Statistical Analysis Of Block Ciphers And Hash Functions

Sulak, Fatih

01 February 2011

One of the most basic properties expected from block ciphers and hash functions is passing statistical randomness testing, as they are supposed to behave like random mappings. Previously, testing of AES candidate block ciphers was done by using the statistical tests defined in the NIST Test Suite. As some of the tests in this suite require long sequences, data sets are formed by concatenating the outputs of the algorithms obtained from various input types. However, the nature of block cipher and hash function algorithms necessitates devising tests and test parameters focused particularly on short sequences, therefore we propose a package of statistical randomness tests which produce reliable results for short sequences and test the outputs of the algorithms directly rather than concatenations. Moreover, we propose an alternative method to evaluate the test results and state the required computations of related probabilities for the new evaluation method. We also propose another package of statistical tests which are designed basing on certain cryptographic properties of block ciphers and hash functions to evaluate their randomness, namely the cryptographic randomness testing. The packages are applied to the AES finalists, and produced more precise results than those obtained in similar applications. Moreover, the packages are also applied to SHA-3 second round candidate algorithms.

QA Mathematics 1-939

Electrodeposition of ultrathin Pd, Co and Bi films on well-defined noble-metal electrodes: studies by ultrahigh vacuum-electrochemistry (UHV-EC)

Baricuatro, Jack Hess L

30 October 2006

Three illustrative cases involving the electrodeposition of ultrathin metal films of varying reactivities onto noble-metal substrates were investigated: (i) Pd on Pt(111), a noble admetal on a noble-metal surface; (ii) Bi on Pd(111), a less noble admetal on a noble-metal surface; and (iii) Co on polycrystalline Pd and Pd(111), a reactive metal on a noble-metal surface. The interfacial electrochemistry of these prototypical systems was characterized using a combination of electrochemical methods (voltammetry and coulometry) and ultrahigh vacuum electron spectroscopies (Auger electron spectroscopy, AES; low energy electron diffraction, LEED; and X-ray photoelectron spectroscopy, XPS). Potential-controlled adsorption-desorption cycles of aqueous bromide exerted surface smoothening effects on ultrathin Pd films with defect sites (steps). This procedure, dubbed as electrochemical (EC) annealing, constituted a nonthermal analogue to conventional annealing. EC-annealed ultrathin Pd films exhibited long-range surface order and remained free of oxygen adspecies. Pdadatoms occupying step-sites were selectively dissolved and/or rearranged to assume equilibrium positions in a well-ordered (1x1) film. Electrodeposition of Co was found to be highly surface-structuresensitive. While virtually no Co electrodeposition transpired on a clean Pd(111) surface, Co was voltammetrically deposited on (i) a Pd(111) electrode roughened by oxidation-reduction cycles; and (ii) thermally annealed polycrystalline Pd, which is a composite of the (111) and (100) facets. Electrodeposition of Co was also observed to be kinetically hindered and slow potential scan rates (0.1 mV/s) were required. Well-defined ultrathin Bi films were potentiostatically electrodeposited onto Pd(111); a Stranski-Krastanov growth mode was indicated. The electrochemical reactivity of ultrathin Bi films was characterized using two surface probes: aqueous iodide and D-glucose. (i) Exposure of the prepared Bi adlayers (ΘBi 0.33) to aqueous iodide gave rise to (√3x√7) I-on-Bi superlattice. The same superlattice was obtained if Bi was electrodeposited onto Pd(111)(√3x√3)R30o-I. (ii) With respect to electrooxidation of D-glucose on Pd(111), the presence of Bi adlayers inhibited the by-product-induced "surface poisoning" of Pd(111) but reduced its electrocatalytic efficiency.

electrodeposition

ultrathin films

LEED

AES

cyclic voltammetry

cobalt

bismuth

Pd(111)

Pt(111)

Embedded cryptography [electronic resource] : an analysis and evaluation of performance and code optimization techniques for encryption and decryption in embedded systems / by Jayavardhan R. Kandi.

Kandi, Jayavardhan R.

