Block Cipher Invariants as Eigenvectors of Correlation Matrices

Beyne, Tim

doi:10.1007/978-3-030-03326-2_1

Cited by 20 publications

(22 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The coordinate representation of this operator with respect to the standard basis {δ x } x∈V may be called the transition matrix of F . Following [4,5], the correlation matrix of F is then the same operator expressed with respect to the Fourier basis. Note that correlation matrices were first introduced by Daemen et al [17], where their definition is given in terms of concepts from linear cryptanalysis.…”

Section: Fourier Analysismentioning

confidence: 99%

Cryptanalysis of Masked Ciphers: A Not So Random Idea

Beyne

Dhooghe

Zhang

2020

Advances in Cryptology – ASIACRYPT 2020

Self Cite

View full text Add to dashboard Cite

A new approach to the security analysis of hardware-oriented masked ciphers against second-order side-channel attacks is developed. By relying on techniques from symmetric-key cryptanalysis, concrete security bounds are obtained in a variant of the probing model that allows the adversary to make only a bounded, but possibly very large, number of measurements. Specifically, it is formally shown how a boundedquery variant of robust probing security can be reduced to the linear cryptanalysis of masked ciphers. As a result, the compositional issues of higher-order threshold implementations can be overcome without relying on fresh randomness. From a practical point of view, the aforementioned approach makes it possible to transfer many of the desirable properties of first-order threshold implementations, such as their low randomness usage, to the second-order setting. For example, a straightforward application to the block cipher LED results in a masking using less than 700 random bits including the initial sharing. In addition, the cryptanalytic approach introduced in this paper provides additional insight into the design of masked ciphers and allows for a quantifiable trade-off between security and performance.

show abstract

Section: Fourier Analysismentioning

confidence: 99%

Cryptanalysis of Masked Ciphers: A Not So Random Idea

Beyne

Dhooghe

Zhang

2020

Advances in Cryptology – ASIACRYPT 2020

Self Cite

View full text Add to dashboard Cite

show abstract

“…The coordinate representation of this operator with respect to the standard basis {δ x } x∈V may be called the transition matrix of F . Following [1], the correlation matrix of F is then the same operator expressed with respect to the Fourier basis. The correlation matrix of a sharing can be defined as follows.…”

Section: Cryptanalysis Of Higher-order Threshold Implementationsmentioning

confidence: 99%

A Low-Randomness Second-Order Masked AES

Beyne

Dhooghe

Ranea

et al. 2022

Selected Areas in Cryptography

View full text Add to dashboard Cite

We propose a second-order masking of the AES in hardware that requires an order of magnitude less random bits per encryption compared to previous work. The design and its security analysis are based on recent results by Beyne et al. from Asiacrypt 2020. Applying these results to the AES required overcoming significant engineering challenges by introducing new design techniques. Since the security analysis is based on linear cryptanalysis, the masked cipher needs to have sufficient diffusion and the S-box sharing must be highly nonlinear. Hence, in order to apply the changing of the guards technique, a detailed study of its effect on the diffusion of the linear layer becomes important. The security analysis is automated using an SMT solver. Furthermore, we propose a sharpening of the glitch-extended probing model that results in improvements to our concrete security bounds. Finally, it is shown how to amortize randomness costs over multiple evaluations of the masked cipher.

show abstract

“…Each LCG block is defining by recurrence relations. It is given by Equations ( 3) to (6). Equations ( 3) and ( 4) are named as variable input linear congruential generators, where, the variable parameters p i and q i are obtained from two different LCGs recurrence relations and it is defined by Equations ( 5) and ( 6).…”

Section: Proposed Prbg and Its Architecturementioning

confidence: 99%

“…The randomly generated seed value by using LCG recurrence relations as given by Equations ( 5) and (6) in each iteration that is pðp 0 ; p 1 ; …; p 2 n −2 ; p 2 n −1 Þ and qðq 0 ; q 1 ; …; q 2 n −2 ; q 2 n −1 Þ correspondingly. And its values act as input seed for another two different variable input LCG generator as given by Equation ( 3) and ( 4).…”

Section: Proposed Prbg and Its Architecturementioning

confidence: 99%

“…The security and confidentiality of the pseudorandom bit sequence are determined by its randomness and balanceness properties. Random bit generators have been used in a wide variety of applications, such as cryptography [3][4][5][6][7], Monte Carlo simulators, signature analysis [8], estimating the immunity-to-noise ratio in digital systems, testing of physical, electrical and biological systems like code density tests, determination of Volterra kernels and Wiener in nonlinear systems [9], artificial neural networks etc. Due to technological advancement, the appearance of video and image data on the Internet has remarkably increased.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Coupled variable‐input LCG and clock divider‐based large period pseudo‐random bit generator on FPGA

Gupta

Chauhan

2021

IET Computers & Digital Tech

View full text Add to dashboard Cite

The authors present a new method for the generation of pseudorandom bits, based on coupled variable input linear congruential generator (LCG) and a clock divider. To prevent the system from falling into short-period orbits as well as increasing the randomness of the generated bit sequences, the proposed algorithm periodically changes the seed parameters of the LCG blocks. The proposed clock divider-based pseudorandom bit generator is compared with other LCG-based realisations, showing great improvement. First, a clock divider is utilised for generating a maximum length of 2 2n pseudorandom bits for n-bit operands size which leads to lowering the hardware cost. Secondly, it generates high-speed random bits at a uniform clock rate with one initial clock latency. Third, the proposed technique provides good statistical properties. The proposed architecture is implemented using Verilog HDL and further prototyped on commercially available field programmable gate array (FPGA) devices Virtex-5, Virtex-7, and Artix-7. The realisation of the proposed architecture in these FPGA devices accomplishes an improved data throughput and utilises minimum FPGA resources (in terms of look-up-tables and flip-flops) which are compared with the existing techniques. The generated bit sequence from the experiment is further analysed briefly for sequence size and verified for randomness by using the National Institute of Standards and Technology benchmark test.This is an open access article under the terms of the Creative Commons Attribution-NonCommercial-NoDerivs License, which permits use and distribution in any medium, provided the original work is properly cited, the use is non-commercial and no modifications or adaptations are made.

show abstract

Block Cipher Invariants as Eigenvectors of Correlation Matrices

Cited by 20 publications

References 24 publications

Cryptanalysis of Masked Ciphers: A Not So Random Idea

Cryptanalysis of Masked Ciphers: A Not So Random Idea

A Low-Randomness Second-Order Masked AES

Coupled variable‐input LCG and clock divider‐based large period pseudo‐random bit generator on FPGA

Contact Info

Product

Resources

About