SKINNY-64-64 is a lightweight block cipher with a 64-bit block length and key length,and it is mainly used on the Internet of Things(IoT).Currently,faults can be injected into cryptographic devices by attackers in a v...SKINNY-64-64 is a lightweight block cipher with a 64-bit block length and key length,and it is mainly used on the Internet of Things(IoT).Currently,faults can be injected into cryptographic devices by attackers in a variety of ways,but it is still difficult to achieve a precisely located fault attacks at a low cost,whereas a Hardware Trojan(HT)can realize this.Temperature,as a physical quantity incidental to the operation of a cryptographic device,is easily overlooked.In this paper,a temperature-triggered HT(THT)is designed,which,when activated,causes a specific bit of the intermediate state of the SKINNY-64-64 to be flipped.Further,in this paper,a THT-based algebraic fault analysis(THT-AFA)method is proposed.To demonstrate the effectiveness of the method,experiments on algebraic fault analysis(AFA)and THT-AFA have been carried out on SKINNY-64-64.In the THT-AFA for SKINNY-64-64,it is only required to activate the THT 3 times to obtain the master key with a 100%success rate,and the average time for the attack is 64.57 s.However,when performing AFA on this cipher,we provide a relation-ship between the number of different faults and the residual entropy of the key.In comparison,our proposed THT-AFA method has better performance in terms of attack efficiency.To the best of our knowledge,this is the first HT attack on SKINNY-64-64.展开更多
This paper proposes a new involutive light-weight block cipher for resource-constraint environments called I-PRESENTTM. The design is based on the Present block cipher which is included in the ISO/IEC 29192 standard o...This paper proposes a new involutive light-weight block cipher for resource-constraint environments called I-PRESENTTM. The design is based on the Present block cipher which is included in the ISO/IEC 29192 standard on lightweight cryptography. The advantage of I-PRESENTTM is that the cipher is involutive such that the encryption circuit is identical to decryption. This is an advantage for environments which require the implementation of both circuits. The area requirement of I-PRESENTTM compares reasonably well with other similar ciphers such as PRINCE.展开更多
In this paper,we propose a new lightweight block cipher called SCENERY.The main purpose of SCENERY design applies to hardware and software platforms.SCENERY is a 64-bit block cipher supporting 80-bit keys,and its data...In this paper,we propose a new lightweight block cipher called SCENERY.The main purpose of SCENERY design applies to hardware and software platforms.SCENERY is a 64-bit block cipher supporting 80-bit keys,and its data processing consists of 28 rounds.The round function of SCENERY consists of 84×4 S-boxes in parallel and a 32× 32 binary matrix,and we can implement SCENERY with some basic logic instructions.The hardware implementation of SCENERY only requires 1438 GE based on 0.18 um CMOS technology,and the software implementation of encrypting or decrypting a block takes approximately 1516 clock cycles 0118-bit microcontrollers and 364 clock cycles on 64-bit processors.Compared with other encryption algorithms,the performance of SCENERY is well balanced for both hardware and software.By the security analyses,SCENERY can achieve enough security margin against known attacks,such as differential cryptanalysis,linear cryptanalysis,impossible differential cryptanalysis and related-key attacks.展开更多
IoT devices have been widely used with the advent of 5G.These devices contain a large amount of private data during transmission.It is primely important for ensuring their security.Therefore,we proposed a lightweight ...IoT devices have been widely used with the advent of 5G.These devices contain a large amount of private data during transmission.It is primely important for ensuring their security.Therefore,we proposed a lightweight block cipher based on dynamic S-box named DBST.It is introduced for devices with limited hardware resources and high throughput requirements.DBST is a 128-bit block cipher supporting 64-bit key,which is based on a new generalized Feistel variant structure.It retains the consistency and significantly boosts the diffusion of the traditional Feistel structure.The SubColumns of round function is implemented by combining bit-slice technology with subkeys.The S-box is dynamically associated with the key.It has been demonstrated that DBST has a good avalanche effect,low hardware area,and high throughput.Our S-box has been proven to have fewer differential features than RECTANGLE S-box.The security analysis of DBST reveals that it can against impossible differential attack,differential attack,linear attack,and other types of attacks.展开更多
