SKINNY-64-64 is a lightweight block cipher with a 64-bit block length and key length,and it is mainly used on the Internet of Things(IoT).Currently,faults can be injected into cryptographic devices by attackers in a v...SKINNY-64-64 is a lightweight block cipher with a 64-bit block length and key length,and it is mainly used on the Internet of Things(IoT).Currently,faults can be injected into cryptographic devices by attackers in a variety of ways,but it is still difficult to achieve a precisely located fault attacks at a low cost,whereas a Hardware Trojan(HT)can realize this.Temperature,as a physical quantity incidental to the operation of a cryptographic device,is easily overlooked.In this paper,a temperature-triggered HT(THT)is designed,which,when activated,causes a specific bit of the intermediate state of the SKINNY-64-64 to be flipped.Further,in this paper,a THT-based algebraic fault analysis(THT-AFA)method is proposed.To demonstrate the effectiveness of the method,experiments on algebraic fault analysis(AFA)and THT-AFA have been carried out on SKINNY-64-64.In the THT-AFA for SKINNY-64-64,it is only required to activate the THT 3 times to obtain the master key with a 100%success rate,and the average time for the attack is 64.57 s.However,when performing AFA on this cipher,we provide a relation-ship between the number of different faults and the residual entropy of the key.In comparison,our proposed THT-AFA method has better performance in terms of attack efficiency.To the best of our knowledge,this is the first HT attack on SKINNY-64-64.展开更多
IoT devices have been widely used with the advent of 5G.These devices contain a large amount of private data during transmission.It is primely important for ensuring their security.Therefore,we proposed a lightweight ...IoT devices have been widely used with the advent of 5G.These devices contain a large amount of private data during transmission.It is primely important for ensuring their security.Therefore,we proposed a lightweight block cipher based on dynamic S-box named DBST.It is introduced for devices with limited hardware resources and high throughput requirements.DBST is a 128-bit block cipher supporting 64-bit key,which is based on a new generalized Feistel variant structure.It retains the consistency and significantly boosts the diffusion of the traditional Feistel structure.The SubColumns of round function is implemented by combining bit-slice technology with subkeys.The S-box is dynamically associated with the key.It has been demonstrated that DBST has a good avalanche effect,low hardware area,and high throughput.Our S-box has been proven to have fewer differential features than RECTANGLE S-box.The security analysis of DBST reveals that it can against impossible differential attack,differential attack,linear attack,and other types of attacks.展开更多
In this paper,we propose a new lightweight block cipher called SCENERY.The main purpose of SCENERY design applies to hardware and software platforms.SCENERY is a 64-bit block cipher supporting 80-bit keys,and its data...In this paper,we propose a new lightweight block cipher called SCENERY.The main purpose of SCENERY design applies to hardware and software platforms.SCENERY is a 64-bit block cipher supporting 80-bit keys,and its data processing consists of 28 rounds.The round function of SCENERY consists of 84×4 S-boxes in parallel and a 32× 32 binary matrix,and we can implement SCENERY with some basic logic instructions.The hardware implementation of SCENERY only requires 1438 GE based on 0.18 um CMOS technology,and the software implementation of encrypting or decrypting a block takes approximately 1516 clock cycles 0118-bit microcontrollers and 364 clock cycles on 64-bit processors.Compared with other encryption algorithms,the performance of SCENERY is well balanced for both hardware and software.By the security analyses,SCENERY can achieve enough security margin against known attacks,such as differential cryptanalysis,linear cryptanalysis,impossible differential cryptanalysis and related-key attacks.展开更多
Smart and interconnected devices can generate meaningful patient data and exchange it automatically without any human intervention in order to realize the Internet of Things(IoT)in healthcare(HIoT).Due to more and mor...Smart and interconnected devices can generate meaningful patient data and exchange it automatically without any human intervention in order to realize the Internet of Things(IoT)in healthcare(HIoT).Due to more and more online security and data hijacking attacks,the confidentiality,integrity and availability of data are considered serious issues in HIoT applications.In this regard,lightweight block ciphers(LBCs)are promising in resourceconstrained environment where security is the primary consideration.The prevalent challenge while designing an LBC for the HIoT environment is how to ascertain platform performance,cost,and security.Most of the existing LBCs primarily focus on text data or grayscale