Arpan Jati

Rig: A Simple, Secure and Flexible Design for Password Hashing

Password Hashing, a technique commonly implemented by a server to protect passwords of clients, by performing a one-way transformation on the password, turning it into another string called the hashed password. In this paper, we introduce a secure password hashing framework Rig which is based on secure cryptographic hash functions. It provides the flexibility to choose different functions for different phases of the construction. The design of the scheme is very simple to implement in software and is flexible as the memory parameter is independent of time parameter (no actual time and memory trade-off) and is strictly sequential (difficult to parallelize) with comparatively huge memory consumption that provides strong resistance against attackers using multiple processing units. It supports client-independent updates, i.e., the server can increase the security parameters by updating the existing password hashes without knowing the password. Rig can also support the server relief protocol where the client bears the maximum effort to compute the password hash, while there is minimal effort at the server side. We analyze Rig and show that our proposal provides an exponential time complexity against the low-memory attack.

SPF: A New Family of Efficient Format-Preserving Encryption Algorithms

Commonly used encryption methods treat the plaintext merely as a stream of bits, disregarding any specific format that the data might have. In many situations, it is desirable and essential to have the ciphertext follow the same format as the plaintext. Moreover, ciphertext length expansion is also not allowed in these situations. Encryption of credit card numbers and social security numbers are the two most common examples of this requirement. Format-Preserving Encryption (FPE) is a symmetric key cryptographic primitive that is used to achieve this functionality. Initiated by the work of Black and Rogaway (CT-RSA 2002), many academic solutions have been proposed in literature that have focused on designing efficient FPE schemes. However, almost all the existing FPE schemes are based on Feistel construction and have efficiency issues.

eSPF : A Family of Format-Preserving Encryption Algorithms Using MDS Matrices

The construction SPF, presented in Inscrypt-2016 was the first known SPN based format-preserving encryption algorithm. In this work, we significantly improve its performance and flexibility. We term this new construction as eSPF. Unlike SPF, all the basic transformations of eSPF are defined under the field \(\mathbb {F}_p\). This allows us to use a MDS matrix instead of the binary matrix used in SPF. The optimal diffusion of MDS matrix leads to an efficient and secure design. However, this change leads to violations in the message format. To mitigate this, we propose a discarding algorithm to drop the symbols that are not the elements of the format thus preserving it.

Exploiting the Leakage: Analysis of Some Authenticated Encryption Schemes

The ongoing CAESAR competition, aimed at finding robust and secure authenticated encryption schemes provides many new submissions for analysis. We analyzed many schemes and came across a plenitude of techniques, design ideals and security notions. In view of the above, we present key recovery attacks using DPA for Deoxys, Joltik and ELmD, and a forgery attack on AEGIS. In our analysis of the various schemes, we found out that, schemes using Sponge constructions with pre-initialized keys such as Ascon, ICEPOLE, Keyak, NORX, PRIMATEs, etc. were significantly harder to attack than contemporary designs using standard building blocks from a side channel perspective. We also implement and demonstrate an attack on Joltik-BC, to recover the key in roughly 50–60 traces.

Cryptographic Module Based Approach for Password Hashing Schemes

Password Hashing is the technique of performing one-way transformation of the password. One of the requirements of password hashing algorithms is to be memory demanding to provide defense against hardware attacks. In practice, most Cryptographic designs are implemented inside a Cryptographic module, as suggested by NIST in a set of standards (FIPS 140). A cryptographic module has a limited memory and this makes it challenging to implement a password hashing scheme (PHS) inside it.