Dissertation and Thesis

Permanent URI for this communityhttp://164.52.219.250:4000/handle/10263/2146

Browse

Has files: YesSubject: search.filters.subject.Message Authentication Codes

Search Results

Now showing 1 - 2 of 2
  • No Thumbnail Available
    Item
    Cryptanalysis of Selected SPN and NLFSR-based Symmetric-Key Ciphers
    (Indian Statistical Institute, Kolkata, 2023-06) Jana, Amit
    The thesis focuses on the cryptanalysis of private-key ciphers, which are widely used encryption methods due to their fast encryption/decryption computing ability and low memory requirements. The thesis covers two different aspects of cryptanalysis: traditional attack techniques and physical attacks. For physical attacks, the thesis presents a differential fault attack on the CAESAR scheme NORX with parallelism levels of 2 and 4. By introducing faults in NORX in parallel mode, the state collides with the internal branches to produce an all-zero state, which can be replayed despite different nonces and messages. The secret key of NORX is recovered using secondary faults and faulty tags, utilizing both internal and classical differentials. The attack strategy is demonstrated using different fault models to showcase its versatility. Additionally, the thesis identifies and solves a new variant of the coupon collector problem called the Non-circular Consecutive Coupon Collector Problem, which estimates the expected faults for the consecutive bit-fault model. The problem is extended to the circular variant and validated using hypothesis testing. The outcomes of this study may hold significance and relevance to the research community as a standalone contribution. Furthermore, the thesis investigates the faulty forgery attack on the decryption query to recover the state, leading to key recovery, for sponge-based authentication schemes with internal permutations following the SPN-based GFN structure. The attack is then extended to retrieve the secret key of any SPN-based sponge/SIV-like schemes. For traditional cryptanalysis, the thesis analyzes differential cryptanalysis of single or multiple AND-based NLFSR-like ciphers. Recent trends in automated cryptanalysis involve modeling classical cryptanalysis tools as optimization problems to leverage state-of-the-art solvers and improving existing models to make them more efficient and accurate. The thesis contributes to this trend by devising a general MILP model referred to as “DEEPAND” that captures the correlations among multiple AND gates in NLFSR-based lightweight block ciphers. The DEEPAND model builds upon and generalizes the idea of joint propagation of differences through AND gates, captured using refined MILP modeling of TinyJAMBU by Saha et al. in FSE 2020. The proposed model has been applied to TinyJAMBU and KATAN and can detect correlations that were missed by earlier models. This leads to more accurate differential bounds for both ciphers.
  • No Thumbnail Available
    Item
    Tight Security of PMAC-type and CBC-type Message Authentication Codes
    (Indian Statistical Institute, Kolkata, 2023-07) Chattopadhyay, Soumya
    Message Authentication Codes (or MACs) are symmetric-key primitives that ensure the authenticity as well as the integrity of messages. The sender generates an authen- tication tag (based on a message and a secret key) which can be verified on the re- ceiver’s end. Two paradigms for building block cipher based MACs of the form Hash- then-PRP: 1) Parallelizable or PMAC-type, 2) Sequential or CBC-type. PMAC, sPMAC, PMAC1, LightMAC etc. are examples of PMAC-type MACs. Whereas OMAC, XCBC, TMAC, GCBC are examples of CBC-type MACs. Obtaining length independent (tight) bounds for these constructions has been a challenging problem. The goal of this thesis is to obtain length independent (tight) bounds for as many important constructions as possible and devise a novel technique that can be employed for various constructions and has a scope of generalization. PMAC-TYPE MACS: Firstly, in chapter 3, we demonstrate why a claim about tight se- curity of a PMAC variant proposed by Naito is wrong. Together with that, we state a necessary and sufficient condition to correctly establish that claim. Secondly, in the same chapter, we propose a variant of PMAC1 which has tight security for a rea- sonable range of message lengths. Then we prove the tight security of sPMAC for a weaker notion of independence (of hash). Next, in chapter 4, we analyze secu- rity bounds for LightMAC: We show tight security of 1k-LightMAC (single-key version of the original LightMAC) which holds for a range of lengths (both upper and lower bounded). Moreover, we show an attack on 1k-LightMAC for sufficiently small-length messages. Besides we propose two new variants of 1k-LightMAC, namely, LightMAC- swp and LightMAC-ds, both of which achieve length independent tight security for a fairly good range of lengths. Here we employ a novel sampling technique, dubbed “Reset-sampling”, as a subroutine of H-coefficient setup. It helps get tight bounds. Then, in the last chapter (5) of this part, we try to get a generalized view of the PMAC family. We develop technical concepts necessary to cover a large class of parallelizable MACs of the form hash-then-PRP. As the main results of this chapter, we prove the se- curity bound in terms of the collision probability of the underlying hash function, both for independent keys and single-keyed versions of a generic member of the PMAC family. As a corollary to this, we apply this result to get birthday-bound security for a simplified version of PMAC+, under some assumptions. Moreover, a similar bound for 1k-LightMAC as well follows directly from the main result. CBC-TYPE MACS: In chapter 6, we obtain O( q2 2n + qℓ2 2n ) bound for OMAC using reset- sampling . This is the best-known bound for it. Although it is not “length independent” in an exact sense, it behaves almost like a birthday bound with some consideration. We obtain similar bounds for XCBC and TMAC also. In this way, we become successful in establishing tight security for all CBC-MAC variants, except the original one.