Dhiman Saha

Dhiman Saha
Indian Institute of Technology Bhilai · Electrical Engineering & Computer Science

Doctor of Philosophy
I love computer science and crypto. I mostly work in symmetric crypto particularly cryptanlaysis. >> http://dhimans.in

About

40
Publications
5,401
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
303
Citations
Introduction
Additional affiliations
May 2018 - present
Indian Institute of Technology Bhilai
Position
  • Professor (Assistant)
March 2018 - May 2018
Indian Statistical Institute Kolkata, India
Position
  • Researcher
April 2017 - July 2017
Indian Institute of Technology Kharagpur
Position
  • Research Associate

Publications

Publications (40)
Article
Fault attacks are among the well-studied topics in the area of cryptography. These attacks constitute a powerful tool to recover the secret key used in the encryption process. Fault attacks work by forcing a device to work under non-ideal environmental conditions (such as high temperature) or external disturbances (such as glitch in the power suppl...
Article
Full-text available
In this paper, we report the first DFA on nonce-based CAESAR scheme NORX (applicable to all the versions v1, v2.0, v3.0). This demonstrates a scenario when faults introduced in NORX in parallel mode can be used to collide the internal branches to produce an all-zero state. Later, this fault is used to replay on NORX despite being instantiated by di...
Article
Full-text available
ASCON is one of the elegant designs of authenticated encryption with associated data (AEAD) that was selected as the first choice for lightweight applications in the CAESAR competition, which also has been submitted to NIST lightweight cryptography standardization. ASCON has been in the literature for a while; however, there has been no successful...
Article
This work investigates a generic way of combining two very effective and well-studied cryptanalytic tools, proposed almost 18 years apart, namely the boomerang attack introduced by Wagner in FSE 1999 and the yoyo attack by Ronjom et al. in Asiacrypt 2017. In doing so, the s-box switch and ladder switch techniques are leveraged to embed a yoyo trail...
Preprint
Full-text available
Numerous studies have shown that streaming is now the most preferred way of consuming multimedia content and this is evidenced by the proliferation in the number of streaming service providers as well as the exponential growth in their subscriber base. Riding on the advancements in low cost electronics, high speed communication and extremely cheap...
Article
Full-text available
As fault-based cryptanalysis is becoming more and more of a practical threat, it is imperative to make efforts to devise suitable countermeasures. In this regard, the so-called “infective countermeasures” have garnered particular attention from the community due to its ability in inhibiting differential fault attacks without explicitly detecting th...
Article
Full-text available
This paper presents the first third-party security analysis of TinyJAMBU, which is one of 32 second-round candidates in NIST’s lightweight cryptography standardization process. TinyJAMBU adopts an NLFSR based keyed-permutation that computes only a single NAND gate as a non-linear component per round. The designers evaluated the minimum number of ac...
Chapter
The Statistical Ineffective Fault Analysis, SIFA, is a recent addition to the family of fault based cryptanalysis techniques. SIFA based attack is shown to be formidable and is able to bypass virtually all the conventional fault attack countermeasures. Reported countermeasures to SIFA incur overheads of the order of at least thrice the unprotected...
Chapter
This paper analyzes the internal keyed permutation of FlexAEAD which is a round-1 candidate of the NIST LightWeight Cryptography Competition. In our analysis, we report an iterated truncated differential leveraging on a particular property of the AES S-box that becomes useful due to the particular nature of the diffusion layer of the round function...
Chapter
Full-text available
In ToSC 2017 Saha et al. demonstrated an interesting property of SHA3 based on higher-order vectorial derivatives which led to self-symmetry based distinguishers referred to as SymSum and bettered the complexity w.r.t the well-studied ZeroSum distinguisher by a factor of 4. This work attempts to take a fresh look at this distinguisher in the light...
Chapter
Differential branch number and linear branch number are critical for the security of symmetric ciphers. The recent trend in the designs like PRESENT block cipher, ASCON authenticated encryption shows that applying S-boxes that have nontrivial differential and linear branch number can significantly reduce the number of rounds. As we see in the liter...
Chapter
