Bounds in Shallows and in Miseries, by Céline Blondeau and Andrey Bogdanov and Gregor Leander
Proving bounds on the expected differential probability (EDP) of a characteristic over all keys has been a popular technique of arguing security for both block ciphers and hash functions. In fact, to a large extent, it was the clear formulation and elegant deployment of this very principle that helped Rijndael win the AES competition. Moreover, most SHA-3 finalists have come with explicit upper bounds on the EDP of a characteristic as a major part of their design rationale. However, despite the pervasiveness of this design approach, there is no understanding of what such bounds actually mean for the security of a primitive once a key is fixed --- an essential security question in practice.
In this paper, we aim to bridge this fundamental gap. Our main result is a quantitative connection between a bound on the EDP of differential characteristics and the highest
number of input pairs that actually satisfy a characteristic for a fixed key. This is particularly important for the design of permutation-based hash functions such as sponge functions, where the EDP value itself is not informative for the absence of rekeying. We apply our theoretical result to revisit the security arguments of some prominent recent block ciphers and hash functions. For most of those, we have good news: a characteristic is followed by a small number of pairs only. For Keccak, though, currently much more rounds would be needed for our technique to guarantee any reasonable maximum number of pairs.
Thus, our work --- for the first time --- sheds light on the fixed-key differential behaviour of block ciphers in general and substitution-permutation networks in particular which has been a long-standing fundamental problem in symmetric-key cryptography.
A New Object Searching Protocol for Multi-tag RFID, by Subhasish Dhal and Indranil Sengupta
Searching an object from a large set is a tedious task. Radio Frequency IDentification (RFID) technology helps us to search the desired object efficiently. In this technology, a small chip called RFID tag, that contains the identification information about an object is attached to the same object. In general, a set of objects are attached with RFID tags. To find out a particular object preserving the possible security requirements, the RFID reader requests the tag in desired object to respond with its encrypted identification information. Since there is a response only from the tag in desired object the adversary gets the knowledge of existence of the desired object. Fake response from tag in undesired objects may fool the adversary. However, computation for fake responses is
an overhead. In this paper, we propose a search technique which has a negligible amount of computation for fake responses. Multiple tags in the same object increases the detection probability and also the probability of success in search process. Our aim is to search a particular object efficiently preserving the possible security requirements amid various resource limitations in low-cost RFID tag.
Handling Authentication and Detection Probability in Multi-tag RFID Environment, by Subhasish Dhal and Indranil Sengupta
In Radio Frequency Identification (RFID) technology, an adversary
may access classified information about an object tagged with RFID tag. Therefore, authentication is a necessary requirement. Use of multiple tags in an object increases the detection probability and simultaneously ensures availability of multiple resources in the form of memory and computability. Authentication process in multi-tag arrangement may increase the traffic between reader and object and/or decrease the detection probability. Therefore the challenge is to keep intact the detection probability without increasing the traffic. Existence of multiple number of tags helps to distribute the authentication responsibility for an object among multiple number of tags. In this paper, we assume that an object is attached with multiple number of active tags and in each session a randomly selected tag is responsible for authentication process. The detection probability is intact since an active tag within the range of reader can be an inter-mediator.