发布求助
文献互助 智能选刊 最新文献

IACR Transactions on Symmetric Cryptology最新文献

筛选
英文 中文
Automating Collision Attacks on RIPEMD-160 自动对 RIPEMD-160 进行碰撞攻击
IF 3.5
IACR Transactions on Symmetric Cryptology Pub Date : 2023-12-08 DOI: 10.46586/tosc.v2023.i4.112-142
Yingxin Li, Fukang Liu, Gaoli Wang
{"title":"Automating Collision Attacks on RIPEMD-160","authors":"Yingxin Li, Fukang Liu, Gaoli Wang","doi":"10.46586/tosc.v2023.i4.112-142","DOIUrl":"https://doi.org/10.46586/tosc.v2023.i4.112-142","url":null,"abstract":"As an ISO/IEC standard, the hash function RIPEMD-160 has been used to generate the Bitcoin address with SHA-256. However, due to the complex doublebranch structure of RIPEMD-160, the best collision attack only reaches 36 out of 80 steps of RIPEMD-160, and the best semi-free-start (SFS) collision attack only reaches 40 steps. To improve the 36-step collision attack proposed at EUROCRYPT 2023, we explored the possibility of using different message differences to increase the number of attacked steps, and we finally identified one choice allowing a 40-step collision attack. To find the corresponding 40-step differential characteristic, we re-implement the MILP-based method to search for signed differential characteristics with SAT/SMT. As a result, we can find a colliding message pair for 40-step RIPEMD-160 in practical time, which significantly improves the best collision attack on RIPEMD-160. For the best SFS collision attack published at ToSC 2019, we observe that the bottleneck is the probability of the right-branch differential characteristics as they are fully uncontrolled in the message modification. To address this issue, we utilize our SAT/SMT-based tool to search for high-probability differential characteristics for the right branch. Consequently, we can mount successful SFS collision attacks on 41, 42 and 43 steps of RIPEMD-160, thus significantly improving the SFS collision attacks. In addition, we also searched for a 44-step differential characteristic, but the differential probability is too low to allow a meaningful SFS collision attack.","PeriodicalId":37077,"journal":{"name":"IACR Transactions on Symmetric Cryptology","volume":"255 5","pages":""},"PeriodicalIF":3.5,"publicationDate":"2023-12-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139011512","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Framework with Improved Heuristics to Optimize Low-Latency Implementations of Linear Layers 优化线性层低延迟实施的改进启发式框架
IF 3.5
IACR Transactions on Symmetric Cryptology Pub Date : 2023-12-08 DOI: 10.46586/tosc.v2023.i4.489-510
Haotian Shi, Xiutao Feng, S. Xu
{"title":"A Framework with Improved Heuristics to Optimize Low-Latency Implementations of Linear Layers","authors":"Haotian Shi, Xiutao Feng, S. Xu","doi":"10.46586/tosc.v2023.i4.489-510","DOIUrl":"https://doi.org/10.46586/tosc.v2023.i4.489-510","url":null,"abstract":"In recent years, lightweight cryptography has been a hot field in symmetric cryptography. One of the most crucial problems is to find low-latency implementations of linear layers. The current main heuristic search methods include the Boyar-Peralta (BP) algorithm with depth limit and the backward search. In this paper we firstly propose two improved BP algorithms with depth limit mainly by minimizing the Euclidean norm of the new distance vector instead of maximizing it in the tie-breaking process of the BP algorithm. They can significantly increase the potential for finding better results. Furthermore, we give a new framework that combines forward search with backward search to expand the search space of implementations, where the forward search is one of the two improved BP algorithms. In the new framework, we make a minor adjustment of the priority of rules in the backward search process to enable the exploration of a significantly larger search space. As results, we find better results for the most of matrices studied in previous works. For example, we find an implementation of AES MixColumns of depth 3 with 99 XOR gates, which represents a substantial reduction of 3 XOR gates compared to the existing record of 102 XOR gates.","PeriodicalId":37077,"journal":{"name":"IACR Transactions on Symmetric Cryptology","volume":"257 5","pages":""},"PeriodicalIF":3.5,"publicationDate":"2023-12-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139011389","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Improved Fast Correlation Attacks on the Sosemanuk Stream Cipher 改进索塞马努克流密码的快速相关性攻击
IF 3.5
IACR Transactions on Symmetric Cryptology Pub Date : 2023-12-08 DOI: 10.46586/tosc.v2023.i4.83-111
Bin Zhang, Ruitao Liu, Xinxin Gong, Lin Jiao
