32 results sorted by ID
Secure and efficient transciphering for FHE-based MPC
Diego F. Aranha, Antonio Guimarães, Clément Hoffmann, Pierrick Méaux
Cryptographic protocols
Transciphering (or Hybrid-Homomorphic Encryption, HHE) is an es-
tablished technique for avoiding ciphertext expansion in HE applications, saving communication and storage resources. Recently, it has also been shown to be a fundamental component in the practical construction of HE-based multi-party computation (MPC) protocols, being used both for input data and intermediary results (Smart, IMACC 2023). In these protocols, however, ciphers are used with keys that are jointly generated by...
Mutator Sets and their Application to Scalable Privacy
Alan Szepieniec, Thorkil Værge
Cryptographic protocols
A mutator set is a cryptographic data structure for authenticating operations on a changing set of data elements called items. Informally:
- There is a short commitment to the set.
- There are succinct membership proofs for elements of the set.
- It is possible to update the commitment as well as the membership proofs with minimal effort as new items are added to the set or as existing items are removed from it.
- Items cannot be removed before they were added.
- It is...
Division of Regulatory Power: Collaborative Regulation for Privacy-Preserving Blockchains
Tianyu Zhaolu, Zhiguo Wan, Huaqun Wang
Applications
Decentralized anonymous payment schemes may be exploited for illicit activities, such as money laundering, bribery and blackmail. To address this issue, several regulatory friendly decentralized anonymous payment schemes have been proposed. However, most of these solutions lack restrictions on the regulator’s authority, which could potentially result in power abuse and privacy breaches. In this paper, we present a decentralized anonymous payment scheme with collaborative regulation (DAPCR)....
Group Time-based One-time Passwords and its Application to Efficient Privacy-Preserving Proof of Location
Zheng Yang, Chenglu Jin, Jianting Ning, Zengpeng Li, Tien Tuan Anh Dinh, Jianying Zhou
Cryptographic protocols
Time-based One-Time Password (TOTP) provides a strong second factor for user authentication. In TOTP, a prover authenticates to a verifier by using the current time and a secret key to generate an authentication token (or password) which is valid for a short time period. Our goal is to extend TOTP to the group setting, and to provide both authentication and privacy. To this end, we introduce a new authentication scheme, called Group TOTP (GTOTP), that allows the prover to prove that it is a...
Atom: A Stream Cipher with Double Key Filter
Subhadeep Banik, Andrea Caforio, Takanori Isobe, Fukang Liu, Willi Meier, Kosei Sakamoto, Santanu Sarkar
Secret-key cryptography
It has been common knowledge that for a stream cipher to be secure against generic TMD tradeoff attacks, the size of its internal state in bits needs to be at least twice the size of the length of its secret key. In FSE 2015, Armknecht and Mikhalev however proposed the stream cipher Sprout with a Grain-like architecture, whose internal state was equal in size with its secret key and yet resistant against TMD attacks. Although Sprout had other weaknesses, it germinated a sequence of stream...
Observer Attack on Stream Ciphers
Ramachandran Anantharaman, Virendra Sule
Secret-key cryptography
This paper proposes an internal state recovery attack on special class of stream generators called non-linear combiners and filter generators over finite fields consisting of linear feedback shift registers (LFSRs) and nonlinear functions combining internal states to form output stream. This attack utilizes the concept of an observer, well known in the theory of Linear Dynamical Systems. An observer is a special linear dynamical system which when fed with the output sequence of the stream...
Transciphering, using FiLIP and TFHE for an efficient delegation of computation
Clément Hoffmann, Pierrick Méaux, Thomas Ricosset
Implementation
Improved filter permutators are designed to build stream ciphers that
can be efficiently evaluated homomorphically. So far the transciphering with
such ciphers has been implemented with homomorphic schemes from the second
generation. In theory the third generation is more adapted for the particular
design of these ciphers. In this article we study how suitable it is in practice. We
implement the transciphering of different instances of the stream cipher family
FiLIP with homomorphic...
