzero in-put difference to an S-Box, some bits in all the corresponding output differences may remain invariant. These specific invariant bits are called undisturbed bits. Undisturbed bits can also be seen as truncated differ-entials with probability 1 for an S-Box. The existence of undisturbed bits was found in the S-Box of Present and its inverse. A 13-round improbable differential attack on Present was provided by Tezcan and without using the undisturbed bits in the S-Box an attack of this type can only reach 7 rounds. Although the observation and the cryptanalytic application of undisturbed bits are given, their relation with other prop-erties of an S-Box remain unknown. This paper presents some results on mathematical properties of S-Boxes having undisturbed bits. We show that an S-Box has undisturbed bits if any of its coordinate functions has a nontrivial linear structure. The relation of undisturbed bits with other cryptanalytic tools such as difference distribution table (DDT) and linear approximation table (LAT) are also given. We show that autocorrelation table is proven to be a more useful tool, compared to DDT, to obtain all nonzero input differences that yield undisturbed bits. Autocorrelation table can then be viewed as a counterpart of DDT for truncated differ-ential cryptanalysis. Given an n×m balanced S-Box, we state that the S-Box has undisturbed bits whenever the degree of any of its coordinate function is quadratic
Spook algoritmasının imkansız ve olası olmayan diferansiyel kriptanalizi
In recent years, the number of IoT devices increased considerably and the security of IoT devices became an important issue. Furthermore, most IoT devices have constrained resources in terms of memory, area and power. Therefore, cryptographic algorithms that provide their security should be suitable for the implementation on the constrained devices.
In 2013, NIST initiated a lightweight cryptography project to define the standards of lightweight cryptography. In 2018, the lightweight cryptography project turned into a competition-like process to choose the most convenient algorithms for constrained devices as a NIST standard. 57 algorithms were applied to the project. NIST published all algorithms for public evaluation and encouraged third-party analyses to reveal the weaknesses of algorithms. 32 algorithms were chosen as round 2 candidates.
In this thesis, we have investigated the Spook algorithm, which is one of the round 2 candidates of the NIST’s lightweight cryptography competition. Spook is an AEAD algorithm that uses duplex sponge construction and tweakable block cipher. Besides, Spook has an internal permutation which is Shadow-512. We have worked on Shadow-512 permutation to find a distinguisher. Shadow-512 permutation was designed as 6-Step. The outputs of Shadow-512 permutation should seem random after the 6-Step operation. However, we have found two different 6-Step impossible differential distinguishers that cover full Shadow-512. Besides, we have found 7-Step impossible distinguisher and 8-Step improbable distinguisher by adding one or more additional steps to Shadow-512. The 8-Step improbable differential covers the largest number of steps of Shadow-512 compared to previously found distinguishers in other published papers. To conclude, we can distinguish 6-, 7-, 8-Step of Shadow-512 from a random permutation by using our distinguishers.Son yıllarda, IoT cihazlarının sayısı oldukça arttı ve IoT cihazlarının güvenliği önemli bir konu haline geldi. Ayrıca, çoğu IoT cihazı, bellek, alan ve güç açısından kısıtlı kaynaklara sahiptir. Bu yüzden, güvenliklerini sağlayan kriptografik algoritmalar kısıtlı cihazlarda uygulanmaya elverişli olmalıdır.
2013 yılında NIST, hafif kriptografi standartlarını tanımlamak için bir hafif kriptografi projesi başlattı. 2018 yılında, hafif kriptografi projesi, kısıtlı cihazlar için en uygun algoritmaları NIST standardı olarak seçmek için yarışma benzeri bir sürece dönüştü. Projeye 57 algoritma başvurdu. NIST tüm algoritmaları herkesin değerlendirmesi için yayınladı ve algoritmaların zayıflıklarının ortaya çıkması için üçüncü taraf analizlerini teşvik etti. 32 algoritma 2. tur adayları olarak seçildi.
Bu tezde, NIST’in hafif kriptografi yarışmasının 2. tur adaylarından biri olan Spook algoritmasını inceledik. Spook, dubleks sünger yapısı ve ayarlanabilir blok şifre kullanan bir kimlik doğrulamalı şifreleme algoritmasıdır. Ayrıca, Spook’un Shadow-512 olan dahili bir permütasyonu vardır. Bir ayırt edici bulmak için Shadow-512 permütasyonu üzerinde çalıştık. Shadow-512 permütasyonu 6-Basamak olarak tasarlanmıştır. Shadow-512 permütasyonunun çıktıları 6-Basamak işlemden sonra rastgele olarak görünmelidir. Yine de, tam Shadow-512’yi kapsayan iki farklı 6-Basamak imkansız diferansiyel ayırt edici bulduk. Ayrıca, Shadow-512’ye bir ya da iki basamak ekleyerek 7-Basamak imkansız ayırt edici ve 8-Basamak olası olmayan ayırt edici bulduk. 8-Basamak olası olmayan diferansiyel ayırt edici, diğer yayınlanmış makalelerdeki daha önceden bulunmuş ayırt edicilerle karşılaştırıldığında Shadow-512’nin en fazla basamağını kapsar. Sonuç olarak, ayırt edicilerimizi kullanarak 6-,7-,8-Basamak Shadow-512’yi rastgele permütasyondan ayırt edebiliriz.M.S. - Master of Scienc
Security Assessment of the Smartcard Systems at Middle East Technical University
Smartcards are portable devices that can communicate wirelessly and contain microchips capable of transferring, processing or storing data. They serve practical and reliable solutions for everyday problems such as identification, access control, and payment. Therefore, security of these systems is cardinally important. Smartcard systems serve a critical role in the Middle East Technical University by enabling access control to restricted areas, on-campus payments and managing identification for student and personnel. Given the importance of data and the usage of the system’s role in daily operations, in the scope of this project at hand, we are conducting a security assessment of the current smartcard system at Middle East Technical University. In this assessment, we aim to identify vulnerabilities, weaknesses, and potential threats with their consequences by applying passive attack techniques on smartcards.M.S. - Master Of Science Without Thesi
- …
