The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
A criptografia autenticada com dados associados (AEAD) desempenha um papel importante na garantia de confidencialidade, integridade e autenticidade nas comunicações de rede. Para atender aos requisitos de aplicações de alto desempenho, vários AEADs fazem uso de Novas Instruções AES (AES-NI), que podem conduzir operações de criptografia e descriptografia AES dramaticamente rápidas por acelerações de hardware. No SAC 2013, Wu e Preneel propuseram um esquema AEAD baseado em AES chamado AEGIS-128/128L/256, para alcançar implementação de software de alta velocidade. Na FSE 2016, Jean e Nikolić generalizaram a construção do AEGIS e propuseram funções redondas mais eficientes. No ToSC 2021, Sakamoto et al. melhorou ainda mais as construções de Jean e Nikolić e propôs um esquema AEAD chamado Rocca para além do 5G. Neste estudo, primeiro avaliamos a segurança das fases de inicialização da família Rocca e AEGIS contra ataques diferenciais e integrais usando ferramentas MILP (Mixed Integer Linear Programming). Especificamente, de acordo com a avaliação baseada nos limites inferiores para o número de S-boxes ativas, as fases de inicialização do AEGIS-128/128L/256 são seguras contra ataques diferenciais após 4/3/6 rodadas, respectivamente. Em relação aos ataques integrais, apresentamos o diferenciador integral em 6 rodadas e 6/5/7 rodadas nas fases de inicialização do Rocca e AEGIS-128/128L/256, respectivamente. Além disso, avaliamos a função redonda de Rocca e as de Jean e Nikolić como permutações criptográficas contra ataques diferenciais, diferenciais impossíveis e integrais. Nossos resultados indicam que, para ataques diferenciais, a taxa de crescimento do aumento do número de S-boxes ativas em Rocca é mais rápida do que as de Jean e Nikolić. Para ataques diferenciais e integrais impossíveis, mostramos que a função redonda de Rocca atinge o nível suficiente de segurança contra estes ataques em um número menor de rodadas do que as de Jean e Nikolić.
Nobuyuki TAKEUCHI
University of Hyogo
Kosei SAKAMOTO
University of Hyogo
Takanori ISOBE
University of Hyogo,National Institute of Information and Communications Technology,Japan Science and Technology Agency
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Nobuyuki TAKEUCHI, Kosei SAKAMOTO, Takanori ISOBE, "Security Evaluation of Initialization Phases and Round Functions of Rocca and AEGIS" in IEICE TRANSACTIONS on Fundamentals,
vol. E106-A, no. 3, pp. 253-262, March 2023, doi: 10.1587/transfun.2022CIP0013.
Abstract: Authenticated-Encryption with Associated-Data (AEAD) plays an important role in guaranteeing confidentiality, integrity, and authenticity in network communications. To meet the requirements of high-performance applications, several AEADs make use of AES New Instructions (AES-NI), which can conduct operations of AES encryption and decryption dramatically fast by hardware accelerations. At SAC 2013, Wu and Preneel proposed an AES-based AEAD scheme called AEGIS-128/128L/256, to achieve high-speed software implementation. At FSE 2016, Jean and Nikolić generalized the construction of AEGIS and proposed more efficient round functions. At ToSC 2021, Sakamoto et al. further improved the constructions of Jean and Nikolić, and proposed an AEAD scheme called Rocca for beyond 5G. In this study, we first evaluate the security of the initialization phases of Rocca and AEGIS family against differential and integral attacks using MILP (Mixed Integer Linear Programming) tools. Specifically, according to the evaluation based on the lower bounds for the number of active S-boxes, the initialization phases of AEGIS-128/128L/256 are secure against differential attacks after 4/3/6 rounds, respectively. Regarding integral attacks, we present the integral distinguisher on 6 rounds and 6/5/7 rounds in the initialization phases of Rocca and AEGIS-128/128L/256, respectively. Besides, we evaluate the round function of Rocca and those of Jean and Nikolić as cryptographic permutations against differential, impossible differential, and integral attacks. Our results indicate that, for differential attacks, the growth rate of increasing the number of active S-boxes in Rocca is faster than those of Jean and Nikolić. For impossible differential and integral attacks, we show that the round function of Rocca achieves the sufficient level of the security against these attacks in smaller number of rounds than those of Jean and Nikolić.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.2022CIP0013/_p
Copiar
@ARTICLE{e106-a_3_253,