Forkciphers are a new kind of primitive proposed recently by Andreeva et al. for efficient encryption and authentication of small messages. They fork the middle state of a cipher and encrypt it twice under two smaller independent permutations. Thus, forkciphers produce two output blocks in one primitive call.
Article
Full-text available
In Saha and Chowdhury (Cryptographic hardware and embedded systems—CHES 2016—18th international conference, Santa Barbara, CA, USA, August 17–19, 2016, Proceedings, 2016) the concept of fault analysis using internal differentials within a cipher was introduced and used to overcome the nonce barrier of conventional differential fault analysis with a...
Article
In Asiacrypt 2017, Rønjom et al. reported some interesting generic properties of SPNs, leading to what they call the Yoyo trick, and applied it to find the most efficient distinguishers on AES. In this work, we explore the Yoyo idea in distinguishing public permutations for the first time. We introduce the notion of nested zero difference pattern w...
Article
Full-text available
Full text available here: http://ietdl.org/t/r8xiRb We explore a cryptanalysis strategy which seems to be particularly applicable to parallelizable ciphers where the key forms a part of the internal state. The proposed technique combines internal differentials with guess and determine analysis to come up with what is referred to as the Match-in-th...
Article
Full-text available
In Asiacrypt 2017, Rønjom et al. reported some interesting generic properties of SPNs, leading to what they call the Yoyo trick, and applied it to find the most efficient distinguishers on AES. In this work, we explore the Yoyo idea in distinguishing public permutations for the first time. We introduce the notion of nested zero difference pattern w...
Article
Full-text available
This work presents practical key-recovery attacks on round-reduced variants of CAESAR Round 2 candidate PAEQ by analyzing it in the light of guess-and-determine analysis. The attack developed here targets the mode of operation along with diffusion inside the AES based internal permutation AESQ. The first attack uses a guess-and-invert technique lea...
Conference Paper
In this work, we give a practical implementation of the well known impossible differential attack on 5 round AES-128 given by Biham and Keller. The complexity of the original attack is in the order of the practical realm with time complexity \(2^{31}\) and data complexity \(2^{29.5}\). However, the primary memory required to execute the attack was...
Article
In this work we show the existence of special sets of inputs for which the sum of the images under SHA3 exhibits a symmetric property. We develop an analytical framework which accounts for the existence of these sets. The framework constitutes identification of a generic property of iterated SPN based functions pertaining to the round-constant addi...
Article
Full-text available
In this work we show the existence of special sets of inputs for which the sum of the images under SHA3 exhibits a symmetric property. We develop an analytical framework which accounts for the existence of these sets. The framework constitutes identification of a generic property of iterated SPN based functions pertaining to the round-constant addi...
Article
Infective countermeasures have been shown to be the most efficient way to prevent fault attacks which are one of the most effective side-channel attacks on symmetric key ciphers. However, none of the countermeasures have been found to last in terms of security. Battistello et al. [1] has broken the last two surviving infective methods against fault...
Article
Fault attacks are one of the most effective side-channel attacks on symmetric key ciphers. Over the years a variety of countermeasure techniques have been proposed to prevent this kind of attacks. Among them, infective countermeasures have been shown to be the most efficient way to prevent fault attacks. However, none of the countermeasures have be...
Conference Paper
This work presents practical key-recovery attacks on round-reduced variants of CAESAR Round 2 candidate PAEQ by analyzing it in the light of guess-and-determine analysis. The attack developed here targets the mode of operation along with diffusion inside the AES based internal permutation AESQ. The first attack uses a guess-and-invert technique lea...
Conference Paper
This work exploits internal differentials within a cipher in the context of Differential Fault Analysis (DFA). This in turn overcomes the nonce barrier which acts as a natural counter-measure against DFA. We introduce the concept of internal differential fault analysis which requires only one faulty ciphertext. In particular, the analysis is applic...
Conference Paper
