蔡祺,杨小虎

DOI: https://doi.org/10.3969/j.issn.1000-3428.2010.18.093

2010-01-01

Abstract:By analyzing the problems while transmitting securities trading data,necessity of data compression is indicated.This paper proposes a hybrid arithmetic coding for messages of Securities Trading Exchange Protocol(STEP).The coding improves adaptive binary arithmetic coding by using template-based binarization scheme and independent source model.Experimental results show that hybrid arithmetic coding provides a much better compression ratio and slightly faster processing time than adaptive binary arithmetic coding.

Hung-Min Sun,King-Hang Wang

DOI: https://doi.org/10.1109/wcse.2009.849

2009-01-01

Abstract:The requirements for encrypting multimedia files are very different than general purpose symmetric encryptions. With constraints including low computation power, minimum data size, and resilient to chosen ciphertext attacks, neither common block ciphers like DES/AES nor other stream ciphers are applicable to protect multimedia files. Recently, many works have been proposed to compress and encrypt these files simultaneously. However, most of them are found with severe security deficits. In this paper, we present a novel and efficient scheme to jointly compress and encrypt multimedia files base on arithmetic code. Compare to other proposed schemes, only our scheme introduces the diffusion property, which further enhances the security of the code. At the end of the paper, varies properties of the scheme are also discussed to prove that the scheme is suitable for compressing and encrypting multimedia files.

Xinjie Zhao,Shize Guo,Fan Zhang,Tao Wang,Zhijie Shi,Hao Luo

DOI: https://doi.org/10.1587/transfun.e96.a.332

2012-01-01

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:This paper proposes several improved Side-channel cube attacks (SCCAs) on PRESENT-80/128 under single bit leakage model. Assuming the leakage is in the output of round 3 as in previous work, we discover new results of SCCA on PRESENT. Then an enhanced SCCA is proposed to extract key related non-linear equations. 64-bit key for both PRESENT-80 and 128 can be obtained. To mount more effective attack, we utilize the leakage in round 4 and enhance SCCA in two ways. A partitioning scheme is proposed to handle huge polynomials, and an iterative scheme is proposed to extract more key bits. With these enhanced techniques, the master key search space can be reduced to 28 for PRESENT-80 and to 229 for PRESENT-128.

Xinjie Zhao,Tao Wang,Shize Guo,Fan Zhang,Zhijie Shi,Huiying Liu,Kehui Wu

2011-01-01

Abstract:Introduced in 2009, Algebraic Side-Channel Attack (ASCA) has become a very effective cryptanalysis technique that is different from conventional side-channel attacks such as DPA and CPA. In this paper, we propose an innovative and generic attack framework named as SATETASCA (SAT based Error Tolerant Algebraic Side-Channel Attack). The proposed framework is effective even if the leakage information is not accurate and has large variants or errors. We show its generality by successfully launching SAT-ETASCA to AES on two different platforms, using different types of leakages. The first attack is to an AES implementation on an 8-bit microcontroller, using the Hamming weight leakage model. We demonstrate that SAT-ETASCA can recover the full key even when the obtained leakage information has about 60% errors. The second attack is based on an innovative idea of applying the external cache …

ZHAO Xin-jie,GUO Shi-ze,WANG Tao,ZHANG Fan

DOI: https://doi.org/10.3969/j.issn.1671-1742.2012.06.001

2012-01-01

Abstract:The security of EPCBC,a lightweight block cipher proposed in CANS 2011,against the side-channel cube attack is evaluated by combining cube cryptanalysis with side-channel attack under the 8-bit Hamming weight leakage model.Under the black-box attack scenario,the adversary firstly generates random cube and superpoly.Then the cube is used to generate chosen plaintexts.The adversary deduces one bit of the intermediate state from the side-channel attack for each chosen plaintext and computes the high order differences of these one bit values to verify the relations between the cube and superpoly.Simulation experiments are launched on two variants of EPCBC with different block lengths.The results demonstrate that the unprotected implementation of EPCBC is vulnerable to side-channel cube attacks.If the adversary can accurately deduce the Hamming weight of the intermediate states from the side-channel leakages,many cubes and superpolys can be extracted and used for key recovery.372 chosen plaintexts can recover 48-bit of the master key for EPCBC(48,96) and reduce the key search space to 248.610 chosen plaintexts can recover full 96-bit of the master key for EPCBC(96,96) directly.The techniques of this paper can provide certain references to black-box side-channel cube attacks on other block ciphers.

