a new version of grain 128 with authentication
play

A New Version of Grain-128 with Authentication Martin Agren 1 - PowerPoint PPT Presentation

Nov 25, 2022 •193 likes •443 views

A New Version of Grain-128 with Authentication Martin Agren 1 Martin Hell 1 Thomas Johansson 1 Willi Meier 2 1 Lund University, Sweden 2 FHNW, Switzerland 110216 / Lyngby Outline 1 Introduction Motivation and Goals 2 The Old Grain-128 The

  1. A New Version of Grain-128 with Authentication Martin ˚ Agren 1 Martin Hell 1 Thomas Johansson 1 Willi Meier 2 1 Lund University, Sweden 2 FHNW, Switzerland 110216 / Lyngby

  2. Outline 1 Introduction Motivation and Goals 2 The Old Grain-128 The Algorithm Attacks and Observations 3 The New Grain-128a The New Grain-128a Authentication 4 Conclusion M. ˚ Agren, M. Hell, T. Johansson, W. Meier, Lund University and FHNW 2 / 16

  3. Outline 1 Introduction Motivation and Goals 2 The Old Grain-128 The Algorithm Attacks and Observations 3 The New Grain-128a The New Grain-128a Authentication 4 Conclusion M. ˚ Agren, M. Hell, T. Johansson, W. Meier, Lund University and FHNW 3 / 16

  4. Motivation and Goals ◮ Grain-128 is lightweight but some nonlinearities are too lightweight. ◮ Some applications need built-in authentication ◮ . . . but leaving it out should be possible. ◮ Allow for easy updating of existing implementations. ◮ . . . and trust! M. ˚ Agren, M. Hell, T. Johansson, W. Meier, Lund University and FHNW 4 / 16

  5. Outline 1 Introduction Motivation and Goals 2 The Old Grain-128 The Algorithm Attacks and Observations 3 The New Grain-128a The New Grain-128a Authentication 4 Conclusion M. ˚ Agren, M. Hell, T. Johansson, W. Meier, Lund University and FHNW 5 / 16

  6. The Old Grain-128 g f NFSR LFSR h ◮ 128-bit key, 96-bit IV. ◮ An LFSR provides a large period. ◮ An NFSR with degree two updates the state nonlinearly. ◮ An output function of degree three produces nonlinear output. ◮ State bits are added linearly to ensure resiliency. ◮ Initialize in 256 rounds: feed output into the registers. ◮ Make faster by duplicating Boolean functions. M. ˚ Agren, M. Hell, T. Johansson, W. Meier, Lund University and FHNW 6 / 16

  7. IV Padding Sliding Property g f NFSR LFSR h ◮ The 96-bit IV goes into a 128-bit register and is padded with 111. . . 111. With high probability, a shifted key and a shifted IV will produce the exact same keystream, only with a shift. [K¨ u¸ c¨ uk06], [DeCaK¨ uPre08] ◮ Related-key Chosen-IV. [LeeJeongSungHong08] M. ˚ Agren, M. Hell, T. Johansson, W. Meier, Lund University and FHNW 7 / 16

  8. Too Little Nonlinearity or Initialization ◮ Cube, 237/256 [AumDinHenMeiSha09] ◮ Maxterm, 256/256 [Stankovski10] Looking at the first keystream bits, the equations, in unknown key bits, are not complicated enough. M. ˚ Agren, M. Hell, T. Johansson, W. Meier, Lund University and FHNW 8 / 16

  9. Too Little Nonlinearity and Similar Bits ◮ Chosen-IV (cube): Assuming ten specific key bits to be zero, the equations simplify “enough”. [DinSha11] M. ˚ Agren, M. Hell, T. Johansson, W. Meier, Lund University and FHNW 9 / 16

