著者
Hayato Kimura Keita Emura Takanori Isobe Ryoma Ito Kazuto Ogawa Toshihiro Ohigashi
出版者
情報処理学会
雑誌
情報処理学会論文誌 (ISSN:18827764)
巻号頁・発行日
vol.64, no.9, 2023-09-15

Cryptanalysis in a blackbox setting using deep learning is powerful because it does not require the attacker to have knowledge about the internal structure of the cryptographic algorithm. Thus, it is necessary to design a symmetric key cipher that is secure against cryptanalysis using deep learning. Kimura et al. (AIoTS 2022) investigated deep learning-based attacks on the small PRESENT-[4] block cipher with limited component changes, identifying characteristics specific to these attacks which remain unaffected by linear/differential cryptanalysis. Finding such characteristics is important because exploiting such characteristics can make the target cipher vulnerable to deep learning-based attacks. Thus, this paper extends a previous method to explore clues for designing symmetric-key cryptographic algorithms that are secure against deep learning-based attacks. We employ small PRESENT-[4] with two weak S-boxes, which are known to be weak against differential/linear attacks, to clarify the relationship between classical and deep learning-based attacks. As a result, we demonstrated the success probability of our deep learning-based whitebox analysis tends to be affected by the success probability of classical cryptanalysis methods. And we showed our whitebox analysis achieved the same attack capability as traditional methods even when the S-box of the target cipher was changed to a weak one.------------------------------This is a preprint of an article intended for publication Journal ofInformation Processing(JIP). This preprint should not be cited. Thisarticle should be cited as: Journal of Information Processing Vol.31(2023) (online)DOI http://dx.doi.org/10.2197/ipsjjip.31.550------------------------------
著者
Takanori Isobe Ryoma Ito Kazuhiko Minematsu
出版者
Information Processing Society of Japan
雑誌
Journal of Information Processing (ISSN:18826652)
巻号頁・発行日
vol.31, pp.523-536, 2023 (Released:2023-09-15)
参考文献数
55

This paper summarizes our cryptanalysis results on real-world End-to-End Encryption (E2EE) schemes published in recent years. Our targets are LINE (a major messaging application), SFrame (an E2EE protocol adopted by major video/audio applications), and Zoom (a major video communication application). For LINE, we show several attacks against the message integrity of Letter Sealing, the E2EE protocol of LINE, that allow forgery and impersonation. For SFrame, we reveal a critical issue that leads to an impersonation (forgery) attack by a malicious group member with a practical complexity. For Zoom, we discover several attacks more powerful than those expected by Zoom according to their whitepaper. Specifically, if insiders collude with meeting participants, they can impersonate any Zoom user in target meetings, whereas Zoom indicates that they can impersonate only the current meeting participants. We also describe several important works in the area of E2EE security research.
著者
Sonu JHA Subhadeep BANIK Takanori ISOBE Toshihiro OHIGASHI Santanu SARKAR
出版者
The Institute of Electronics, Information and Communication Engineers
雑誌
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences (ISSN:09168508)
巻号頁・発行日
vol.E101-A, no.11, pp.1869-1879, 2018-11-01

In this paper we present proofs for the new biases in RC4 which were experimentally found and listed out (without theoretical justifications and proofs) in a paper by Vanhoef et al. in USENIX 2015. Their purpose was to exploit the vulnerabilities of RC4 in TLS using the set of new biases found by them. We also show (and prove) new results on couple of very strong biases residing in the joint distribution of three consecutive output bytes of the RC4 stream cipher. These biases provides completely new distinguisher for RC4 taking roughly O(224) samples to distinguish streams of RC4 from a uniformly random stream. We also provide a list of new results with proofs relating to some conditional biases in the keystreams of the RC4 stream cipher.
著者
Hayato Kimura Keita Emura Takanori Isobe Ryoma Ito Kazuto Ogawa Toshihiro Ohigashi
出版者
Information Processing Society of Japan
雑誌
Journal of Information Processing (ISSN:18826652)
巻号頁・発行日
vol.31, pp.550-561, 2023 (Released:2023-09-15)
参考文献数
40