{"title":"Improved Fast Correlation Attacks on the Sosemanuk Stream Cipher","authors":"Bin Zhang, Ruitao Liu, Xinxin Gong, Lin Jiao","doi":"10.46586/tosc.v2023.i4.83-111","DOIUrl":"https://doi.org/10.46586/tosc.v2023.i4.83-111","url":null,"abstract":"In this paper, we present a new algorithm for fast correlation attacks on stream ciphers with improved cryptanalysis results on the Sosemanuk stream cipher, one of the 7 finalists in the eSTREAM project in 2008. The new algorithm exploits the direct sum construction of covering codes in decoding phase which approximates the random vectors to a nearest codeword in a linear code. The new strategy provides large flexibility for the adversary and could reduce the time/memory/data complexities significantly. As a case study, we carefully revisit Sosemanuk and demonstrate a state recovery attack with a time complexity of 2134.8, which is 220 times faster than achievable before by the same kind of attack and is the fastest one among all known attacks so far. Our result indicates an inefficiency in longer keys than 135 bits and depicts that the security margin of Sosemanuk is around 28 for the 128-bit security for the first time.","PeriodicalId":37077,"journal":{"name":"IACR Transactions on Symmetric Cryptology","volume":"256 6","pages":""},"PeriodicalIF":3.5,"publicationDate":"2023-12-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139011432","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Multimixer-128: Universal Keyed Hashing Based on Integer Multiplication Multimixer-128:基于整数乘法的通用键控哈希
IACR Transactions on Symmetric Cryptology Pub Date : 2023-09-19 DOI: 10.46586/tosc.v2023.i3.1-24
Koustabh Ghosh, Parisa Amiri Eliasi, Joan Daemen
{"title":"Multimixer-128: Universal Keyed Hashing Based on Integer Multiplication","authors":"Koustabh Ghosh, Parisa Amiri Eliasi, Joan Daemen","doi":"10.46586/tosc.v2023.i3.1-24","DOIUrl":"https://doi.org/10.46586/tosc.v2023.i3.1-24","url":null,"abstract":"In this paper we introduce a new keyed hash function based on 32-bit integer multiplication that we call Multimixer-128. In our approach, we follow the key-then-hash parallel paradigm. So, we first add a variable length input message to a secret key and split the result into blocks. A fixed length public function based on integer multiplication is then applied on each block and their results are added to form the digest. We prove an upper bound of 2−127 for the universality of Multimixer-128 by means of the differential probability and image probability of the underlying public function.There are vector instructions for fast 32-bit integer multiplication on many CPUs and in such platforms, Multimixer-128 is very efficient. We compare our implementation of Multimixer-128 with NH hash function family that offers similar levels of security and with two fastest NIST LWC candidates. To the best of our knowledge, NH hash function is the fastest keyed hash function on software and Multimixer-128 outperforms NH while providing same levels of security.","PeriodicalId":37077,"journal":{"name":"IACR Transactions on Symmetric Cryptology","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135010878","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
The QARMAv2 Family of Tweakable Block Ciphers QARMAv2系列可调分组密码
IACR Transactions on Symmetric Cryptology Pub Date : 2023-09-19 DOI: 10.46586/tosc.v2023.i3.25-73
Roberto Avanzi, Subhadeep Banik, Orr Dunkelman, Maria Eichlseder, Shibam Ghosh, Marcel Nageler, Francesco Regazzoni
{"title":"The QARMAv2 Family of Tweakable Block Ciphers","authors":"Roberto Avanzi, Subhadeep Banik, Orr Dunkelman, Maria Eichlseder, Shibam Ghosh, Marcel Nageler, Francesco Regazzoni","doi":"10.46586/tosc.v2023.i3.25-73","DOIUrl":"https://doi.org/10.46586/tosc.v2023.i3.25-73","url":null,"abstract":"We introduce the QARMAv2 family of tweakable block ciphers. It is a redesign of QARMA (from FSE 2017) to improve its security bounds and allow for longer tweaks, while keeping similar latency and area. The wider tweak input caters to both specific use cases and the design of modes of operation with higher security bounds. This is achieved through new key and tweak schedules, revised S-Box and linear layer choices, and a more comprehensive security analysis. QARMAv2 offers competitive latency and area in fully unrolled hardware implementations.Some of our results may be of independent interest. These include: new MILP models of certain classes of diffusion matrices; the comparative analysis of a full reflection cipher against an iterative half-cipher; our boomerang attack framework; and an improved approach to doubling the width of a block cipher.","PeriodicalId":37077,"journal":{"name":"IACR Transactions on Symmetric Cryptology","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135010873","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
