Κρυπτογραφία και κρυπτανάλυση με μεθόδους υπολογιστικής νοημοσύνης και υπολογιστικών μαθηματικών και εφαρμογές

Λάσκαρη, Ελένη

24 January 2011

Η διδακτορική διατριβή επικεντρώθηκε στη μελέτη νέων τεχνικών κρυπτογραφίας και κρυπτανάλυσης, αλλά και στην ανάπτυξη νέων πρωτοκόλλων για την ασφαλή ηλεκτρονική συγκέντρωση δεδομένων. Το πρώτο πρόβλημα το οποίο διερεύνησε η διατριβή ήταν η δυνατότητα εφαρμογής των μεθόδων Υπολογιστικής Νοημοσύνης στην κρυπτολογία. Στόχος ήταν η ανίχνευση των κρίσιμων σημείων κατά την εφαρμογή των μεθόδων αυτών στον πολύ απαιτητικό αυτό τομέα προβλημάτων και η μελέτη της αποτελεσματικότητας και της αποδοτικότητάς τους σε διάφορα προβλήματα κρυπτολογίας. Συνοψίζοντας, τα αποτελέσματα της διατριβής για την εφαρμογή μεθόδων Υπολογιστικής Νοημοσύνης στην κρυπτολογία υποδεικνύουν ότι παρά το γεγονός ότι η κατασκευή των αντικειμενικών συναρτήσεων είναι πολύ κρίσιμη για την αποδοτικότητα των μεθόδων, η Υπολογιστική Νοημοσύνη μπορεί να προσφέρει σημαντικά πλεονεκτήματα στον κλάδο αυτό όπως είναι η αυτοματοποίηση κάποιων διαδικασιών κρυπτανάλυσης ή κρυπτογράφησης, ο γρήγορος έλεγχος της σθεναρότητας νέων κρυπτοσυστημάτων αλλά και ο συνδυασμός τους με τυπικές μεθόδους που χρησιμοποιούνται μέχρι σήμερα για την αξιοποίηση της απλότητας και της αποδοτικότητάς τους. Το δεύτερο πρόβλημα που μελετάται στην διατριβή είναι η εφαρμογή μεθόδων αντίστροφης πολυωνυμικής παρεμβολής για την εύρεση της τιμής του διακριτού λογαρίθμου αλλά και του λογαρίθμου του Lucas. Για την μελέτη αυτή χρησιμοποιήθηκαν δύο υπολογιστικές μέθοδοι αντίστροφης πολυωνυμικής παρεμβολής, οι μέθοδοι Aitken και Neville, οι οποίες είναι κατασκευαστικές και επιτρέπουν την πρόσθεση νέων σημείων παρεμβολής για καλύτερη προσέγγιση του πολυωνύμου με μικρό υπολογιστικό κόστος. Η παρούσα μελέτη έδειξε ότι και με την προτεινόμενη μεθοδολογία το συνολικό κόστος υπολογισμού της τιμής των λογαρίθμων παραμένει υψηλό, ωστόσο η κατανομή των πολυωνύμων που έδωσαν την λύση των προβλημάτων δείχνει ότι η μεθοδολογία που χρησιμοποιήθηκε είτε εντόπισε την λύση στα πρώτα στάδια κατασκευής των πολυωνύμων είτε εντόπισε πολυώνυμα μικρού σχετικά βαθμού που προσεγγίζουν την αντίστοιχη λύση. Το τρίτο πρόβλημα που πραγματεύεται η παρούσα διατριβή είναι η δημιουργία νέων σθεναρών κρυπτοσυστημάτων με την χρήση μη-γραμμικών δυναμικών απεικονίσεων. Η αξιοποίηση των ιδιοτήτων του χάους στην κρυπτογραφία έχει αποτελέσει αντικείμενο μελέτης τα τελευταία χρόνια από τους ερευνητές λόγω της αποδεδειγμένης πολυπλοκότητας των συστημάτων του και των ιδιαίτερων στατιστικών ιδιοτήτων τους. Η διατριβή συνεισφέρει προτείνοντας ένα νέο συμμετρικό κρυπτοσύστημα που βασίζεται σε περιοδικές δυναμικές τροχιές και παρουσιάζει και τρεις τροποποιήσεις του που το καθιστούν ιδιαίτερα σθεναρό απέναντι στις συνήθεις κρυπταναλυτικές επιθέσεις. Δίνεται επίσης το υπολογιστικό κόστος κρυπτογράφησης και αποκρυπτογράφης του προτεινόμενου σχήματος και παρουσιάζονται πειραματικά αποτελέσματα που δείχνουν ότι η δομή των κρυπτογραφημάτων του κρυπτοσυστήματος δεν παρέχει πληροφορία για την ύπαρξη τυχόν μοτίβων στο αρχικό κείμενο. Τέλος, στην διατριβή αυτή προτείνονται δύο πρωτόκολλα για την ασφαλή ηλεκτρονική συγκέντρωση δεδομένων. Η συγκέντρωση δεδομένων από διαφορετικές βάσεις με ασφάλεια και ιδιωτικότητα θα ήταν σημαντική για την μελέτη των γνώσεων που ενυπάρχουν στα δεδομένα αυτά, με διάφορες μεθόδους εξόρυξης δεδομένων και ανάλυσης, καθώς οι γνώσεις αυτές ενδεχομένως δεν θα μπορούσαν να αποκαλυφθούν από την επιμέρους μελέτη των δεδομένων χωριστά από κάθε βάση. Τα δύο πρωτόκολλα που προτείνονται βασίζονται σε τροποποιήσεις πρωτοκόλλων ηλεκτρονικών εκλογών με τρόπο τέτοιο ώστε να ικανοποιούνται τα απαραίτητα κριτήρια ασφάλειας και ιδιωτικότητας που απαιτούνται για την συγκέντρωση των δεδομένων. Η βασική διαφορά των δύο