January 2003

Title from PDF of title page. / Document formatted into pages; contains 84 pages. / Thesis (M.S.E.E.)--University of South Florida, 2003. / Includes bibliographical references. / Text (Electronic thesis) in PDF format. / ABSTRACT: It is clear that Cryptography is computationally intensive. It is also known that embedded systems have slow clock rates and less memory. The idea for this thesis was to study the possibilities for analysis of cryptography on embedded systems. The basic approach was the implementation of cryptographic algorithms on high-end, state-of-the-art, DSP chips in order to study the various parameters that optimize the performance of the chip while keeping the overhead of encryption and decryption to a minimum. Embedded systems are very resource sensitive. An embedded system is composed of different components, which are implemented in both hardware and software. Therefore, hardware-software co-synthesis is a crucial factor affecting the performance of embedded systems. Encryption algorithms are generally classified as data-dominated systems rather than ubiquitous control-dominated systems. Data-dominated systems have a high degree of parallelism. / ABSTRACT: Embedded systems populate the new generation gadgets such as cell phones and Smartcards where the encryption algorithms are obviously an integral part of the system. Due to the proliferation of embedded systems in all the current areas, there is a need for the systematic study of encryption techniques from the embedded systems point of view. This thesis explored the different ways encryption algorithms can be made to run faster with much less memory. Some of the issues investigated were overlapped scheduling techniques for high-level synthesis, structural partitioning, real-time issues, reusability and functionality, random number and unique key generators, seamless integration of cryptographic code with other applications and architecture specific optimization techniques. / System requirements: World Wide Web browser and PDF reader. / Mode of access: World Wide Web.

co-synthesis.

dsp.

rijndael.

aes.

starcore.

A VLSI architecture for Rijndael, the advanced encryption standard [electronic resource] / by Naga M. Kosaraju.

Kosaraju, Naga M.

January 2003

Title from PDF of title page. / Document formatted into pages; contains 93 pages. / Thesis (M.S.Cp.E.)--University of South Florida, 2003. / Includes bibliographical references. / Text (Electronic thesis) in PDF format. / ABSTRACT: The increasing application of cryptographic algorithms to ensure secure communications across virtual networks has led to an ever-growing demand for high performance hardware implementations of the encryption/decryption methods. The inevitable inclusion of the cryptographic algorithms in network communications has led to the development of several encryption standards, one of the prominent ones among which, is the Rijndael, the Advanced Encryption Standard. Rijndael was chosen as the Advanced Encryption Standard (AES) by the National Institute of Standard and Technology (NIST), in October 2000, as a replacement for the Data Encryption Standard (DES). This thesis presents the architecture for the VLSI implementation of the Rijndael, the Advanced Encryption Standard algorithm. Rijndael is an iterated, symmetric block cipher with a variable key length and block length. The block length is fixed at 128 bits by the AES standard [4]. / ABSTRACT: The key length can be designed for 128,192 or 256 bits. The VLSI implementation, presented in this thesis, is based on a feed-back logic and allows a key length specification of 128-bits. The present architecture is implemented in the Electronic Code Book(ECB) mode of operation. The proposed architecture is further optimized for area through resource-sharing between the encryption and decryption modules. The architecture includes a Key-Scheduler module for the forward-key and reverse-key scheduling during encryption and decryption respectively. The subkeys, required for each round of the Rijndael algorithm, are generated in real-time by the Key-Scheduler module by expanding the initial secret key. The proposed architecture is designed using the Custom-Design Layout methodology with the Cadence Virtuoso tools and tested using the Avanti Hspice and the Nanosim CAD tools. / ABSTRACT: Successful implementation of the algorithm using iterativearchitecture resulted in a throughput of 232 Mbits/sec on a 0.35[mu] CMOS technology. Using 0.35[mu] CMOS technology, implementation of the algorithm using pipelining architecture resulted in a throughput of 1.83 Gbits/sec. The performance of this implementation is compared with similar architectures reported in the literature. / System requirements: World Wide Web browser and PDF reader. / Mode of access: World Wide Web.

cryptography.

aes.

hardware architecture.

real time key scheduling.