On Boomerang Attacks on Quadratic Feistel Ciphers 二次型费斯特尔密码的回旋镖攻击
IACR Transactions on Symmetric Cryptology Pub Date : 2023-09-19 DOI: 10.46586/tosc.v2023.i3.101-145
Xavier Bonnetain, Virginie Lallemand
{"title":"On Boomerang Attacks on Quadratic Feistel Ciphers","authors":"Xavier Bonnetain, Virginie Lallemand","doi":"10.46586/tosc.v2023.i3.101-145","DOIUrl":"https://doi.org/10.46586/tosc.v2023.i3.101-145","url":null,"abstract":"The recent introduction of the Boomerang Connectivity Table (BCT) at Eurocrypt 2018 revived interest in boomerang cryptanalysis and in the need to correctly build boomerang distinguishers. Several important advances have been made on this matter, with in particular the study of the extension of the BCT theory to multiple rounds and to different types of ciphers.In this paper, we pursue these investigations by studying the specific case of quadratic Feistel ciphers, motivated by the need to look at two particularly lightweight ciphers, KATAN and Simon. Our analysis shows that their light round function leads to an extreme case, as a one-round boomerang can only have a probability of 0 or 1. We identify six papers presenting boomerang analyses of KATAN or Simon and all use the naive approach to compute the distinguisher’s probability. We are able to prove that several results are theoretically incorrect and we run experiments to check the probability of the others. Many do not have the claimed probability: it fails distinguishing in some cases, but we also identify instances where the experimental probability turns out to be better than the claimed one.To address this shortfall, we propose an SMT model taking into account the boomerang constraints. We present several experimentally-verified related-key distinguishers obtained with our new technique: on KATAN32 a 151-round boomerang and on Simon-32/64 a 17-round boomerang, a 19-round rotational-xor boomerang and a 15-round rotational-xor-differential boomerang.Furthermore, we extend our 19-round distinguisher into a 25-round rotational-xor rectangle attack on Simon-32/64. To the best of our knowledge this attack reaches one more round than previously published results.","PeriodicalId":37077,"journal":{"name":"IACR Transactions on Symmetric Cryptology","volume":"131 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135010718","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Simplified Modeling of MITM Attacks for Block Ciphers: New (Quantum) Attacks 分组密码MITM攻击的简化建模:新的(量子)攻击
IACR Transactions on Symmetric Cryptology Pub Date : 2023-09-19 DOI: 10.46586/tosc.v2023.i3.146-183
André Schrottenloher, Marc Stevens
{"title":"Simplified Modeling of MITM Attacks for Block Ciphers: New (Quantum) Attacks","authors":"André Schrottenloher, Marc Stevens","doi":"10.46586/tosc.v2023.i3.146-183","DOIUrl":"https://doi.org/10.46586/tosc.v2023.i3.146-183","url":null,"abstract":"The meet-in-the-middle (MITM) technique has led to many key-recovery attacks on block ciphers and preimage attacks on hash functions. Nowadays, cryptographers use automatic tools that reduce the search of MITM attacks to an optimization problem. Bao et al. (EUROCRYPT 2021) introduced a low-level modeling based on Mixed Integer Linear Programming (MILP) for MITM attacks on hash functions, which was extended to key-recovery attacks by Dong et al. (CRYPTO 2021). However, the modeling only covers AES-like designs. Schrottenloher and Stevens (CRYPTO 2022) proposed a different approach aiming at higher-level simplified models. However, this modeling was limited to cryptographic permutations.In this paper, we extend the latter simplified modeling to also cover block ciphers with simple key schedules. The resulting modeling enables us to target a large array of primitives, typically lightweight SPN ciphers where the key schedule has a slow diffusion, or none at all. We give several applications such as full breaks of the PIPO-256 and FUTURE block ciphers, and reduced-round classical and quantum attacks on SATURNIN-Hash.","PeriodicalId":37077,"journal":{"name":"IACR Transactions on Symmetric Cryptology","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135011574","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A Cipher-Agnostic Neural Training Pipeline with Automated Finding of Good Input Differences 一种自动寻找良好输入差值的密码不可知神经训练管道
IACR Transactions on Symmetric Cryptology Pub Date : 2023-09-19 DOI: 10.46586/tosc.v2023.i3.184-212
Emanuele Bellini, David Gerault, Anna Hambitzer, Matteo Rossi
