Search Results Heading

MBRLSearchResults

mbrl.module.common.modules.added.book.to.shelf
Title added to your shelf!
View what I already have on My Shelf.
Oops! Something went wrong.
Oops! Something went wrong.
While trying to add the title to your shelf something went wrong :( Kindly try again later!
Are you sure you want to remove the book from the shelf?
Oops! Something went wrong.
Oops! Something went wrong.
While trying to remove the title from your shelf something went wrong :( Kindly try again later!
    Done
    Filters
    Reset
  • Discipline
      Discipline
      Clear All
      Discipline
  • Is Peer Reviewed
      Is Peer Reviewed
      Clear All
      Is Peer Reviewed
  • Item Type
      Item Type
      Clear All
      Item Type
  • Subject
      Subject
      Clear All
      Subject
  • Year
      Year
      Clear All
      From:
      -
      To:
  • More Filters
210 result(s) for "Sarkar, Santanu"
Sort by:
A new distinguishing attack on reduced round ChaCha permutation
This work concentrates on differential-linear distinguishing attacks on the prominent ARX-based permutation ChaCha. Here, we significantly improve the 7-round differential-linear distinguisher for ChaCha permutation by introducing a new path of linear approximation. We first introduce a new single-bit differential distinguisher for the 3.5th round of the permutation that assists us in inventing a new path for the differential-linear distinguisher. We show that one can distinguish a 7-round ChaCha permutation with time complexity of 2 207 . This improves the recent work of Coutinho et al. (in: Advances in Cryptology—ASIACRYPT 2022—28nd International Conference on the Theory and Application of Cryptology and Information Security, Taipei, Taiwan, December 5–9, 2012, Springer, 2022), which achieved time complexity 2 214 . We also propose a distinguisher for the 7.25-round of ChaCha permutation and this is the first distinguishing attack for more than 7-round of ChaCha permutation. We provide theoretical proofs and the corresponding experimental results for the linear approximations that we use for differential-linear distinguisher. We point out that the existing multibit distinguishing attacks on the cipher ChaCha are invalid. These attacks are worked only for the ChaCha permutation.
A note on the analysis of Herrmann–May lattices for small exponent RSA
At PKC 2010, Herrmann and May introduced a lattice-based method using unravelled linearization to achieve the theoretical bound d < N 1 - 1 2 for small RSA exponents. In this paper, we identify an error in their asymptotic analysis, revising the bound to d < N 0.292256 , which is strictly lower than the Boneh–Durfee bound N 1 - 1 2 . This error persisted for over 15 years. We also refine the Herrmann-May lattice construction, achieving the Boneh–Durfee bound while significantly reducing the Herrmann–May lattice’s dimension.
The Inverse of χ and Its Applications to Rasta-Like Ciphers
Rasta and Dasta are two fully homomorphic encryption friendly symmetric-key primitives proposed at CRYPTO 2018 and ToSC 2020, respectively. It can be found from the designers’ analysis that the security of the two ciphers highly relies on the high algebraic degree of the inverse of the n -bit χ operation denoted by χ n - 1 , while surprisingly the explicit formula of χ n - 1 has never been given in the literature. As the first contribution, for the first time, we give a very simple formula of χ n - 1 that can be written down in only one line and we prove its correctness in a rigorous way. Based on this formula of χ n - 1 , an obvious yet important weakness of the two ciphers can be identified, which shows that their security against the algebraic attack cannot be solely based on the high degree of χ n - 1 . Specifically, this weakness enables us to theoretically break two out of three instances of full Agrasta, which is the aggressive version of Rasta with the block size only slightly larger than the security level in bits. We further reveal that Dasta is more vulnerable against our attacks than Rasta because of its usage of a linear layer composed of an ever-changing bit permutation and a deterministic linear transform. Based on our cryptanalysis, the security margins of Dasta and Rasta parameterized with ( n , κ , r ) ∈ { ( 327 , 80 , 4 ) , ( 1877 , 128 , 4 ) , ( 3545 , 256 , 5 ) } are reduced to only 1 round, where n , κ and r denote the block size, the claimed security level and the number of rounds, respectively. These parameters are of particular interest as the corresponding ANDdepth is the lowest among those that can be implemented in reasonable time and target the same claimed security level.