Qianmei Wu,Wei Cheng,Sylvain Guilley,Fan Zhang,Wei Fu

DOI: https://doi.org/10.46586/tches.v2022.i3.192-222

2022-01-01

IACR Transactions on Cryptographic Hardware and Embedded Systems

Abstract:Code-based masking is a highly generalized type of masking schemes, which can be instantiated into specific cases by assigning different encoders. It captivates by its side-channel resistance against higher-order attacks and the potential to withstand fault injection attacks. However, similar to other algebraically-involved masking schemes, code-based masking is also burdened with expensive computational overhead. To mitigate such cost and make it efficient, we contribute to several improvements to the original scheme proposed by Wang et al. in TCHES 2020. Specifically, we devise a computationally friendly encoder and accordingly accelerate masked gadgets to leverage efficient implementations. In addition, we highlight that the amortization technique introduced by Wang et al. does not always lead to efficient implementations as expected, but actually decreases the efficiency in some cases. From the perspective of practical security, we carry out an extensive evaluation of the concrete security of code-based masking in the real world. On one hand, we select three representative variations of code-based masking as targets for an extensive evaluation. On the other hand, we aim at security assessment of both encoding and computations to investigate whether the state-of-the-art computational framework for code-based masking reaches the security of the corresponding encoding. By leveraging both leakage assessment tool and side-channel attacks, we verify the existence of “security order amplification” in practice and validate the reliability of the leakage quantification method proposed by Cheng et al. in TCHES 2021. In addition, we also study the security decrease caused by the “cost amortization” technique and redundancy of code-based masking. We identify a security bottleneck in the gadgets computations which limits the whole masked implementation. To the best of our knowledge, this is the first time that allows us to narrow down the gap between the theoretical security order under the probing model (sometimes with simulation experiments) and the concrete side-channel security level of protected implementations by code-based masking in practice.

Xinjie Zhao,Shize Guo,Fan Zhang,Tao Wang,Zhijie Shi,Huiying Liu,Keke Ji,Jing Huang

DOI: https://doi.org/10.1016/j.jss.2012.11.007

IF: 3.5

2013-01-01

Journal of Systems and Software

Abstract:The side-channel cube attack (SCCA) is a powerful cryptanalysis technique that combines the side-channel and cube attack. This paper proposes several advanced techniques to improve the Hamming weight-based SCCA (HW-SCCA) on the block cipher PRESENT. The new techniques utilize non-linear equations and an iterative scheme to extract more information from leakage. The new attacks need only 2^8^.^9^5 chosen plaintexts to recover 72 key bits of PRESENT-80 and 2^9^.^7^8 chosen plaintexts to recover 121 key bits of PRESENT-128. To the best of our knowledge, these are the most efficient SCCAs on PRESENT-80/128. To show the feasibility of the proposed techniques, real attacks have been conducted on PRESENT on an 8-bit microcontroller, which are the first SCCAs on PRESENT on a real device. The proposed HW-SCCA can successfully break PRESENT implementations even if they have some countermeasures such as random delay and masking.

Hung -Min Sun,Shiuh -Pyng Shieh

DOI: https://doi.org/10.1007/bfb0053722

1998-01-01

Abstract:Recently J. and R.M. Campello de Souza proposed a private-key encryption scheme based on the product codes with the capability of correcting a special type of structured errors. In this paper, we show that J. and R.M. Campello de Souza's scheme is insecure against chosen-plaintext attacks, and consequently propose a secure modified scheme.