Validation of MP-AES at the Quantification of Trace Metals in Heavy Matrices with Comparison of Performance to ICP-MS

Berg, Isabelle

January 2015

The MP-AES 4200 using microwave plasma and an atomic emission spectroscopy detector provide a new and improved instrument to the analytical field. In this project will the performance of the equipment be evaluated in controlled NaCl-heavy matrices for selected metals (Cu, Zn, Li) and the result from this will be used to optimize a method for specific samples. These samples consist of combustion ashes from the incineration of hazardous waste and are provided by the company SAKAB AB. The sample preparation consisted of several cycles of L/S 10 followed by microwave assisted dissolution with concentrated HNO3, aqua regia or 18.2 MΩ. An extended amount of metals were quantified for these samples (Al, As, Ba, Ca, Cd, Cr, Cu, Fe, K, Li, Mn, Na, Ni, Pb, V, Zn) and most (not Ca, Li, K or Na) were compared with an ICP-MS instrument equipped with a collision cell used for the elements As, Fe and V. A final experiment was made on an L/S 10 of the samples to attempt to separate the metals from the salt with ion exchange, something that would make it possible to recycle this otherwise unused waste. The detection limits were all in the low μg L-1 except for Cd, Mn and Zn, which were between 2-4 μg L-1. The MP-AES was found to be able to handle matrices up to 5 g L-1 NaCl without a significant loss of response and provided near identical results to the ICP-MS for the elements that could be compared, this did not included the elements not quantified with the ICP-MS or V which was the only element under the limit of detection for the MP-AES. The experiment where an attempt was made to separate the metals from the salt was proven successful after treatment of bark compost and another type of waste ash as cation exchangers.

MP-AES

ICP-MS

high matrices

digestion

microwave plasma

combustion ash

ion exchange

A predictive validity study of AES systems

Park, Il, 1969-

18 February 2011

A predictive validity approach has been employed to find some implications to support evidences for Automated Essay Scoring (AES) systems. First, using R² values from multiple linear regression models, validity indices are compared first between multiple choice scores and essay scores across four AES systems. Secondly, R² values from models using only essay scores, the validity indices of four AES systems are hypothetically compared to see if how well AES systems could predict student outcome such as GPA. / text

Automated Essay Scoring

Predictive validity

E-rater

Intellimetric

PEG

Project Essay Grader

IEA

Intelligent Essay Assessor

AES

Cryptanalyse physique de circuits cryptographiques à l'aide de sources LASER

Roscian, Cyril

08 October 2013

Les circuits cryptographiques, parce qu'ils contiennent des informations confidentielles, font l'objet de manipulations frauduleuses, appelées communément attaques, de la part de personnes mal intentionnées. Plusieurs attaques ont été répertoriées et analysées. L'une des plus efficaces actuellement, appelée cryptanalyse DFA (Differential Fault Analysis), exploite la présence de fautes, injectées volontairement par l'attaquant par exemple à l'aide d'un laser, dans les calculs. Cependant, les modèles de fautes utilisés dans ces attaques sont parfois très restrictifs et conditionnent leur efficacité. Il est donc important de bien connaître quel modèle de faute est pertinent ou réalisable en fonction du circuit cible et du moyen d'injection (dans notre cas le laser). Un première étude portant sur le type de fautes (Bit-set, Bit-reset ou Bit-flip) injectées sur des points mémoires SRAM a mis en évidence la forte dépendance des fautes injectées vis à vis des données manipulées et la quasi inexistence de fautes de type Bit-flip. Ce dernier résultat favorise grandement les attaques de type Safe Error et engendre donc un réel problème de sécurité. La mise en évidence de tels résultats a été possible grâce à des cartographies de sensibilité au laser réalisées sur une cellule SRAM isolée puis sur la mémoire RAM d'un micro-contrôleur 8 bits. Pour confirmer ces résultats expérimentaux, des simulations SPICE d'injection de fautes laser ont été réalisées à partir d'un modèle développé dans l'équipe. Ce modèle prend en compte la topologie de la cible. Des tests ont ensuite été réalisés sur un circuit ASIC implémentant l'algorithme AES. L'analyse des fautes a montré la présence des trois types de fautes mais aussi un faible taux d'injection. En revanche, le taux de répétabilité des fautes était particulièrement élevé. Cela nous a permis d'améliorer une attaque existante et d'obtenir au final une attaque plus efficace que les attaques classiques, nécessitant moins de chiffrements fautés et une analyse des résultats réduite pour retrouver la clef secrète. Enfin, une évaluation des contre-mesures embarquées dans ce circuit a montré leurs inefficacités vis à vis des attaques en fautes par laser. Des pistes d'amélioration ont ensuite été proposées.