Spread and asymmetry of typical quantum coherence and their inhibition in response to glassy disorder
We consider the average quantum coherences of typical redits and qudits—vectors of real and complex Hilbert spaces—with the analytical forms stemming from the symmetry of Haar-uniformly distributed random pure states. We subsequently study the response to disorder in spread of the typical quantum coherence in response to glassy disorder. The disorder is inserted in the state parameters. Even in the absence of disorder, the quantum coherence distributions of redits and qudits are not uniform over the range of quantum coherence, and the spreads are relatively lower for higher dimensions. On insertion of disorder, the spreads decrease. This decrease in the spread of quantum coherence distribution in response to disorder is seen to be a generic feature of typical pure states: we observe the feature for different strengths of disorder and for various types of disorder distributions, viz. Gaussian, uniform, and Cauchy–Lorentz. We also find that the quantum coherence distributions become less asymmetric with increase in dimension and with infusion of glassy disorder.
An automated model for differential meet in the middle attacks on AndRX ciphers
In recent years, research in block cipher cryptanalysis has been significantly influenced by the development of differential meet in the middle techniques. Originally put forward by Boura et al., this approach has proven to be both adaptable and effective for evaluating modern symmetric-key designs. It has since been successfully employed in the analysis of several block ciphers, including multiple variants of SKINNY , CRAFT , and AES . However, identifying such attacks manually–especially on bit-oriented ciphers with large block sizes–can be a complex and error-prone process, which underscores the growing importance of automated solutions in this domain. To address these challenges, we develop an automated framework that systematically searches for and optimizes differential meet in the middle attacks on bit-oriented block ciphers. Our approach is specifically tailored to AndRX-based constructions, enabling the efficient identification of attack configurations that would be difficult to derive manually. Our method relies on a constraint-based formulation that automatically identifies optimal single-key differential characteristics in AndRX ciphers. Building on this, we propose a unified bitwise CP model to automatically construct optimized differential MITM attacks within the same design framework. Furthermore, we incorporate two dedicated optimization strategies–namely, the equivalent subkey technique and the selective key guessing technique –both of which are tailored to the structural properties of AndRX ciphers and significantly enhance key recovery efficiency. Additionally, we apply two additional optimization techniques: the parallel partitioning technique and reducing data with imposed conditions techniques to further enhance the differential MITM attack on AndRX ciphers. We validate the practicality of our approach through an extensive evaluation on the full SIMON and Simeck families, which are well-known instances of AndRX-based block ciphers. Our analysis leads to enhanced attack results compared to previously reported findings. In particular, our findings extend the round coverage beyond that achieved by previously reported classical meet in the middle and Demirci–Selçuk–type attacks for the respective variants of SIMON and Simeck . These findings highlight the strength and flexibility of our automated tool. Notably, our automated framework for constructing differential meet in the middle attacks works at the bit level and is generic in design, allowing it to be applied to a wide range of bit-oriented block ciphers beyond the AndRX family.
Implementing Grover’s on AES-based AEAD schemes
Extensive research is currently underway to determine the security of existing ciphers in light of the advancements in quantum computing. Against symmetric key cryptography, Grover’s search algorithm is a prominent attack, capable of reducing search costs to the square root. For using Grover’s algorithm, it is imperative to embed the target cipher into a quantum circuit. Even so, this area of research is relatively new; it has garnered significant attention from the research community. In this study, we provide the first estimation of the cost of Grover’s key search attack against the AES-based AEAD schemes Rocca-S, AEGIS-128, and Tiaoxin-346. Our analysis considers circuit depth restrictions specified in NIST’s PQC standardization process. Considering NIST’s maximum depth constraints, We present the overall cost of these attacks using gate count and depth-times-width metrics. We observed that for MAXDEPTH = 2 40 , Rocca-S, AEGIS-128, and Tiaoxin-346 can be retrieved using Grover’s search algorithm with gate count of 1.09 × 2 253 , 1.14 × 2 124 , and 1.22 × 2 124 respectively. Concerning the current updated values by NIST, these ciphers are secure in terms of the cost of implementing Grover’s attack for key recovery. The quantum circuits of these ciphers are implemented using QISKIT, an open-source software development kit (SDK) designed for working with quantum computers running on the IBM Quantum Experience platform.
