International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Dengguo Feng

Publications

Year
Venue
Title
2022
TOSC
Vectorial Decoding Algorithm for Fast Correlation Attack and Its Applications to Stream Cipher Grain-128a
Zhaocun Zhou Dengguo Feng Bin Zhang
Fast correlation attack, pioneered by Meier and Staffelbach, is an important cryptanalysis tool for LFSR-based stream cipher, which exploits the correlation between the LFSR state and key stream and targets at recovering the initial state of LFSR via a decoding algorithm. In this paper, we develop a vectorial decoding algorithm for fast correlation attack, which is a natural generalization of the original binary approach. Our approach benefits from the contributions of all correlations in a subspace. We propose two novel criteria to improve the iterative decoding algorithm. We also give some cryptographic properties of the new FCA which allows us to estimate the efficiency and complexity bounds. Furthermore, we apply this technique to the well-analyzed stream cipher Grain-128a. Based on a hypothesis, an interesting result for its security bound is deduced from the perspective of iterative decoding. Our analysis reveals the potential vulnerability for LFSRs over matrix ring and also for nonlinear functions with biased multidimensional linear approximations such as Grain-128a.
2022
TOSC
Practical Attacks on Full-round FRIET
FRIET is a duplex-based authenticated encryption scheme proposed at EUROCRYPT 2020. It follows a novel design approach for built-in countermeasures against fault attacks. By a judicious choice of components, the designers propose the permutation FRIET-PC that can be used to build an authenticated encryption cipher denoted as FRIET-AE. And FRIET-AE provides a 128-bit security claim for integrity and confidentiality. In this paper, we research the propagation of pairs of differences and liner masks through the round function of FRIET-PC. For the full-round FRIET-PC, we can construct a differential distinguisher whose probability is 1 and a linear distinguisher whose absolute value of correlation is 1. Moreover, we use the differential distinguisher with probability 1 to construct a set consisting of valid tags and ciphertexts which are not created by legal users. This breaks FRIET-AE’s security claim for integrity and confidentiality. As far as we know, this is the first practical attack that threatens the security of FRIET-AE.
2018
JOFC
2013
CRYPTO
2013
FSE
2012
FSE
2011
ASIACRYPT
2010
ASIACRYPT
2006
ASIACRYPT
2005
EUROCRYPT