Shujun Li,Chengqing Li,Guanrong Chen,Dan Zhang,Nikolaos G. Bourbakis

2004-01-01

Abstract:Secrete permutations are widely used in multimedia encryption algorithms, and many permutation-only ciphers have been proposed in recent years for protection of different types of multimedia data, especially digital images and videos. Based on a normalized encryption/decryption model, this paper analyzes the security of permutation-only image ciphers working in spatial domain from a general perspective, taking a recently- proposed permutation-only image cipher called HCIE (hierar- chical chaotic image encryption) as a typical example. It is pointed out that all permutation-only image ciphers are insecure against known/chosen-plaintext attacks in the sense that only O (logL(MN)) known/chosen plain-images are enough to break the ciphers, where MN is the size of the image and L is the number of different pixel values. Also, it is found that the attack complexity is only O(n · (MN)2), where n is the number of known/chosen plain-images used. Following the results, it is found that hierarchical permutation-only image ciphers such as HCIE are less secure than normal (i.e., non-hierarchical) permutation- only image ciphers. Experiments are shown to verify the feasi- bility of the known/chosen-plaintext attacks. The cryptanalysis result is then generalized to permutation-only image ciphers working in frequency domain and video ciphers. In conclusion, secret permutations have to be combined with other encryption techniques to design highly secure multimedia encryption sys-

Xiao-yu Zhao,Gang Cheng,Dan Zhang,Xiao-hong Wang,Guang-chang Dong

DOI: https://doi.org/10.1631/jzus.2004.0803

2004-01-01

Abstract:Pure position permutation image encryption algorithms, commonly used as image encryption investigated in this work are unfortunately frail under known-text attack. In view of the weakness of pure position permutation algorithm, we put forward an effective decryption algorithm for all pure-position permutation algorithms. First, a summary of the pure position permutation image encryption algorithms is given by introducing the concept of ergodic matrices. Then, by using probability theory and algebraic principles, the decryption probability of pure-position permutation algorithms is verified theoretically; and then, by defining the operation system of fuzzy ergodic matrices, we improve a specific decryption algorithm. Finally, some simulation results are shown.

Dan Li,Jiazhe Chen,An Wang,Xiaoyun Wang

DOI: https://doi.org/10.1155/2018/7206835

IF: 1.968

2018-01-01

Security and Communication Networks

Abstract:Low Entropy Masking Schemes (LEMS) are countermeasure techniques to mitigate the high performance overhead of masked hardware and software implementations of symmetric block ciphers by reducing the entropy of the mask sets. The security of LEMS depends on the choice of the mask sets. Previous research mainly focused on searching balanced mask sets for hardware implementations. In this paper, we find that those balanced mask sets may have vulnerabilities in terms of absolute difference when applied in software implemented LEMS. The experiments verify that such vulnerabilities certainly make the software LEMS implementations insecure. To fix the vulnerabilities, we present a selection criterion to choose the mask sets. When some feasible mask sets are already picked out by certain searching algorithms, our selection criterion could be a reference factor to help decide on a more secure one for software LEMS.

Rong Zhou,Simin Yu

DOI: https://doi.org/10.1016/j.chaos.2024.114623

2024-02-22

Abstract:This paper presents a comprehensive security analysis on an improved chaos-based image encryption algorithm. The initial algorithm, proposed by Li et al., involves permutation related to the sum of plaintext pixel values and diffusion associated with 9 specific pixel values in the permuted image. However, a thorough analysis conducted by Liu et al. reveals two major flaws in it: firstly, the 9 specific pixel values are not involved in the diffusion process; secondly, the permutation method exhibits significant vulnerabilities. In response to these shortcomings, Liu et al. proposed targeted improvements on it, which include incorporating a permutation step for the 9 specific pixels and enhancing the original permutation method. In this study, we analyze the improved algorithm and discover that it still possesses security vulnerabilities, rendering it susceptible to chosen-plaintext attack. By constructing three categories of special plaintexts, one can decipher the equivalent permutation and diffusion. Theoretical analysis and experimental results provide strong evidence for the effectiveness of our analysis in this paper.

