# Cryptography and Communications

Publisher: Springer Verlag

## Description

## Impact factor 0.65

- 5-year impact0.00
- Cited half-life0.00
- Immediacy index0.00
- Eigenfactor0.00
- Article influence0.00
- ISSN1936-2447
- OCLC85825471
- Material typePeriodical, Internet resource
- Document typeJournal / Magazine / Newspaper, Internet Resource

## Publisher details

- Pre-print
- Author can archive a pre-print version

- Post-print
- Author can archive a post-print version

- Conditions
- Author's pre-print on pre-print servers such as arXiv.org
- Author's post-print on author's personal website immediately
- Author's post-print on any open access repository after 12 months after publication
- Publisher's version/PDF cannot be used
- Published source must be acknowledged
- Must link to publisher version
- Set phrase to accompany link to published version (see policy)
- Articles in some journals can be made Open Access on payment of additional charge

- Classification green

## Publications in this journal

- [Show abstract] [Hide abstract]

**ABSTRACT:**Constacyclic codes form an interesting family of error-correcting codes due to their rich algebraic structure, and are generalizations of cyclic and negacyclic codes. In this paper, we classify repeated-root constacyclic codes of length ℓ t p s over the finite field \(\mathbb {F}_{p^{m}}\) containing p m elements, where ℓ ≡ 1(mod 2), p are distinct primes and t, s, m are positive integers. Based upon this classification, we explicitly determine the algebraic structure of all repeated-root constacyclic codes of length ℓ t p s over \(\mathbb {F}_{p^{m}}\) and their dual codes in terms of generator polynomials. We also observe that self-dual cyclic (negacyclic) codes of length ℓ t p s over \(\mathbb {F}_{p^{m}}\) exist only when p = 2 and list all self-dual cyclic (negacyclic) codes of length ℓ t 2s over \(\mathbb {F}_{2^{m}}\) . We also determine all self-orthogonal cyclic and negacyclic codes of length ℓ t p s over \(\mathbb {F}_{p^{m}}\) . To illustrate our results, we determine all constacyclic codes of length 175 over \(\mathbb {F}_{5}\) and all constacyclic codes of lengths 147 and 3087 over \(\mathbb {F}_{7}\) .Cryptography and Communications 06/2015; 7(2). -
##### Article: A construction of t-fold perfect splitting authentication codes with equal deception probabilities

[Show abstract] [Hide abstract]

**ABSTRACT:**Orthogonal multi-arrays were first formulated by Brickell in investigation of authentication codes. In this article, we will prove that t-fold perfect splitting authentication codes with equal deception probabilities can be characterized in terms of orthogonal multi-arrays. We will also investigate the existence of orthogonal multi-arrays, and show that the existence of orthogonal multi-arrays OMA (t,k×c,n)s is equivalent to the existence of transversal splitting t-designs splitting TD (t,k×c,n)s. Further, we obtain some new infinite classes of t-fold perfect splitting authentication codes with equal deception probabilities.Cryptography and Communications 06/2015; 7(2). - [Show abstract] [Hide abstract]

**ABSTRACT:**The latest implementations of pairings allow efficient schemes for Pairing Based Cryptography. These make the use of pairings suitable for small and constrained devices (smart phones, smart cards…) in addition to more powerful platforms. As for any cryptographic algorithm which may be deployed in insecure locations, these implementations must be secure against physical attacks, and in particular fault attacks. In this paper, we present the state-of-the-art of fault attacks against pairing algorithms, more precisely fault attacks against the Miller algorithm and the final exponentiation which are the two parts of a pairing calculation.Cryptography and Communications 03/2015; 7(1). - [Show abstract] [Hide abstract]

**ABSTRACT:**In recent literature, the differential fault analysis (DFA) on Grain family of stream ciphers has been shown to exploit the low algebraic degree of the derivative of the nonlinear combining function h of the stream cipher, h(x) ⊕ h(x ⊕ α). The low algebraic degree allows the DFA adversary to create a linearly independent system of equations generated from the faulty and fault-free keystreams and use these equations to extract the initial state of the NFSR and LFSR stages in the stream cipher. In this paper, we propose a construction scheme for rotation symmetric Boolean functions (RSBFs) h(x) along with an orbit-tuple flip based iterative hill-climbing based construction algorithm for balanced RSBFs with high nonlinearity, low absolute indicator value of global avalanche characteristics (GAC), and high algebraic degree of h(x) ⊕ h(x ⊕ α). The construction algorithm is scalable for higher input variables like n = 9,10,11 as shown in the paper. We find some interesting autocorrelation spectra and Walsh spectra properties for the class of RSBFs and then use them in the construction of RSBFs with improved cryptographic properties. We present the cryptographic properties of the RSBFs constructed for high input variables which can be used to make DFA attack harder using the existing techniques.Cryptography and Communications 03/2015; 7(1). - [Show abstract] [Hide abstract]

