Cryptanalysis of lightweight symmetric-key cryptographic algorithms
Lightweight symmetric-key cryptography has gained significant traction in the recent years due to the rapid proliferation of resource-constrained devices and the increase in demand for secure communication and data protection in multiple domains. In response to the growing need, NIST, the Nationa...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis-Doctor of Philosophy |
| Language: | English |
| Published: |
Nanyang Technological University
2024
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/173124 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | Lightweight symmetric-key cryptography has gained significant traction in the recent
years due to the rapid proliferation of resource-constrained devices and the increase in
demand for secure communication and data protection in multiple domains. In response
to the growing need, NIST, the National Institute of Standards and Technology, has issued
a call to standardize lightweight cryptographic algorithms. The aim is to search a secure
algorithm with low implementation cost that is suitable for use in constrained environments.
With that in mind, many cryptographers gravitate towards designs that push the
boundaries of what is considered secure. Complementing with the fact that these designs
may one day become the next standard to be used by the industry, a thorough security
analysis of these algorithms has to be conducted. In this thesis, we focus on the cryptanalysis
of lightweight symmetric-key ciphers. This thesis contains three content-based
chapters. First, we look at how we can use constraint programming as an automated
tool to search for differential characteristics. Using these differential characteristics, we
construct differential-based distinguishers for round-reduced ASCON permutation, build
forgeries for ASCON-128 authenticated encryption scheme, and form a collision attack
on ASCON-HASH. Second, we turn to neural distinguishers; a new type of distinguisher
that is based on deep neural networks was introduced at CRYPTO’19. We examine the
inner workings of the neural distinguishers and give an explanation as to what the neural
distinguishers are using to detect and distinguish real ciphertext pairs from a uniform
distribution. We then construct conventional distinguishers (not based on deep neuralnetwork)
that are on par with the neural distinguishers in terms of accuracy. Finally, we
return to a basic assumption that most cryptanalysts use when constructing differential
characteristics: the Markov cipher assumption. We question the validity of many differential
characteristics in the literature and found that many differential characteristics
for the GIFT and SKINNY family of ciphers are in fact invalid. We also developed a
tool that can automatically analyze such incompatibilities in differential characteristics
of GIFT and SKINNY ciphers. For SKINNY, our tool is even able to give an estimated
probability distribution based on the constraints we have detected. Eventually, we gave
suggestions as to how these constraints can be incorporated into automated tools to improve
the correctness of differential characteristics produced. |
|---|