Toshinobu Kaneko

Higher Order Differential Attack of Camellia (II)

Camellia is a 128-bit block cipher, proposed by NTT and Mitsubishi in 2000. It has been shown that 10 round variant without FL function under a 256-bit secret key is attackable by Higher Order Differential Attack and even if FL function is included, 9 round variant is attackable by Square Attack. In this paper, we present a new attack of Camellia using 16-th order differential and show that 11 round variant without FL function is attackable. Moreover, we show that 11 round variant with FL function is attackable, if we use chosen ciphertexts for this attack.

Modified Belief Propagation Decoding Algorithm for Low-Density Parity Check Code Based on Oscillation

A low-density parity check (LDPC) code with the belief propagation (BP) or the log-likelihood ratio belief propagation (LLR-BP) can achieve good bit error rate (BER) performance approaching the Shannon limit. When a parity check matrix of the LDPC code has the cycle, the BP and LLR-BP decoding algorithms achieve approximate maximum a posterior probability (MAP) decoding. Although the decoding algorithms are approximate MAP decoding, LDPC codes can achieve very good BER. For the short and middle length LDPC codes, BER and block error rate (BLER) performances are affected by cycle largely. In each iteration, the magnitudes of a posterior LLRs of some bits oscillate owing to cycles. The oscillation is the dominant error factor in the high Eb/N o region for short and middle length LDPC codes. In this paper, we extend the definition of oscillation to extrinsic LLR (ex-LLR) derived in the bit node process and propose the modified LLR-BP and the modified UMP-BP decoding algorithms. To reduce effects of oscillating ex-LLRs on decoding, for oscillating ex-LLRs, we add the previous ex-LLR to the current ex-LLR. From the computer simulation, we show that for short and middle length LDPC codes, with a simple modification, our proposed decoding algorithms can improve the conventional LLR-BP and UMP-BP decoding algorithms. In particular, we show that the modified UMP-BP decoding algorithm with low complexity can achieve better BER and BLER than the conventional LLR-BP decoding algorithm

Correction of Overlapping Template Matching Test Included in NIST Randomness Test Suite

Accurate values for occurrence probabilities of the template used in the overlapping template matching test included in NIST randomness test suite (NIST SP800-22) have been analyzed. The inaccurate values used in the NIST randomness test suite cause significant difference of pass rate. When the inaccurate values are used and significance level is set to 1%, the experimental mean value of pass rate, which is calculated by use of random number sequences taken from DES (Data Encryption Standard), is about 98.8%. In contrast, our new values derived from a set of recurrence formulas for the NIST randomness test suite give an empirical distribution of pass rate that meets the theoretical binomial distribution. Here, the experimental mean value of pass rate is about 99%, which corresponds to the significance level 1%.

A Study on Higher Order Differential Attack of KASUMI

This paper proposes novel calculuses of linearizing attack that can be applied to higher order differential attack. Higher order differential attack is a powerful and versatile attack on block ciphers. It can be roughly summarized as follows: (1) Derive an attack equation to estimate the key by using the higher order differential properties of the target cipher, (2) Determine the key by solving an attack equation. Linearizing attack is an effective method of solving attack equations. It linearizes an attack equation and determines the key by solving a system of linearized equations using approaches such as the Gauss-Jordan method. We enhance the derivation algorithm of the coefficient matrix for linearizing attack to reduce computational cost (fast calculus 1). Furthermore, we eliminate most of the unknown variables in the linearized equations by making the coefficient column vectors 0 (fast calculus 2). We apply these algorithms to an attack of the five-round variant of KASUMI and show that the attack complexity is equivalent to 228.9 chosen plaintexts and 231.2 KASUMI encryptions.

Precoding for MIMO Systems in Line-Of-Sight (LOS) Environment

In line-of-sight (LOS) environments, the signal detection of multiple-input multiple-output (MIMO) systems becomes difficult because the correlation among channels becomes higher when the phase differences of direct paths are close to each other. In this paper, we propose a MIMO system with precoding to maximize the minimum distance (denoted hereafter as Max-dmin precoding) to improve the performance of MIMO systems in LOS environments. Max-dmin precoding can improve the detection performance of maximum likelihood detection (MLD) by maximizing the minimum Euclidean distance between symbol points at the receiver side, but the design becomes complicated as the number of substreams increases. The design of our proposed Max-dmin precoding is easy by using the property that the first eigenvalue of channel matrix becomes dominant in LOS environments even when the number of substreams is large. We use long-term average channel state information (CSI) instead of instantaneous CSI for precoding. Moreover, we propose a reduced-complexity MLD that uses the ordered reliability of symbols that results from Max-dmin precoding. From the results of computer simulation, we show that our proposed scheme with reduced-complexity MLD can achieve low complexity and good bit error rate (BER) performance in LOS environments with Rician factor K = 5 dB.