Nivedita Shrivastava,Smruti R. Sarangi

DOI: https://doi.org/10.48550/arXiv.2306.06949

2023-06-12

Abstract:We live in a data-driven era that involves the generation, collection and processing of a massive amount of data. This data often contains valuable intellectual property and sensitive user information that must be safeguarded. There is a need to both encrypt and compress the data at line speed and sometimes with added power constraints. The majority of the currently available simultaneous compression and encryption (SCE) schemes are tailored for a specific type of data such as images for instance. This reduces their generic applicability. In this paper, we tackle this issue and propose a generic, efficient, and secure simultaneous compression and encryption scheme where the data is simultaneously encrypted using chaotic maps and compressed using a fast lossless compression algorithm. We claim that employing multiple chaotic maps and a lossless compression method can help us create not only an efficient encryption scheme but also compress the data efficiently in a hardware-friendly manner. We avoid all the known pitfalls of chaos theory based encryption that have prevented its widespread usage. Our algorithm passes all the NIST tests for nine different types of popular datasets. The proposed implementation uses 1.51x less storage as compared to the nearest computing work.

Cryptography and Security

Fan Zhang,Zhijie Jerry Shi

DOI: https://doi.org/10.1109/ITNG.2008.183

2008-01-01

Abstract:Elliptic curve cryptography (ECC) has been adopted in many systems because it requires shorter keys than traditional public-key algorithms in primary fields. However, power analysis attacks can exploit the power consumption of ECC devices to retrieve secret keys. In this paper, we propose an efficient window-based countermeasure that is secure against existing power analysis attacks. Compared to previous counter- measures, our method has low memory overhead, requiring only a table of w+1 entries when the window size is w bits. It also has better performance than many algorithms that perform one point addition or subtraction for every bit in the scalar.

Gregory V. Bard,Nicolas T. Courtois,Jorge Nakahara Jr,Pouyan Sepehrdad,Bingsheng Zhang

DOI: https://doi.org/10.1007/978-3-642-17401-8_14

2010-01-01

Abstract:This paper presents the first results on AIDA/cube, algebraic and side-channel attacks on variable number of rounds of all members of the KATAN family of block ciphers. Our cube attacks reach 60, 40 and 30 rounds of KATAN32, KATAN48 and KATAN64, respectively. In our algebraic attacks, we use SAT solvers as a tool to solve the quadratic equations representation of all KATAN ciphers. We introduced a novel pre-processing stage on the equations system before feeding it to the SAT solver. This way, we could break 79, 64 and 60 rounds of KATAN32, KATAN48, KATAN64, respectively. We show how to perform side channel attacks on the full 254-round KATAN32 with one-bit information leakage from the internal state by cube attacks. Finally, we show how to reduce the attack complexity by combining the cube attack with the algebraic attack to recover the full 80-bit key. Further contributions include new phenomena observed in cube, algebraic and side-channel attacks on the KATAN ciphers. For the cube attacks, we observed that the same maxterms suggested more than one cube equation, thus reducing the overall data and time complexities. For the algebraic attacks, a novel pre-processing step led to a speed up of the SAT solver program. For the side-channel attacks, 29 linearly independent cube equations were recovered after 40-round KATAN32. Finally, the combined algebraic and cube attack, a leakage of key bits after 71 rounds led to a speed up of the algebraic attack.

Xiaoxuan Lou,Fan Zhang,Guorui Xu,Ziyuan Liang,Xinjie Zhao,Shize Guo,Kui Ren

DOI: https://doi.org/10.1007/978-3-030-42921-8_29

2020-01-01

Abstract:Block ciphers with Feistel structures are vulnerable to a specific type of cache attacks named differential cache attacks. The attacks leverage side-channel leakages from cache and differential property of cipher component to reveal the master key of cipher. In this paper, we combine the algebraic analysis to enhance the attacks, and propose a novel method named Algebraic Differential Cache Attack (ADCA). By converting both cipher and cache leakages to algebraic equations, ADCA can reveal the cipher key automatically with the help of the SAT solver, which allows the analysis on much deeper rounds and makes a considerable reduction in attack complexity. When it is applied to the block cipher SM4, 10 plaintexts are enough to reveal the master key in 8-rounds analysis, while the traditional differential cache attack needs 20 ones. Finally, to eliminate the impact from noise, an error-tolerant method is proposed to deduce cache events from the leakage traces. It vastly enhances the robustness of attack, and makes the attack more practical. The experimental results show that the error-tolerant ADCA can correctly reveal the master key even when the uncertainty rate of cache events reaches to 60%.

