Jean-jacques Quisquater - Academia.edu (original) (raw)
Uploads
Papers by Jean-jacques Quisquater
Lecture Notes in Computer Science, 2000
info:eu-repo/semantics/publishe
info:eu-repo/semantics/publishe
Abstract. SEA is a scalable encryption algorithm targeted for small embedded applications. It was... more Abstract. SEA is a scalable encryption algorithm targeted for small embedded applications. It was initially designed for software implementations in controllers, smart cards or processors. In this paper, we investigate its hardware performances in a 0.13 µm CMOS technology. For these purposes, different designs are detailed. First, a single clock cycle per round loop architecture is implemented. Beyond its low cost performances, a significant advantage of the proposed encryption core is its full flexibility for any parameter of the scalable encryption algorithm, taking advantage of generic VHDL coding. Second, a more realistic design with a reduced datapath combined with a serial communication interface is described in order to put forward the low-power opportunities of SEA. Finally, a minimum datapath is presented and its applicability to RFID encryption is discussed. Additionally to these results, performance comparisons with the AES Rijndael are proposed. They illustrate the inte...
Lecture Notes in Computer Science, 2001
Many searching problems allow time-memory tradeoffs. That is, if there are K possible solutions t... more Many searching problems allow time-memory tradeoffs. That is, if there are K possible solutions to search over, the time-memory tradeoff allows the solution to be found with high probability, in T operations (time) with M words of memory, provided the time-memory product T ×M is larger than K. Cryptanalytic attacks based on exhaustive key search are the typical context where time-memory tradeoffs are applicable. Due to large key sizes, exhaustive key search usually needs unrealistic computing pow-ers and corresponds to a situation where T = K and M = 1. However, if the same attack has to be carried out numerous times, it may be possible to execute the exhaus-tive search in advance and store all the results in a memory. Once this precomputation is done, the attack could be performed almost instantaneously, although in practice, the method is not realistic because of the huge amount of memory needed: T = 1, M = K. The aim of a time-memory tradeoff is to mount an attack that has a lowe...
For the last ten years, security of integrated circuits has attracted a greater attention from th... more For the last ten years, security of integrated circuits has attracted a greater attention from the cryptographic community. Several sources of information leakage within the circuits have been emphasized. Power consumption based attacks have been mounted successfully against various types of circuits like ASIC, smartcards or FPGA. To counter them, specific high level solutions were developed, but none of them achieved a total prevention of such attacks. Circuit and transistor level solutions have also been developed with better results. We present here an interesting alternative to those solutions, using Dynamic Current Mode Logic. This type of logic style gives the same security margins as the other proposed alternatives to CMOS, with better performances in terms of power, delay, complexity of implemented functions and the possibility of an asynchronous mode of the signal propagation.
Since their publication in 1998, power analysis attacks have attracted significant attention with... more Since their publication in 1998, power analysis attacks have attracted significant attention within the cryptographic community. So far, they have been successfully applied to different kinds of implementations (e:g: smart cards, ASICs, FPGAs) of cryptographic algorithms. To protect such devices against power analysis attacks, it has been proposed to use a dynamic and differential logic style for which the power consumption does not depend on the data handled. In this paper, we suggest to use the Dynamic Current Mode Logic to counteract power analysis. The resulting circuits exhibit similar resistance to the previously published proposals but significantly reduce the power delay product. We also demonstrate that certain criteria previously used to evaluate the resistance against power analysis have no cryptographic relevance.
This report summarizes readings in the area of the crypt- analysis of block ciphers. Historically... more This report summarizes readings in the area of the crypt- analysis of block ciphers. Historically, the academic field started in 1981 with the first CRYPTO conference and observations on some undesir- able properties of the DES. Practically, most cryptanalytic techniques were developed in the 1990s. A number of them are variants of two decisive progresses in the field. Dierential cryptanalysis was found by Biham and Shamir and presented at CRYPTO 90. Linear cryptanaly- sis was developed by Matsui and presented at EUROCRYPT 93. From these times plenty of papers tried to take advantage of these techniques in dierent attempts to break public ciphers and some of these papers introduced original improvements. These two techniques also led to the development of criteria for security evaluation of block ciphers. Recently designed block ciphers like the Advanced Encryption Standard Rijndael have been based on the idea of provable security against these two attacks and their improvements. Th...
Journal of Computer Security
This paper shows a surprising similarity between the con- struction of, respectively, impossible ... more This paper shows a surprising similarity between the con- struction of, respectively, impossible differentials and square distin- guishers. This observation is illustrated by comparing two attacks on IDEA (Biham & al., FSE'99 (2), Nakahara & al., 2001 (7)). Using this similarity, we also derive a 16-round square distinguisher on Skip- jack, directly based on the impossible differential attack presented in
In this paper we describe an integral distinguisher over 2 rounds of Safer++. It allows a practic... more In this paper we describe an integral distinguisher over 2 rounds of Safer++. It allows a practical attack against 3 rounds of Safer++128, as well as attacks on 4 rounds of Safer++128 and Safer++256, under the chosen-plaintext hypothesis. These results achieve much lower complexity than the currently known best attacks on Safer++, namely weak-key linear cryptanalysis by Nakahara(8). As a
In this paper we describe an integral distinguisher over 2 rounds of Safer++. It allows a practic... more In this paper we describe an integral distinguisher over 2 rounds of Safer++. It allows a practical attack against 3 rounds of Safer++128, as well as attacks on 4 rounds of Safer++128 and Safer++256 (without the last key addition layer), under the chosen-plaintext hypoth- esis. These results achieve much lower complexity than the currently known best attacks on Safer++, namely
Journal of Computer Security, 1997
ABSTRACT
Lecture Notes in Computer Science, 2000
info:eu-repo/semantics/publishe
info:eu-repo/semantics/publishe
Abstract. SEA is a scalable encryption algorithm targeted for small embedded applications. It was... more Abstract. SEA is a scalable encryption algorithm targeted for small embedded applications. It was initially designed for software implementations in controllers, smart cards or processors. In this paper, we investigate its hardware performances in a 0.13 µm CMOS technology. For these purposes, different designs are detailed. First, a single clock cycle per round loop architecture is implemented. Beyond its low cost performances, a significant advantage of the proposed encryption core is its full flexibility for any parameter of the scalable encryption algorithm, taking advantage of generic VHDL coding. Second, a more realistic design with a reduced datapath combined with a serial communication interface is described in order to put forward the low-power opportunities of SEA. Finally, a minimum datapath is presented and its applicability to RFID encryption is discussed. Additionally to these results, performance comparisons with the AES Rijndael are proposed. They illustrate the inte...