Weights on affine subspaces and some other cryptographic characteristics of Boolean functions of 5 variables
Evgeny K. Alekseev, Lyudmila A. Kushchinskaya
Secret-key cryptography
Recently one new key recovery method for a filter generator was proposed. It is based on so-called planar approximations of such a generator. This paper contains the numerical part of the research of the Boolean functions properties which allow to protect the generator against this method. The main theoretical part of this research is presented at the CTCrypt 2019 conference.
Improved Filter Permutators: Combining Symmetric Encryption Design, Boolean Functions, Low Complexity Cryptography, and Homomorphic Encryption, for Private Delegation of Computations
Pierrick Méaux, Claude Carlet, Anthony Journault, François-Xavier Standaert
Motivated by the application of delegating computation, we revisit the design of filter permutators as a general approach to build stream ciphers that can be efficiently evaluated in a fully homomorphic manner.
We first introduce improved filter permutators that allow better security analyses, instances and implementations than the previously proposed FLIP family of stream ciphers.
We also put forward the similarities between these improved constructions and a popular PRG design by...
Attacks against Filter Generators Exploiting Monomial Mappings
Anne Canteaut, Yann Rotella
Secret-key cryptography
Filter generators are vulnerable to several attacks which have led to well-known design criteria on the Boolean filtering function. However, Rønjom and Cid have observed that a change of the primitive root defining the LFSR leads to several equivalent generators. They usually offer different security levels since they involve filtering functions of the form F(x^k) where k is coprime to (2^n-1) and n denotes the LFSR length. It is proved here that this monomial equivalence does not affect the...
Towards Stream Ciphers for Efficient FHE with Low-Noise Ciphertexts
Pierrick Méaux, Anthony Journault, François-Xavier Standaert, Claude Carlet
Symmetric ciphers purposed for Fully Homomorphic Encryption (FHE) have recently been proposed
for two main reasons. First, minimizing the implementation (time and memory) overheads that are inherent
to current FHE schemes. Second, improving the homomorphic capacity, \textit{i.e.} the amount of operations that one
can perform on homomorphic ciphertexts before bootstrapping, which amounts to limit their level of noise.
Existing solutions for this purpose suggest a gap between block ciphers and...
A Generic Construction for Verifiable Attribute-based Keyword Search Schemes
Mohammmad Hassan Ameri, Maryam Rajabzadeh Assar, Javad Mohajeri, Mahmoud Salmasizadeh
Public-key cryptography
Cloud data owners encrypt their documents before outsourcing to provide their privacy. They could determine a search control policy and delegate the ability of search token generation to the users whose attributes satisfy the search control policy. Verifiable attribute-based keyword search (VABKS) where the users can also verify the accuracy of cloud functionality is one of such schemes. In this paper, the first generic construction for VABKS is proposed. To this end, the notion of...
Improving algebraic attacks on stream ciphers based on linear feedback shifter registers over $F_{2^k}$
Sondre Rønjom
Secret-key cryptography
In this paper we investigate univariate algebraic attacks on filter generators over extension fields $F_q=F_{2^n}$ with focus on the Welch-Gong (WG) family of stream ciphers. Our main contribution is to break WG-5, WG-7, WG-8 and WG-16 by combining results on the so-called spectral immunity (minimum distance of certain cyclic codes) with properties of the WG type stream cipher construction. The spectral immunity is the univariate analog of algebraic immunity and instead of measuring degree...
A Meet in the Middle Attack on Reduced Round Kuznyechik
Riham AlTawy, Amr M. Youssef
Secret-key cryptography
Kuznyechik is an SPN block cipher that has been recently chosen to be standardized by the Russian federation as a new GOST cipher. The algorithm updates a 128-bit state for nine rounds using a 256-bit key. In this paper, we present a meet-in-the-middle attack on the 5-round reduced cipher. Our attack is based on the differential enumeration approach, where we propose a distinguisher for the middle rounds and match a sequence of state differences at its output. However, the application of the...
