Block Cipher

The purpose of this paper is to show that there exist DESlike iterated ciphers, which are provably resistant against di erential attacks. The main result on the security of a DES-like cipher with independent round keys is Theorem 1, which gives an upper bound to the probability o f s-round di erentials, as de ned in 4 and this upper bound depends only on the round function of the iterated cipher. Moreover, it is shown that there exist functions such that the probabilities of differentials are less than or equal to 2 3,n , where n is the length of the plaintext block. We also show a prototype of an iterated block cipher, which is compatible with DES and has proven security against di erential attacks.

This study introduces a method for generating a particular permutation P of a given size N out of N! permutations from a given key. This method computes a unique permutation for a specific size since it takes the same key; therefore, the same permutation can be computed each time the same key and size are applied. The name of random permutation comes from the fact that the probability of getting this permutation is 1 out of N! possible permutations. Beside that, the permutation can not be guessed because of its generating method that is depending completely on a given key and size.

Fault-based side channel cryptanalysis is very effective against symmetric and asymmetric encryption algorithms. Although straightforward hardware and time redundancy based Concurrent Error Detection (CED) architectures can be used to thwart such attacks, they entail significant overhead (either area or performance). In this paper we investigate systematic approaches to low-cost, low-latency CED for Rijndael symmetric encryption algorithm. These approaches exploit the inverse relationship that exists between Rijndael encryption and decryption at various levels and develop CED architectures that explore the trade-off between area overhead, performance penalty and error detection latency. The proposed techniques have been validated on FPGA implementations.

The recently introduced Galois/Counter Mode (GCM) of op- eration for block ciphers provides both encryption and message authenti- cation, using universal hashing based on multiplication in a binary finite field. We analyze its security and performance, and show that it is the most ecient mode of operation for high speed packet networks, by using a realistic model of a network

In this paper we introduce a new method of attacks on block ciphers, the interpolation attack. This new method is useful for attacking ciphers using simple algebraic functions (in particular quadratic functions) as S-boxes. Also, ciphers of low non-linear order are vulnerable to attacks based on higher order differentials. Recently, Knudsen and Nyberg presented a 6-round prototype cipher which is provably secure against ordinary differential cryptanalysis. We show how to attack the cipher by using higher order differentials and a variant of the cipher by the interpolation attack. It is possible to successfully cryptanalyse up to 32 rounds of the variant using about 232 chosen plaintexts with a running time less than 264 . Using higher order differentials, a new design concept for block ciphers by Kiefer is also shown to be insecure. Rijmen et al presented a design strategy for block ciphers and the cipher SHARK. We show that there exist ciphers constructed according to this design strategy which can be broken faster than claimed. In particular, we cryptanalyse 5 rounds of a variant of SHARK, which deviates only slightly from the proposed SHARK.

Simeck, a lightweight block cipher has been proposed to be one of the encryption that can be employed in the Internet of Things (IoT) applications. Therefore, this paper presents the security of the Simeck32/64 block cipher against side-channel cube attack. We exhibit our attack against Simeck32/64 using the Hamming weight leakage assumption to extract linearly independent equations in key bits. We have been able to find 32 linearly independent equations in 32 key variables by only considering the second bit from the LSB of the Hamming weight leakage of the internal state on the fourth round of the cipher. This enables our attack to improve previous attacks on Simeck32/64 within side-channel attack model with better time and data complexity of 2 35 and 2 11.29 respectively.

In the recent years, Internet multimedia applications have become very popular. Valuable multimedia content such as digital images, however, is vulnerable to unauthorized access while in storage and during transmission over a network. Streaming digital images also require high network bandwidth for transmission. For effective image transmission over Internet; therefore, both security and bandwidth issues must be considered. In this paper, we present a novel scheme, which combines Discrete Wavelet Transform (DWT) for image compression and block cipher Data Encryption Standard (DES) for image encryption. The simulation results indicate thaf our proposed method enhances the security for image transmission over the Internet as well as improves the transmission rate.

