. Because of this, there is no way to ensure that the IV is not selected in a manner that will covertly communicate a session key to an agency engaged in mass surveillance—which we exploit in our IV-replacement attack. Similarly, if a scheme permits variable-length padding there will be no way to ensure that the amount of padding is not used as a covert channel to transmit a user’s key. The ultimate conclusion of this paper is that unverifiable algorithmic choice can be a significant liability. We have in some sense come full-circle. In their classical paper on probabilistic **encryption** [22], Goldwasser and Micali explained the danger of deterministic public-key **encryption**: leaking that one ciphertext is the repetition of another, or allowing a ciphertext to be decrypted by trial-**encryption**. But these threats can be eliminated without the use of probabilism—namely, through the use of state. For the most conventional setting in **symmetric** **encryption**—realizing a reliable, encrypted channel—ASAs provide one motivation for deterministic, stateful schemes, for sender and receiver both. We believe that there are further benefits to such schemes, including improved utility for software testing and the elimination of any need, post key-generation, to harvest unpredictable random bits.

Show more
22 Read more

A searchable **symmetric** **encryption** (SSE) scheme enables a client to store data on an un- trusted server while supporting keyword searches in a secure manner. Recent experiments have indicated that the practical relevance of such schemes heavily relies on the tradeo between their space overhead, locality (the number of non-contiguous memory locations that the server accesses with each query), and read eciency (the ratio between the number of bits the server reads with each query and the actual size of the answer). These experiments motivated Cash and Tessaro (EUROCRYPT '14) and Asharov et al. (STOC '16) to construct SSE schemes oering various such tradeos, and to prove lower bounds for natural SSE frameworks. Unfortunately, the best-possible tradeo has not been identied, and there are substantial gaps between the existing schemes and lower bounds, indicating that a better understanding of SSE is needed.

Show more
33 Read more

In this section, we follow the work of Yu and Standaert who show in [34] how to improve the efficiency of our re-keying scheme, maintaining its leakage-resilient security in the minicrypt world. In fact, our new construction currently requires a large amount of fresh randomness since we need to generate a new fresh random value for each new session key. Yu and Standaert show that tweaking a similar design to use only a small amount of randomness can still be leakage-resilient in the world of minicrypt. That is, either the new design is leakage-resilient or it becomes possible to build public-key primitives from the involved **symmetric**-key blocks and the related leakage functions, which is very unlikely. Their technique directly applies to our **symmetric** **encryption** scheme and only requires a public seed s that is randomly chosen. Instead of being randomly generated, our public values p i ’s and q i ’s are now computed from a PRF G in counter mode.

Show more
30 Read more

This work undertakes a comprehensive (crypt)analysis of property pre- serving **symmetric** **encryption** on both these fronts. We observe that the quadratic residue based property used in their separation result is a spe- cial case of testing equality of one-bit messages, suggest a very simple and efficient deterministic **encryption** scheme for testing equality and show that the two security notions, find-then-guess and left-or-right, are tightly equivalent in this setting. On the other hand, the separation re- sult easily generalizes for the equality property. So contextualized, we posit that the question of separation between security notions is prop- erty specific and subtler than what the authors envisaged; mandating further critical investigation. Next, we show that given a find-then-guess secure orthogonality preserving **encryption** of vectors of length 2n, there exists left-or-right secure orthogonality preserving **encryption** of vectors of length n, giving further evidence that find-then-guess is indeed a mean- ingful notion of security for property preserving **encryption**. Finally, we cryptanalyze the scheme for testing orthogonality. A simple distinguish- ing attack establishes that it is not even the weakest selective find-then- guess secure. Our main attack extracts out the subgroup elements used to mask the message vector and indicates greater vulnerabilities in the construction beyond indistinguishability. Overall, our work underlines the importance of cryptanalysis in provable security.

Show more
27 Read more

Abstract. Searchable **symmetric** **encryption** (SSE) enables a client to outsource a collection of encrypted documents in the cloud and retain the ability to perform keyword searches without revealing information about the contents of the docu- ments and queries. Although efficient SSE constructions are known, previous so- lutions are highly sequential. This is mainly due to the fact that, currently, the only method for achieving sub-linear time search is the inverted index approach (Curt- mola, Garay, Kamara and Ostrovsky, CCS ’06) which requires the search algo- rithm to access a sequence of memory locations, each of which is unpredictable and stored at the previous location in the sequence. Motivated by advances in multi-core architectures, we present a new method for constructing sub-linear SSE schemes. Our approach is highly parallelizable and dynamic. With roughly a loga- rithmic number of cores in place, searches for a keyword w in our scheme execute in o(r) parallel time, where r is the number of documents containing keyword w (with more cores, this bound can go down to O(log n), i.e., independent of the re- sult size r). Such time complexity outperforms the optimal Θ(r) sequential search time—a similar bound holds for the updates. Our scheme also achieves the follow- ing important properties: (a) it enjoys a strong notion of security, namely security against adaptive chosen-keyword attacks; (b) compared to existing sub-linear dy- namic SSE schemes (e.g., Kamara, Papamanthou, Roeder, CCS ’12), updates in our scheme do not leak any information, apart from information that can be inferred from previous search tokens; (c) it can be implemented efficiently in external mem- ory (with logarithmic I/O overhead). Our technique is simple and uses a red-black tree data structure; its security is proven in the random oracle model.