**ABSTRACT:**Threshold implementation (TI) is a masking method that provides security against first-order DPA with minimal assumptions on the hardware. It is based on multi-party computation and secret sharing. In this paper, we provide an efficient technique to find TIs for all 3 and 4-bit permutations which also covers the set of 3×3 and 4×4 invertible S-boxes. We also discuss alternative methods to construct shared functions by changing the number of variables or shares. Moreover, we further consider the TI of 5-bit almost bent and 6-bit almost perfect nonlinear permutations. Finally, we compare the areas of these various TIs.Cryptography and Communications 03/2015; 7(1). - [Show abstract] [Hide abstract]

**ABSTRACT:**A difference-of-means test applied to acquisitions of the instantaneous power consumption has been shown to be a suitable means of distinguishing a multiplication from a squaring operation over the integers. This has been attributed to the difference in expected Hamming weight of the output of these operations but few details are present in the literature. In this paper we define how this difference occurs and show that, somewhat surprisingly, a difference can, for some moduli, still be observed after a modular reduction. Moreover, we show that this difference leads to a practical attack under reasonable assumptions where a modulus is blinded. The presented attack goes beyond the cryptographic primitive and applies to concrete provably secure implementations, including RSA-PSS for signature generation or RSA-OAEP for encryption that uses side-channel countermeasures.Cryptography and Communications 03/2015; 7(1). - [Show abstract] [Hide abstract]

**ABSTRACT:**Despite Kerckhoffs’s principle, proprietary or otherwise secret cryptographic algorithms are still used in real life. For security and efficiency reasons a common design practice simply modifies some parameters of widely used and well studied encryption standards. In this paper, we investigate the feasibility of reverse engineering the secret specifications of an AES-like block cipher by a FIRE attack based on Ineffective Fault Analysis (IFA) or by SCARE techniques based on two models of collision power analysis. In the considered fault or observational models, we demonstrate that an adversary who does not know the secret key can recover the full set of secret parameters of an AES-like software implementation and, in some models, even if it is protected by common Boolean masking and shuffling of independent operations. We thereby intend to demonstrate that protecting the implementation of such AES-like function is not an option even if its specifications are not public.Cryptography and Communications 03/2015; 7(1). - [Show abstract] [Hide abstract]

**ABSTRACT:**Securing cryptographic implementations against side-channel attacks is one of the most important challenges in modern cryptography. Many countermeasures have been introduced for this purpose, and analyzed in specialized security models. Formal solutions have also been proposed to extend the guarantees of provable security to physically observable devices. Masking and leakage-resilient cryptography are probably the most investigated and best understood representatives of these two approaches. Unfortunately, claims whether one, the other or their combination provides better security at lower cost remained vague so far. In this paper, we provide the first comprehensive treatment of this important problem. For this purpose, we analyze whether cryptographic implementations can be security-bounded, in the sense that the time complexity of the best side-channel attack is lower-bounded, independent of the number of measurements performed. Doing so, we first put forward a significant difference between stateful primitives such as leakage-resilient PRGs (that easily ensure bounded security), and stateless ones such as leakage-resilient PRFs (that hardly do). We then show that in practice, leakage-resilience alone provides the best security vs. performance tradeoff when bounded security is achievable, while masking alone is the solution of choice otherwise. That is, we highlight that one (x)or the other approach should be privileged, which contradicts the usual intuition that physical security is best obtained by combining countermeasures. Besides, our experimental results underline that despite defined in exactly the same way, the bounded leakage requirement in leakage-resilient PRGs and PRFs imply significantly different challenges for hardware designers. Namely, such a bounded leakage is much harder to guarantee for stateless primitives (like PRFs) than for statefull ones (like PRGs). As a result, constructions of leakage-resilient PRGs and PRFs proven under the same bounded leakage assumption, and instantiated with the same AES implementation, may lead to different practical security levels.Cryptography and Communications 03/2015; 7(1). -
##### Article: Injectivity of compressing maps on the set of primitive sequences modulo square-free odd integers

[Show abstract] [Hide abstract]

