Impossible and improbable differential cryptanalysis of Spook algorithm

2021-6-14
Bolel, Onur
In recent years, the number of IoT devices increased considerably and the security of IoT devices became an important issue. Furthermore, most IoT devices have constrained resources in terms of memory, area and power. Therefore, cryptographic algorithms that provide their security should be suitable for the implementation on the constrained devices. In 2013, NIST initiated a lightweight cryptography project to define the standards of lightweight cryptography. In 2018, the lightweight cryptography project turned into a competition-like process to choose the most convenient algorithms for constrained devices as a NIST standard. 57 algorithms were applied to the project. NIST published all algorithms for public evaluation and encouraged third-party analyses to reveal the weaknesses of algorithms. 32 algorithms were chosen as round 2 candidates. In this thesis, we have investigated the Spook algorithm, which is one of the round 2 candidates of the NIST’s lightweight cryptography competition. Spook is an AEAD algorithm that uses duplex sponge construction and tweakable block cipher. Besides, Spook has an internal permutation which is Shadow-512. We have worked on Shadow-512 permutation to find a distinguisher. Shadow-512 permutation was designed as 6-Step. The outputs of Shadow-512 permutation should seem random after the 6-Step operation. However, we have found two different 6-Step impossible differential distinguishers that cover full Shadow-512. Besides, we have found 7-Step impossible distinguisher and 8-Step improbable distinguisher by adding one or more additional steps to Shadow-512. The 8-Step improbable differential covers the largest number of steps of Shadow-512 compared to previously found distinguishers in other published papers. To conclude, we can distinguish 6-, 7-, 8-Step of Shadow-512 from a random permutation by using our distinguishers.

Suggestions

Differential-linear cryptanalysis of ascon and drygascon
Civek, Aslı Başak; Tezcan, Cihangir; Department of Cybersecurity (2021-6)
Due to rapidly developing technology, devices have become smaller along with their performance capacity and memory. If possible, existing NIST-approved encryption standards should be used on these resource-constrained devices. When an acceptable performance cannot be achieved in this way, there is a need for more lightweight algorithms. Since taking individual measures leads to simplistic designs when designing lightweight algorithms, ciphers can become more vulnerable to cryptographic attacks. Hence some r...
Explainable Security in SDN-Based IoT Networks
Sarica, Alper Kaan; Angın, Pelin (2020-12-01)
The significant advances in wireless networks in the past decade have made a variety of Internet of Things (IoT) use cases possible, greatly facilitating many operations in our daily lives. IoT is only expected to grow with 5G and beyond networks, which will primarily rely on software-defined networking (SDN) and network functions virtualization for achieving the promised quality of service. The prevalence of IoT and the large attack surface that it has created calls for SDN-based intelligent security solut...
Truncated Impossible and Improbable Differential Analysis of ASCON
Tezcan, Cihangir (2016-02-01)
Ascon is an authenticated encryption algorithm which is recently qualified for the second-round of the Competition for Authenticated Encryption: Security, Applicability, and Robustness. So far, successful differential, differential-linear, and cube-like attacks on the reduced-round Ascon are provided. In this work, we provide the inverse of Ascon's linear layer in terms of rotations which can be used for constructing impossible differentials. We show that Ascon's S-box contains 35 undisturbed bits and we us...
Performance evaluation of lightweight cryptographic algorithms for internet of things security
Polat, Selahattin; Baykal, Nazife; Department of Cyber Security (2019)
Widespread deployment of mobile and embedded devices in everyday use has brought up not only new concepts and application areas such as Internet-of-Things (IoT) but also several security and privacy problems. In theory, it is possible to mitigate most of these problems by implementing well-known and standardized security algorithms and techniques on IoT devices. However, in practice, it is rather difficult, if not impossible, to implement standard security algorithms on these devices due to their limited re...
A SYSTEMATIC REVIEW ON SMART CITY SERVICES AND IOT-BASED TECHNOLOGIES
Özkan Yıldırım, Sevgi (2019-03-21)
Due to the technological developments, Internet of things (IoT) has become a real phenomenon. Accordingly, many IoT-based smart concepts appeared in our daily lives such as smart home, smart healthcare and smart city. There are several factors accelerating or hindering the adoption of such new services and concepts. So, the acceptance of IoT-based smart services is critical and should be analyzed carefully. In this study, we aimed to prepare a proper starting point for future studies on end user acceptance ...
Citation Formats
O. Bolel, “Impossible and improbable differential cryptanalysis of Spook algorithm,” M.S. - Master of Science, Middle East Technical University, 2021.