Privacy-Preserving Data Publish-Subscribe Service on Cloud-based Platforms
Kan Yang, Xiaohua Jia, Kuan Zhang, Xuemin (Sherman) Shen
Data publish-subscribe service is an effective approach to share and filter data. Due to the huge volume and velocity of data generated daily, cloud systems are inevitably becoming the platform for data publication and subscription. However, the privacy becomes a challenging issue as the cloud server cannot be fully trusted by both data publishers and data subscribers. In this paper, we propose a privacy-preserving data publish-subscribe service for cloud-based platforms. Specifically, we...
Security Analysis of Linearly Filtered NLFSRs
Mohammad Ali Orumiehchiha, Josef Pieprzyk, Ron Steinfeld, Harry Bartlett
Secret-key cryptography
Our contributions are applying distinguishing attack on Linearly Filtered NLFSR as a primitive or associated with filter generators. We extend the attack on linear combinations of Linearly Filtered NLFSRs as well. Generally, these structures can be examined by the proposed techniques and the criteria will be achieved to design secure primitive. The attacks allow attacker to mount linear attack to distinguish the output of the cipher and recover its internal state. Also, we investigate...
Faster index calculus for the medium prime case. Application to 1175-bit and 1425-bit finite fields
Antoine Joux
Foundations
Many index calculus algorithms generate multiplicative relations
between smoothness basis elements by using a process called {\it
Sieving}. This process allows to filter potential candidate
relations very quickly, without spending too much time to consider bad
candidates. However, from an asymptotic point of view, there is not
much difference between sieving and straightforward testing of
candidates. The reason is that even when sieving, some small amount
time is spend for each bad...
A Scalable Method for Constructing Galois NLFSRs with Period $2^n-1$ using Cross-Join Pairs
Elena Dubrova
Foundations
This paper presents a method for constructing $n$-stage Galois NLFSRs with period $2^n-1$ from $n$-stage maximum length LFSRs. We introduce nonlinearity into state cycles by adding a nonlinear Boolean function to the feedback polynomial of the LFSR. Each assignment of variables for which this function evaluates to 1 acts as a crossing point for the LFSR state cycle. By adding a copy of the same function to a later stage of the register, we cancel the effect of nonlinearity and join the state...
Highly Nonlinear Boolean Functions with Optimal Algebraic Immunity and Good Behavior Against Fast Algebraic Attacks
Deng Tang, Claude Carlet, Xiaohu Tang
Secret-key cryptography
In this paper, we present a new combinatorial conjecture about binary strings. Based on the new conjecture, two classes of Boolean functions of $2k$ variables with optimal algebraic immunity are proposed, where $k\ge 2$. The first class contains unbalanced functions having high algebraic degree and nonlinearity. The functions in the second one are balanced and have maximal algebraic degree and high nonlinearity. It is checked that, at least for small numbers of variables, both classes of...
Supporting Publication and Subscription Confidentiality in Pub/Sub Networks
Mihaela Ion, Giovanni Russello, Bruno Crispo
The publish/subscribe model offers a loosely-coupled communication paradigm where applications interact indirectly and asynchronously. Publisher applications generate events that are sent to interested applications through a network of brokers. Subscriber applications express their interest by specifying filters that brokers can use for routing the events. Supporting confidentiality of messages being exchanged is still challenging. First of all, it is desirable that any scheme used for...
Loiss: A Byte-Oriented Stream Cipher
Dengguo Feng, Xiutao Feng, Wentao Zhang, Xiubin Fan, Chuankun Wu
Secret-key cryptography
This paper presents a byte-oriented stream cipher -- Loiss, which takes a 128-bit initial key and a 128-bit initial vector as inputs, and outputs a key stream of bytes. The algorithm is based on a linear feedback shift register, and uses a structure called BOMM in the filter generator, which has good property on resisting against algebraic attacks, linear distinguishing attacks and fast correlation attacks. In order for BOMM to be balanced, the S-boxes in BOMM must be orthomorphic...
Perfectly Balanced Boolean Functions and Golić Conjecture
Stanislav Smyshlyaev
Foundations
Golić conjecture states that the necessary condition for a function to be perfectly balanced for any choice of a tapping sequence is linearity of a function in the first or in the last essential variable. In the current paper we prove Golić conjecture.