  10. Too Little Nonlinearity and Similar Bits ◮ Chosen-IV (cube): Assuming ten specific key bits to be zero, the equations simplify “enough”. [DinSha11] g f NFSR LFSR h ◮ Also, b i +95 and s i +95 are multiplied together. During initialization, they are too similar, meaning the complexity doesn’t grow as much as wanted. M. ˚ Agren, M. Hell, T. Johansson, W. Meier, Lund University and FHNW 9 / 16

  11. Outline 1 Introduction Motivation and Goals 2 The Old Grain-128 The Algorithm Attacks and Observations 3 The New Grain-128a The New Grain-128a Authentication 4 Conclusion M. ˚ Agren, M. Hell, T. Johansson, W. Meier, Lund University and FHNW 10 / 16

  12. Changes from Grain-128 g f NFSR LFSR h Grain-128 with changes: ◮ Pad the IV with 111. . . 11 0 . ◮ NFSR has nonlinearity four . ◮ Change a tap into the output function: b i +95 , s i + 94 , so that we don’t multiply bits that are “similar”. M. ˚ Agren, M. Hell, T. Johansson, W. Meier, Lund University and FHNW 11 / 16

  13. Authentication The above algorithm is used to produce pre-output stream . Use different parts of it for different things: ◮ Encryption ◮ Authentication M. ˚ Agren, M. Hell, T. Johansson, W. Meier, Lund University and FHNW 12 / 16

  14. Authentication The above algorithm is used to produce pre-output stream . Use different parts of it for different things: ◮ Encryption ◮ Authentication m i c i Message Ciphertext Key Pre-output t Tag MAC generator IV z 0 z 1 . . . z 63 . . . . . . z 64+2 i z 65+2 i . . . M. ˚ Agren, M. Hell, T. Johansson, W. Meier, Lund University and FHNW 12 / 16

  15. Authentication Accumulator m i . . . bits from pre-output Shift register ◮ A Wegman-Carter approach. ◮ Initialize both registers with pre-output bits. ◮ We multiply the message bit vector by a Toeplitz matrix. M. ˚ Agren, M. Hell, T. Johansson, W. Meier, Lund University and FHNW 13 / 16

  16. Authentication Accumulator m i . . . bits from pre-output Shift register ◮ A Wegman-Carter approach. ◮ Initialize both registers with pre-output bits. ◮ We multiply the message bit vector by a Toeplitz matrix. ◮ P S is the prob. that an attack succeeds. ◮ With perfectly random input to the shift register, P S = 2 − 32 . ◮ We have P S < 2 − 32 + 2 ǫ . [Krawczyk95], [˚ AHJ11], [Maximov06] M. ˚ Agren, M. Hell, T. Johansson, W. Meier, Lund University and FHNW 13 / 16

  17. Hardware Characteristics Several nice aspects: ◮ We can still increase the speed up to 32x. ◮ We can leave out the authentication. ◮ . . . or part of it. w -bit tags for 2 − w . M. ˚ Agren, M. Hell, T. Johansson, W. Meier, Lund University and FHNW 14 / 16

  18. Hardware Characteristics Several nice aspects: ◮ We can still increase the speed up to 32x. ◮ We can leave out the authentication. ◮ . . . or part of it. w -bit tags for 2 − w . The cheapest one — a version that produces one bit per clock: ◮ Grain-128: 2133 gate equivalents ◮ Grain-128a: 2243 gate equivalents; a five per cent increase (as a bonus, we initialize faster.) Adding authentication, we’d get a total of 2867 gate equivalents. M. ˚ Agren, M. Hell, T. Johansson, W. Meier, Lund University and FHNW 14 / 16

  19. Outline 1 Introduction Motivation and Goals 2 The Old Grain-128 The Algorithm Attacks and Observations 3 The New Grain-128a The New Grain-128a Authentication 4 Conclusion M. ˚ Agren, M. Hell, T. Johansson, W. Meier, Lund University and FHNW 15 / 16

  20. Conclusion Grain-128a ◮ is at least as secure than Grain-128, ◮ resists all current cryptanalysis on Grain-128, ◮ has optional authentication, ◮ is still hardware-efficient. M. ˚ Agren, M. Hell, T. Johansson, W. Meier, Lund University and FHNW 16 / 16