mathematics, interdisciplinary applications,physics, mathematical, multidisciplinary

Xiuli Chai,Xiaoyu Zheng,Zhihua Gan,Yiran Chen

DOI: https://doi.org/10.1007/s00521-019-04312-8

2019-01-01

Abstract:Nowadays, many image cryptosystems have been cracked by chosen-plaintext attacks, for they are not highly sensitive to plain image. To solve this problem, we introduce a plaintext-related mechanism for secure color image encryption, and it is established in the generation and selection of chaotic sequences, permutation and diffusion. In the proposed image cryptosystem, the architecture of permutation and diffusion is adopted. Firstly, plaintext-related Latin-square-based block permutation is proposed to randomly shuffle pixels of the color plain image, diffusion method dependent on the plaintext and scrambled image is further given to modify pixels of permutated image, and finally cipher image is gotten. The chaotic sequence for diffusing the current pixel is dynamically generated according to the plain image and scrambled image, and diffusion operations of red, green and blue components of color plain image affect each other. Besides, chaotic sequences used in encryption are produced by new one-dimensional chaotic systems and dynamically selected, and initial values of chaotic systems are computed by plain image and external keys. Experimental results and security analyses demonstrate that our image encryption has large key space and high security level, and it can be applied for the secure communication of image information.

Fan Zhang,Liang Geng,Jizhong Shen,Shivam Bhasin,Xinjie Zhao,Shize Guo

DOI: https://doi.org/10.1109/AsianHOST.2017.8353994

2017-01-01

Abstract:Recent lightweight cryptographic algorithms are vulnerable to side channel attacks (SCA), requiring a careful design of implementations. In this paper, we carefully investigate the "Low-Entropy Masking Scheme" (LEMS) on the block cipher LED in the context of resource-constrained environments. We propose an improved LEMS called "iMLED", so as to satisfy two different yet unified design goals: to maintain the entropy of the masking at one bit, meanwhile, to enhance first-order SCA-resistance against advanced SCAs such as correlation-enhanced collision attack (CCA). The security of the implementation has been evaluated based on the SASEBO-W board, which proves that iM-LED has boosted its mitigation against SCA with limited overheads.

ZHAO Xin-jie,GUO Shi-ze,WANG Tao,ZHANG Fan

DOI: https://doi.org/10.3969/j.issn.1671-1742.2012.06.001

2012-01-01

Abstract:The security of EPCBC,a lightweight block cipher proposed in CANS 2011,against the side-channel cube attack is evaluated by combining cube cryptanalysis with side-channel attack under the 8-bit Hamming weight leakage model.Under the black-box attack scenario,the adversary firstly generates random cube and superpoly.Then the cube is used to generate chosen plaintexts.The adversary deduces one bit of the intermediate state from the side-channel attack for each chosen plaintext and computes the high order differences of these one bit values to verify the relations between the cube and superpoly.Simulation experiments are launched on two variants of EPCBC with different block lengths.The results demonstrate that the unprotected implementation of EPCBC is vulnerable to side-channel cube attacks.If the adversary can accurately deduce the Hamming weight of the intermediate states from the side-channel leakages,many cubes and superpolys can be extracted and used for key recovery.372 chosen plaintexts can recover 48-bit of the master key for EPCBC(48,96) and reduce the key search space to 248.610 chosen plaintexts can recover full 96-bit of the master key for EPCBC(96,96) directly.The techniques of this paper can provide certain references to black-box side-channel cube attacks on other block ciphers.