**ABSTRACT:**Let p 1, p 2,…,p r be distinct odd primes and m = p 1p 2⋯p r . Let f(x) be a primitive polynomial of degree n over \(\mathbb {Z}/m\mathbb {Z}\) . Denote by L(f) the set of primitive linear recurring sequences generated by f(x). A map ψ on \(\mathbb {Z}/m\mathbb {Z}\) naturally induces a map \(\widehat {\psi }\) on L(f), mapping a sequence \((\dots ,\underline {s}({i-1}),\underline {s}(i),\underline {s}({i+1}),\dots )\) to \((\dots ,\psi (\underline {s}({i-1})),\psi (\underline {s}(i)),\psi (\underline {s}({i+1})),\dots )\) . Previous results gave sufficient conditions under which modular functions induce injective maps on L(f). In this article we give an inequality which holds for large enough n. If this inequality holds, then the injectivity of \(\hat {\psi }\) is clearly determined for any map ψ on \(\mathbb {Z}/m\mathbb {Z}\) . Particularly, the modular function ψ(a)=a mod M induces an injective map on L(f) for any \(M\in \left \{{2\leq i\in \mathbb {Z}:i \nmid m}\right \}\) .Cryptography and Communications 01/2015; - [Show abstract] [Hide abstract]

**ABSTRACT:**We propose a new type of meet-in-the-middle attack that splits a cryptographic primitive in parallel to the execution flow of the operations. The result of the division are two primitives that have smaller input sizes and thus require lower attack complexities. The sub-primitives are not completely independent, but mutually depend on a certain number of bits. When the number of such bits is relatively small, we show a technique based on three classical meet-in-the-middle attacks that can recover the secret key of the cipher faster than an exhaustive search. We apply our findings to the lightweight block cipher Klein and show attacks on 10/11/13 rounds of Klein-64/-80/-96. We note that our approach works in the known-plaintext attack model and requires only one or two pairs of known plaintexts.Cryptography and Communications 12/2014; - [Show abstract] [Hide abstract]

**ABSTRACT:**We study the relationship between the Walsh Transform of a Boolean function and its Algebraic Normal Form(ANF), and present algorithms that compute the Walsh coefficients at a small set of points in terms of certain parameters derived from the ANF of a Boolean function. In the first part of this paper, based on the previous result by Gupta and Sarkar, we investigate the formula in Gupta-Sarkar’s algorithm in a novel iterative method and obtain a recurrence relation for the Walsh Transform of a Boolean function. The second part is devoted to applying this formula to algorithms to evaluate it. Experimental result shows that for the specified classes of Boolean functions, our algorithms can perform better than Gupta-Sarkar’s algorithm. For example, the proposed algorithm “ComputeWalsh” is able to compute the Walsh coefficients of the functions for which the complexity of Gupta-Sarkar’s algorithm is impractical. Besides, for functions acting on high number of variables (m>30) and having low number of monomials, the proposed algorithms are advantageous over the Fast Walsh Transform which is a standard method of computing the Walsh Transform with a complexity of O(m2m ) operations.Cryptography and Communications 12/2014; 6(4). - [Show abstract] [Hide abstract]

**ABSTRACT:**A set of words with the property that no prefix of any word is the suffix of any other word is called cross-bifix-free set. We provide an efficient generating algorithm producing Gray codes for a remarkable family of cross-bifix-free sets.Cryptography and Communications 12/2014; 6(4). - [Show abstract] [Hide abstract]

**ABSTRACT:**Iterated attacks are comprised of iterating adversaries who can make d plaintext queries, in each iteration to compute a bit, and are trying to distinguish between a random cipher C and the perfect cipher C ∗ based on all bits. Vaudenay showed that a 2d-decorrelated cipher resists to iterated attacks of order d when iterations have almost no common queries. Then, he first asked what the necessary conditions are for a cipher to resist a non-adaptive iterated attack of order d. I.e., whether decorrelation of order 2d − 1 could be sufficient. Secondly, he speculated that repeating a plaintext query in different iterations does not provide any advantage to a non-adaptive distinguisher. We close here these two long-standing open problems negatively. For those questions, we provide two counter-intuitive examples.W e also deal with adaptive iterated adversaries who can make both plaintext and ciphertext queries in which the future queries are dependent on the past queries. We show that decorrelation of order 2d protects against these attacks of order d. We also study the generalization of these distinguishers for iterations making non-binary outcomes. Finally, we measure the resistance against two well-known statistical distinguishers, namely, differential-linear and boomerang distinguishers and show that 4-decorrelation degree protects against these attacks.Cryptography and Communications 12/2014; 6(4). - [Show abstract] [Hide abstract]