Bias in the nonlinear filter generator output sequence
Sui-Guan Teo, Leonie Simpson, Ed Dawson
Nonlinear filter generators are common components used in the keystream generators for stream ciphers and more recently for authentication mechanisms. They consist of a Linear Feedback Shift Register (LFSR) and a nonlinear Boolean function to mask the linearity of the LFSR output. Properties of the output of a nonlinear filter are not well studied. Anderson noted that the $m$-tuple output of a nonlinear filter with consecutive taps to the filter function is unevenly distributed. Current...
Golden Fish: An Intelligent Stream Cipher Fuse Memory Modules
Lan Luo, QiongHai Dai, ZhiGuang Qin, ChunXiang Xu
In this paper, we use a high-order iterated function generated by block cipher as the nonlinear filter to improve the security of stream cipher. Moreover, by combining the published rounds function in block cipher and OFB as the nonlinear functional mode with an extra memory module, we enable to control the nonlinear complexity of the design. This new approach fuses the block cipher operation mode with two memory modules in one stream cipher. The security of this design is proven by the both...
2009/329
Last updated: 2009-10-05
Efficient Approximation of Higher Order Boolean function in a Low Order Function
Mehreen Afzal, Ashraf Masood
A few of non-linear approximation methods for Boolean functions
have been developed but they are not of practical application. However,
if a low order Boolean function can be found that can nearly approximate
a higher order Boolean function of an encryption technique
then the low order Boolean function can be used to exploit the cipher.
Such a technique can become a strong cryptanalytic tool and can sneak
in a cipher. In this article, an efficient method has been devised to find
non-linear...
Perfectly Balanced Functions in Symbolic Dynamics
O. A. Logachev, A. A. Salnikov, S. V. Smyshlyaev, V. V. Yashchenko
Foundations
In the present paper we study properties of perfectly balanced Boolean functions. Based on the concept of Boolean function barrier, we propose a novel approach to construct large classes of perfectly balanced Boolean functions.
Searchable encryption with decryption in the standard model
Dennis Hofheinz, Enav Weinreb
Public-key cryptography
A *searchable public key encryption (PEKS) scheme* allows to generate, for any given message $W$, a trapdoor $T_W$, such that $T_W$ allows to check whether a given ciphertext is an encryption of $W$ or not. Of course, $T_W$ should not reveal any additional information about the plaintext. PEKS schemes have interesting applications: for instance, consider an email gateway that wants to prioritize or filter encrypted emails based on keywords contained in the message text. The email recipient...
Local Affinity Based Inversion of Filter Generators
O. A. Logachev, D. S. Nazarova
We propose a novel efficient cryptanalytic technique allowing
an adversary to recover an initial state of filter generator given
its output sequence. The technique is applicable to filter
generators possessing local affinity property.
Vectorial Boolean functions and induced algebraic equations
Jovan Dj. Golic
Foundations
A general mathematical framework behind algebraic cryptanalytic attacks is developed. The framework relates to finding algebraic equations induced by vectorial Boolean functions and, in particular, equations of low algebraic degree. The equations may involve only a subset of input variables and may or may not be conditioned on the values of output variables. In addition, the equations may have a special form interesting for the so-called fast algebraic attacks. A possible divide-and-conquer...
Attacks based on Conditional Correlations against the Nonlinear Filter Generator
Bernhard Löhlein
Secret-key cryptography
In this paper we extend the conditional correlation attack ([LCPP96])
against the nonlinear filter generator (NLFG) by introducing
new conditions and generalisations and present two known-plaintext attacks, called hybrid correlation attack and concentration attack.
The NLFG is a well known LFSR-based keystream generator which could be used as a basic building block in a synchronous stream cipher system.
Both new attacks use methods from the conditional correlation attack and additional
from...
Turing, a fast stream cipher
Greg Rose, Philip Hawkes
Secret-key cryptography
This paper proposes the Turing stream cipher. Turing offers up to 256-bit key strength, and is designed for extremely efficient software implementation. It combines an LFSR generator based on that of SOBER with a keyed mixing function reminiscent of a block cipher round. Aspects of the block mixer round have been derived from Rijndael, Twofish, tc24 and SAFER.
