Marian Srebrny

Cube attacks and cube-attack-like cryptanalysis on the round-reduced Keccak sponge function

In this paper, we comprehensively study the resistance of keyed variants of SHA-3 (Keccak) against algebraic attacks. This analysis covers a wide range of key recovery, MAC forgery and other types of attacks, breaking up to 9 rounds (out of the full 24) of the Keccak internal permutation much faster than exhaustive search. Moreover, some of our attacks on the 6-round Keccak are completely practical and were verified on a desktop PC. Our methods combine cube attacks (an algebraic key recovery attack) and related algebraic techniques with structural analysis of the Keccak permutation. These techniques should be useful in future cryptanalysis of Keccak and similar designs.

Rotational cryptanalysis of round-reduced Keccak

In this paper we attack round-reduced Keccak hash function with a technique called rotational cryptanalysis. We focus on Keccak variants proposed as SHA-3 candidates in the NIST’s contest for a new standard of cryptographic hash function. Our main result is a preimage attack on 4-round Keccak and a 5-round distinguisher on Keccak-\(f\)[1600] permutation — the main building block of Keccak hash function.

Security margin evaluation of SHA-3 contest finalists through SAT-Based attacks

In 2007, the U.S. National Institute of Standards and Technology (NIST) announced a public contest aiming at the selection of a new standard for a cryptographic hash function. In this paper, the security margin of five SHA-3 finalists is evaluated with an assumption that attacks launched on finalists should be practically verified. A method of attacks is called logical cryptanalysis where the original task is expressed as a SATisfiability problem. To simplify the most arduous stages of this type of cryptanalysis and helps to mount the attacks in a uniform way a new toolkit is used. In the context of SAT-based attacks, it has been shown that all the finalists have substantially bigger security margin than the current standards SHA-256 and SHA-1.

A SAT-based preimage analysis of reduced Keccak hash functions

Abstract In this paper, we present a preimage attack on reduced versions of Keccak hash functions. We use our recently developed toolkit CryptLogVer for generating the conjunctive normal form, CNF, which is passed to the SAT solver PrecoSAT. We found preimages for some reduced versions of the function and showed that full Keccak function has a comfortable security margin against this kind of attack.

ICEPOLE: High-Speed, Hardware-Oriented Authenticated Encryption

This paper introduces our dedicated authenticated encryption scheme ICEPOLE. ICEPOLE is a high-speed hardware-oriented scheme, suitable for high-throughput network nodes or generally any environment where specialized hardware (such as FPGAs or ASICs) can be used to provide high data processing rates. ICEPOLE-128 (the primary ICEPOLE variant) is very fast. On the modern FPGA device Virtex 6, a basic iterative architecture of ICEPOLE reaches 41 Gbits/s, which is over 10 times faster than the equivalent implementation of AES-128-GCM. The throughput-to-area ratio is also substantially better when compared to AES-128-GCM. We have carefully examined the security of the algorithm through a range of cryptanalytic techniques and our findings indicate that ICEPOLE offers high security level.

Remarks on the Classical Threshold Secret Sharing Schemes

We survey some results related to classical secret sharing schemes defined in Shamir [10] and Blakley [1], and developed in Brickell [2] and Lai and Ding [4]. Using elementary symmetric polynomials, we describe in a unified way which allocations of identities to participants define Shamirs threshold scheme, or its generalization by Lai and Ding, with a secret placed as a fixed coefficient of the scheme polynomial. This characterization enabled proving in Schinzel et al. [8], [9] and Spiez et al. [13] some new and non-trivial properties of such schemes. Also a characterization of matrices corresponding to the threshold secret sharing schemes of Blakley and Brickells type is given. Using Gaussian elimination we provide an algorithm to construct all such matrices which is efficient in the case of relatively small matrices. The algorithm may be useful in constructing systems where dynamics is important (one may generate new identities using it). It can also be used to construct all possible MDS codes. MSC: primary 94A62; secondary 11T71; 11C20

Public Key Infrastructure

This chapter briefly looks at a PKI network security infrastructure and its basic services: entity authentication, message integrity, and confidentiality. It presents a PKI structure, its basic components, and the tasks of Registration Authority (RA), Certification Authority (CA), key repositories, certificates and Certificate Revocation Lists (CRLs).

SAT as a Programming Environment for Linear Algebra

In this paper we present an application of the propositional SATisfiability environment to computing some simple orthogonal matrices and some interesting tasks in the area of cryptanalysis. We show how one can code a search for some kind of desired objects as a propositional formulae in such a way that their satisfying valuations code such objects. Some encouraging (and not very encouraging) experimental results are reported for the proposed propositional search procedures using the currently best SAT solvers. In this paper we pursue a propositional programming paradigm. To solve your problem: (1) translate the problem to SAT (in such a way that a satisfying valuation represents a solution to the problem); (2) run the currently best SAT checker to solve it for you. The propositional encoding formula can be thought of as a declarative program. The hope you can get a solution relatively fast is based on the fact that the SAT solving algorithm is one of the best optimized. A SAT solving algorithm decides whether a given propositional (Boolean) formula has a satisfying valuation. SAT was the first known NP-complete problem, as proved by Stephen Cook in 1971. Finding a satisfying valuation is infeasible in general, but many SAT instances can be solved surprisingly efficiently. There are many competing algorithms for it and many implementations, most of them were developed over the last two decades as highly optimized versions of the DPLL procedure of (Davis & Putnam 1960) and (Davis, Logeman & Loveland 1962). In the area of cryptanalysis we apply that idea to try out the power of the SAT solvers in breaking two of the currently most exciting challenges: RSA and SHA-1. Although our experimental results have not turned out to be a success in breaking those cryptosystems, they seem interesting in their own right as reasonable testing benchmarks for the SAT solvers. Similarly, some formulae encoding search for orthogonal matrices in some linear spaces over Galois field F2 are presented below.

Cryptographic Applications for Network Security

This chapter provides an overview of selected practical applications of cryptographic techniques, presented in the previous chapters, in electronic network and data security protection. It outlines examples of various threats occurring in open telecommunication networks (such as the Internet) and the most well-known examples of software systems for data security, privacy, protection and security of electronic mail.

Foundations of Symmetric Cryptography

This chapter presents theoretical foundations of symmetric-key cryptography, or secret-key cryptography. The currently most widely used symmetric algorithms are given. It starts with the concept of a Feistel network which constitutes an important design principle underlying many advanced symmetric encryption schemes. Among the most well-known symmetric-key ciphers are DES (Data Encryption Standard) and its official successor AES (Advanced Encryption Standard), followed by several others also well known and also often used in practice such as IDEA (International Data Encryption Algorithm) or the RC (Rivest Cipher) family of algorithms.