Lei Xu,Huayi Duan,Anxin Zhou,Xingliang Yuan,Cong Wang

DOI: https://doi.org/10.1109/tifs.2021.3128823

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Searchable symmetric encryption (SSE) enables users to make confidential queries over always encrypted data while confining information disclosure to pre-defined leakage profiles. Despite the well-understood performance and potentially broad applications of SSE, recent leakage-abuse attacks (LAAs) are questioning its real-world security implications. They show that a passive adversary with certain prior information of a database can recover queries by exploiting the legitimately admitted leakage. While several countermeasures have been proposed, they are insufficient for either security, i.e., handling only specific leakage like query volume, or efficiency, i.e., incurring large storage and bandwidth overhead. We aim to fill this gap by advancing the understanding of LAAs from a fundamental algebraic perspective. Our investigation starts by revealing that the index matrices of a plaintext database and its encrypted image can be linked by linear transformation. The invariant characteristics preserved under the transformation encompass and surpass the information exploited by previous LAAs. They allow one to unambiguously link encrypted queries with corresponding keywords, even with only partial knowledge of the database. Accordingly, we devise a new powerful attack and conduct a series of experiments to show its effectiveness. In response, we propose a new security notion to thwart LAAs in general, inspired by the principle of local differential privacy (LDP). Under the notion, we further develop a practical countermeasure with tunable privacy and efficiency guarantee. Experiment results on representative real-world datasets show that our countermeasure can reduce the query recovery rate of LAAs, including our own.

computer science, theory & methods,engineering, electrical & electronic

Chengqing Li,Xianhui Shen,Sheng Liu

DOI: https://doi.org/10.1109/mmul.2024.3356494

IF: 3.4911

2024-01-01

IEEE Multimedia

Abstract:This paper conducts a security analysis of an image encryption algorithm that employs 2D Lag-Complex Logistic Map (LCLM) as a Pseudo-Random Number Generator (PRNG). This algorithm uses the sum of all pixel values in the plainimage as the initial value for the PRNG, thereby influencing the randomization of basic encryption operations. However, it is observed that certain factors lead to the generation of identical pseudo-random sequences for different plain images. Capitalizing on this vulnerability, we propose a chosen-plaintext attack strategy that effectively cracks the six encryption steps through a divide-and-conquer approach. By exploiting weaknesses inherent in the 2D-LCLM, the number of required chosen plain images is significantly reduced to 5 · log2(MN) + 95, where MN represents the total pixel count of the plain image.

computer science, information systems, theory & methods, software engineering, hardware & architecture

Fan Zhang,Zhijie Jerry Shi

DOI: https://doi.org/10.1109/ITNG.2008.183

2008-01-01

Abstract:Elliptic curve cryptography (ECC) has been adopted in many systems because it requires shorter keys than traditional public-key algorithms in primary fields. However, power analysis attacks can exploit the power consumption of ECC devices to retrieve secret keys. In this paper, we propose an efficient window-based countermeasure that is secure against existing power analysis attacks. Compared to previous counter- measures, our method has low memory overhead, requiring only a table of w+1 entries when the window size is w bits. It also has better performance than many algorithms that perform one point addition or subtraction for every bit in the scalar.

Jiangshan Long,Changhai Ou,Zhu Wang,Shihui Zheng,Fei Yan,Fan Zhang,Siew-Kei Lam

2022-01-01

Abstract:The performance of Side-Channel Attacks (SCAs) decays rapidly when considering more sub-keys, making the full-key recovery a very challenging problem. Limited to independent collision information utilization, collision attacks establish the relationship among sub-keys but do not significantly slow down this trend. To solve it, we first exploit the samples from the previously attacked S-boxes to assist attacks on the targeted S-box under an assumption that similar leakage occurs in program loop or code reuse scenarios. The later considered S-boxes are easier to be recovered since more samples participate in this assist attack, which results in the “snowball” effect. We name this scheme as Snowball, which significantly slows down the attenuation rate of attack performance. We further introduce confusion coefficient into the collision attack to construct collision confusion coefficient, and deduce its relationship with correlation coefficient. Based on this relationship, we give two optimizations on our Snowball exploiting the “values” information and “rankings” information of collision correlation coefficients named Least Deviation from Pearson correlation coefficient (PLD) and Least Deviation from confusion coefficient (CLD). Experiments show that the above optimizations significantly improve the performance of our Snowball.