images.The main focus of this paper is about securing color images in a cost-effective way.We emphasis high confidentiality of color images captured by cameras in resource-constrained smartphones,and high confidentiality of sensitive images transmitted by low-power sensors in IoT systems.In order to reduce computational complexity and simulation time,the proposed Lightweight Symmetric Block Cipher(LSBC)exploits chaos-based confusion-diffusion operations at the inter-block level using a single round.The strength of LSBC is assessed by cryptanalysis,while it is ranked by comparing it to other privacy-preserving schemes.Our results show that the proposed cipher produces promising results in terms of key sensitivity and differential attacks,which proves that our LSBC is a good candidate for image security in HIoT.展开更多
LBlock is a 32-round lightweight block cipher with 64-bit block size and 80-bit key. This paper identifies 16- round related-key impossible differentials of LBlock, which are better than the 15-round related-key impos...LBlock is a 32-round lightweight block cipher with 64-bit block size and 80-bit key. This paper identifies 16- round related-key impossible differentials of LBlock, which are better than the 15-round related-key impossible differentials used in the previous attack. Based on these 16-round related-key impossible differentials, we can attack 23 rounds of LBlock while the previous related-key impossible differential attacks could only work on 22-round LBlock. This makes our attack on LBlock the best attack in terms of the number of attacked rounds.展开更多
The quantum security of lightweight block ciphers is receiving more and more attention.However,the existing quantum attacks on lightweight block ciphers only focused on the quantum exhaustive search,while the quantum ...The quantum security of lightweight block ciphers is receiving more and more attention.However,the existing quantum attacks on lightweight block ciphers only focused on the quantum exhaustive search,while the quantum attacks combined with classical cryptanalysis methods haven’t been well studied.In this paper,we study quantum key recovery attack on SIMON32/64 using Quantum Amplitude Amplification algorithm in Q1 model.At first,we reanalyze the quantum circuit complexity of quantum exhaustive search on SIMON32/64.We estimate the Clifford gates count more accurately and reduce the T gate count.Also,the T-depth and full depth is reduced due to our minor modifications.Then,using four differentials given by Biryukov in FSE 2014 as our distinguisher,we give our quantum key recovery attack on 19-round SIMON32/64.We treat the two phases of key recovery attack as two QAA instances separately,and the first QAA instance consists of four sub-QAA instances.Then,we design the quantum circuit of these two QAA instances and estimate their corresponding quantum circuit complexity.We conclude that the quantum circuit of our quantum key recovery attack is lower than quantum exhaustive search.Our work firstly studies the quantum dedicated attack on SIMON32/64.And this is the first work to study the complexity of quantum dedicated attacks from the perspective of quantum circuit complexity,which is a more fine-grained analysis of quantum dedicated attacks’complexity.展开更多
In June 2013, the U.S. National Security Agency proposed two families of lightweight block ciphers, called SIMON and SPECK respectively. These ciphers are designed to perform excellently on both hardware and software ...In June 2013, the U.S. National Security Agency proposed two families of lightweight block ciphers, called SIMON and SPECK respectively. These ciphers are designed to perform excellently on both hardware and software platforms. In this paper, we mainly present zero-correlation linear cryptanalysis on various versions of SIMON. Firstly, by using miss- in-the-middle approach, we construct zero-correlation linear distinguishers of SIMON, and zero-correlation linear attacks are presented based oi1 careful analysis of key recovery phase. Secondly, multidimensional zero-correlation linear attacks are used to reduce the data complexity. Our zero-correlation linear attacks perform better than impossible differential attacks proposed by Abed et al. in ePrint Report 2013/568. Finally, we also use the divide-and-conquer technique to improve the results of linear cryptanalysis proposed by Javad et al. in ePrint Report 2013/663.展开更多
