WoS İndeksli Yayınlar Koleksiyonu / WoS Indexed Publications Collection
Permanent URI for this collectionhttps://hdl.handle.net/11147/7150
Browse
8 results
Search Results
Conference Object Citation - WoS: 1Citation - Scopus: 1Robust and Energy-Efficient Hardware Architectures for Dizy Stream Cipher(IEEE, 2024) Schmid, Martin; Arul, Tolga; Kavun, Elif Bilge; Regazzoni, Francesco; Kara, OrhunIn the era of ubiquitous computing, efficient and secure implementations of cryptographic hardware are crucial. This paper extends the hardware implementations of a Small Internal State Stream (SISS) cipher, namely DIZY. Previous work shows that DIZY's hardware performance, in terms of area cost and power consumption, is among the best when compared to notable stream ciphers, especially for frame-based encryptions requiring frequent initialization. In this study, we initially optimize the existing hardware implementation and then evaluate the energy efficiency of DIZY. We implement different unrolled versions of DIZY and analyze their energy consumption. Furthermore, we address physical security by integrating masking techniques into the DIZY S-box to protect the implementation against side-channel attacks. We thoroughly investigate the associated overhead and apply optimizations to reduce it, ensuring robust security without compromising efficiency. Our results present a secure, energy-efficient, and lightweight cryptographic hardware design for the stream cipher DIZY, making it suitable for various applications, including Internet of Things (IoT) and embedded systems.Correction Citation - WoS: 1A New Construction Method for Keystream Generators (vol 18, Pg 3735, 2023)(Ieee-inst Electrical Electronics Engineers inc, 2024) Gul, Cagdas; Kara, OrhunThe authors would like to extend their apologies for the inadvertent inclusion of an erroneous index of the matrix ${M}$ for DIZY-80 in [1]. We sincerely regret any inconvenience caused by this typographical error and appreciate the chance to rectify it.Article Citation - Scopus: 1Lower Data Attacks on Advanced Encryption Standard(Turkiye Klinikleri, 2024) Kara, OrhunThe Advanced Encryption Standard (AES) is one of the most commonly used and analyzed encryption algorithms. In this work, we present new combinations of some prominent attacks on AES, achieving new records in data requirements among attacks, utilizing only $2^4 and 2^{16}$ chosen plaintexts (CP) for 6-round and 7-round AES- 192/256, respectively. One of our attacks is a combination of a meet-in-the-middle (MiTM) attack with a square attack mounted on 6-round AES-192/256 while another attack combines an MiTM attack and an integral attack, utilizing key space partitioning technique, on 7-round AES-192/256. Moreover, we illustrate that impossible differential (ID) attacks can be viewed as the dual of MiTM attacks in certain aspects which enables us to recover the correct key using the meet-in-the-middle (MiTM) technique instead of sieving through all potential wrong keys in our ID attack. Furthermore, we introduce the constant guessing technique in the inner rounds which significantly reduces the number of key bytes to be searched. The time and memory complexities of our attacks remain marginal.Article Citation - WoS: 2Square Impossible Differential Attack and Security of Aes in Known Plaintext Scenario(Taylor & Francis inc, 2024) Kara, OrhunIn this work, we examine the security of the 8-round AES, under the known plaintext attack scenario, a type of cryptographic attack in which an attacker has access to the plaintext and corresponding ciphertext pairs. We present an innovative impossible differential (ID) attack technique, which utilizes a specific ID characteristic, to perform the first known plaintext attack on the 8-round AES with a 256-bit key. Additionally, we propose a new attack methodology, known as the Square Impossible Differential (SID) attack, to enhance the effectiveness of the ID attacks on AES in chosen ciphertext or plaintext scenarios. The SID attack is a combination of a square attack and an ID attack. Our methodology introduces various new approaches, including the key indicator vectors, eliminating the key candidate through the Meet-in-The-Middle technique and mounting the guess and determine attack through the hash tables for the two-round decryption of one column of AES while determining the subkeys constituting the impossible differential characteristic for a given plaintext/ciphertext difference pair. Our approach demonstrates lower computational complexity compared to previous methods, and our analysis shows that the complexities of our known plaintext attack and SID attack are estimated to be 2220 and 2209, respectively.Article Citation - WoS: 1Citation - Scopus: 2New Security Proofs and Complexity Records for Advanced Encryption Standard(IEEE-Inst Electrical Electronics Engineers Inc, 2023) Kara, OrhunCommon block ciphers like AES specified by the NIST or KASUMI (A5/3) of GSM are extensively utilized by billions of individuals globally to protect their privacy and maintain confidentiality in daily communications. However, these ciphers lack comprehensive security proofs against the vast majority of known attacks. Currently, security proofs are limited to differential and linear attacks for both AES and KASUMI. For instance, the consensus on the security of AES is not based on formal mathematical proofs but on intensive cryptanalysis over its reduced rounds spanning several decades. In this work, we introduce new security proofs for AES against another attack method: impossible differential (ID) attacks. We classify ID attacks as reciprocal and nonreciprocal ID attacks. We show that sharp and generic lower bounds can be imposed on the data complexities of reciprocal ID attacks on substitution permutation networks. We prove