Internet and networks applications are growing very fast, so the needs to protect such applications are increased. Encryption algorithms play a main role in information security systems. On the other side, those algorithms consume a significant amount of computing resources such as CPU time, memory, and battery power. This paper provides evaluation of six of the most common encryption algorithms namely: AES (Rijndael), DES, 3DES, RC2, Blowfish, and RC6. A comparison has been conducted for those encryption algorithms at different settings for each algorithm such as different sizes of data blocks, different data types ,battery power consumption, different key size and finally encryption/decryption speed. Simulation results are given to demonstrate the effectiveness of each algorithm. .

We live in the era of information explosion and have witnessed the trend of leveraging cloud-based services for large scale content storage, processing, and distribution. Data security and privacy are among top concerns for any business environments. As more and more security breaches happening all over the world in different forms as a threat to the information industry, the end user should have the protection and privilege of secured access. Chaos possesses many interesting properties, such as deterministic but random like complex behavior, high sensitivity to initial conditions and system parameters and long term unpredictability. This paper introduces a cellular automata based chaotic encryption scheme and the results are comparable with well-known AES block cipher algorithm.

Encryption algorithms provide the securely transmitted data over insecure communication channels. In this paper a different stream cipher scheme is presented which is very simple in hardware implementation and provides relatively high level of security. Geffe generator is used for the generation of a complex key in a unique way. In this modified scheme, keystream is dependent not only on the inputs of the Geffe generator but also on the Gold Codes generated with the help of outputs of pseudo noise (PN) sequences of the two inputs of Geffe generator. Further complexity of the key is increased by introducing automatic shift of the contents of one LFSR to generate a new Gold code. Keywords— ―Geffe generator‖, ―Gold Code (GC)‖, ―Maximal Sequence (m-sequence)‖, ―Linear Feedback Shift Register (LFSR)‖, ―Pseudorandom number generator (PRNG)‖.

We propose an hardware solution to several security problems that are difficult to solve on classical processor architectures, like licensing, electronic commerce, or software privacy. The memory management unit which provides multitasking and virtual memory support is extended and given a third purpose: to supply strong hardware security support for the software layer. The principle of this enhanced device, that we call a Security Management Unit (or SMU), is based on ciphered program execution and access control. It is composed of a pipelined block ciphering/deciphering unit, an internal permanent memory and logic control, whose interaction is explained in this paper.

The Long Term Evolution of UMTS is one of the latest steps in an advancing series of mobile telecommunications systems. Many articles have already been published on the LTE subject but these publications have viewed the subject from particular perspectives. In the present paper, a different approach has been taken. We are interested in the security features and the cryptographic

Impossible Differential Cryptanalysis(IDC) [4] uses impossible differential characteristics to retrieve a subkey material for the first or the last several rounds of block ciphers. Thus, the security of a block cipher against IDC can be evaluated by impossible differential characteristics. In this paper, we study impossible differential characteristics of block cipher structures whose round functions are bijective. We introduce a widely applicable method to find various impossible differential characteristics of block cipher structures. Using this method, we find various impossible differential characteristics of known block cipher structures: Nyberg’s generalized Feistel network, a generalized CAST256-like structure [14], a generalized MARS-like structure [14], a generalized RC6-like structure [14], and Rijndael structure.

This paper considers a cryptanalytic approach called integral cryptanalysis. It can be seen as a dual to differential cryptanalysis and applies to ciphers not vulnerable to differential attacks. The method is particularly applicable to block ciphers which use bijective components only.

. As a consequence, there is a growing interest in efficient implementations of the AES. For many applications, these implementations need to be resistant against side channel attacks, that is, it should not be too easy to extract secret information from physical measurements on the device. This article presents the first results on the feasibility of power analysis attack against an AES hardware implementation. Our attack is targeted against an ASIC implementation of the AES developed by the ETH Zurich. We show how to build a reliable measurement setup and how to improve the correlation coefficients, i.e., the signal to noise ratio for our measurements. Our approach is also the first step to link a behavior HDL simulator generated simulated power measurements to real power measurements.