Security analysis of MISTY1

We analyze 64-bit block cipher MISTY1 from several standpoints. Our analysis consists of two algorithms based on the higher order differential property of the S-box. The first succeeds in attacking a six round MISTY1 provided 218.9 chosen plaintexts and 280.9 computational cost. The second succeeds in attacking a seven round MISTY1 with no FL functions by controlling the value of the fixed part of the plaintext and using a 2-round elimination method provided 211.9 chosen plaintexts and 2125.1 computational cost. Both algorithms exceeds the existing attack algorithms against MISTY1 and give new perspectives for the security of MISTY1.

Performance of Concatenated Code with LDPC Code and RSC Code

In this paper, we propose a concatenated code by combining a Recursive Systematic Convolutional (RSC) code with a Low-Density Parity-Check (LDPC) code. The proposed concatenated code is encoded in parallel by an RSC encoder and an LDPC encoder without interleavers between them. When decoding the proposed concatenated code, the information bits are decoded by two decoding algorithms, and soft information is exchanged between the RSC decoder and the LDPC decoder. This allows for the elimination of wrong codewords output by each decoder. The use of an LDPC code allows us to halt the decoding process when the valid codeword is obtained. We evaluate the error rate performance of the proposed concatenated code by computer simulations. We show that the proposed concatenated code does not have a high error floor, and achieves better BLock Error Rate (BLER) performance than either conventional LDPC codes or conventional turbo codes in the high Eb/No region. We also show that since the proposed concatenated code can correct wrong codewords output by each decoder, it achieves better BLER than the regular LDPC code at the same Bit Error Rate (BER).

Update on Enocoro stream cipher

Enocoro is a family of stream ciphers proposed by Watanabe et al. in 2007. It consists of two algorithms called Enocoro-80 and Enocoro-128v1.1, whose key lengths are 80 bits and 128 bits respectively. In this paper, we show that Enocoro-128v1.1 is vulnerable against the related-key attack in which we assume a stronger attacker than one in the related-key differential attack. The attack is applicable with 2112 out of 2128 keys and the calculation complexity of the attack is about 265. Our attack is mainly of theoretical interest and do not present a threat to practical applications using Enocoro-128v1.1. In addition, we propose to update Enocoro-128v1.1 to Enocoro-128v2 where a patch has been applied to prevent the attack.

A study on read-write protection of a digital document by cryptographic techniques

Sensitive information, e.g., privacy information or company secret, should be carefully managed and it is desired that only privileged users can read and edit these kinds of information. For these needs, this paper proposes cryptographic schemes for a proper use of digital document and a concrete construction for the proposed schemes. Note that the proposed schemes are called “Content Protection Schemes(CPSs)” in this paper. The proposed schemes enable a sender to decide an access control, i.e., read-write protection, on a document by public keys of recipients and a recipient can read or edit a part of the document according to the access control without any help of neither the sender nor any trusted entity. The concrete construction proposed in this paper consists of only standard cryptographic techniques. This means that the proposed construction can be easily implemented by a standard cryptographic library and that users do not need to prepare a special key set for the proposed schemes. Since the proposed schemes control the read-write protection on a digital document by private keys of recipients, they can promote proper use of digital document even if we could not manage them on a server.

Improvement of bandwidth efficiency of UWB-IR and DS-UWB with frequency-domain equalization (FDE) based on cyclic prefix (CP) reconstruction

In recent years, an Ultra Wideband (UWB) has attracted much attention in short range high speed wireless communications. Meanwhile, the single-carrier transmission with frequency domain equalization (SC-FDE) has also recently at- tracted much attention. It is reported that the SC-FDE sys- tem obtains an excellent performance as well as orthogonal frequency division multiplexing (OFDM), because the SC-FDE system has the advantage of frequency diversity gain even in strong frequency selective channels. However, in the SC-FDE system, the cyclic extension reduces the bandwidth efficiency. Thus, in the SC-FDE system, various methods to improve the bandwidth efficiency are reported. In this paper, we evaluate the improvement of bandwidth efficiency based on cyclic prefix (CP) reconstruction as a method of improving bandwidth efficiency of Ultra Wideband-Impulse Radio (UWB-IR) and Direct Sequence- Ultra Wideband (DS-UWB).