πρωτοκόλλων είναι ότι στο ένα γίνεται χρήση έμπιστου τρίτου μέλους για την συγκέντρωση των δεδομένων, ενώ στο δεύτερο όχι. Και στις δύο περιπτώσεις, παρουσιάζεται ανάλυση της ασφάλειας των σχημάτων αλλά και της πολυπλοκότητάς τους αναφορικά με το υπολογιστικό τους κόστος. / In this PhD thesis we study problems of cryptography and cryptanalysis through Computational Intelligence methods and computational mathematics. Furthermore, we examine the establishment and security of new privacy preserving protocols for electronic data gathering. Part I is dedicated to the application of Computational Intelligence (CI) methods, namely Evolutionary Computation (EC) methods and Artificial Neural Networks (ANNs), for solving problems of cryptology. Initially, three problems of cryptanalysis are formulated as discrete optimization tasks and Evolutionary Computation methods are utilized to address them. The first conclusion derived by these experiments is that when EC methods are applied to cryptanalysis special attention must be paid to the design of the fitness function so as to include as much information as possible for the target problem. The second conclusion is that when EC methods (and CI methods in general) can be used as a quick practical assessment for the efficiency and the effectiveness of proposed cryptographic systems. We also apply EC methods for the cryptanalysis of Feistel ciphers and for designing strong Substitution boxes. The results show that the proposed methods are able to tackle theses problem efficiently and effectively with low cost and in automated way. Then, ANNs are employed for classical problems of cryptography as a measure of their robustness. The results show that although different topologies, training methods and formulation of the problems were tested, ANNs were able to obtain the solution of the problems at hand only for small values of their parameters. The performance of ANNs is also studied on the computation of a Boolean function derived from the use of elliptic curves in cryptographic applications. The results indicate that ANNs are able to adapt to the data presented with high accuracy, while their response to unknown data is slightly better than a random selection. Another important finding is that ANNs require a small amount of storage for the known patterns in contrast to the storage needed of the data itself. Finally, a theoretical study of the application of Ridge Polynomial Networks for the computation of the least significant bit of the discrete logarithm is presented. In Part II, computational mathematics are utilized for different cryptographic problems. Initially, we consider the Aitken and Neville inverse interpolation methods for a discrete exponential function and the Lucas logarithm function. The results indicate that the computational cost for addressing the problems through this approach is high; however interesting features regarding the degree of the resulting interpolation polynomials are reported. Next, a new symmetric key cryptosystem that exploits the idea of nonlinear mappings and their fixed points to encrypt information is presented. Furthermore, a measure of the quality of the keys used is introduced. The experimental results indicate that the proposed cryptosystem is efficient and secure to ciphertext-only attacks. Finally, three modifications of the basic cryptosystem that render it more robust are presented and efficiency issues are discussed. Finally, at Part III of the thesis, two protocols for privacy preserving electronic data gathering are proposed. The security requirements that must be met for data gathering with privacy are presented and then two protocols, based on electronic voting protocols, are analytically described. Security and complexity issues are also discussed.