This paper proposes and examines a different encryption algorithm for Cipher Block Chaining mode (CBC) which is designed for improving the security of a cryptographic algorithm and more resisting cryptanalysis. The size of both block and key are chosen depending upon the size of the image. The fixed key size will lead to some fuzzy attack, Hence the number of bits in key size is decided by the size of the plaintext image. The encryption operation is mainly done by flipping. The amount of flipping depends on the size of the image. The image is divided into four parts, and each part undergone different flipping. This approach makes the implementation cost less than the current Data Encryption Standard (DES) and Advanced Encryption Standard (AES). The security analysis process also proves that the proposed algorithm can resist the statistical and differential attacks.

With the fast evolution of the networks technology, the security becomes an important research axis. Many types of communication require the transmission of digital images. This transmission must be safe especially in applications that require a fairly high level of security such as military applications, spying, radars, and biometrics applications. Mechanisms for authentication, confidentiality, and integrity must be implemented within their community. For this reason, several cryptographic algorithms have been developed to ensure the safety and reliability of this transmission. In this paper, we investigate the encryption efficiency of RC5 and RC6 block cipher applied to digital images by including a statistical and differential analysis then, and also we investigate those two block ciphers against errors in ambient noise. The security analysis shows that RC6 algorithm is more secure than RC5. However, using RC6 to encrypt images in rough environment (low signal to noise ratio) leads to more errors (almost double of RC5) and may increase energy consumption by retransmitting erroneous packets. A compromise security/energy must be taken into account for the good choice of encryption algorithm.

Symmetric block ciphers are usually used in WSN for security services. This paper puts forward the idea of using advanced modes of operation of symmetric block ciphers to achieve confidentiality and authentication in one cryptographic operation. The modes of operation approved by NIST that is CMAC, CCM, GCM/GMAC are applied here. The benchmarks of these approaches in the terms of efficiency of nodes in WSN are presented.

Abstract—Growing in cyber attacks has driven a growth in demand for network security. Cryptology is the science of secret communication systems including cryptography and cryptanalysis. Different heuristic and meta heuristic algorithms has been used for ...

Block cipher is one of symmetric ciphers. Symmetric ciphers entail a function that converts a text into a ciphered
one and an inverse function that decodes the ciphered text. The original text is called the plaintext composed of
bits, denoted P. To convert the plaintext into the desired cipher text (C), block cipher utilizes a set of codebooks,
with every secret key (K) representing a codebook. The collective group of codebooks is called the encryption
function (E). Combined with the secret key, the encryption function converts the plaintext into a cipher text. As
such, the algorithm of such block cipher turns out to be: C=Ek(P).
Block cipher encrypts fixed length of bits (e.g. 64 bits), as oppose to a bit-by-bit cipher, which is a rather inefficient
way of encryption. At the surface, finding an inverse function that decrypts the block cipher seems not too
formidable. To create a more complex procedure, an iteration procedure can be undergone. Iteration uses the
round function multiple times, and the sheer repetition of the process creates a cipher text even more difficult to
decode. As for the round function, it takes an n-bit block to an n-bit block. The number of iteration r, block size n,
and key size s are the parameters of the function. The binary length of the key is usually amplified to match the
required bits of the plaintext. The amplified secret key is then separated into multiple sub-keys for more secrecy.
Each round of iteration employs a sub-key ki for 1?i?r obtained from the original key k. Sub-keys must be
invertible; if it is impossible to retrieve its inverse, the cipher text cannot be decrypted.

This paper is about encryption and decryption of images using a secret-key block cipher called 64-bits Blowfish which is an evolutionary improvement over DES, 3DES, etc designed to increase security and to improve performance. This algorithm will be used as a variable key size up to 448 bits. It employs Feistel network which iterates simple function 16 times. Specifically, in this algorithm, a combination of four S-boxes lookups, multiplications as well as fixed and data dependent rotations will be used. In this paper we would be obtaining our results by simulating the image processing part in MATLAB & encryption and decryption part in VHDL for better security.

We proposed a novel non-conventional full encryption approach designed to accommodate fast performance and security with low computational complexity for real-time video communications. The proposed cipher employs the confusion and diffusion component simultaneously through the shuffler operator S and confusion component through the randomized substitution R in a binary tree. A pseudo random integer sequence π generates the round keys and also used to define the non-linear confusion and diffusion components. The advantages of these components are 1) they do not require storage space, when compared to generation and storage of S-boxes in other systems. 2) they are faster. We analyzed our approach in terms of efficiency and security from a cryptographic view point. We analyzed performance by comparing with the symmetric algorithms AES and RC6. Experimental results showed that the proposed algorithm works faster in terms of encryption time and frame rate and thus suitable for rendering the data in real-time by the receiver's playback. Histogram analysis, correlation analysis and differential cryptanalysis proved the efficiency of the cipher.

