Analysis of Lightweight Cryptographic Primitives

George, Kiernan Brent

05 May 2021

Internet-of-Things (IoT) devices have become increasingly popular in the last 10 years, yet also show an acceptance for lack of security due to hardware constraints. The range of sophistication in IoT devices varies substantially depending on the functionality required, so security options need to be flexible. Manufacturers typically either use no security, or lean towards the use of the Advanced Encryption Standard (AES) with a 128-bit key. AES-128 is suitable for the higher end of that IoT device range, but is costly enough in terms of memory, time, and energy consumption that some devices opt to use no security. Short development and a strong drive to market also contribute to a lack in security. Recent work in lightweight cryptography has analyzed the suitability of custom protocols using AES as a comparative baseline. AES outperforms most custom protocols when looking at security, but those analyses fail to take into account block size and future capabilities such as quantum computers. This thesis analyzes lightweight cryptographic primitives that would be suitable for use in IoT devices, helping fill a gap for "good enough" security within the size, weight, and power (SWaP) constraints common to IoT devices. The primitives have not undergone comprehensive cryptanalysis and this thesis attempts to provide a preliminary analysis of confidentiality. The first is a single-stage residue number system (RNS) pseudorandom number generator (PRNG) that was shown in previous publications to produce strong outputs when analyzed with statistical tests like the NIST RNG test suite and DIEHARD. However, through analysis, an intelligent multi-stage conditional probability attack based on the pigeonhole principle was devised to reverse engineer the initial state (key) of a single-stage RNS PRNG. The reverse engineering algorithm is presented and used against an IoT-caliber device to showcase the ability of an attacker to retrieve the initial state. Following, defenses based on intentional noise, time hopping, and code hopping are proposed. Further computation and memory analysis show the proposed defenses are simple in implementation, but increase complexity for an attacker to the point where reverse engineering the PRNG is likely no longer viable. The next primitive proposed is a block cipher combination technique based on Galois Extension Field multiplication. Using any PRNG to produce the pseudorandom stream, the block cipher combination technique generates a variable sized key matrix to encrypt plaintext. Electronic Codebook (ECB) and Cipher Feedback (CFB) modes of operation are discussed. Both system modes are implemented in MATLAB as well as on a Texas Instruments (TI) MSP430FR5994 microcontroller for hardware validation. A series of statistical tests are then run against the simulation results to analyze overall randomness, including NIST and the Law of the Iterated Logarithm; the system passes both. The implementation on hardware is compared against a stream cipher variation and AES-128. The block cipher proposed outperforms AES-128 in terms of computation time and consumption for small block sizes. While not as secure, the cryptosystem is more scalable to block sizes used in IoT devices. / Master of Science / An Internet-of-Things (IoT) device is a single-purpose computer that operates with less computing resources and sometimes on battery power. The classification of IoT can range anywhere from motion sensors to a doorbell camera, but IoT devices are used in more than just home automation. The medical and industrial spaces use simple wireless computers for a number of tasks as well. One concern with IoT, given the hardware constraints, is the lack of security. Since messages are often transmitted through a wireless medium, anybody could eavesdrop on what is being communicated if data is not encrypted prior to transmission. Cryptography is the practice of taking any string of data and obfuscating it through a process that only valid parties can reverse. The sophistication of cryptographic systems has increased to the point where IoT manufacturers elect to use no security in many cases because the hardware is not advanced enough to run them efficiently. The Advanced Encryption Standard (AES) is usually the choice for security in the IoT space, but typically only higherend devices can afford to use AES. This thesis focuses on alternative lightweight systems to AES. First, a single-stage residue number system (RNS) pseudorandom number generator (PRNG) is analyzed, which has been proven to generate statistically random outputs in previous publications. PRNGs are a cheap method of producing seemingly random outputs through an algorithm once provided with an initial state known as a seed. An intelligent attack on the PRNG is devised, which is able to reverse engineer the initial state, effectively breaking the random behavior. Three defenses against the attack are then implemented to protect against the reported vulnerability. Following, a block cipher combination technique is presented, using the aforementioned PRNG as the source of randomness. A block cipher is a method of encrypting large chunks of data together, to better obfuscate the output. Using a block cipher is more secure than just using a PRNG for encryption. However, PRNGs are used to generate the key for the proposed block cipher, as they offer a more efficient method of security. The combination technique presented serves to increase the security of PRNGs further. The cipher is shown to perform better on an IoT-caliber device in terms of computation time and energy consumption at smaller block sizes than AES.

Block Cipher

Galois Extension Field

Post-Quantum Cryptography

Pseudorandom Number Generator

Residue Number System

Algebraic Tori in Cryptography

Alexander, Nicholas Charles

January 2005

Communicating bits over a network is expensive. Therefore, cryptosystems that transmit as little data as possible are valuable. This thesis studies several cryptosystems that require significantly less bandwidth than conventional analogues. The systems we study, called torus-based cryptosystems, were analyzed by Karl Rubin and Alice Silverberg in 2003 [RS03]. They interpreted the XTR [LV00] and LUC [SL93] cryptosystems in terms of quotients of algebraic tori and birational parameterizations, and they also presented CEILIDH, a new torus-based cryptosystem. This thesis introduces the geometry of algebraic tori, uses it to explain the XTR, LUC, and CEILIDH cryptosystems, and presents torus-based extensions of van Dijk, Woodruff, et al. [vDW04, vDGP⁺05] that require even less bandwidth. In addition, a new algorithm of Granger and Vercauteren [GV05] that attacks the security of torus-based cryptosystems is presented. Finally, we list some open research problems.