A Time-Memory Tradeoff Attack Against LILI-128
Markku-Juhani Olavi Saarinen
Secret-key cryptography
In this note we discuss a novel but simple time-memory tradeoff attack
against the stream cipher LILI-128. The attack defeats
the security advantage of having an irregular stepping function.
The attack requires $2^{46}$ bits of keystream, a lookup table of
$2^{45}$ 89-bit words and computational effort which is roughly
equivalent to $2^{48}$ DES operations.
Transciphering (or Hybrid-Homomorphic Encryption, HHE) is an es- tablished technique for avoiding ciphertext expansion in HE applications, saving communication and storage resources. Recently, it has also been shown to be a fundamental component in the practical construction of HE-based multi-party computation (MPC) protocols, being used both for input data and intermediary results (Smart, IMACC 2023). In these protocols, however, ciphers are used with keys that are jointly generated by...
A mutator set is a cryptographic data structure for authenticating operations on a changing set of data elements called items. Informally: - There is a short commitment to the set. - There are succinct membership proofs for elements of the set. - It is possible to update the commitment as well as the membership proofs with minimal effort as new items are added to the set or as existing items are removed from it. - Items cannot be removed before they were added. - It is...
Decentralized anonymous payment schemes may be exploited for illicit activities, such as money laundering, bribery and blackmail. To address this issue, several regulatory friendly decentralized anonymous payment schemes have been proposed. However, most of these solutions lack restrictions on the regulator’s authority, which could potentially result in power abuse and privacy breaches. In this paper, we present a decentralized anonymous payment scheme with collaborative regulation (DAPCR)....
Time-based One-Time Password (TOTP) provides a strong second factor for user authentication. In TOTP, a prover authenticates to a verifier by using the current time and a secret key to generate an authentication token (or password) which is valid for a short time period. Our goal is to extend TOTP to the group setting, and to provide both authentication and privacy. To this end, we introduce a new authentication scheme, called Group TOTP (GTOTP), that allows the prover to prove that it is a...
It has been common knowledge that for a stream cipher to be secure against generic TMD tradeoff attacks, the size of its internal state in bits needs to be at least twice the size of the length of its secret key. In FSE 2015, Armknecht and Mikhalev however proposed the stream cipher Sprout with a Grain-like architecture, whose internal state was equal in size with its secret key and yet resistant against TMD attacks. Although Sprout had other weaknesses, it germinated a sequence of stream...
This paper proposes an internal state recovery attack on special class of stream generators called non-linear combiners and filter generators over finite fields consisting of linear feedback shift registers (LFSRs) and nonlinear functions combining internal states to form output stream. This attack utilizes the concept of an observer, well known in the theory of Linear Dynamical Systems. An observer is a special linear dynamical system which when fed with the output sequence of the stream...
Improved filter permutators are designed to build stream ciphers that can be efficiently evaluated homomorphically. So far the transciphering with such ciphers has been implemented with homomorphic schemes from the second generation. In theory the third generation is more adapted for the particular design of these ciphers. In this article we study how suitable it is in practice. We implement the transciphering of different instances of the stream cipher family FiLIP with homomorphic...
Recently one new key recovery method for a filter generator was proposed. It is based on so-called planar approximations of such a generator. This paper contains the numerical part of the research of the Boolean functions properties which allow to protect the generator against this method. The main theoretical part of this research is presented at the CTCrypt 2019 conference.
Motivated by the application of delegating computation, we revisit the design of filter permutators as a general approach to build stream ciphers that can be efficiently evaluated in a fully homomorphic manner. We first introduce improved filter permutators that allow better security analyses, instances and implementations than the previously proposed FLIP family of stream ciphers. We also put forward the similarities between these improved constructions and a popular PRG design by...