Augmented sets of output differences and new distinguishers for SPN ciphers
We introduce augmented vector spaces of output differences , new generic and black-box distinguishers for Substitution Permutation Network (SPN) ciphers. Our distinguishers are based on a novel method of constructing a vector of size n ( d ) bits from a given vector of size n bits, where n ( d ) = ∑ i = 1 d n i and d is a positive integer. We list all such n ( d ) -bit vectors into a set called the corresponding d th - order augmented set and define its linear span as the corresponding d th -order augmented vector space . These sets are related to Reed-Muller codes and we prove that the rank of linear span of d th -order augmented set is n ( d ) using Reed-Muller codes. We then experimentally estimate the number of n -bit vectors required to span augmented vector spaces of output differences. Following these results, we give a generic and efficient algorithm to compute d th -order augmented vector space (of difference sets) for substitution permutation network ciphers. We apply our algorithm to lightweight ciphers GIFT, PRESENT and SKINNY and provide in-depth comparison of round-reduced ciphers’ distinguishers with random sets. Most notably, our new distinguishers for these ciphers cover more rounds than the subspace trails.
Proving the biases of Salsa and ChaCha in differential attack
Salsa and ChaCha are two of the most famous stream ciphers in recent times. Most of the attacks available so far against these two ciphers are differential attacks, where a difference is given as an input in the initial state of the cipher and in the output some correlation is investigated. This correlation works as a distinguisher. All the key recovery attacks against these ciphers are based on these observed distinguishers. However, the distinguisher in the differential attack was purely an experimental observation, and the reason for this bias was unknown so far. In this paper, we provide a full theoretical proof of both the observed distinguishers for Salsa and ChaCha. In the key recovery attack, the idea of probabilistically neutral bit also plays a vital role. Here, we also theoretically explain the reason of a particular key bit of Salsa to be probabilistically neutral. This is the first attempt to provide a theoretical justification of the idea of differential key recovery attack against these two ciphers.
An on-chip partial self-healing calibration technique for 10-bit reused distributed current steering DAC
This paper introduces an on-chip partial self-healing technique that address the mismatch-constraints in current steering digital-to-analog converters (CS-DACs) with reused distributed architecture. In contrast to the conventional calibration techniques, this method provides the flexibility to decide the combination of current cell matrices depending up-on the percentage of mismatch error and attain satisfactory static linearity. A novel current comparator is also proposed, which can detect a very low mismatch current. To validate the proposed technique, a 10-bit CS-DAC is designed with on-chip partial self-healing method using 180 nm CMOS process. The core area of the DAC is 0.64 mm 2 including 0.1 mm 2 calibration unit area with 22.4 mW power dissipation. With partial self-healing, the mismatch simulated INL and DNL value of the CS-DAC is 0.47 and 0.24 least significant bits (LSB), respectively, which shows more than 66% improvements. The proposed CS-DAC achieves 65.24 dB spurious free dynamic range (SFDR) for 53 MHz input signal with 500 MSPS sampling rate.
A state bit recovery algorithm with TMDTO attack on Lizard and Grain-128a
We propose a deterministic algorithm to recover some state bits of any FSR-based stream cipher knowing some keystream bits by fixing some state bits. This algorithm searches for the number of fixing bits as minimum as possible. Applying the algorithm, we could recover 10,11,…,24 state bits by fixing 10, 12, 14, 16, 18, 20, 22, 24, 38, 40, 42, 44, 46, 48, 50 state bits respectively for Lizard and 35, 48 state bits by fixing 34, 54 state bits respectively for Grain-128a. The result on Lizard beats the previous result, which can recover 14 state bits by fixing 30 state bits and the result on Grain-128a is the first one in this direction. Further, we present the Time-Memory-Data Trade-Off (TMDTO) curve by using the number of recovering and fixing state bits. Then we use the obtained results on the number of recovering and fixing state bits of Lizard and Grain 128a to implement the TMDTO attack to recover other state bits of these two ciphers. Our results supersede the previous result by Maitra et al. (IEEE Trans Comput 67(5):733–739, 2018) (i.e., T=M=D=254 ) on TMDTO attack on Lizard. The best results for Lizard are T=M=254,D=248 which requires 64 times lesser data than in Maitra et al. (IEEE Trans Comput 67(5):733–739, 2018); T=252,M=D=253 or, D=252,M=T=253 which improves the minimization of maxT,M,D ; T=250,M=D=254 , which reduces the time complexity by 16 times than in Maitra et al. (IEEE Trans Comput 67(5):733–739, 2018); T=242,M=D=260 which reduces the time complexity by 218 times with respect to overall complexity of Lizard claimed by Hamann et al. in FSE 2017.