Κρυπτογραφία

Κρυπτανάλυση

Κρυπτοσυστήματα

Περιοδικές τροχιές

005.82

Cryptography

Cryptanalysis

Cryptosystems

Computational intelligence

Computetional mathematics

Non-linear equat equation systems

Electronic data gathering protocols

Periodic orbits

Criptografia: Da origem aos dias atuais / Encryption: the origin to the present days

Victor Monteiro Ferreira Porto

26 February 2015

Esta pesquisa foi realizada com a intenção de motivar o estudo da criptografia, mostrando que a matemática e a comunicação estão presentes em diversos momentos, tanto no passado quanto no presente. Este trabalho mostra a origem da criptoanálise e toda a sua evolução dando ênfase nos mecanismos de codificação e decodificação através de exemplos práticos. Além disso, alguns métodos criptográficos são destacados como a cifra de substituição monoalfabética, a cifra de Vigenère, a criptografia RSA que é o método mais conhecido de criptografia de chave pública, as cifras de Hill, o método das transformações lineares e o método de Rabin, devido a sua grande importância para a evolução de sistemas computacionais e assinaturas digitais entre outros. Por fim, mostra-se a importância e a necessidade dos recursos criptográficos nos dias de hoje, na tentativa de impedir que hackers e pessoas que fazem mau uso do conhecimento matemático possam causar danos a sociedade, seja por uma simples mensagem ou até mesmo através de situações mais imprudentes como as transações bancárias indevidas / This research was conducted with the intention of motivating the study of cryptography, showing that mathematics and the communication are present at various times, both past and present. This work shows the origin of cryptanalysis and all its evolution giving emphasis on coding and decoding mechanisms through practical examples. In addition, some methods cryptographic are highlighted as the monoalphabetic substitution cipher, the Vigenere cipher, RSA encryption that is the best known method of public key cryptography , ciphers Hill, the method of linear transformations and the Rabin method, due to its great importance for the evolution of computer systems and signatures digital among others. Finally, we show the importance and the need for cryptographic resources these days, in an attempt to prevent hackers and people who make bad use of mathematical knowledge can cause damage to society, whether by a simple message or through more situations reckless as improper banking transactions

Criptografia

Criptoanálise

Codificação

Decodificação

Cifra de substituição monoalfabética

Cifra de Vigenère

Criptografia RSA

Cifras de Hill

Método das transformações lineares

Método de Rabin

Cryptography

Cryptanalysis

Coding

Decoding

Monoalphabetic substitution cipher

Vigenere cipher

RSA encryption

Ciphers Hill

Method of linear transformations

Rabin method

MATEMATICA

Criptografia: Da origem aos dias atuais / Encryption: the origin to the present days