[SPI:OTHER] Engineering Sciences/Other

LASER

Injections de fautes

DFA

Modèles de fautes

AES

SRAM

Efficient Hardware Implementations For The Advanced Encryption Standard Algorithm

Hammad, Issam

25 October 2010

This thesis introduces new efficient hardware implementations for the Advanced Encryption Standard (AES) algorithm. Two main contributions are presented in this thesis, the first one is a high speed 128 bits AES encryptor, and the second one is a new 32 bits AES design. In first contribution a 128 bits loop unrolled sub-pipelined AES encryptor is presented. In this encryptor an efficient merging for the encryption process sub-steps is implemented after relocating them. The second contribution presents a 32 bits AES design. In this design, the S-BOX is implemented with internal pipelining and it is shared between the main round and the key expansion units. Also, the key expansion unit is implemented to work on the fly and in parallel with the main round unit. These designs have achieved higher FPGA (Throughput/Area) efficiency comparing to previous AES designs.

AES

FPGA

I-BOX

Composite Field

Finite Field

Cryptography

Encryption

Embedded Systems

Cryptanalyse de primitives symétriques basées sur le chiffrement AES

Jean, Jérémy

24 September 2013

Dans cette thèse, nous nous intéressons à la cryptanalyse de certaines primitives de cryptographie symétrique qui utilisent les concepts de construction du schéma de chiffrement AES. Nous commençons par une analyse de l'AES lui-même dans trois modèles de sécurité différents: le modèle standard, le modèle à clefs reliées et le modèle ouvert. Dans le modèle standard, où l'adversaire cherche à récupérer la clef secrète, nous décrivons les meilleures attaques différentielles existantes sur cet algorithme de chiffrement, en améliorant les attaques différentielles précédemment publiées. Ensuite, nous procédons à une analyse structurelle de l'AES dans le modèle à clefs reliées. Nous montrons des résultats d'impossibilité, indiquant que l'on ne peut pas prouver la sécurité de la structure de l'AES contre les attaques différentielles dans ce modèle. Enfin, dans le modèle ouvert, nous proposons le premier distingueur pour neuf tours d'AES-128, ce qui résout un problème ouvert depuis plusieurs années dans la communauté symétrique. Dans une deuxième partie, nous analysons en détail l'application de l'attaque par rebond sur les primitives basées sur l'AES. Nous montrons qu'il est possible de considérer un tour de plus dans la première des deux phases de cette stratégie, ce qui améliore les meilleurs résultats connus sur les permutations à base d'AES. Ceci résout le problème ouvert consistant à augmenter le nombre total de tours attaqués grâce à cette technique. Nous montrons également qu'il est possible de relâcher certaines contraintes pour augmenter la probabilité de succès de la deuxième étape. Ceci conduit à une diminution des complexités de toutes les attaques publiées. Nous appliquons ces améliorations à la fonction de hachage Grostl, obtenant les meilleures attaques sur la permutation interne. Finalement, nous nous intéressons à la fonction de hachage ECHO pour montrer qu'il est possible d'appliquer plusieurs fois l'attaque par rebond et ainsi attaquer plus de tours de la permutation interne.