In this paper, we present a new lightweight block cipher named eight-sided fortress(ESF), which is suitable for resource-constrained environments such as sensor networks and low-cost radio rrequency identification(...In this paper, we present a new lightweight block cipher named eight-sided fortress(ESF), which is suitable for resource-constrained environments such as sensor networks and low-cost radio rrequency identification(RFID) tags. Meanwhile, we present the specification, design rationale and evaluation results in terms of the hardware implementation. For realizing both efficiency and security in embedded systems, similar to the other lightweight block ciphers, ESF is 64 bits block length and key size is 80 bits. It is inspired from existing block cipher, PRESENT and LBlock. The encryption algorithm of ESF is based on variant Feistel structure with SPN round function, used Feistel network as an overall structure with the purpose of minimizing computational resources.展开更多
We investigate the lightweight block cipher KATAN family which consists of three variants with 32, 48 and 64-bit block sizes, called KATAN32, KATAN48 and KATAN64 respectively. However, three variants all have the same...We investigate the lightweight block cipher KATAN family which consists of three variants with 32, 48 and 64-bit block sizes, called KATAN32, KATAN48 and KATAN64 respectively. However, three variants all have the same key length of 80 bits. On the basis of the bit-oriented faulty model and the differential analysis principle, we describe the attack that combines differential fault attack with the meet-in-the-middle (MITM) attack on the KATAN32. More precisely, inducing a fault at a bit, we can recover some linear differential fault equations on the key bits. During solving equations, without the help of computer, we need only algebraic deduction to obtain relations of some key bits. The complexity in this process is neglectable. The secret key of the full cipher can be recovered faster than exhaustive search for all three block sizes in the KATAN family. Our result describes that KATAN32 is vulnerable.展开更多
Lightweight block ciphers are the essential encryption algorithm for devices with limited resources.Its goal is to ensure the security of data transmission through resource-constrained devices.Impossible diferential c...Lightweight block ciphers are the essential encryption algorithm for devices with limited resources.Its goal is to ensure the security of data transmission through resource-constrained devices.Impossible diferential cryptanalysis is one of the most efective cryptanalysis on block ciphers,and assessing the ability of resisting this attack is a basic design criterion.Shadow is a lightweight block cipher proposed by Guo et al.(IEEE Internet Things J 8(16):13014-13023,2021).It utilizes a combination of ARX operations and generalized Feistel structure to overcome the weakness of the traditional Feistel structure that only difuses half in one round.In this paper,we focus on the differential property of Shadow and its security against impossible diferential cryptanalysis.First,we use the SAT method to automatically search for a full-round impossible diferential distinguisher of Shadow-32.Then,based on the experimental results,we prove that Shadow has a diferential property with probability 1 based on the propagation of the state.Further,we can obtain an impossible diferential distinguisher for an arbitrary number of rounds of Shadow.Finally,we perform a full key recovery attack on the full-round Shadow-32 and Shadow-64.Both experimentally and theoretically,our results indicate that Shadow is critically fawed,and regardless of the security strength of the internal components and the number of rounds applied,the overall cipher remains vulnerable to impossible diferential cryptanalysis.展开更多
概括了可分性在积分分析中的现状,总结了混合整数线性规划(Mixed Integer Linear Programming,MILP)在积分区分器搜索中目前的结果与应用。在已知的可分性建模规则的基础上,针对ESF算法和HBcipher算法,设计合适初始可分性,建立MILP模型...概括了可分性在积分分析中的现状,总结了混合整数线性规划(Mixed Integer Linear Programming,MILP)在积分区分器搜索中目前的结果与应用。在已知的可分性建模规则的基础上,针对ESF算法和HBcipher算法,设计合适初始可分性,建立MILP模型,并采用开源求解器进行积分区分器自动搜索。填补了HBcipher和ESF算法在积分分析上的空白,搜索到最多9轮的积分区分器,在8轮上也得到了较多平衡位的区分器。与其他密码分析做对比,ESF、HBcipher分组密码算法在积分分析上有很大的分析空间。展开更多
基金supported in part by the Natural Science Foundation of Heilongjiang Province of China(Grant No.LH2022F053)in part by the Scientific and technological development project of the central government guiding local(Grant No.SBZY2021E076)+2 种基金in part by the PostdoctoralResearch Fund Project of Heilongjiang Province of China(Grant No.LBH-Q21195)in part by the Fundamental Research Funds of Heilongjiang Provincial Universities of China(Grant No.145209146)in part by the National Natural Science Foundation of China(NSFC)(Grant No.61501275).