**ABSTRACT:**This paper investigates a new framework to analyze symmetric ciphers by guessing intermediate states and dividing algorithms into consecutive sub-ciphers. It is suitable for lightweight ciphers with simple key schedules and block sizes smaller than key lengths. New attacks on the block cipher family KATAN are proposed by adopting this framework. Our new attacks can recover the master keys of 175-round KATAN32, 130-round KATAN48 and 112-round KATAN64 faster than exhaustive search, and thus reach many more rounds than previous attacks. We also provide new attacks on 115-round KATAN32 and 100-round KATAN48 in order to demonstrate this new kind of attacks can be more time-efficient and memory-efficient than existing attacks.Cryptography and Communications 12/2014; 6(4). - [Show abstract] [Hide abstract]

**ABSTRACT:**We describe a systematic framework for using a stream cipher supporting an initialisation vector (IV) to perform various tasks of authentication and authenticated encryption. These include message authentication code (MAC), authenticated encryption (AE), authenticated encryption with associated data (AEAD) and deterministic authenticated encryption (DAE) with associated data. Several schemes are presented and rigourously analysed. A major component of the constructions is a keyed hash function having provably low collision and differential probabilities. Methods are described to efficiently extend such hash functions to take multiple inputs. In particular, double-input hash functions are required for the construction of AEAD schemes. An important practical aspect of our work is that a designer can combine off-the-shelf stream ciphers with off-the-shelf hash functions to obtain secure primitives for MAC, AE, AEAD and DAE(AD).Cryptography and Communications 09/2014; - [Show abstract] [Hide abstract]

**ABSTRACT:**Hitag2 is a widely applied lightweight stream cipher with a traditional structure containing linear shift feedback and nonlinear filtering. It uses a Boolean function of 20 variables as its nonlinear filter. For easy implementation, this function is constructed by a two-layer composition of one 5-variable Boolean function and five 4-variable Boolean functions. In this paper, the concept of nested function is extracted from the construction of the two-layer Boolean function in Hitag2. Then we study some general properties of nested functions, such as balancedness, algebraic degree, Walsh spectra and algebraic immunity. We prove that the Walsh spectra of a nested function can be split into a product of the Walsh spectra of its subfunctions and generating function when the subfunctions are all balanced. Moreover, two upper bounds on algebraic immunity of nested functions are proposed. By using a hybrid approach of logical reasoning and computer computation, we obtain the precise value of the algebraic immunity of the filter function used in Hitag2, which is equal to 6.Cryptography and Communications 09/2014; 6(3). - [Show abstract] [Hide abstract]

**ABSTRACT:**The nonlinearity of a Boolean function $F: \mathbb{F}_{2}^{m}\rightarrow \mathbb{F}_{2}$ is the minimum Hamming distance between f and all affine functions. The nonlinearity of a S-box $f: \mathbb{F}_{2}^{m}\rightarrow \mathbb{F}_{2}^{n}$ is the minimum nonlinearity of its component (Boolean) functions $v\cdot f,\, v\in \mathbb{F}_{2}^{n}\,\backslash \{0\}$ . This notion quantifies the level of resistance of the S-box to the linear attack. In this paper, the distribution of the nonlinearity of (m, n)-functions is investigated. When n = 1, it is known that asymptotically, almost all m-variable Boolean functions have high nonlinearities. We extend this result to (m, n)-functions.Cryptography and Communications 06/2014; 6(2). - [Show abstract] [Hide abstract]

**ABSTRACT:**Let G be a simple, undirected graph with vertex set V. For v ∈ V and r ≥ 1, we denote by B G,r (v) the ball of radius r and centre v. A set ${\cal C} \subseteq V$ is said to be an r-identifying code in G if the sets $B_{G,r}(v)\cap {\cal C}$ , v ∈ V, are all nonempty and distinct. A graph G admitting an r-identifying code is called r-twin-free, and in this case the size of a smallest r-identifying code in G is denoted by γ r (G). We study the following structural problem: let G be an r-twin-free graph, and G * be a graph obtained from G by adding or deleting a vertex. If G * is still r-twin-free, we compare the behaviours of γ r (G) and $\gamma_r(G^*)$ , establishing results on their possible differences and ratios.Cryptography and Communications 06/2014; 5(2).

Data provided are for informational purposes only. Although carefully collected, accuracy cannot be guaranteed. The impact factor represents a rough estimation of the journal's impact factor and does not reflect the actual current impact factor. Publisher conditions are provided by RoMEO. Differing provisions from the publisher's actual policy or licence agreement may be applicable.