  21. Conclusion Thank you! M. ˚ Agren, M. Hell, T. Johansson, W. Meier, Lund University and FHNW 16 / 16

  22. M. ˚ Agren, M. Hell, T. Johansson, W. Meier, Lund University and FHNW 16 / 16

  23. On Cube/Maxterm/AIDA/... number of rounds 256 200 150 100 50 bitset size 5 10 15 20 25 30 35 40 How does a greedy strategy aid in finding good bitsets? Upper curve: Stankovski’s on Grain-128. Lower curve: Ours on the pre-output of Grain-128a. M. ˚ Agren, M. Hell, T. Johansson, W. Meier, Lund University and FHNW 16 / 16

Recommend

Two factor authentication Open, trustworthy and enterprise ready Two factor authentication

Two factor authentication Open, trustworthy and enterprise ready Two factor authentication

Version 1.0 Cornelius Klbel (corny@cornelinux.de) May 2014 (CC BY-NC-SA 4.0) Everybody knows that a password - be it simple or even complex - is a potential vulnerability. Two factor authentication is the way to authenticate a user not only

400 views • 5 slides
WHAT IS THE GRAIN INNOVATION HUB? GRAIN = WHAT IS THE GRAIN INNOVATION HUB? OUTCOME Manitoba as

WHAT IS THE GRAIN INNOVATION HUB? GRAIN = WHAT IS THE GRAIN INNOVATION HUB? OUTCOME Manitoba as

WHAT IS THE GRAIN INNOVATION HUB? GRAIN = WHAT IS THE GRAIN INNOVATION HUB? OUTCOME Manitoba as an exceptional environment for collaborative innovation. Manitoba in an advanced state of business activity driven by innovation. Governments

738 views • 34 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

288 views • 10 slides
Transitioning from refined grain to wholegrain as part of a sustainable diet Dr. J. de Vries

Transitioning from refined grain to wholegrain as part of a sustainable diet Dr. J. de Vries

Transitioning from refined grain to wholegrain as part of a sustainable diet Dr. J. de Vries Healthgrain Forum Network of universities, institutes and industries interested in grain and grain-based products. Vision: Whole grain and high

351 views • 17 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
Security Evaluation on Amazon Web Services REST API Authentication Protocol Signature Version

Security Evaluation on Amazon Web Services REST API Authentication Protocol Signature Version

Security Evaluation on Amazon Web Services REST API Authentication Protocol Signature Version 4 Khanh Hoang Huynh Jason Kerssens Supervisors: Alex Stavroulakis (KPMG) Aristide Bouix (KPMG) Introduction AWS As of 2018, AWS has a

636 views • 26 slides
ICT International Grain Farm Installation Transmission Distances 2200 Ha Grain Farm The

ICT International Grain Farm Installation Transmission Distances 2200 Ha Grain Farm The

Enabling better global research outcomes in soil, plant &amp; environmental monitoring. ICT International Grain Farm Installation Transmission Distances 2200 Ha Grain Farm The satellite image depicts the Grain Farm. Red markers 1

468 views • 14 slides
Potential of Flavocide TM as a new grain protectant to manage major resistant stored grain pests:

Potential of Flavocide TM as a new grain protectant to manage major resistant stored grain pests:

Potential of Flavocide TM as a new grain protectant to manage major resistant stored grain pests: an Australian case study Dr Manoj Nayak Leader, Postharvest Grain Protection Team Department of Agriculture and Fisheries, Queensland, Australia

383 views • 27 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

1.66k views • 27 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

613 views • 27 slides
Covered Commodities Wheat, Oats, Barley, Corn, Grain Sorghum, Long Grain Rice, Medium Grain

Covered Commodities Wheat, Oats, Barley, Corn, Grain Sorghum, Long Grain Rice, Medium Grain