The cryptographic literature is replete with algorithms for encryption and decryption which use a deck of cards as its source of randomness to generate a keystream. Two of the most well-known field ciphers of this type are Pontifex, a.k.a. Solitaire [3], and Chaocipher [4]. The following paper describes in full detail a field cipher which, to the best of the author's knowledge, is not currently used anywhere else. In contrast to the Pontifex and Chaocipher algorithms, which are primarily stream ciphers that operate on each bit or plaintext character, ISHTAR combines aspects of stream ciphers and block ciphers to achieve a high degree of confusion and diffusion. Furthermore, whereas Pontifex and Chaocipher require a great deal of practice to correctly encipher and decipher messages with no mistakes, two communicators can encipher and decipher messages with ISHTAR quickly without fear of mistakes, since the mental arithmetic involved is comparatively simple without sacrificing security. The author provides several examples of encryption and decryption with this algorithm, ventures an estimate of the entropy of the keyspace to justify confidence in the security of this algorithm, offers a few words of advice for effective use of this cipher with a deck of cards in the real world, and extends a challenge to the cryptographic community at large to identify specific weaknesses in the encryption algorithm that would contradict said confidence.

This report presents a brief survey on secret key and public key cryptography algorithms. These include: block ciphers, stream ci- phers, RSA, ElGamal and Elliptic Curve Cryptosystems (ECC). Since ECC achieved security levels comparable to those of traditional public key cryptosystems using smaller keys (160 bits), this work focus more on ECC. Finally, this work also presents a survey on

This paper describes the MESH block ciphers, whose designs are based on the same group operations as the IDEA cipher, but with a number of novel features: flexible block sizes in steps of 32 bits (the block size of IDEA is fixed at 64 bits); larger MA-boxes; distinct key-mixing layers for odd and even rounds; and new key schedule algorithms that achieve fast avalanche and avoid the weak keys of IDEA. The software performance of MESH ciphers are estimated to be better or comparable to that of triple-DES. A number of attacks, such as truncated and impossible differentials, linear and Demirci's attack, shows that more resources are required on the MESH ciphers than for IDEA, and indicates that both ciphers seem to have a large margin of security.

We propose a new block cipher as a candidate for the Advanced Encryption Standard. Its design is highly conservative, yet still allows a very efficient implementation. It uses the well-understood DES S-boxes in a new structure that simultaneously allows a more rapid avalanche, a more efficient bitslice implementation, and an easy analysis that enables us to demonstrate its security against all known types of attack. With a 128-bit block size and a 256-bit key, it is almost as fast as DES on a wide range of platforms, yet conjectured to be at least as secure as three-key triple-DES.

This paper presents a variety of plaintext-recovering attacks against SSH. We implemented a proof of concept of our attacks against OpenSSH, where we can verifiably recover 14 bits of plaintext from an arbitrary block of ciphertext with probability 2 −14 and 32 bits of plaintext from an arbitrary block of ciphertext with probability 2 −18 . These attacks assume the default configuration of a 128-bit block cipher operating in CBC mode. The paper explains why a combination of flaws in the basic design of SSH leads implementations such as OpenSSH to be open to our attacks, why current provable security results for SSH do not cover our attacks, and how the attacks can be prevented in practice.

This paper presents a 64-bit lightweight block cipher, µ2 with a key size of 80-bit. µ2 is designed based on well-established design paradigms, achieving comparable performance and security when compared against existing state-of-the-art lightweight block ciphers. µ2 is based on the Type-II generalized Feistel structure with a round function, F that is a 16-bit ultra-lightweight block cipher based on the substitution-permutation network. Security evaluation indicates that µ2 offers a large security margin against known attacks such as differential cryptanalysis, linear cryptanalysis, algebraic attack and others.