that the minimum data required for a reciprocal ID attack on AES using a conventional ID characteristic is 2(66) chosen plaintexts whereas a nonreciprocal ID attack involves at least 2(88) computational steps. We mount a nonreciprocal ID attack on 6-round AES for 192-bit and 2(56)-bit keys, which requires only 2(18) chosen plaintexts and outperforms the data complexity of any attack. Given its marginal time complexity, this attack does not pose a substantial threat to the security of AES. However, we have made enhancements to the integral attack on 6-round AES, thereby surpassing the longstanding record for the most efficient attack after a period of 23 years.Article Citation - WoS: 5Citation - Scopus: 4A New Construction Method for Keystream Generators(IEEE, 2023) Gül, Çağdaş; Kara, OrhunWe introduce a new construction method of diffusion layers for Substitution Permutation Network (SPN) structures along with its security proofs. The new method can be used in block ciphers, stream ciphers, hash functions, and sponge constructions. Moreover, we define a new stream cipher mode of operation through a fixed pseudorandom permutation and provide its security proofs in the indistinguishability model. We refer to a stream cipher as a Small Internal State Stream (SISS) cipher if its internal state size is less than twice its key size. There are not many studies about how to design and analyze SISS ciphers due to the criterion on the internal state sizes, resulting from the classical tradeoff attacks. We utilize our new mode and diffusion layer construction to design an SISS cipher having two versions, which we call DIZY. We further provide security analyses and hardware implementations of DIZY. In terms of area cost, power, and energy consumption, the hardware performance is among the best when compared to some prominent stream ciphers, especially for frame-based encryptions that need frequent initialization. Unlike recent SISS ciphers such as Sprout, Plantlet, LILLE, and Fruit; DIZY does not have a keyed update function, enabling efficient key changing. © 2005-2012 IEEE.Article Citation - WoS: 1Citation - Scopus: 1Plaintext Recovery and Tag Guessing Attacks on Authenticated Encryption Algorithm Colm(Elsevier, 2022) Ulusoy, Sırrı Erdem; Kara, Orhun; Efe, Mehmet ÖnderThere are three main approaches related to cryptanalysis of Authenticated Encryption with Associated Data (AEAD) algorithms: Simulating the encryption oracle (universal forgery attack), simulating the decryption oracle (plaintext recovery attack) and producing the valid tag of a given ciphertext (tag guessing attack). In this work, we analyze the security of COLM in these approaches. COLM is one of the AEAD algorithms chosen in the final portfolio for defense-in-depth use case of the CAESAR competition. The ciphers in this portfolio are supposed to provide robust security with their multiple layered defense mechanisms. The main motivation of this work is to examine if COLM indeed satisfies defense-in-depth security. We make cryptanalysis of COLM, particularly in the chosen ciphertext attack (CCA) scenario, once its secret whitening parameter L=EK(0) is recovered. To the best of our knowledge, we give the first example of querying an EME/EMD (Encrypt-linearMix-Encrypt/Decrypt) AEAD scheme in its decryption direction for arbitrary ciphertexts, not produced previously by the oracle, namely either a forgery or tag guessing attack. We construct SEBC/SDBC (Simulation models of the Encryption/Decryption oracles of the underlying Block Cipher) of COLM, thereby forming the first examples of these models of an authenticated EME scheme simultaneously. The combination of our SEBC/SDBC is a powerful tool to mount a universal forgery attack, a tag guessing attack and a plaintext recovery attack. All of these attacks have polynomial time complexities once L is recovered in the offline phase, indicating that the security of COLM against plaintext recovery and tag guessing attacks is limited by the birthday bound. Apart from exploiting SEBC/SDBC, we mount a pair of plaintext recovery attacks and another universal forgery attack. Finally, we make some suggestions to prevent our attacks.Article Citation - WoS: 2Citation - Scopus: 3Integral Characteristics by Keyspace Partitioning(Springer, 2022) Demirbaş, Fatih; Kara, OrhunIn this work, we introduce a new method we call integral by keyspace partitioning to construct integral characteristics for some block ciphers by introducing new integral properties. We introduce the concepts of active with constant difference and identically active integral properties. Then, we divide the key space into equivalence classes and construct integral characteristics for each equivalence class individually by using these integral properties. We exploit the binary diffusion layer and key schedule algorithm of a block cipher to propagate these integral properties through rounds. We apply the new method to the Byte-oriented Substitution-Permutation Network (BSPN) cipher and Midori64 to show its effectiveness. We construct the first iterative integral characteristic for a block cipher to the best of our knowledge. We extend this iterative characteristic for the (M, n)-(BSPN) block cipher where each block of BSPN contains M number of n× n S-Boxes with the block and key sizes M· n. Using at most (M-12)+1 (only 106 when M= 16) chosen plaintexts, we mount key recovery attacks for the first time on BSPN and recover the key for the full round. The time complexity of the key recovery is almost independent of the number of rounds. We also use our method to construct an integral characteristic for Midori64, which can be utilized for a key recovery attack on 11-round Midori64. Our results impose a new security criteria for the design of the key schedule algorithm for some block ciphers.