In this era of pervasive computing, low-resource devices have been deployed in various fields. PRINCE is a lightweight block cipher designed for low latency, and is suitable for pervasive computing applications. In th...In this era of pervasive computing, low-resource devices have been deployed in various fields. PRINCE is a lightweight block cipher designed for low latency, and is suitable for pervasive computing applications. In this paper, we propose new circuit structures for PRINCE components by sharing and simplifying logic circuits, to achieve the goal of using a smaller number of logic gates to obtain the same result. Based on the new circuit structures of components and the best sharing among components,we propose three new hardware architectures for PRINCE. The architectures are simulated and synthesized on different programmable gate array devices. The results on Virtex-6 show that compared with existing architectures, the resource consumption of the unrolled, low-cost, and two-cycle architectures is reduced by 73, 119, and 380 slices, respectively. The low-cost architecture costs only 137 slices. The unrolled architecture costs 409 slices and has a throughput of 5.34 Gb/s. To our knowledge, for the hardware implementation of PRINCE, the new low-cost architecture sets new area records, and the new unrolled architecture sets new throughput records. Therefore, the newly proposed architectures are more resource-efficient and suitable for lightweight,latency-critical applications.展开更多
In this paper we present an attack on 30-round SIMON64, which improves the best results on SIMON64 by 1 round. We use a 23-round differential characteristic which was proposed by Itai et al in 2015 to construct a 30-r...In this paper we present an attack on 30-round SIMON64, which improves the best results on SIMON64 by 1 round. We use a 23-round differential characteristic which was proposed by Itai et al in 2015 to construct a 30-round extended differential characteristized by adding 4 rounds on the top and 3 round on the bottom. Furthermore, we utilize all of the sufficient bit-conditions of the 30-round differential to compute a set of corresponding subkeys. Then we distribute the plaintext pairs over the 286 lists corresponding to the 86-bit subkeys. If a list contains two or more pairs, we regard the subkeys corresponding to the list as candidate subkeys. The time complexity of our attack on 30-round SIMON64/96 (SIMON64/128) is 286.2 (21182) with a success probability of 0.61, while the data complexity and the memory complexity are 263.3 and 290 bytes, respectively.展开更多
基金supported in part by the Natural Science Foundation of Heilongjiang Province of China(Grant No.LH2022F053)in part by the Scientific and technological development project of the central government guiding local(Grant No.SBZY2021E076)+2 种基金in part by the PostdoctoralResearch Fund Project of Heilongjiang Province of China(Grant No.LBH-Q21195)in part by the Fundamental Research Funds of Heilongjiang Provincial Universities of China(Grant No.145209146)in part by the National Natural Science Foundation of China(NSFC)(Grant No.61501275).
文摘SKINNY-64-64 is a lightweight block cipher with a 64-bit block length and key length,and it is mainly used on the Internet of Things(IoT).Currently,faults can be injected into cryptographic devices by attackers in a variety of ways,but it is still difficult to achieve a precisely located fault attacks at a low cost,whereas a Hardware Trojan(HT)can realize this.Temperature,as a physical quantity incidental to the operation of a cryptographic device,is easily overlooked.In this paper,a temperature-triggered HT(THT)is designed,which,when activated,causes a specific bit of the intermediate state of the SKINNY-64-64 to be flipped.Further,in this paper,a THT-based algebraic fault analysis(THT-AFA)method is proposed.To demonstrate the effectiveness of the method,experiments on algebraic fault analysis(AFA)and THT-AFA have been carried out on SKINNY-64-64.In the THT-AFA for SKINNY-64-64,it is only required to activate the THT 3 times to obtain the master key with a 100%success rate,and the average time for the attack is 64.57 s.However,when performing AFA on this cipher,we provide a relation-ship between the number of different faults and the residual entropy of the key.In comparison,our proposed THT-AFA method has better performance in terms of attack efficiency.To the best of our knowledge,this is the first HT attack on SKINNY-64-64.
文摘IoT devices have been widely used with the advent of 5G.These devices contain a large amount of private data during transmission.It is primely important for ensuring their security.Therefore,we proposed a lightweight block cipher based on dynamic S-box named DBST.It is introduced for devices with limited hardware resources and high throughput requirements.DBST is a 128-bit block cipher supporting 64-bit key,which is based on a new generalized Feistel variant structure.It retains the consistency and significantly boosts the diffusion of the traditional Feistel structure.The SubColumns of round function is implemented by combining bit-slice technology with subkeys.The S-box is dynamically associated with the key.It has been demonstrated that DBST has a good avalanche effect,low hardware area,and high throughput.Our S-box has been proven to have fewer differential features than RECTANGLE S-box.The security analysis of DBST reveals that it can against impossible differential attack,differential attack,linear attack,and other types of attacks.