Neri Merhav

2024-05-09

Abstract:We refine and extend Ziv's model and results regarding perfectly secure encryption of individual sequences. According to this model, the encrypter and the legitimate decrypter share in common a secret key, not shared with the unauthorized eavesdropper, who is aware of the encryption scheme and has some prior knowledge concerning the individual plaintext source sequence. This prior knowledge, combined with the cryptogram, is harnessed by eavesdropper which implements a finite-state machine as a mechanism for accepting or rejecting attempted guesses of the source plaintext. The encryption is considered perfectly secure if the cryptogram does not provide any new information to the eavesdropper that may enhance its knowledge concerning the plaintext beyond his prior knowledge. Ziv has shown that the key rate needed for perfect secrecy is essentially lower bounded by the finite-state compressibility of the plaintext sequence, a bound which is clearly asymptotically attained by Lempel-Ziv compression followed by one-time pad encryption. In this work, we consider some more general classes of finite-state eavesdroppers and derive the respective lower bounds on the key rates needed for perfect secrecy. These bounds are tighter and more refined than Ziv's bound and they are attained by encryption schemes that are based on different universal lossless compression schemes. We also extend our findings to the case where side information is available to the eavesdropper and the legitimate decrypter, but may or may not be available to the encrypter as well.

Information Theory

Gorjan Alagic,Stacey Jeffery,Maris Ozols,Alexander Poremba

DOI: https://doi.org/10.3390/cryptography4010010

2019-06-24

Abstract:Large-scale quantum computing is a significant threat to classical public-key cryptography. In strong "quantum access" security models, numerous symmetric-key cryptosystems are also vulnerable. We consider classical encryption in a model which grants the adversary quantum oracle access to encryption and decryption, but where the latter is restricted to non-adaptive (i.e., pre-challenge) queries only. We define this model formally using appropriate notions of ciphertext indistinguishability and semantic security (which are equivalent by standard arguments) and call it QCCA1 in analogy to the classical CCA1 security model. Using a bound on quantum random-access codes, we show that the standard PRF- and PRP-based encryption schemes are QCCA1-secure when instantiated with quantum-secure primitives. We then revisit standard IND-CPA-secure Learning with Errors (LWE) encryption and show that leaking just one quantum decryption query (and no other queries or leakage of any kind) allows the adversary to recover the full secret key with constant success probability. In the classical setting, by contrast, recovering the key uses a linear number of decryption queries, and this is optimal. The algorithm at the core of our attack is a (large-modulus version of) the well-known Bernstein-Vazirani algorithm. We emphasize that our results should *not* be interpreted as a weakness of these cryptosystems in their stated security setting (i.e., post-quantum chosen-plaintext secrecy). Rather, our results mean that, if these cryptosystems are exposed to chosen-ciphertext attacks (e.g., as a result of deployment in an inappropriate real-world setting) then quantum attacks are even more devastating than classical ones.

Quantum Physics,Cryptography and Security

Subrata Nandi,Srinivasan Krishnaswamy,Pinaki Mitra

2023-07-05

Abstract:In LFSR-based stream ciphers, the knowledge of the feedback equation of the LFSR plays a critical role in most attacks. In word-based stream ciphers such as those in the SNOW series, even if the feedback configuration is hidden, knowing the characteristic polynomial of the state transition matrix of the LFSR enables the attacker to create a feedback equation over $GF(2)$. This, in turn, can be used to launch fast correlation attacks. In this work, we propose a method for hiding both the feedback equation of a word-based LFSR and the characteristic polynomial of the state transition matrix. Here, we employ a $z$-primitive $\sigma$-LFSR whose characteristic polynomial is randomly sampled from the distribution of primitive polynomials over $GF(2)$ of the appropriate degree. We propose an algorithm for locating $z$-primitive $\sigma$-LFSR configurations of a given degree. Further, an invertible matrix is generated from the key. This is then employed to generate a public parameter which is used to retrieve the feedback configuration using the key. If the key size is $n$- bits, the process of retrieving the feedback equation from the public parameter has a average time complexity $\mathbb{O}(2^{n-1})$. The proposed method has been tested on SNOW 2.0 and SNOW 3G for resistance to fast correlation attacks. We have demonstrated that the security of SNOW 2.0 and SNOW 3G increases from 128 bits to 256 bits.