Hongbo Yu,Xiaoyun Wang

DOI: https://doi.org/10.1007/978-3-642-22497-3_11

2011-01-01

Abstract:SIMD is one of the second round candidates of the SHA-3 competition hosted by NIST. In this paper, we present the first attack for the compression function of the reduced SIMD-256 and the full SIMD-512 (the tweaked version) using the modular difference method. For SIMD256, we give a free-start near collision attack on the compression function reduced to 20 steps with complexity 2(116). And for SIMD-512, we give a free-start near collision attack on the 24-step compression function with complexity 2(235). Furthermore, we give a distinguisher attack for the full compression function of SIMD-512 with complexity 2(475). Our attacks are also applicable for the final compression function of SIMD.

Yasutada Oohama,Bagus Santoso

2024-05-13

Abstract:We study the universal coding under side-channel attacks posed and investigated by Oohama and Santoso (2022). They proposed a theoretical security model for Shannon cipher system under side-channel attacks, where the adversary is not only allowed to collect ciphertexts by eavesdropping the public communication channel, but is also allowed to collect the physical information leaked by the devices where the cipher system is implemented on such as running time, power consumption, electromagnetic radiation, etc. For any distributions of the plain text, any noisy channels through which the adversary observe the corrupted version of the key, and any measurement device used for collecting the physical information, we can derive an achievable rate region for reliability and security such that if we compress the ciphertext with rate within the achievable rate region, then: (1) anyone with secret key will be able to decrypt and decode the ciphertext correctly, but (2) any adversary who obtains the ciphertext and also the side physical information will not be able to obtain any information about the hidden source as long as the leaked physical information is encoded with a rate within the rate region.

Information Theory

Weijun Shan,Lihui Wang,Qing Li,Limin Guo,Shanshan Liu,Zhimin Zhang

DOI: https://doi.org/10.1109/CIS.2014.57

2014-01-01

Abstract:In this paper, we will present a chosen-plaintext method of CPA on SM4 block cipher. This attack consists of a chosen-plaintext method and a transformed CPA attack. The chosen-plaintext method is used to decrease the computation complexity to guess the round register value and the transformed CPA attack is introduced to improve the effect of CPA attack. We accomplished hardware implement on Sasebo-Gii and power analysis, whose result proved that it takes 5000 traces to recover the key successfully by our method, while the normal CPA method needs 270000 traces.

Zijian Liang,Kai Niu,Jin Xu,Ping Zhang

2024-01-26

Abstract:Recent semantic communication methods explore effective ways to expand the communication paradigm and improve the system performance of the communication systems. Nonetheless, the common problem of these methods is that the essence of semantics is not explicitly pointed out and directly utilized. A new epistemology suggests that synonymy, which is revealed as the fundamental feature of semantics, guides the establishment of the semantic information theory from a novel viewpoint. Building on this theoretical basis, this paper proposes a semantic arithmetic coding (SAC) method for semantic lossless compression using intuitive semantic synonymy. By constructing reasonable synonymous mappings and performing arithmetic coding procedures over synonymous sets, SAC can achieve higher compression efficiency for meaning-contained source sequences at the semantic level and thereby approximate the semantic entropy limits. Experimental results on edge texture map compression show an evident improvement in coding efficiency using SAC without semantic losses, compared to traditional arithmetic coding, which demonstrates its effectiveness.

Information Theory

WANG Xuan,XIE Ting-jun,LU Jian-hua

DOI: https://doi.org/10.3321/j.issn:0372-2112.2007.02.021

2007-01-01

Abstract:Arithmetic coding is widely adopted in the state-of-art multimedia compression schemes due to its high coding efficiency.Unfortunately,arithmetic codes are extremely vulnerable to channel errors because of the error propagation property.In this paper,arithmetic decoder is modeled as a finite state machine(FSM),and a sequential decoding algorithm is contrived by utilizing maximum a-posteriori(MAP) estimation rule.The FSM is responsible for a-priori probability estimation and error detection.Simulations with memoryless sources and JPEG2000 images show that the algorithm improves the system performance with reduced sequence error rate and enhanced quality of reconstructed images.