This paper proposes a new, large diffusion layer for the AES block cipher. This new layer replaces the ShiftRows and MixColumns operations by a new involutory matrix in every round. The objective is to provide complete diffusion in a single round, thus sharply improving the overall cipher security. Moreover, the new matrix elements have low Hamming-weight in order to provide equally good performance for both the encryption and decryption operations. We use the Cauchy matrix construction instead of circulant matrices such as in the AES. The reason is that circulant matrices cannot be simultaneously MDS and involutory.

In the recent years, Internet multimedia applications have become very popular. Valuable multimedia content such as digital images, however, is vulnerable to unauthorized access while in storage and during transmission over a network. Streaming digital images also require high network bandwidth for transmission. For effective image transmission over Internet; therefore, both security and bandwidth issues must be considered. In this paper, we present a novel scheme, which combines Discrete Wavelet Transform (DWT) for image compression and block cipher Data Encryption Standard (DES) for image encryption. The simulation results indicate thaf our proposed method enhances the security for image transmission over the Internet as well as improves the transmission rate.

This paper evaluates the security of wireless communication network based on the fuzzy logic in Mat lab. A new algorithm is proposed and evaluated which is the hybrid algorithm. We highlight the valuable assets in designing of wireless network communication system based on network simulator (NS2), which is crucial to protect security of the systems. Block cipher algorithms are evaluated by using fuzzy logics and a hybrid algorithm is proposed. Both algorithms are evaluated in term of the security level. Logic (AND) is used in the rules of modelling and Mamdani Style is used for the evaluations

We introduce the concept of "green cryptography," which adopts the principle of recycling cryptographic design strategies, components, and primitives; in this essay, we'll focus on the AES, and it's underlying block cipher, Rijndael. Cryptographic implementation is met with a mature and minimalist, "do a lot with a little" design paradigm -mature in that it recycles the rigorously cryptanalyzed AES, and its underlying block cipher, Rijndael, and minimalist in that it recycles the AES for both encryption and authentication, via generic composition, where we encrypt then authenticate, separately (e.g., AES-CTR-then-AES-CMAC), or via an integrity-aware confidentiality mode of operation based on generic composition, where encryption then authentication is handled in a single mode (e.g., EAX). The end result is an implementation-centric framework for achieving the strongest notions of confidentiality and integrity, while retaining simplicity within the implementation. In short, recycling-based green cryptography is aimed at sustainable security within scalable implementations. We take a concise look -with an emphasis on symmetric cryptography -at some of the issues that are responsible for why cryptography usually ends up looking bad, in practice, and fails to establish the right threat model, let alone realize it; this is largely due to a lack of cryptographic competence, and the dreaded habit of crammed-in-and-cobbled-together design. To address these issues, we, with the assistance, and comedic relief, of Alice and Bob, give several rules of thumb for sufficient and simplistic cryptographic implementations. Be prepared for a bowl of acronymous porridge, but don't worry; we'll make sure it's as easy to swallow as possible, and it might even up your Scrabble game. So, to the pulpit we go, ready to preach a sermon so desperately in need of being heard, and to which heed should be taken.

A Boolean permutation is called nonlinear if it has at least one nonlinear component function. All nonlinear Boolean permutations and their complements are called non-affine Boolean permutations. Any non-affine Boolean permutation is a potential candidate for bijective S-Box of block ciphers. In this paper, we find the number of n-variable non-affine Boolean permutations up to multiplicative n and show a simple method of construction of non-affine Boolean permutations. However, non-affinity property is not sufficient for S-Boxes. Nonlinearity is one of the basic properties of an S-Box. The nonlinearity of Boolean permutation is a distance between set of all non-constant linear combinations of component functions and set of all non-affine Boolean functions. The cryptographically strong S-Boxes have high nonlinearity. In this paper, we show a method of construction of 8-variable highly nonlinear Boolean permutations. Our construction is based on analytically design (8, 1), (8, 2), and (8, 3) highly nonlinear vectorial balanced functions and random permutation for other component functions.