Victor Monteiro Ferreira Porto

26 February 2015

Esta pesquisa foi realizada com a intenção de motivar o estudo da criptografia, mostrando que a matemática e a comunicação estão presentes em diversos momentos, tanto no passado quanto no presente. Este trabalho mostra a origem da criptoanálise e toda a sua evolução dando ênfase nos mecanismos de codificação e decodificação através de exemplos práticos. Além disso, alguns métodos criptográficos são destacados como a cifra de substituição monoalfabética, a cifra de Vigenère, a criptografia RSA que é o método mais conhecido de criptografia de chave pública, as cifras de Hill, o método das transformações lineares e o método de Rabin, devido a sua grande importância para a evolução de sistemas computacionais e assinaturas digitais entre outros. Por fim, mostra-se a importância e a necessidade dos recursos criptográficos nos dias de hoje, na tentativa de impedir que hackers e pessoas que fazem mau uso do conhecimento matemático possam causar danos a sociedade, seja por uma simples mensagem ou até mesmo através de situações mais imprudentes como as transações bancárias indevidas / This research was conducted with the intention of motivating the study of cryptography, showing that mathematics and the communication are present at various times, both past and present. This work shows the origin of cryptanalysis and all its evolution giving emphasis on coding and decoding mechanisms through practical examples. In addition, some methods cryptographic are highlighted as the monoalphabetic substitution cipher, the Vigenere cipher, RSA encryption that is the best known method of public key cryptography , ciphers Hill, the method of linear transformations and the Rabin method, due to its great importance for the evolution of computer systems and signatures digital among others. Finally, we show the importance and the need for cryptographic resources these days, in an attempt to prevent hackers and people who make bad use of mathematical knowledge can cause damage to society, whether by a simple message or through more situations reckless as improper banking transactions

Criptografia

Criptoanálise

Codificação

Decodificação

Cifra de substituição monoalfabética

Cifra de Vigenère

Criptografia RSA

Cifras de Hill

Método das transformações lineares

Método de Rabin

Cryptography

Cryptanalysis

Coding

Decoding

Monoalphabetic substitution cipher

Vigenere cipher

RSA encryption

Ciphers Hill

Method of linear transformations

Rabin method

MATEMATICA

Moderní kryptoanalýza / Modern cryptanalysis

Petřík, Tomáš

January 2011

Issues of this thesis are focused on side-channel cryptanalysis. Particularly attention is paid to differential power analysis, when is simulated an attack on the cryptographic module for different conditions and for different structural features of this module. As the cryptographic module is used a PIC microcontroller, which is operating with AES symmetric encryption algorithm. For this purpose, a design of experimental printed circuit board was created. Then, this PCB was equipped only with the necessary components for the function of the cryptographic module. Cryptanalysis is aimed on current consumption of crypto module that is caused by execution of AddRoundKey instructions. Power consumption of PIC microcontroller is measured in depending on the size of power supply voltage, size of serial resistor, size of bypass capacitor, and this thesis also examines the influence of ambient temperature on power consumption of PIC. The measured values are graphically presented and then discussed.

Kryptoanalýza algoritmu post-kvantové kryptografie / Cryptoanalysis of a Post-quantum Cryptography Algorithm

Štumpf, Daniel

January 2020

National Institute of Standards and Technology (NIST) is currently running a stan- dardization process for a post-quantum cryptography primitives. Depending on the al- gorithms building blocks these primitives can be divided into five categories. In the first part of this thesis we described all five categories and compared their characteristics. The most important aspect of the schemes for NIST is security against both classical and quantum adversaries. We chose one of the five categories (namely, we picked lattice- based cryptosystems) for further cryptanalysis. As we think that the security analysis of some of the second round candidates in the NIST standardization project is not suffi- ciently well described in their specification documents and some known attacks are not considered at all, we provide a unified security analysis of these schemes. We described two currently known attacks (primal and dual attacks) against lattice-based schemes, estimated cost of these attacks against the lattice-based candidates in the second round of the NIST standardization project and compared these values with the security claimed by these candidates. In most cases our estimations matches those published in the speci- fication documents and therefore we conclude that the security estimates claimed by the candidates are...

Use of simulators for side-channel analysis: Leakage detection and analysis of cryptographic systems in early stages of development

