Key lengths revisited: GPU-based brute force cryptanalysis of DES, 3DES, and PRESENT

2022-03-01
Lightweight cryptographic algorithms that are tailored for resource-constrained devices sometimes use short keys which might be susceptible to brute force attacks. Such attacks using CPU or GPU might be costly because some lightweight algorithms are hardware-oriented and use bit-level operations. In this work we provide table based CUDA optimizations for bit-oriented block ciphers DES/3DES and ISO/IEC standard PRESENT to provide software implementations without bit operations and show that cryptographic algorithms with short keys are susceptible to exhaustive search attacks on distributed multiple GPU settings. Our best optimizations provide 3.87 and 1.89 billion key searches per second for DES/3DES and PRESENT on an RTX 3070, respectively. These results outperform FPGA clusters like COPACOBANA in terms of price-performance ratio showing that exhaustive search on short keys might be practical without special devices. Therefore, an RTX 3070 can capture a DES key in 215 days and 20 million RTX 3070 GPUs can capture an 80-bit PRESENT key in a year. Thus, we recommend the removal of algorithms with 80-bit or shorter keys from the standards. Moreover, our optimizations provide 278.32 Gbps DES, 92.77 Gbps 3DES, and 115.73 Gbps PRESENT encryption throughput on an RTX 3070 when the ciphers are used in counter mode.
JOURNAL OF SYSTEMS ARCHITECTURE

Suggestions

Secure password generation through statistical randomness tests
Uslu, Aycan; Doğanaksoy, Ali; Department of Cryptography (2017)
Both symmetric and asymmetric cryptographic algorithms must firstly be robust against brute force. The key needs to be choosen uniformly and randomly from the key space. It is possible to assure randomness by using statistical randomness tests which are also critical for other cryptographic issues as well. There is still an issue to be elaborated: the most well-known tool for attacking againts passwords namely dictionary attacks. These attacks are based on trying all keys from a particular subspace of the k...
Performance analysis of elliptic curve multiplication algorithms for elliptic curve cryptography
Özcan, Ayça Bahar; Yücel, Melek D; Department of Electrical and Electronics Engineering (2006)
Elliptic curve cryptography (ECC) has been introduced as a public-key cryptosystem, which offers smaller key sizes than the other known public-key systems at equivalent security level. The key size advantage of ECC provides faster computations, less memory consumption, less processing power and efficient bandwidth usage. These properties make ECC attractive especially for the next generation public-key cryptosystems. The implementation of ECC involves so many arithmetic operations; one of them is the ellipt...
On Measuring Security Bounds of Some Ciphers Using Mixed Integer Linear Programming (MILP) Approach
Türesin, Can; Doğanaksoy, Ali; Koçak, Onur; Department of Cryptography (2021-9-6)
Block ciphers are one of the symmetric key encryption algorithms that are used in many devices. Its increasing popularity has led to the emergence of new cryptanalysis methods. Therefore, measuring block cipher's security bounds is one main indispensable need for its designers. Two of the most effective attacks on block ciphers are differential and linear cryptanalysis and these attacks' efficiencies are bonded with a number of active S-boxes of the cipher after a certain number of rounds. Consequently, mea...
Truncated Impossible and Improbable Differential Analysis of ASCON
Tezcan, Cihangir (2016-02-01)
Ascon is an authenticated encryption algorithm which is recently qualified for the second-round of the Competition for Authenticated Encryption: Security, Applicability, and Robustness. So far, successful differential, differential-linear, and cube-like attacks on the reduced-round Ascon are provided. In this work, we provide the inverse of Ascon's linear layer in terms of rotations which can be used for constructing impossible differentials. We show that Ascon's S-box contains 35 undisturbed bits and we us...
Statistical iid tests of integer sequences
Yılmaz, Sena; Doğanaksoy, Ali; Department of Mathematics (2019)
In order that an algorithm is cryptographically secure, the encryption keys must be random. To achieve this randomness, a number of random number generators are used. Since pseudo-random number generators can never provide true randomness, there is a need to measure the obtained pseudo-randomness. To obtain information about randomness, the entropy value of the output can be calculated. In order to measure the entropy of a sequence, it can be examined whether it is an IID (independent and identical distribu...
Citation Formats
C. Tezcan, “Key lengths revisited: GPU-based brute force cryptanalysis of DES, 3DES, and PRESENT,” JOURNAL OF SYSTEMS ARCHITECTURE, vol. 124, pp. 0–0, 2022, Accessed: 00, 2022. [Online]. Available: https://hdl.handle.net/11511/97162.