文摘SKINNY-64-64 is a lightweight block cipher with a 64-bit block length and key length,and it is mainly used on the Internet of Things(IoT).Currently,faults can be injected into cryptographic devices by attackers in a variety of ways,but it is still difficult to achieve a precisely located fault attacks at a low cost,whereas a Hardware Trojan(HT)can realize this.Temperature,as a physical quantity incidental to the operation of a cryptographic device,is easily overlooked.In this paper,a temperature-triggered HT(THT)is designed,which,when activated,causes a specific bit of the intermediate state of the SKINNY-64-64 to be flipped.Further,in this paper,a THT-based algebraic fault analysis(THT-AFA)method is proposed.To demonstrate the effectiveness of the method,experiments on algebraic fault analysis(AFA)and THT-AFA have been carried out on SKINNY-64-64.In the THT-AFA for SKINNY-64-64,it is only required to activate the THT 3 times to obtain the master key with a 100%success rate,and the average time for the attack is 64.57 s.However,when performing AFA on this cipher,we provide a relation-ship between the number of different faults and the residual entropy of the key.In comparison,our proposed THT-AFA method has better performance in terms of attack efficiency.To the best of our knowledge,this is the first HT attack on SKINNY-64-64.
文摘This paper proposes a new involutive light-weight block cipher for resource-constraint environments called I-PRESENTTM. The design is based on the Present block cipher which is included in the ISO/IEC 29192 standard on lightweight cryptography. The advantage of I-PRESENTTM is that the cipher is involutive such that the encryption circuit is identical to decryption. This is an advantage for environments which require the implementation of both circuits. The area requirement of I-PRESENTTM compares reasonably well with other similar ciphers such as PRINCE.
基金This research was supported by the Scientific Research Fund of Hunan Provincial Education Department(19A072)Application-oriented Special Disciplines,Double First-Class University Project of Hunan Province(Xiangjiaotong[2018]469)the Science and Technology Plan Project of Hunan Province(2016TP1020).
文摘In this paper,we propose a new lightweight block cipher called SCENERY.The main purpose of SCENERY design applies to hardware and software platforms.SCENERY is a 64-bit block cipher supporting 80-bit keys,and its data processing consists of 28 rounds.The round function of SCENERY consists of 84×4 S-boxes in parallel and a 32× 32 binary matrix,and we can implement SCENERY with some basic logic instructions.The hardware implementation of SCENERY only requires 1438 GE based on 0.18 um CMOS technology,and the software implementation of encrypting or decrypting a block takes approximately 1516 clock cycles 0118-bit microcontrollers and 364 clock cycles on 64-bit processors.Compared with other encryption algorithms,the performance of SCENERY is well balanced for both hardware and software.By the security analyses,SCENERY can achieve enough security margin against known attacks,such as differential cryptanalysis,linear cryptanalysis,impossible differential cryptanalysis and related-key attacks.
文摘IoT devices have been widely used with the advent of 5G.These devices contain a large amount of private data during transmission.It is primely important for ensuring their security.Therefore,we proposed a lightweight block cipher based on dynamic S-box named DBST.It is introduced for devices with limited hardware resources and high throughput requirements.DBST is a 128-bit block cipher supporting 64-bit key,which is based on a new generalized Feistel variant structure.It retains the consistency and significantly boosts the diffusion of the traditional Feistel structure.The SubColumns of round function is implemented by combining bit-slice technology with subkeys.The S-box is dynamically associated with the key.It has been demonstrated that DBST has a good avalanche effect,low hardware area,and high throughput.Our S-box has been proven to have fewer differential features than RECTANGLE S-box.The security analysis of DBST reveals that it can against impossible differential attack,differential attack,linear attack,and other types of attacks.