Lecture Notes in Computer Science, 2001
Many searching problems allow time-memory tradeoffs. That is, if there are K possible solutions t... more Many searching problems allow time-memory tradeoffs. That is, if there are K possible solutions to search over, the time-memory tradeoff allows the solution to be found with high probability, in T operations (time) with M words of memory, provided the time-memory product T ×M is larger than K. Cryptanalytic attacks based on exhaustive key search are the typical context where time-memory tradeoffs are applicable. Due to large key sizes, exhaustive key search usually needs unrealistic computing pow-ers and corresponds to a situation where T = K and M = 1. However, if the same attack has to be carried out numerous times, it may be possible to execute the exhaus-tive search in advance and store all the results in a memory. Once this precomputation is done, the attack could be performed almost instantaneously, although in practice, the method is not realistic because of the huge amount of memory needed: T = 1, M = K. The aim of a time-memory tradeoff is to mount an attack that has a lowe...
For the last ten years, security of integrated circuits has attracted a greater attention from th... more For the last ten years, security of integrated circuits has attracted a greater attention from the cryptographic community. Several sources of information leakage within the circuits have been emphasized. Power consumption based attacks have been mounted successfully against various types of circuits like ASIC, smartcards or FPGA. To counter them, specific high level solutions were developed, but none of them achieved a total prevention of such attacks. Circuit and transistor level solutions have also been developed with better results. We present here an interesting alternative to those solutions, using Dynamic Current Mode Logic. This type of logic style gives the same security margins as the other proposed alternatives to CMOS, with better performances in terms of power, delay, complexity of implemented functions and the possibility of an asynchronous mode of the signal propagation.
Since their publication in 1998, power analysis attacks have attracted significant attention with... more Since their publication in 1998, power analysis attacks have attracted significant attention within the cryptographic community. So far, they have been successfully applied to different kinds of implementations (e:g: smart cards, ASICs, FPGAs) of cryptographic algorithms. To protect such devices against power analysis attacks, it has been proposed to use a dynamic and differential logic style for which the power consumption does not depend on the data handled. In this paper, we suggest to use the Dynamic Current Mode Logic to counteract power analysis. The resulting circuits exhibit similar resistance to the previously published proposals but significantly reduce the power delay product. We also demonstrate that certain criteria previously used to evaluate the resistance against power analysis have no cryptographic relevance.
This report summarizes readings in the area of the crypt- analysis of block ciphers. Historically... more This report summarizes readings in the area of the crypt- analysis of block ciphers. Historically, the academic field started in 1981 with the first CRYPTO conference and observations on some undesir- able properties of the DES. Practically, most cryptanalytic techniques were developed in the 1990s. A number of them are variants of two decisive progresses in the field. Dierential cryptanalysis was found by Biham and Shamir and presented at CRYPTO 90. Linear cryptanaly- sis was developed by Matsui and presented at EUROCRYPT 93. From these times plenty of papers tried to take advantage of these techniques in dierent attempts to break public ciphers and some of these papers introduced original improvements. These two techniques also led to the development of criteria for security evaluation of block ciphers. Recently designed block ciphers like the Advanced Encryption Standard Rijndael have been based on the idea of provable security against these two attacks and their improvements. Th...
Journal of Computer Security
This paper shows a surprising similarity between the con- struction of, respectively, impossible ... more This paper shows a surprising similarity between the con- struction of, respectively, impossible differentials and square distin- guishers. This observation is illustrated by comparing two attacks on IDEA (Biham & al., FSE'99 (2), Nakahara & al., 2001 (7)). Using this similarity, we also derive a 16-round square distinguisher on Skip- jack, directly based on the impossible differential attack presented in
In this paper we describe an integral distinguisher over 2 rounds of Safer++. It allows a practic... more In this paper we describe an integral distinguisher over 2 rounds of Safer++. It allows a practical attack against 3 rounds of Safer++128, as well as attacks on 4 rounds of Safer++128 and Safer++256, under the chosen-plaintext hypothesis. These results achieve much lower complexity than the currently known best attacks on Safer++, namely weak-key linear cryptanalysis by Nakahara(8). As a
In this paper we describe an integral distinguisher over 2 rounds of Safer++. It allows a practic... more In this paper we describe an integral distinguisher over 2 rounds of Safer++. It allows a practical attack against 3 rounds of Safer++128, as well as attacks on 4 rounds of Safer++128 and Safer++256 (without the last key addition layer), under the chosen-plaintext hypoth- esis. These results achieve much lower complexity than the currently known best attacks on Safer++, namely
Journal of Computer Security, 1997
ABSTRACT