Covered Commodities Wheat, Oats, Barley, Corn, Grain Sorghum, Long Grain Rice, Medium Grain Rice, Pulse Crops, Soybeans, Other Oilseeds and Peanuts Other Oilseeds Sunflower seed, Rapeseed, Canola, Safflower, Flaxseed, Mustard Seed,

637 views • 37 slides
A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization, Sessions Authentication Determining user identity Multiple ways What you know (password) What you have (phone, RSA SecureID, Yubikey)

1.57k views • 28 slides
Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password Token-based authentication Third party authentication Local Authentication How to store and verify password? Clear Data can be hacked

615 views • 14 slides
Iowa Grain Warehouse Best Management Practices Related to Grain Receiving and Fee Collection

Iowa Grain Warehouse Best Management Practices Related to Grain Receiving and Fee Collection

Iowa Grain Warehouse Best Management Practices Related to Grain Receiving and Fee Collection June 2, 2020 DISCLAIMER The information presented in this presentation is for general guidance only. It is essential to consult with your legal

559 views • 17 slides
The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch Security Engineer kbabioch@suse.de New authentication standards ... 2 Some authentication technologies ... 3 - Authentication theory -

1.28k views • 88 slides
Grain Saf Grain Safety ty Presentation Tips and Tip Sheets Presentation Tips and Tip Sheets

Grain Saf Grain Safety ty Presentation Tips and Tip Sheets Presentation Tips and Tip Sheets

Grain Saf Grain Safety ty Presentation Tips and Tip Sheets Presentation Tips and Tip Sheets Safety First! Saf ty First! Do not use any chemically treated grain in your display/demonstrations. Ensure interactive activities are

461 views • 4 slides
Outline Introduction Authentication Basic authentication mechanisms CS 239

Outline Introduction Authentication Basic authentication mechanisms CS 239

Outline Introduction Authentication Basic authentication mechanisms CS 239 Authentication on a single machine Computer Security Authentication across a network February 21, 2007 Lecture 9 Lecture 9 Page 1 Page 2 CS 236,

302 views • 8 slides
Teff The ancient grain Teff Teff Teff highlights Teff compared to whole wheat Tasty grain

Teff The ancient grain Teff Teff Teff highlights Teff compared to whole wheat Tasty grain

Teff The ancient grain Teff Teff Teff highlights Teff compared to whole wheat Tasty grain with nutty flavor Application Most nutritious cereal in the world Production areas Staple food for 80 million people Quality control Annual

565 views • 8 slides
I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform Agenda Authentication Inbound authentication Outbound authentication Single Sign-on Definitions Stage Process Method Physical

781 views • 48 slides
Grain Crops Institute Mr. W Snijman Mr. P du Toit / Me A de Beer snijmanw@arc.agric.za ARC

Grain Crops Institute Mr. W Snijman Mr. P du Toit / Me A de Beer snijmanw@arc.agric.za ARC

AGRICULTURAL RESEARCH COUNCIL Grain Crops Institute Mr. W Snijman Mr. P du Toit / Me A de Beer snijmanw@arc.agric.za ARC Grain Crops Institute Mandated to serve the entire summer grain and oil- and protein seed crop sectors

736 views • 26 slides
HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been proposed for applications including: Encryption and authentication For detecting malicious alterations of design components For

645 views • 15 slides
Prepping for the Prepping for the 2019 Grain Markets 2019 Grain Markets Nebraska Women in

Prepping for the Prepping for the 2019 Grain Markets 2019 Grain Markets Nebraska Women in

Elaine Kub 605.644.6KUB elaine@masteringthegrainmarkets.com @elainekub Prepping for the Prepping for the 2019 Grain Markets 2019 Grain Markets Nebraska Women in Agriculture Kearney, NE February 22, 2019 Will the grain exist Should you

134 views • 11 slides
1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern University noubir@ccs.neu.edu Outline Overview of Authentication Systems [Chapter 9] Authentication of People [Chapter 10]

396 views • 17 slides

More recommend