In this paper, we propose a guess and determine attack against some variants of the \(\pi \)-Cipher family of authenticated ciphers. This family of ciphers is a second-round candidate of the CAESAR competition. More precisely, we show a key recovery attack with time complexity little higher than \(2^{4\omega }\), and low data complexity, against va...
Conference Paper
Full-text available
In Asiacrypt 2014, Andreeva et al. proposed an interesting idea of intermittently releasing plaintexts before verifying the tag which was inspired from various practical applications and constraints. In this work we try to asses the idea of releasing unverified plaintexts in the light of side channel attacks like fault attacks. In particular we sho...
Article
In this work, we present a differential fault analysis of the SHA-3 finalist Grøstl when used in the dedicated MAC mode. The fault model exploited here is similar to fault repeatability model proposed and used by Roche et al. in CARDIS 2011. We propose a new way of extracting half of the state of Grøstl from the knowledge of the remaining half. Thi...
Conference Paper
Infective countermeasures have been shown to be the most efficient way to prevent fault attacks which are one of the most effective side-channel attacks on symmetric key ciphers. However, none of the countermeasures have been found to last in terms of security. Battistello et al. [1] has broken the last two surviving infective methods against fault...
Conference Paper
Full-text available
This work presents an adaptation of the classical diagonal fault attack on APE which is a member of the PRIMATEs family of authenticated encryption (AE) schemes. APE is the rst nonce misuse-resistant permutation based AE scheme and is one of the submissions to the CAESAR competition. In this work we showcase how nonce reuse can be misused in the co...
Conference Paper
In this paper, we propose a new Cellular Automata (CA) based scalable parameterized hash function family named CASH. The construction of CASH is inspired by sponge function and the internal round transformation employs linear CA. For the first time, we have managed to merge the classical add-round-constant and subsequent diffusion layers. The primi...
Conference Paper
We present a Message Authentication Code (MAC) with integrated error correction capability, called AEC. The MAC itself can detect/correct errors upto a certain limit and provides an estimate of the number and location of the errors. The security of AEC lies in the random selection of the underlying error correcting code (ECC). In this work, we prop...
Conference Paper
Non-linear functions are very essential in different crypto primitives as they increase the security of the cipher designs. On the other hand, maximum length sequences help to prevent repeatability of a pseudorandom generator. Linear functions such as LFSR and linear cellular automata are used to generate maximum length sequences. However linear ma...
Conference Paper
Full-text available
This paper presents new distinguishers against Keccak-f[1600] permutation reaching up to 6-rounds. The main intuition is to exploit the self-symmetry of the internal state of Keccak. Formal analysis reveals that the proposed distinguisher can penetrate up to 3 rounds and the penetration depends only on the hamming weight of the round-constant of th...
Conference Paper
The paper presents an enhancement of univariate Differential Power Analysis (DPA), referred to as Probable Key Differential Power Analysis (PKDPA) . The proposed analysis uses the standard Difference of Means (DoM) test as the distinguisher and employs its enhancement strategy to reduce the number of power traces required to mount the attack. Theor...
Article
Full-text available
The present paper develops an attack on the AES algorithm, exploiting multiple byte faults in the state matrix. The work shows that inducing a random fault anywhere in one of the four diagonals of the state matrix at the input of the eighth round of the cipher leads to the deduction of the entire AES key. We also propose a more generalized fault at...
Conference Paper
Scan chain based attacks are a kind of side channel attack, which targets one of the most important feature of today’s hardware - the test circuitry. Design for Testability (DFT) is a design technique that adds certain testability features to a hardware design. On the other hand, this very feature opens up a side channel for cryptanalysis, renderin...
Conference Paper
Full-text available
NLS is a stream cipher proposal submitted to eSTREAM project. In SAC 2006 Cho and Pieprzyk presented a linear distinguishing attack called Crossword Puzzle attack on NLS where they have shown that the bias of the distinguisher is around O(2− 30). In this work we have proposed a new function modular Slash which is nonlinear in nature and strongly re...

Network

Cited By