Cryptography

Cryptanalysis

AES

Block Cipher

Hash Function

Κώδικες πιστοποίησης μηνυμάτων : σχεδιασμός και υλοποιήσεις σε πλατφόρμες υλικού και συγκριτικές αποτιμήσεις / Message authentication codes : designs and implementations in hardware platforms and comparisons

Χαράλαμπος, Μιχαήλ

16 June 2011

Σε αυτή τη μεταπτυχιακή διπλωματική εργασία μελετήθηκαν, αναπτύχτηκαν και συγκριθήκαν αρχιτεκτονικές για κρυπτογραφικές εφαρμογές που χρησιμοποιούνται στης τεχνικές πιστοποίησης μηνυμάτων. Σε αυτές χρησιμοποιήθηκαν και τεχνικές βελτιστοποίησης της απόδοσης. Στην ασφάλεια μετάδοσης των πληροφοριών, η πιστοποίηση μηνύματος είναι μία θεμελιώδης τεχνική, η οποία χρησιμοποιείται για να επιβεβαιώσει ότι τα ληφθέντα μηνύματα προέρχονται από τον σωστό αποστολέα και ότι δεν έχουν τροποποιηθεί κατά τη μετάδοση. Στην πιστοποίηση μηνύματος, απαιτείται η χρήση ενός κώδικα πιστοποίησης μηνύματος (Message Authentication Code-MAC). Οι τεχνικές για να δημιουργηθεί ένα MAC γίνεται με δύο τρόπους: α)Με χρήση μίας hash συνάρτησης σε συνδυασμό με ένα μυστικό κλειδί και αναφέρεται σαν HMAC (Hash-based MAC). β)Με χρήση ενός block cipher αλγορίθμου κρυπτογράφησης σε συνδυασμό με ένα μυστικό κλειδί και αναφέρεται σαν CMAC (Cipher block-based MAC). Θα υλοποιηθούν οι δύο παραπάνω τρόποι-μέθοδοι παραγωγής MAC, σε πλατφόρμες υλικού με γνώμονα την αύξηση της ρυθμαπόδοσης τους. Θα αποτιμηθεί ο ρόλος τους στα κρυπτογραφικά συστήματα ασφαλείας και σε ποιές περιπτώσεις συνίσταται η χρήση της κάθε μίας τεχνικής. Έτσι θα ξεκαθαριστούν οι διαφορές τους και θα καθοριστεί το προφίλ των εφαρμογών στης οποίες κάθε μια εκ των δύο αυτών τεχνικών ταιριάζει καλύτερα. Οι υλοποιήσεις συγκριθήκαν στην ίδια πλατφόρμα υλικού που χρησιμοποιήθηκε για την τελική υλοποίηση ώστε σε κάθε περίπτωση, ανάλογα με της απαιτήσεις της εκάστοτε εφαρμογής, να βρεθεί και η βέλτιστη λύση από πλευράς κόστους. / In the present M.Sc. thesis, several architectures for message authentication codes were studied, developed and compared to each other. Performance optimization techniques were exploited as well. Message Authentication Codes (MACs) are widely used in order to protect both a message's integrity -by ensuring that a different MAC will be produced if the message has changed - as well as its authenticity (only someone who knows the secret key could have generated a valid MAC). A message authentication code is an authentication tag (also called a checksum) derived by applying an authentication scheme, together with a secret key, to a message. Typically MACs are produced through: α) HMAC mechanism which is based on a FIPS approved collision-resistant hash function in combination with a secret key (Hash-based MAC). β)CMAC mechanism which is based on a block cipher algorithm in combination with a secret key (Cipher block-based MAC). The above two ways (mechanisms) for producing MACs were designed and implemented in hardware taking into consideration the increase of their throughput. The cryptographic systems in which the above two are exploited were described. Their key role in these systems was valued through an investigation concerning the way of their incorporation. Thus, the differences between them were clarified determining the applications where each one is better befitted. HMAC and CMAC designs are implemented in the same hardware FPGA platform and compared to each other in terms of operating frequency, area consumption and throughput. In this way, the best solution between them concerning their overall cost can be designated.

Κρυπτογραφία

005.82

Cryptography

Message authentication codes

HMAC

CMAC

AES

HASH functions