Mahdi Sajadieh; Arash Mirzaei
Abstract
In terms of security, MDS matrices are one of the best choices for diffusion layer of block ciphers. However, as these matrices grow in size, their software implementation becomes a challenge. In this paper, to benefit from the properties of MDS matrices and avoid the mentioned challenge, we use 4*4 ...
Read More
In terms of security, MDS matrices are one of the best choices for diffusion layer of block ciphers. However, as these matrices grow in size, their software implementation becomes a challenge. In this paper, to benefit from the properties of MDS matrices and avoid the mentioned challenge, we use 4*4 MDS matrices to build some 16*16 matrices with low number of zero elements. We show that if these matrices are used as diffusion layer of software-based SPN structures, the resulting block ciphers have similar properties as AES in software implementation complexity (i.e. the number of required CPU instructions) and resistance against linear and differential attacks. Moreover, the best impossible differential and square distinguishers for the proposed 16*16 structures have similar length as SPN structures with 16*16 MDS matrices. Thus, the new structures outperform AES with respect to the impossible differential and square attacks. Additionally, we show that if the proposed SPN structure uses the AES key schedule, its results for the differential related-key attacks are better than those for AES. We also extend the idea and use 4*4 MDS matrices to design 24*24 and 32*32 matrices with acceptable properties for SPN structure design. Finally, we extend the idea to propose some matrices for Feistel structures with SP-type F-functions. We show that the resulting structures are more secure than the improved type-II GFS.
Bahram Rashidi
Abstract
In this paper, we present four low-cost substitution boxes (S-boxes) including two 4-bit S-boxes called S1 and S2 and two 8-bit S-boxes called SB1 and SB2, which are suitable for the development of lightweight block ciphers. The 8-bit SB1 S-box is constructed based on four 4-bit S-boxes, multiplication ...
Read More
In this paper, we present four low-cost substitution boxes (S-boxes) including two 4-bit S-boxes called S1 and S2 and two 8-bit S-boxes called SB1 and SB2, which are suitable for the development of lightweight block ciphers. The 8-bit SB1 S-box is constructed based on four 4-bit S-boxes, multiplication by constant 0x2 in the finite field F24 , and field addition operations. Also, the proposed 8-bit S-box SB2 is composed of five permutation blocks, two 4-bit S-boxes S1 and one 4-bit S-box S2, multiplication by constant 0x2, and addition operations in sequence. The proposed structures of the S-box are simple and low-cost. These structures have low area and low critical path delay. The cryptographic strength of the proposed S-boxes is analyzed by studying the properties of S-box such as Nonlinearity, Differential uniformity (DU), Strict avalanche criterion (SAC), Algebraic degree (AD), Differential approximation probability (DAP), and Linear approximation probability (LAP) in SAGE. The hardware results, in 180 nm CMOS technology, show the proposed S-boxes are comparable in terms of security properties, area, delay, and area×delay with most of the famous S-boxes.
A. Rezaei Shahmirzdi; A. Azimi; M. Salmasizadeh; J. Mohajeri; M. R. Aref
Abstract
Impossible differential attack is a well-known mean to examine robustness of block ciphers. Using impossible differential cryptanalysis, we analyze security of a family of lightweight block ciphers, named Midori, that are designed considering low energy consumption. Midori state size can be ...
Read More
Impossible differential attack is a well-known mean to examine robustness of block ciphers. Using impossible differential cryptanalysis, we analyze security of a family of lightweight block ciphers, named Midori, that are designed considering low energy consumption. Midori state size can be either 64 bits for Midori64 or 128 bits for Midori128; however, both versions have key size equal to 128 bits. In this paper, we mainly study security of Midori64. To this end, we use various techniques such as early-abort, memory reallocation, miss-in-the-middle and turning to account the inadequate key schedule algorithm of Midori64. We first show two new 7round impossible differential characteristics which are, to the best of our knowledge, the longest impossible differential characteristics found for Midori64. Based on the new characteristics, we mount three impossible differential attacks for 10, 11, and 12 rounds on Midori64 with 2 87.7 , 2 90.63 , and 2 90.51 time complexity, respectively, to retrieve the master-key.