Cryptography and Security

Terry Shue Chien Lau,Chik How Tan

DOI: https://doi.org/10.1007/s10623-021-01002-2

2022-01-18

Abstract:Recently, Horlemann-Trautmann and Weger (Adv Math Commun, https://doi.org/10.3934/amc.2020089, 2020) proposed a general framework for a Quaternary McEliece cryptosystem over the ring Z4$${\mathbb {Z}}_4$$, and generalized the construction over the ring Zpm$${\mathbb {Z}}_{p^m}$$ where p is a prime integer. By considering the Lee metric, the public key size for the McEliece cryptosystems can be substantially smaller than their counterparts in the Hamming metric. Furthermore, the hardness of the McEliece cryptosystems over Zpm$${\mathbb {Z}}_{p^m}$$ is based on the Lee Syndrome Decoding problem, which was shown to be NP-complete. This paper aims to analyze the design and security of the Lee metric McEliece cryptosystem over Zpm$${\mathbb {Z}}_{p^m}$$ in the Lee metric. We derive some necessary conditions for the quaternary codes used in the Lee metric McEliece cryptosystem, and show that the theoretical quaternary codes proposed in (Adv Math Commun, https://doi.org/10.3934/amc.2020089, 2020) do not exist. Furthermore, we propose a plaintext recovery attack on the Lee metric McEliece cryptosystem over Zpm$${\mathbb {Z}}_{p^m}$$, when the minimum Lee distance of the underlying codes with certain structures is greater than twice the Lee weight of the error. Our plaintext recovery attack is applicable to the cryptosystems over Zpm$${\mathbb {Z}}_{p^m}$$ when m>1$$m>1$$. We apply our plaintext recovery attack on the Quaternary McEliece cryptosystem, and manage to recover partial plaintext of length k1$$k_1$$ within O2min{k1,0.0473n}$$O \left( 2^{\min \{ k_1, 0.0473 n\}} \right) $$ operations, where n is the length of ciphertext. Hence, the proposed theoretical parameters for the Quaternary McEliece over Z4$${\mathbb {Z}}_4$$ in (Adv Math Commun, https://doi.org/10.3934/amc.2020089, 2020) do not achieve 128-bit security, as we can recover the partial plaintext within 0.591 s. This also implies that the use of quaternary codes in the McEliece cryptosystem may not reduce the public key size significantly. Furthermore, for some parameters of the Lee metric McEliece cryptosystems over Z4$${\mathbb {Z}}_4$$, our plaintext recovery attack can be more efficient than the Lee-Brickell’s and Stern’s Information Set Decoding Algorithm over Z4$${\mathbb {Z}}_4$$.

Cathy Li,Jana Sotáková,Emily Wenger,Mohamed Malhou,Evrard Garcelon,Francois Charton,Kristin Lauter

2023-11-01

Abstract:Learning with Errors (LWE) is a hard math problem underpinning many proposed post-quantum cryptographic (PQC) systems. The only PQC Key Exchange Mechanism (KEM) standardized by NIST is based on module~LWE, and current publicly available PQ Homomorphic Encryption (HE) libraries are based on ring LWE. The security of LWE-based PQ cryptosystems is critical, but certain implementation choices could weaken them. One such choice is sparse binary secrets, desirable for PQ HE schemes for efficiency reasons. Prior work, SALSA, demonstrated a machine learning-based attack on LWE with sparse binary secrets in small dimensions ($n \le 128$) and low Hamming weights ($h \le 4$). However, this attack assumes access to millions of eavesdropped LWE samples and fails at higher Hamming weights or dimensions. We present PICANTE, an enhanced machine learning attack on LWE with sparse binary secrets, which recovers secrets in much larger dimensions (up to $n=350$) and with larger Hamming weights (roughly $n/10$, and up to $h=60$ for $n=350$). We achieve this dramatic improvement via a novel preprocessing step, which allows us to generate training data from a linear number of eavesdropped LWE samples ($4n$) and changes the distribution of the data to improve transformer training. We also improve the secret recovery methods of SALSA and introduce a novel cross-attention recovery mechanism allowing us to read off the secret directly from the trained models. While PICANTE does not threaten NIST's proposed LWE standards, it demonstrates significant improvement over SALSA and could scale further, highlighting the need for future investigation into machine learning attacks on LWE with sparse binary secrets.