Cryptanalysis in a blackbox setting using deep learning is powerful because it does not require the attacker to have knowledge about the internal structure of the cryptographic algorithm. Thus, it is necessary to design a symmetric key cipher that is secure against cryptanalysis using deep learning. Kimura et al. (AIoTS 2022) investigated deep learning-based attacks on the small PRESENT-[4] block cipher with limited component changes, identifying characteristics specific to these attacks which remain unaffected by linear/differential cryptanalysis. Finding such characteristics is important because exploiting such characteristics can make the target cipher vulnerable to deep learning-based attacks. Thus, this paper extends a previous method to explore clues for designing symmetric-key cryptographic algorithms that are secure against deep learning-based attacks. We employ small PRESENT-[4] with two weak S-boxes, which are known to be weak against differential/linear attacks, to clarify the relationship between classical and deep learning-based attacks. As a result, we demonstrated the success probability of our deep learning-based whitebox analysis tends to be affected by the success probability of classical cryptanalysis methods. And we showed our whitebox analysis achieved the same attack capability as traditional methods even when the S-box of the target cipher was changed to a weak one.
著者
Takanori Isobe Ryoma Ito Kazuhiko Minematsu
出版者
情報処理学会
雑誌
情報処理学会論文誌 (ISSN:18827764)
巻号頁・発行日
vol.64, no.9, 2023-09-15

This paper summarizes our cryptanalysis results on real-world End-to-End Encryption (E2EE) schemes published in recent years. Our targets are LINE (a major messaging application), SFrame (an E2EE protocol adopted by major video/audio applications), and Zoom (a major video communication application). For LINE, we show several attacks against the message integrity of Letter Sealing, the E2EE protocol of LINE, that allow forgery and impersonation. For SFrame, we reveal a critical issue that leads to an impersonation (forgery) attack by a malicious group member with a practical complexity. For Zoom, we discover several attacks more powerful than those expected by Zoom according to their whitepaper. Specifically, if insiders collude with meeting participants, they can impersonate any Zoom user in target meetings, whereas Zoom indicates that they can impersonate only the current meeting participants. We also describe several important works in the area of E2EE security research.------------------------------This is a preprint of an article intended for publication Journal ofInformation Processing(JIP). This preprint should not be cited. Thisarticle should be cited as: Journal of Information Processing Vol.31(2023) (online)DOI http://dx.doi.org/10.2197/ipsjjip.31.523------------------------------
著者
Kazuto SHIMIZU Kosei SAKAMOTO Takanori ISOBE
出版者
The Institute of Electronics, Information and Communication Engineers
雑誌
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences (ISSN:09168508)
巻号頁・発行日
pp.2021CIP0002, (Released:2021-12-07)

Generalized Feistel Network (GFN) is widely used in block ciphers. CLEFIA is one of the GFN type-2 block ciphers. CLEFIA employs Diffusion Switching Mechanism (DSM) in its diffusion layer. DSM improves CLEFIA's security by increasing its number of active S-boxes, which is an indicator of security against differential and linear cryptanalyses. However, two matrices in DSM increase implementational cost. In this paper, we pursue the research question whether it is possible to achieve the same security as original CLEFIA with only one matrix without overhead in hardware. Our idea to answer the research question is applying byte-shuffling technique to CLEFIA. Byte-shuffling is an operation to shuffle 8-bit bytes. On the other hand, traditional GFN ciphers rotate 32-bit or larger words in their permutation layer. Since implementation of byte-shuffling is considered as cost-free in hardware, it adds no overhead in comparison with word rotation. Byte-shuffling has numerous shuffle patterns whereas word rotation has a few patterns. In addition, security property varies among the shuffle patterns. So, we have to find the optimal shuffle pattern(s) on the way to pursue the research question. Although one way to find the optimal shuffle pattern is evaluating all possible shuffle patterns, it is impractical to evaluate them since the evaluation needs much time and computation. We utilize even-odd byte-shuffling technique to narrow the number of shuffle patterns to be searched. Among numerous shuffle patterns, we found 168 shuffle patterns as the optimal shuffle patterns. They achieved full diffusion in 5 rounds. This is the same security as original CLEFIA. They achieved enough security against differential and linear cryptanalyses at 13th and 14th round, respectively, by active S-box evaluations. It is just one and two rounds longer than original CLEFIA. However, it is three and two rounds earlier than CLEFIA without DSM.