Veshchikov, Nikita

23 August 2017

Cryptography is the foundation of modern IT security,it provides algorithms and protocols that can be usedfor secure communications. Cryptographic algorithmsensure properties such as confidentiality and data integrity.Confidentiality can be ensured using encryption algorithms.Encryption algorithms require a secret information called a key.These algorithms are implemented in cryptographic devices.There exist many types of attacks against such cryptosystems,the main goal of these attacks is the extraction of the secret key.Side-channel attacks are among the strongest types of attacksagainst cryptosystems. Side-channel attacks focus on the attacked device, they measure its physicalproperties in order to extract the secret key. Thus, these attacks targetweaknesses in an implementation of an algorithm rather than the abstract algorithm itself.Power analysis is a type of side-channel attacks that can be used to extract a secretkey from a cryptosystem through the analysis of its power consumption whilethe target device executes an encryption algorithm. We can say that the secret information is leaking from the device through itspower consumption. One of the biggest challenges in the domain of side-channel analysisis the evaluation of a device from the perspective of side-channel attacksor in other words the detection of information leakage.A device can be subject to several sources of information leakageand it is actually relatively easy to find just one side-channel attack that works(by exploiting just one source of leakage),however it is very difficult to find all sources of information leakage or to show that there is no information leakage in the givenimplementation of an encryption algorithm. Evaluators use various statistical tests during the analysis of a cryptographic device to checkthat it does not leak the secret key. However, in order to performsuch tests the evaluation lab needs the device to acquire the measurementsand analyse them. Unfortunately, the development process of cryptographicsystems is rather long and has to go through several stages. Thus, an information leakagethat can lead to a side-channel attackcan be discovered by an evaluation lab at the very last stage using the finalproduct. In such case, the whole process has to be restarted in order to fix the issue,this can lead to significant time and budget overheads. The rationale is that developers of cryptographic systems would like to be able to detect issues related to side-channel analysis during the development of the system,preferably on the early stages of its development. However, it is far from beinga trivial task because the end product is not yet available andthe nature of side-channel attacks is such that it exploits the properties ofthe final version of the cryptographic device that is actually available to the end user. The goal of this work is to show how simulators can be used for the detection of issues related to side-channel analysis during the development of cryptosystems.This work lists the advantages of simulators compared to physical experimentsand suggests a classification of simulators for side-channel analysis.This work presents existing simulators that were created for side-channel analysis,more specifically we show that there is a lack of available simulation toolsand that therefore simulators are rarely used in the domain. We present threenew open-source simulators called Silk, Ascold and Savrasca.These simulators are working at different levels of abstraction,they can be used by developers to perform side-channel analysisof the device during different stages of development of a cryptosystem.We show how Silk can be used during the preliminary analysisand development of cryptographic algorithms using simulations based on high level of abstraction source code. We used it to compare S-boxesas well as to compare shuffling countermeasures against side-channel analysis.Then, we present the tool called Ascold that can be used to find side-channel leakagein implementations with masking countermeasure using the analysis of assembly code of the encryption.Finally, we demonstrate how our simulator called Savrasca can be used to find side-channelleakage using simulations based on compiled executable binaries. We use Savrascato analyse masked implementation of a well-known contest on side-channel analysis (the 4th edition of DPA Contest),as a result we demonstrate that the analysed implementation contains a previouslyundiscovered information leakage. Through this work we alsocompared results of our simulated experiments with real experiments comingfrom implementations on microcontrollers and showed that issues found using our simulatorsare also present in the final product. Overall, this work emphasises that simulatorsare very useful for the detection of side-channel leakages in early stages of developmentof cryptographic systems. / Option Informatique du Doctorat en Sciences / info:eu-repo/semantics/nonPublished

Informatique mathématique

Technologie informatique hardware

Informatique appliquée logiciel

Analyse de systèmes informatiques

Technologie de la sécurité

cryptography

cryptanalysis

encryption

side-channel analysis

shuffling countermeasures

masking countermeasures

simulations

automated tools

side-channel attacks

Bezpečné kryptografické algoritmy / Safe Cryptography Algorithms

Mahdal, Jakub

January 2008

This thesis brings a reader an overview about historical and modern world of cryptographic methods, as well evaluates actual state of cryptographic algorithm progressions, which are used in applications nowadays. The aim of the work describes common symmetric, asymmetric encryption methods, cryptographic hash functions and as well pseudorandom number generators, authentication protocols and protocols for building VPNs. This document also shows the basics of the successful modern cryptanalysis and reveals algorithms that shouldn't be used and which algorithms are vulnerable. The reader will be also recommended an overview of cryptographic algorithms that are expected to stay safe in the future.