基金This research was supported by the Scientific Research Fund of Hunan Provincial Education Department(19A072)Application-oriented Special Disciplines,Double First-Class University Project of Hunan Province(Xiangjiaotong[2018]469)the Science and Technology Plan Project of Hunan Province(2016TP1020).
文摘In this paper,we propose a new lightweight block cipher called SCENERY.The main purpose of SCENERY design applies to hardware and software platforms.SCENERY is a 64-bit block cipher supporting 80-bit keys,and its data processing consists of 28 rounds.The round function of SCENERY consists of 84×4 S-boxes in parallel and a 32× 32 binary matrix,and we can implement SCENERY with some basic logic instructions.The hardware implementation of SCENERY only requires 1438 GE based on 0.18 um CMOS technology,and the software implementation of encrypting or decrypting a block takes approximately 1516 clock cycles 0118-bit microcontrollers and 364 clock cycles on 64-bit processors.Compared with other encryption algorithms,the performance of SCENERY is well balanced for both hardware and software.By the security analyses,SCENERY can achieve enough security margin against known attacks,such as differential cryptanalysis,linear cryptanalysis,impossible differential cryptanalysis and related-key attacks.
基金This work was supported by the King Saud University (in Riyadh, SaudiArabia) through the Researcher Supporting Project Number (RSP–2021/387).
文摘Smart and interconnected devices can generate meaningful patient data and exchange it automatically without any human intervention in order to realize the Internet of Things(IoT)in healthcare(HIoT).Due to more and more online security and data hijacking attacks,the confidentiality,integrity and availability of data are considered serious issues in HIoT applications.In this regard,lightweight block ciphers(LBCs)are promising in resourceconstrained environment where security is the primary consideration.The prevalent challenge while designing an LBC for the HIoT environment is how to ascertain platform performance,cost,and security.Most of the existing LBCs primarily focus on text data or grayscale images.The main focus of this paper is about securing color images in a cost-effective way.We emphasis high confidentiality of color images captured by cameras in resource-constrained smartphones,and high confidentiality of sensitive images transmitted by low-power sensors in IoT systems.In order to reduce computational complexity and simulation time,the proposed Lightweight Symmetric Block Cipher(LSBC)exploits chaos-based confusion-diffusion operations at the inter-block level using a single round.The strength of LSBC is assessed by cryptanalysis,while it is ranked by comparing it to other privacy-preserving schemes.Our results show that the proposed cipher produces promising results in terms of key sensitivity and differential attacks,which proves that our LSBC is a good candidate for image security in HIoT.
基金supported by the National Basic Research 973 Program of China under Grant No.2013CB834205the National Natural Science Foundation of China under Grant Nos.61133013,61070244,and 61103237+1 种基金the Program for New Century Excellent Talents in University of China under Grant No.NCET-13-0350the Interdisciplinary Research Foundation of Shandong University of China under Grant No.2012JC018
文摘LBlock is a 32-round lightweight block cipher with 64-bit block size and 80-bit key. This paper identifies 16- round related-key impossible differentials of LBlock, which are better than the 15-round related-key impossible differentials used in the previous attack. Based on these 16-round related-key impossible differentials, we can attack 23 rounds of LBlock while the previous related-key impossible differential attacks could only work on 22-round LBlock. This makes our attack on LBlock the best attack in terms of the number of attacked rounds.
基金National Natural Science Foundation of China(Grant No.61672517)National Natural Foundation of China(Key program,Grant No.61732021)+1 种基金National Cyrptography Development Fund(Grant No.MMJJ20170108)Beijing Municipal Science&Technology Commission(Grant No.Z191100007119006).