Filter generators are vulnerable to several attacks which have led to well-known design criteria on the Boolean filtering function. However, Rønjom and Cid have observed that a change of the primitive root defining the LFSR leads to several equivalent generators. They usually offer different security levels since they involve filtering functions of the form F(x^k) where k is coprime to (2^n-1) and n denotes the LFSR length. It is proved here that this monomial equivalence does not affect the...
Symmetric ciphers purposed for Fully Homomorphic Encryption (FHE) have recently been proposed for two main reasons. First, minimizing the implementation (time and memory) overheads that are inherent to current FHE schemes. Second, improving the homomorphic capacity, \textit{i.e.} the amount of operations that one can perform on homomorphic ciphertexts before bootstrapping, which amounts to limit their level of noise. Existing solutions for this purpose suggest a gap between block ciphers and...
Cloud data owners encrypt their documents before outsourcing to provide their privacy. They could determine a search control policy and delegate the ability of search token generation to the users whose attributes satisfy the search control policy. Verifiable attribute-based keyword search (VABKS) where the users can also verify the accuracy of cloud functionality is one of such schemes. In this paper, the first generic construction for VABKS is proposed. To this end, the notion of...
In this paper we investigate univariate algebraic attacks on filter generators over extension fields $F_q=F_{2^n}$ with focus on the Welch-Gong (WG) family of stream ciphers. Our main contribution is to break WG-5, WG-7, WG-8 and WG-16 by combining results on the so-called spectral immunity (minimum distance of certain cyclic codes) with properties of the WG type stream cipher construction. The spectral immunity is the univariate analog of algebraic immunity and instead of measuring degree...
Kuznyechik is an SPN block cipher that has been recently chosen to be standardized by the Russian federation as a new GOST cipher. The algorithm updates a 128-bit state for nine rounds using a 256-bit key. In this paper, we present a meet-in-the-middle attack on the 5-round reduced cipher. Our attack is based on the differential enumeration approach, where we propose a distinguisher for the middle rounds and match a sequence of state differences at its output. However, the application of the...
Data publish-subscribe service is an effective approach to share and filter data. Due to the huge volume and velocity of data generated daily, cloud systems are inevitably becoming the platform for data publication and subscription. However, the privacy becomes a challenging issue as the cloud server cannot be fully trusted by both data publishers and data subscribers. In this paper, we propose a privacy-preserving data publish-subscribe service for cloud-based platforms. Specifically, we...
Our contributions are applying distinguishing attack on Linearly Filtered NLFSR as a primitive or associated with filter generators. We extend the attack on linear combinations of Linearly Filtered NLFSRs as well. Generally, these structures can be examined by the proposed techniques and the criteria will be achieved to design secure primitive. The attacks allow attacker to mount linear attack to distinguish the output of the cipher and recover its internal state. Also, we investigate...
Many index calculus algorithms generate multiplicative relations between smoothness basis elements by using a process called {\it Sieving}. This process allows to filter potential candidate relations very quickly, without spending too much time to consider bad candidates. However, from an asymptotic point of view, there is not much difference between sieving and straightforward testing of candidates. The reason is that even when sieving, some small amount time is spend for each bad...
This paper presents a method for constructing $n$-stage Galois NLFSRs with period $2^n-1$ from $n$-stage maximum length LFSRs. We introduce nonlinearity into state cycles by adding a nonlinear Boolean function to the feedback polynomial of the LFSR. Each assignment of variables for which this function evaluates to 1 acts as a crossing point for the LFSR state cycle. By adding a copy of the same function to a later stage of the register, we cancel the effect of nonlinearity and join the state...
In this paper, we present a new combinatorial conjecture about binary strings. Based on the new conjecture, two classes of Boolean functions of $2k$ variables with optimal algebraic immunity are proposed, where $k\ge 2$. The first class contains unbalanced functions having high algebraic degree and nonlinearity. The functions in the second one are balanced and have maximal algebraic degree and high nonlinearity. It is checked that, at least for small numbers of variables, both classes of...
The publish/subscribe model offers a loosely-coupled communication paradigm where applications interact indirectly and asynchronously. Publisher applications generate events that are sent to interested applications through a network of brokers. Subscriber applications express their interest by specifying filters that brokers can use for routing the events. Supporting confidentiality of messages being exchanged is still challenging. First of all, it is desirable that any scheme used for...