Cryptography and Security,Machine Learning

Niklas Nolte,Mohamed Malhou,Emily Wenger,Samuel Stevens,Cathy Li,François Charton,Kristin Lauter

2024-10-10

Abstract:Sparse binary LWE secrets are under consideration for standardization for Homomorphic Encryption and its applications to private computation. Known attacks on sparse binary LWE secrets include the sparse dual attack and the hybrid sparse dual-meet in the middle attack which requires significant memory. In this paper, we provide a new statistical attack with low memory requirement. The attack relies on some initial lattice reduction. The key observation is that, after lattice reduction is applied to the rows of a q-ary-like embedded random matrix $\mathbf A$, the entries with high variance are concentrated in the early columns of the extracted matrix. This allows us to separate out the "hard part" of the LWE secret. We can first solve the sub-problem of finding the "cruel" bits of the secret in the early columns, and then find the remaining "cool" bits in linear time. We use statistical techniques to distinguish distributions to identify both the cruel and the cool bits of the secret. We provide concrete attack timings for recovering secrets in dimensions $n=256$, $512$, and $768$. For the lattice reduction stage, we leverage recent improvements in lattice reduction (e.g. flatter) applied in parallel. We also apply our new attack in the RLWE setting for $2$-power cyclotomic rings, showing that these RLWE instances are much more vulnerable to this attack than LWE.

Cryptography and Security

Abdullah Alaklabi,Arslan Munir,Muhammad Asfand Hafeez,Muazzam A. Khan Khattak

DOI: https://doi.org/10.1109/access.2024.3453171

IF: 3.9

2024-09-10

IEEE Access

Abstract:In the current era of digital communication, image security is a top priority as sending images, which often contain personal or confidential information, over the Internet poses security risks. Many encryption algorithms have been proposed in the literature to address this issue. However, these algorithms have limitations, such as low-key space, high computational overhead, and susceptibility to differential attacks. To address these limitations, this paper proposes Z-Crypt, a novel image encryption approach that combines a substitution-permutation network (SPN) and a chaotic logistic map (CLM) with the Chirp Z-Transform (CZT) to enhance security and resist attacks. The CLM-generated matrices introduce confusion and diffusion, while SPN creates a dissociation of the cipher from the plaintext. Finally, the CZT strengthens the encryption by transforming the image into the frequency domain, creating multiple layers of confusion and diffusion to produce a robust encryption algorithm. We have evaluated the proposed Z-Crypt's security using various metrics, including correlation coefficient, entropy, peak signal-to-noise ratio (PSNR), and key sensitivity analysis. Experimental results verify that the proposed algorithm outperforms existing methods, achieving high security while maintaining computational efficiency.

computer science, information systems,telecommunications,engineering, electrical & electronic

Frederic Dambreville

DOI: https://doi.org/10.48550/arXiv.math/0608119

2006-08-04

Abstract:When implementing the DSmT, a difficulty may arise from the possible huge dimension of hyperpower sets, which are indeed free structures. However, it is possible to reduce the dimension of these structures by involving logical constraints. In this chapter, the logical constraints will be related to a predefined order over the logical propositions. The use of such orders and their resulting logical constraints will ensure a great reduction of the model complexity. Such results will be applied to the definition of continuous DSm models. In particular, a simplified description of the continuous impreciseness is considered, based on impreciseness intervals of the sensors. From this viewpoint, it is possible to manage the contradictions between continuous sensors in a DSmT manner, while the complexity of the model stays handlable.

General Mathematics