文摘The quantum security of lightweight block ciphers is receiving more and more attention.However,the existing quantum attacks on lightweight block ciphers only focused on the quantum exhaustive search,while the quantum attacks combined with classical cryptanalysis methods haven’t been well studied.In this paper,we study quantum key recovery attack on SIMON32/64 using Quantum Amplitude Amplification algorithm in Q1 model.At first,we reanalyze the quantum circuit complexity of quantum exhaustive search on SIMON32/64.We estimate the Clifford gates count more accurately and reduce the T gate count.Also,the T-depth and full depth is reduced due to our minor modifications.Then,using four differentials given by Biryukov in FSE 2014 as our distinguisher,we give our quantum key recovery attack on 19-round SIMON32/64.We treat the two phases of key recovery attack as two QAA instances separately,and the first QAA instance consists of four sub-QAA instances.Then,we design the quantum circuit of these two QAA instances and estimate their corresponding quantum circuit complexity.We conclude that the quantum circuit of our quantum key recovery attack is lower than quantum exhaustive search.Our work firstly studies the quantum dedicated attack on SIMON32/64.And this is the first work to study the complexity of quantum dedicated attacks from the perspective of quantum circuit complexity,which is a more fine-grained analysis of quantum dedicated attacks’complexity.
基金This work was supported by the National Basic Research 973 Program of China under Grant No. 2013CB338002 and the National Natural Science Foundation of China under Grant Nos. 61272476, 61202420, and 61232009.
文摘In June 2013, the U.S. National Security Agency proposed two families of lightweight block ciphers, called SIMON and SPECK respectively. These ciphers are designed to perform excellently on both hardware and software platforms. In this paper, we mainly present zero-correlation linear cryptanalysis on various versions of SIMON. Firstly, by using miss- in-the-middle approach, we construct zero-correlation linear distinguishers of SIMON, and zero-correlation linear attacks are presented based oi1 careful analysis of key recovery phase. Secondly, multidimensional zero-correlation linear attacks are used to reduce the data complexity. Our zero-correlation linear attacks perform better than impossible differential attacks proposed by Abed et al. in ePrint Report 2013/568. Finally, we also use the divide-and-conquer technique to improve the results of linear cryptanalysis proposed by Javad et al. in ePrint Report 2013/663.
基金Project supported by the Scientific Research Fund of Hunan Provincial Education Department,China (Nos. 19A072 and 20C0268)the Science and Technology Innovation Program of Hunan Province,China (No. 2016TP1020)+2 种基金the Application-Oriented Special Disciplines,Double First-Class University Project of Hunan Province,China (No. Xiangjiaotong [2018] 469)the Scienceof Hengyang Normal University,China (No. 18D23)the Postgraduate Scientific Research Innovation Project of Hunan Province,China (No. CX20190980)。
文摘In this era of pervasive computing, low-resource devices have been deployed in various fields. PRINCE is a lightweight block cipher designed for low latency, and is suitable for pervasive computing applications. In this paper, we propose new circuit structures for PRINCE components by sharing and simplifying logic circuits, to achieve the goal of using a smaller number of logic gates to obtain the same result. Based on the new circuit structures of components and the best sharing among components,we propose three new hardware architectures for PRINCE. The architectures are simulated and synthesized on different programmable gate array devices. The results on Virtex-6 show that compared with existing architectures, the resource consumption of the unrolled, low-cost, and two-cycle architectures is reduced by 73, 119, and 380 slices, respectively. The low-cost architecture costs only 137 slices. The unrolled architecture costs 409 slices and has a throughput of 5.34 Gb/s. To our knowledge, for the hardware implementation of PRINCE, the new low-cost architecture sets new area records, and the new unrolled architecture sets new throughput records. Therefore, the newly proposed architectures are more resource-efficient and suitable for lightweight,latency-critical applications.
基金Supported by the National Natural Science Foundation of China(61373142,61572125)Dissertation Innovation Funds(112-06-0019025)
文摘In this paper we present an attack on 30-round SIMON64, which improves the best results on SIMON64 by 1 round. We use a 23-round differential characteristic which was proposed by Itai et al in 2015 to construct a 30-round extended differential characteristized by adding 4 rounds on the top and 3 round on the bottom. Furthermore, we utilize all of the sufficient bit-conditions of the 30-round differential to compute a set of corresponding subkeys. Then we distribute the plaintext pairs over the 286 lists corresponding to the 86-bit subkeys. If a list contains two or more pairs, we regard the subkeys corresponding to the list as candidate subkeys. The time complexity of our attack on 30-round SIMON64/96 (SIMON64/128) is 286.2 (21182) with a success probability of 0.61, while the data complexity and the memory complexity are 263.3 and 290 bytes, respectively.