基金supported by the the National Science Foundation of China(61272434)the Natural Science Foundation of Shandong Province(ZR2012FM004,ZR2013FQ021)the Project of Senior Visiting Scholar of Shandong Province and Foundation of Science and Technology on Information Assume Laboratory(KJ-13-004)
文摘In this paper, we present a new lightweight block cipher named eight-sided fortress(ESF), which is suitable for resource-constrained environments such as sensor networks and low-cost radio rrequency identification(RFID) tags. Meanwhile, we present the specification, design rationale and evaluation results in terms of the hardware implementation. For realizing both efficiency and security in embedded systems, similar to the other lightweight block ciphers, ESF is 64 bits block length and key size is 80 bits. It is inspired from existing block cipher, PRESENT and LBlock. The encryption algorithm of ESF is based on variant Feistel structure with SPN round function, used Feistel network as an overall structure with the purpose of minimizing computational resources.
基金the National Natural Science Foundation of China (No. 61272434)the Natural Science Foundation of Shandong Province (Nos. ZR2011FQ032 and ZR2012FM004)+1 种基金the Project of Shandong Province Higher Educational Science and Technology Program(No. J11LG33)the Project of Senior Visiting Scholar of Shandong Province
文摘We investigate the lightweight block cipher KATAN family which consists of three variants with 32, 48 and 64-bit block sizes, called KATAN32, KATAN48 and KATAN64 respectively. However, three variants all have the same key length of 80 bits. On the basis of the bit-oriented faulty model and the differential analysis principle, we describe the attack that combines differential fault attack with the meet-in-the-middle (MITM) attack on the KATAN32. More precisely, inducing a fault at a bit, we can recover some linear differential fault equations on the key bits. During solving equations, without the help of computer, we need only algebraic deduction to obtain relations of some key bits. The complexity in this process is neglectable. The secret key of the full cipher can be recovered faster than exhaustive search for all three block sizes in the KATAN family. Our result describes that KATAN32 is vulnerable.
基金supported by the National Natural Science Foundation of China(No.12371525).
文摘Lightweight block ciphers are the essential encryption algorithm for devices with limited resources.Its goal is to ensure the security of data transmission through resource-constrained devices.Impossible diferential cryptanalysis is one of the most efective cryptanalysis on block ciphers,and assessing the ability of resisting this attack is a basic design criterion.Shadow is a lightweight block cipher proposed by Guo et al.(IEEE Internet Things J 8(16):13014-13023,2021).It utilizes a combination of ARX operations and generalized Feistel structure to overcome the weakness of the traditional Feistel structure that only difuses half in one round.In this paper,we focus on the differential property of Shadow and its security against impossible diferential cryptanalysis.First,we use the SAT method to automatically search for a full-round impossible diferential distinguisher of Shadow-32.Then,based on the experimental results,we prove that Shadow has a diferential property with probability 1 based on the propagation of the state.Further,we can obtain an impossible diferential distinguisher for an arbitrary number of rounds of Shadow.Finally,we perform a full key recovery attack on the full-round Shadow-32 and Shadow-64.Both experimentally and theoretically,our results indicate that Shadow is critically fawed,and regardless of the security strength of the internal components and the number of rounds applied,the overall cipher remains vulnerable to impossible diferential cryptanalysis.
文摘概括了可分性在积分分析中的现状,总结了混合整数线性规划(Mixed Integer Linear Programming,MILP)在积分区分器搜索中目前的结果与应用。在已知的可分性建模规则的基础上,针对ESF算法和HBcipher算法,设计合适初始可分性,建立MILP模型,并采用开源求解器进行积分区分器自动搜索。填补了HBcipher和ESF算法在积分分析上的空白,搜索到最多9轮的积分区分器,在8轮上也得到了较多平衡位的区分器。与其他密码分析做对比,ESF、HBcipher分组密码算法在积分分析上有很大的分析空间。