This paper presents a byte-oriented stream cipher -- Loiss, which takes a 128-bit initial key and a 128-bit initial vector as inputs, and outputs a key stream of bytes. The algorithm is based on a linear feedback shift register, and uses a structure called BOMM in the filter generator, which has good property on resisting against algebraic attacks, linear distinguishing attacks and fast correlation attacks. In order for BOMM to be balanced, the S-boxes in BOMM must be orthomorphic...
Golić conjecture states that the necessary condition for a function to be perfectly balanced for any choice of a tapping sequence is linearity of a function in the first or in the last essential variable. In the current paper we prove Golić conjecture.
Nonlinear filter generators are common components used in the keystream generators for stream ciphers and more recently for authentication mechanisms. They consist of a Linear Feedback Shift Register (LFSR) and a nonlinear Boolean function to mask the linearity of the LFSR output. Properties of the output of a nonlinear filter are not well studied. Anderson noted that the $m$-tuple output of a nonlinear filter with consecutive taps to the filter function is unevenly distributed. Current...
In this paper, we use a high-order iterated function generated by block cipher as the nonlinear filter to improve the security of stream cipher. Moreover, by combining the published rounds function in block cipher and OFB as the nonlinear functional mode with an extra memory module, we enable to control the nonlinear complexity of the design. This new approach fuses the block cipher operation mode with two memory modules in one stream cipher. The security of this design is proven by the both...
A few of non-linear approximation methods for Boolean functions have been developed but they are not of practical application. However, if a low order Boolean function can be found that can nearly approximate a higher order Boolean function of an encryption technique then the low order Boolean function can be used to exploit the cipher. Such a technique can become a strong cryptanalytic tool and can sneak in a cipher. In this article, an efficient method has been devised to find non-linear...
In the present paper we study properties of perfectly balanced Boolean functions. Based on the concept of Boolean function barrier, we propose a novel approach to construct large classes of perfectly balanced Boolean functions.
A *searchable public key encryption (PEKS) scheme* allows to generate, for any given message $W$, a trapdoor $T_W$, such that $T_W$ allows to check whether a given ciphertext is an encryption of $W$ or not. Of course, $T_W$ should not reveal any additional information about the plaintext. PEKS schemes have interesting applications: for instance, consider an email gateway that wants to prioritize or filter encrypted emails based on keywords contained in the message text. The email recipient...
We propose a novel efficient cryptanalytic technique allowing an adversary to recover an initial state of filter generator given its output sequence. The technique is applicable to filter generators possessing local affinity property.
A general mathematical framework behind algebraic cryptanalytic attacks is developed. The framework relates to finding algebraic equations induced by vectorial Boolean functions and, in particular, equations of low algebraic degree. The equations may involve only a subset of input variables and may or may not be conditioned on the values of output variables. In addition, the equations may have a special form interesting for the so-called fast algebraic attacks. A possible divide-and-conquer...
In this paper we extend the conditional correlation attack ([LCPP96]) against the nonlinear filter generator (NLFG) by introducing new conditions and generalisations and present two known-plaintext attacks, called hybrid correlation attack and concentration attack. The NLFG is a well known LFSR-based keystream generator which could be used as a basic building block in a synchronous stream cipher system. Both new attacks use methods from the conditional correlation attack and additional from...
This paper proposes the Turing stream cipher. Turing offers up to 256-bit key strength, and is designed for extremely efficient software implementation. It combines an LFSR generator based on that of SOBER with a keyed mixing function reminiscent of a block cipher round. Aspects of the block mixer round have been derived from Rijndael, Twofish, tc24 and SAFER.
In this note we discuss a novel but simple time-memory tradeoff attack against the stream cipher LILI-128. The attack defeats the security advantage of having an irregular stepping function. The attack requires $2^{46}$ bits of keystream, a lookup table of $2^{45}$ 89-bit words and computational effort which is roughly equivalent to $2^{48}$ DES operations.