Mathematics

cryptography

compression

finite field

extension field

discrete logarithm problem

tori

torus

algebraic

Rubin

Silverberg

Granger

Vercauteren

XTR

LUC

CEILIDH

Algebraic Tori in Cryptography

Alexander, Nicholas Charles

January 2005

Communicating bits over a network is expensive. Therefore, cryptosystems that transmit as little data as possible are valuable. This thesis studies several cryptosystems that require significantly less bandwidth than conventional analogues. The systems we study, called torus-based cryptosystems, were analyzed by Karl Rubin and Alice Silverberg in 2003 [RS03]. They interpreted the XTR [LV00] and LUC [SL93] cryptosystems in terms of quotients of algebraic tori and birational parameterizations, and they also presented CEILIDH, a new torus-based cryptosystem. This thesis introduces the geometry of algebraic tori, uses it to explain the XTR, LUC, and CEILIDH cryptosystems, and presents torus-based extensions of van Dijk, Woodruff, et al. [vDW04, vDGP⁺05] that require even less bandwidth. In addition, a new algorithm of Granger and Vercauteren [GV05] that attacks the security of torus-based cryptosystems is presented. Finally, we list some open research problems.

Mathematics

cryptography

compression

finite field

extension field

discrete logarithm problem

tori

torus

algebraic

Rubin

Silverberg

Granger

Vercauteren

XTR

LUC

CEILIDH

Diskrétně normované řády kvaternionových algeber / Discretely normed orders of quaternionic algebras

Horníček, Jan

January 2014

Tato práce shrnuje autorův výzkum v oblasti teorie kvaternionových algeber, jejich izomorfismů a maximálních řádů. Nový úhel pohledu na tuto problematiku je umožněn využitím pojmu diskrétní normy. Za hlavní výsledky práce je možná považovat důkaz jednoznačnosti diskrétní normy pro celá čísla, kvadratická rozšíření těles a řády kvaternionových algeber. Dále větu, která umožňuje mezi dvěma kvaternionovými algebrami konstruovat izomorfismy explicitně vyjádřené v maticovém tvaru. A v neposlední řadě důkaz existence nekonečně mnoha různých maximálních řádů kvaternionové algebry. Výsledky uvedené v této diplomové práci budou dále publikovány ve vědeckém článku.

Elliptic curve cryptosystem over optimal extension fields for computationally constrained devices

Abu-Mahfouz, Adnan Mohammed

08 June 2005

Data security will play a central role in the design of future IT systems. The PC has been a major driver of the digital economy. Recently, there has been a shift towards IT applications realized as embedded systems, because they have proved to be good solutions for many applications, especially those which require data processing in real time. Examples include security for wireless phones, wireless computing, pay-TV, and copy protection schemes for audio/video consumer products and digital cinemas. Most of these embedded applications will be wireless, which makes the communication channel vulnerable. The implementation of cryptographic systems presents several requirements and challenges. For example, the performance of algorithms is often crucial, and guaranteeing security is a formidable challenge. One needs encryption algorithms to run at the transmission rates of the communication links at speeds that are achieved through custom hardware devices. Public-key cryptosystems such as RSA, DSA and DSS have traditionally been used to accomplish secure communication via insecure channels. Elliptic curves are the basis for a relatively new class of public-key schemes. It is predicted that elliptic curve cryptosystems (ECCs) will replace many existing schemes in the near future. The main reason for the attractiveness of ECC is the fact that significantly smaller parameters can be used in ECC than in other competitive system, but with equivalent levels of security. The benefits of having smaller key size include faster computations, and reduction in processing power, storage space and bandwidth. This makes ECC ideal for constrained environments where resources such as power, processing time and memory are limited. The implementation of ECC requires several choices, such as the type of the underlying finite field, algorithms for implementing the finite field arithmetic, the type of the elliptic curve, algorithms for implementing the elliptic curve group operation, and elliptic curve protocols. Many of these selections may have a major impact on overall performance. In this dissertation a finite field from a special class called the Optimal Extension Field (OEF) is chosen as the underlying finite field of implementing ECC. OEFs utilize the fast integer arithmetic available on modern microcontrollers to produce very efficient results without resorting to multiprecision operations or arithmetic using polynomials of large degree. This dissertation discusses the theoretical and implementation issues associated with the development of this finite field in a low end embedded system. It also presents various improvement techniques for OEF arithmetic. The main objectives of this dissertation are to --Implement the functions required to perform the finite field arithmetic operations. -- Implement the functions required to generate an elliptic curve and to embed data on that elliptic curve. -- Implement the functions required to perform the elliptic curve group operation. All of these functions constitute a library that could be used to implement any elliptic curve cryptosystem. In this dissertation this library is implemented in an 8-bit AVR Atmel microcontroller. / Dissertation (MEng (Computer Engineering))--University of Pretoria, 2006. / Electrical, Electronic and Computer Engineering / unrestricted

Ecc

Elliptic curve

Elgamal

Diffie-hellman

Discrete logarithm problem

Ecdh

Frobenius

Ecdlp

Itoh tsujii inversion

Karatsuba algorithm

Extended euclidean algorithm

Schoolbook method

Addition chain algorithm

Non-adjacent form

Quadratic residue

Legendre symbol

Embedded system

Oef

Finite field

Optimal extension field

Public-key

Cryptography

UCTD