{"title":"A Cipher-Agnostic Neural Training Pipeline with Automated Finding of Good Input Differences","authors":"Emanuele Bellini, David Gerault, Anna Hambitzer, Matteo Rossi","doi":"10.46586/tosc.v2023.i3.184-212","DOIUrl":"https://doi.org/10.46586/tosc.v2023.i3.184-212","url":null,"abstract":"Neural cryptanalysis is the study of cryptographic primitives through machine learning techniques. Following Gohr’s seminal paper at CRYPTO 2019, a focus has been placed on improving the accuracy of such distinguishers against specific primitives, using dedicated training schemes, in order to obtain better key recovery attacks based on machine learning. These distinguishers are highly specialized and not trivially applicable to other primitives. In this paper, we focus on the opposite problem: building a generic pipeline for neural cryptanalysis. Our tool is composed of two parts. The first part is an evolutionary algorithm for the search of good input differences for neural distinguishers. The second part is DBitNet, a neural distinguisher architecture agnostic to the structure of the cipher. We show that this fully automated pipeline is competitive with a highly specialized approach, in particular for SPECK32, and SIMON32. We provide new neural distinguishers for several primitives (XTEA, LEA, HIGHT, SIMON128, SPECK128) and improve over the state-of-the-art for PRESENT, KATAN, TEA and GIMLI.","PeriodicalId":37077,"journal":{"name":"IACR Transactions on Symmetric Cryptology","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135010872","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Automatic Preimage Attack Framework on Ascon Using a Linearize-and-Guess Approach 基于线性化和猜测方法的Ascon自动预像攻击框架
IACR Transactions on Symmetric Cryptology Pub Date : 2023-09-19 DOI: 10.46586/tosc.v2023.i3.74-100
Huina Li, Le He, Shiyao Chen, Jian Guo, Weidong Qiu
{"title":"Automatic Preimage Attack Framework on Ascon Using a Linearize-and-Guess Approach","authors":"Huina Li, Le He, Shiyao Chen, Jian Guo, Weidong Qiu","doi":"10.46586/tosc.v2023.i3.74-100","DOIUrl":"https://doi.org/10.46586/tosc.v2023.i3.74-100","url":null,"abstract":"Ascon is the final winner of the lightweight cryptography standardization competition (2018 − 2023). In this paper, we focus on preimage attacks against round-reduced Ascon. The preimage attack framework, utilizing the linear structure with the allocating model, was initially proposed by Guo et al. at ASIACRYPT 2016 and subsequently improved by Li et al. at EUROCRYPT 2019, demonstrating high effectiveness in breaking the preimage resistance of Keccak. In this paper, we extend this preimage attack framework to Ascon from two aspects. Firstly, we propose a linearize-and-guess approach by analyzing the algebraic properties of the Ascon permutation. As a result, the complexity of finding a preimage for 2-round Ascon-Xof with a 64-bit hash value can be significantly reduced from 239 guesses to 227.56 guesses. To support the effectiveness of our approach, we find an actual preimage of all ‘0’ hash in practical time. Secondly, we develop a SAT-based automatic preimage attack framework using the linearize-and-guess approach, which is efficient to search for the optimal structures exhaustively. Consequently, we present the best theoretical preimage attacks on 3-round and 4-round Ascon-Xof so far.","PeriodicalId":37077,"journal":{"name":"IACR Transactions on Symmetric Cryptology","volume":"131 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135010714","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Classification of All t-Resilient Boolean Functions with t + 4 Variables 所有t + 4变量t弹性布尔函数的分类
IACR Transactions on Symmetric Cryptology Pub Date : 2023-09-19 DOI: 10.46586/tosc.v2023.i3.213-226
Shahram Rasoolzadeh
{"title":"Classification of All t-Resilient Boolean Functions with t + 4 Variables","authors":"Shahram Rasoolzadeh","doi":"10.46586/tosc.v2023.i3.213-226","DOIUrl":"https://doi.org/10.46586/tosc.v2023.i3.213-226","url":null,"abstract":"We apply Siegenthaler’s construction, along with several techniques, to classify all (n−4)-resilient Boolean functions with n variables, for all values of n ≥ 4, up to the extended variable-permutation equivalence. We show that, up to this equivalence, there are only 761 functions for any n larger than or equal to 10, and for smaller values of n, i.e., for n increasing from 4 to 9, there are 58, 256, 578, 720, 754, and 760 functions, respectively. Furthermore, we classify all 1-resilient 6-variable Boolean functions and show that there are 1 035 596 784 such functions up to the extended variable-permutation equivalence.","PeriodicalId":37077,"journal":{"name":"IACR Transactions on Symmetric Cryptology","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135010874","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信