author={Nobuyuki TAKEUCHI, Kosei SAKAMOTO, Takanori ISOBE, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Security Evaluation of Initialization Phases and Round Functions of Rocca and AEGIS},
year={2023},
volume={E106-A},
number={3},
pages={253-262},
abstract={Authenticated-Encryption with Associated-Data (AEAD) plays an important role in guaranteeing confidentiality, integrity, and authenticity in network communications. To meet the requirements of high-performance applications, several AEADs make use of AES New Instructions (AES-NI), which can conduct operations of AES encryption and decryption dramatically fast by hardware accelerations. At SAC 2013, Wu and Preneel proposed an AES-based AEAD scheme called AEGIS-128/128L/256, to achieve high-speed software implementation. At FSE 2016, Jean and Nikolić generalized the construction of AEGIS and proposed more efficient round functions. At ToSC 2021, Sakamoto et al. further improved the constructions of Jean and Nikolić, and proposed an AEAD scheme called Rocca for beyond 5G. In this study, we first evaluate the security of the initialization phases of Rocca and AEGIS family against differential and integral attacks using MILP (Mixed Integer Linear Programming) tools. Specifically, according to the evaluation based on the lower bounds for the number of active S-boxes, the initialization phases of AEGIS-128/128L/256 are secure against differential attacks after 4/3/6 rounds, respectively. Regarding integral attacks, we present the integral distinguisher on 6 rounds and 6/5/7 rounds in the initialization phases of Rocca and AEGIS-128/128L/256, respectively. Besides, we evaluate the round function of Rocca and those of Jean and Nikolić as cryptographic permutations against differential, impossible differential, and integral attacks. Our results indicate that, for differential attacks, the growth rate of increasing the number of active S-boxes in Rocca is faster than those of Jean and Nikolić. For impossible differential and integral attacks, we show that the round function of Rocca achieves the sufficient level of the security against these attacks in smaller number of rounds than those of Jean and Nikolić.},
keywords={},
doi={10.1587/transfun.2022CIP0013},
ISSN={1745-1337},
month={March},}
Copiar
TY - JOUR
TI - Security Evaluation of Initialization Phases and Round Functions of Rocca and AEGIS
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 253
EP - 262
AU - Nobuyuki TAKEUCHI
AU - Kosei SAKAMOTO
AU - Takanori ISOBE
PY - 2023
DO - 10.1587/transfun.2022CIP0013
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E106-A
IS - 3
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - March 2023
AB - Authenticated-Encryption with Associated-Data (AEAD) plays an important role in guaranteeing confidentiality, integrity, and authenticity in network communications. To meet the requirements of high-performance applications, several AEADs make use of AES New Instructions (AES-NI), which can conduct operations of AES encryption and decryption dramatically fast by hardware accelerations. At SAC 2013, Wu and Preneel proposed an AES-based AEAD scheme called AEGIS-128/128L/256, to achieve high-speed software implementation. At FSE 2016, Jean and Nikolić generalized the construction of AEGIS and proposed more efficient round functions. At ToSC 2021, Sakamoto et al. further improved the constructions of Jean and Nikolić, and proposed an AEAD scheme called Rocca for beyond 5G. In this study, we first evaluate the security of the initialization phases of Rocca and AEGIS family against differential and integral attacks using MILP (Mixed Integer Linear Programming) tools. Specifically, according to the evaluation based on the lower bounds for the number of active S-boxes, the initialization phases of AEGIS-128/128L/256 are secure against differential attacks after 4/3/6 rounds, respectively. Regarding integral attacks, we present the integral distinguisher on 6 rounds and 6/5/7 rounds in the initialization phases of Rocca and AEGIS-128/128L/256, respectively. Besides, we evaluate the round function of Rocca and those of Jean and Nikolić as cryptographic permutations against differential, impossible differential, and integral attacks. Our results indicate that, for differential attacks, the growth rate of increasing the number of active S-boxes in Rocca is faster than those of Jean and Nikolić. For impossible differential and integral attacks, we show that the round function of Rocca achieves the sufficient level of the security against these attacks in smaller number of rounds than those of Jean and Nikolić.
ER -