DS09 - Liberté et sécurité de l’Europe, de ses citoyens et de ses résidents

Audit tools for cryptographic primitives – CryptAudit

Submission summary

Symmetric cryptosystems are widely used because they are the only ones that can achieve some major functionalities such as high-speed or low-cost encryption, fast message authentication, and efficient hashing. But, unlike public-key cryptographic algorithms, secret-key primitives do not have satisfying security proofs. The security of those algorithms is thus empirically established by the non-discovery of attacks or weaknesses by researchers. It is obvious that this security criterion, despite its so far success, is not satisfactory, at least morally. For instance we may estimate that, for a given primitive, no more than a few dozens of researchers are actively working on breaking it. Hence, due to this weak effort, the non-discovery of an attack against a particular primitive does not mean so much. We may hope that a large class of attacks, and in particular the simplest, could be automatically discovered. The statement "we did not find any attacks of this kind" only offering a subjective guarantee could become "the audit tool X did not find any attack" which is a formal statement, giving a quantifiable objective guarantee.

The ANR JCJC CryptAudit project is a proposal to address this concern and we aim to both develop new cryptanalytical techniques and provide a new set of open-source tools dedicated to symmetric primitives audit. More precisely we want
to achieve leading researches on mainly 4 subjects:

- Extended Demirci-Selçuk Attacks on Block Ciphers. The first goal is to extend the Demirci-Selçuk attacks to new security models: the related-keys and related-tweaks settings. This will allow to apply the technique to tweakable block ciphers, compression functions and authenticated encryptions. We also plan to improve this technique against non-SPN (Substitution-Permutation Networks) ciphers as Feistel Networks.

- Cryptanalysis of Stream Ciphers. So far there is no tool dedicated to stream ciphers and security analysis of such primitives is done by hand. Hence, many stream ciphers (e.g. FIDES, SPROUT, FLIP) were broken few time after their specifications were publicly released. For this axis, we will first focus on stream ciphers used in real world such as Snow3G, ZUC, HiTag and Chacha, with the aim of providing a tool looking for various types of attacks for each of these designs. Then we will study in priority stream ciphers used with Fully-Homomorphic Encryption and develop new cryptanalysis techniques.

- Cryptanalysis of SHA-3. SHA-3 looks more complicated than AES since it is composed of more complex operations
in 3-dimensional space with longer axis (5 x 5 x 64). Consequently, it is relatively difficult to find attack by hand. Some tools have been developed by the Keccak team for discovering differential characteristics, that can lead to attack on the hash function. In this direction, our aim is to study the security of the internal permutation, since the whole security of the hash function relies on it. Studying round reduced versions is also of interests since such versions are used for the Ketje and Keyak authenticated encryption schemes.

- Computer-aided Conception of Symmetric Primitives. For this axis we want to use tools from above axis and to develop new ones to design a new lightweight stream ciphers well-adapted to 5G requirements and to lead researches on the design of key schedules.

Project coordination

Patrick Derbez (Institut de recherche en informatique et systèmes aléatoires)

The author of this summary is the project coordinator, who is responsible for the content of this summary. The ANR declines any responsibility as for its contents.

Partner

IRISA Institut de recherche en informatique et systèmes aléatoires

Help of the ANR 222,480 euros
Beginning and duration of the scientific project: - 48 Months

Useful links

Explorez notre base de projets financés

 

 

ANR makes available its datasets on funded projects, click here to find more.

Sign up for the latest news:
Subscribe to our newsletter