Since being officially selected as the new Advanced Encryption Standard (AES), Rijndael has continued to receive great attention and has had its security continuously evaluated by the cryptographic community. Rijndael is a cipher with a simple, elegant and highly algebraic structure. Its selection as the AES has led to a growing interest in the study of algebraic properties of block ciphers, and in particular algebraic techniques that can be used in their cryptanalysis. In these notes we will examine some algebraic aspects of the AES and consider a number of algebraic techniques that could be used in the analysis of the cipher. In particular, we will focus on the large, though surprisingly simple, systems of multivariate quadratic equations derived from the encryption operation, and consider some approaches that could be used when attempting to solve these systems. These notes refer to an invited talk given at the Fourth Conference on the Advanced Encryption Standard (AES4) in May 2004, and are largely based on[4].

In this paper, we propose a new block cipher called BC2 (Block Cipher 2). We make a cipher using components that are believed secure. The structure of BC2 is very simple. We use Feistel network with input-output 128 bits, matrix Maximum Distance Separable (MDS) 8x8 with branch number 9 to give high diffusion, a function affine equivalent to the inverse function in GF(2 8) that we get from Camellia and Hierocrypt S-Box for confusion and we make FN function, based on FL function of Camellia. We use a heuristic method to count the minimum number of active substitution box at Feistel Network. And we also construct a new key schedule that is fast and secure.

We have designed a new class of public key algorithms based on quasigroup string trans- formations using a speciflc class of quasigroups called multivariate quadratic quasigroups (MQQ). Our public key algorithm is a bijective mapping, it does not perform message expansions and can be used both for encryption and signatures. The public key consist of n quadratic polynomials with n variables where n = 140;160;:::. A particular characteristic of our public key algorithm is that it is very fast and highly parallelizable. More concretely, it has the speed of a typical modern symmetric block cipher { the reason for the phrase "A Public Key Block Cipher" in the title of this paper. Namely the reference C code for the 160{bit variant of the algorithm performs decryption in less than 11,000 cycles (on Intel Core 2 Duo { using only one processor core), and around 6,000 cycles using two CPU cores and OpenMP 2.0 library. However, implemented in Xilinx Virtex-5 FPGA that is running on ...

— This paper presents a 128-bit approach on the outdated Data Encryption Standard cipher. Since the symmetric block cipher is well past its prime, many methods have been devised by hackers in order to crack the cipher and obtain the plaintext message, namely through brute force attacks. In order to improve its security, the authors have made modifications to the standard bit size, wherein it is doubled from a size of 64-bits to 128-bits on the key structure and plaintext block. The size of various tables, functions, keys and swaps that are found throughout the process of the original DES are also subject to this doubling in size. Henceforth, the Expanded Data Encryption Standard is twice as extensive as its predecessor. By increasing the overall size of the cipher, it will take much longer for an attacker to bypass the security through the use of brute force.

This paper proposes an S-box construction of AES-128 block cipher which is more robust to differential power analysis (DPA) attacks than that of AES-128 implemented with Rijndael S-box while having similar cryptographic properties. The proposed S-box avoids use of countermeasures for thwarting DPA attacks thus consuming lesser area and power in the embedded hardware and still being more DPA resistive compared to Rijndael S-box. The design has been prototyped on Xilinx FPGA Spartan device XC3S400-4PQ208 and the power traces of the two different running AES-128 algorithms with the proposed and Rijndael S-boxes have been analyzed separately.

Fault-based side channel cryptanalysis is very effective against symmetric and asymmetric encryption algorithms. Although straightforward hardware and time redundancy based concurrent error detection (CED) architectures can be used to thwart such attacks, they entail significant overhead (either area or performance). In this paper we investigate systematic approaches to low-cost, low-latency CED for symmetric encryption algorithms based on the inverse relationship that exists between encryption and decryption at algorithm level, round level and operation level and develop CED architectures that explore the trade-off between area overhead, performance penalty and error detection latency. The proposed techniques have been validated on FPGA implementations of AES finalist 128-bit symmetric encryption algorithms.

This paper examines proposals for three cryptographic primitives: block ciphers, stream ciphers, and hash functions. It provides an overview of the design principles of a large number of recent proposals, which includes the global structure, the number of rounds, the way of introducing non-linearity and diffusion, and the key schedule. The software performance of about twenty primitives is compared based on highly optimized implementations for the Pentium. The goal of the paper is to provided a technical perspective on the wide variety of primitives that exist today.