Sanjit Bhowmick,Deepak Kumar Dalai,Sihem Mesnager

2023-11-02

Abstract:Linear complementary dual (LCD) codes and linear complementary pairs (LCP) of codes have been proposed for new applications as countermeasures against side-channel attacks (SCA) and fault injection attacks (FIA) in the context of direct sum masking (DSM). The countermeasure against FIA may lead to a vulnerability for SCA when the whole algorithm needs to be masked (in environments like smart cards). This led to a variant of the LCD and LCP problems, where several results have been obtained intensively for LCD codes, but only partial results have been derived for LCP codes. Given the gap between the thin results and their particular importance, this paper aims to reduce this by further studying the LCP of codes in special code families and, precisely, the characterisation and construction mechanism of LCP codes of algebraic geometry codes over finite fields. Notably, we propose constructing explicit LCP of codes from elliptic curves. Besides, we also study the security parameters of the derived LCP of codes $(\mathcal{C}, \mathcal{D})$ (notably for cyclic codes), which are given by the minimum distances $d(\mathcal{C})$ and $d(\mathcal{D}^\perp)$. Further, we show that for LCP algebraic geometry codes $(\mathcal{C},\mathcal{D})$, the dual code $\mathcal{C}^\perp$ is equivalent to $\mathcal{D}$ under some specific conditions we exhibit. Finally, we investigate whether MDS LCP of algebraic geometry codes exist (MDS codes are among the most important in coding theory due to their theoretical significance and practical interests). Construction schemes for obtaining LCD codes from any algebraic curve were given in 2018 by Mesnager, Tang and Qi in [``Complementary dual algebraic geometry codes", IEEE Trans. Inform Theory, vol. 64(4), 2390--3297, 2018]. To our knowledge, it is the first time LCP of algebraic geometry codes has been studied.

Information Theory

Yucheng Liu,Parastoo Sadeghi,Neda Aboutorab,Arman Sharififar

DOI: https://doi.org/10.48550/arXiv.2001.07296

2020-04-15

Abstract:Index coding is concerned with efficient broadcast of a set of messages to receivers in the presence of receiver side information. In this paper, we study the secure index coding problem with security constraints on the receivers themselves. That is, for each receiver there is a single legitimate message it needs to decode and a prohibited message list, none of which should be decoded by that receiver. To this end, our contributions are threefold. We first introduce a secure linear coding scheme, which is an extended version of the fractional local partial clique covering scheme that was originally devised for non-secure index coding. We then develop two information-theoretic bounds on the performance of any valid secure index code, namely secure polymatroidal outer bound (on the capacity region) and secure maximum acyclic induced subgraph lower bound (on the broadcast rate). The structure of these bounds leads us to further develop two necessary conditions for a given index coding problem to be securely feasible (i.e., to have nonzero rates).

Information Theory

Muhammad Yasin,Bodhisatwa Mazumdar,Ozgur Sinanoglu,Jeyavijayan Rajendran

DOI: https://doi.org/10.1109/aspdac.2017.7858346

2017-01-01

Abstract:Logic encryption protects integrated circuits (ICs) against intellectual property (IP) piracy and overbuilding attacks by encrypting the IC with a key. A Boolean satisfiability (SAT) based attack breaks all existing logic encryption technique within few hours. Recently, a defense mechanism known as Anti-SAT was presented that protects against SAT attack, by rendering the SAT-attack effort exponential in terms of the number of key gates. In this paper, we highlight the vulnerabilities of Anti-SAT and propose signal probability skew (SPS) attack against Anti-SAT block. SPS attack leverages the structural traces in Anti-SAT block to identify and isolate Anti-SAT block. The attack is 100% successful on all variants of Anti-SAT block. SPS attack is scalable to large circuits, as it breaks circuits with up to 22K gates within two minutes.