Show more
17 Read more

This paper proves a lower bound on the trade-off between server storage size and the locality of memory accesses in searchable **symmetric** **encryption** (SSE). Namely, when encrypting an index of N identifier/keyword pairs, the encrypted index must have size ω(N ) or the scheme must perform searching with ω(1) non-contiguous reads to memory or the scheme must read many more bits than is necessary to compute the results. Recent implementations have shown that non-locality of server memory accesses create a throughput-bottleneck on very large databases. Our lower bound shows that this is due to the security notion and not a defect of the constructions. An upper bound is also given in the form of a new SSE construction with an O(N log N) size encrypted index that performs O(log N ) reads during a search.

Show more
23 Read more

M.A.Matin et al [5] proposed a method on **symmetric** **encryption** technique with AES algorithm in MANET and WLAN. **Symmetric** **encryption** is faster and requires less computational processing time. The increase in key size as well as block size,the security gets enhanced and linear cryptanalysis and differential cryptanalysis require more time to break the proposed cipher here.

5. Conclusion: Cryptography is the only solution to today‘s information age, which is surrounded by so many security problems. This paper discussed the various types of Cryptanalysis techniques related to block ciphers in **Symmetric** **Encryption** such as Differential Cryptanalysis, Linear Cryptanalysis, the Exploitation of Weak keys, and Algebraic attacks. This research work reviewed the basic fundamentals related to various attacks in block ciphers. This paper also identifies the various problems in smart card development. This work suggests using SAFER++ in smart card-based applications which is very difficult to cryptanalysis. Knowing in advance various types of cryptanalytic attacks helps us to make our system more

Show more
One potential key application of large scale computation system is DNA based cryptography. A new scheme which described a **symmetric** DNA-based cipher approach was introduced in [2]. The investigation conducted in that paper was based on a conventional **symmetric** **encryption** algorithm called “Yet Another **Encryption** Algorithm” (YAEA). The main target of that scheme was to introduce the concept of using DNA computing in the fields of cryptography in order to enhance the security of cryptographic algorithms. In [3] a new scheme that introduced the concept of using DNA and Amino Acid encoding in order to solve the limitations in old Playfair cipher has been proposed. This scheme turned the researchers to use DNA and Amino Acid with other weak **encryption** techniques to make them more robust and powerful. The first scheme of using DNA in the field of steganography was introduced in [4]. DNA encoded message is camouflaged within the enormous complexity of human genomic DNA and then further concealed by confining this sample to a microdot. Three data hiding methods were introduced based upon DNA sequence: the insertion method, the complementary pair method and the substitution method. In these methods; the secret message is embedded into a reference DNA sequence resulting in a new reference sequence with data hidden [5].

Show more
In this section we study fragmentation-related Denial-of-Service (DoS) attacks. This is, to the best of our knowledge, the first formal treatment of DoS prevention as a property of a **symmetric** **encryption** scheme. In Section 1.1 we outlined such a DoS attack for the case of SSH. In that example, by carefully tampering with only a few bits in one of the transmitted ciphertexts, the adversary manages to ‘confuse’ the decryption algorithm so that it will produce no output until a huge amount of ciphertext is received. Informally this kind of attack is what our security notions will attempt to capture. We stress that such attacks are not specific to SSH, but relate more generally to schemes supporting fragmentation. We will equip the adversary with an **encryption** oracle and a decryption oracle. Its goal will be to produce a sequence of ciphertext fragments whose concatenation is at least n bits long, where each of these fragments decrypts to the empty string. We will then quantify the DoS security of a scheme via the minimum value of n such that no ‘efficient’ adversary is successful in producing such a sequence of fragments.

Show more
42 Read more

Our Contributions. In this paper, we focus on **symmetric** schemes having shallow de- cryption circuits. We study the problem of building secure **symmetric** **encryption** scheme with constant or small decryption circuit, namely with small multiplication depth. Con- trary to the direction followed by many recent work, that tweak block ciphers or stream ciphers [3,11], our approach is related to provable security. Indeed, we notice that one can construct lattice-based schemes with very small decryption circuit and then, we evaluate the performances of our schemes using HElib to compare them with other **symmetric** ciphers. Finally, we try to use HElib features (full packing and parallelization) in order to achieve better performances. We describe two kinds of ciphers: the first family has its security re- lated to the difficulty of solving the LPN problem in specific instances, while the second family has a security proof based on the LWE problem. The first construction is similar to **symmetric** cryptography since we do not have a clean security proof and consequently, we provide a more thorough security analysis. However, the security seems to be easier to understand than ad-hoc constructions usually used in **symmetric** cryptography, since the security problem on which the scheme is based can be formally stated. We present a very efficient construction specifically tailored to this problem to secure our construction from Arora-Ge type of attack on LPN. The performance of the schemes from this family can be 10 times more efficient than the most efficient previous cipher. For the second family, we have a rigorous security proof related to LWE, while the scheme is based on LWR. The performance of the second family can be very efficient, about 10,000 times faster, but the caveat is that the decrypted plaintext contains random bits in the least significant bits if we do not compute homomorphically the truncation using the costly ExtractDigits function. Therefore, if we want to remove the erroneous bits, the performances become equivalent to previous ciphers, while being more efficient than AES. In some cases, one can compute with such noise without having to remove it.

Show more
23 Read more

In this paper, we consider a setting where a client wants to outsource storage of a large amount of private data and then perform substring search queries on the data – given a data string s and a search string p, find all occurrences of p as a substring of s. First, we formalize an **encryption** paradigm that we call queryable **encryption**, which generalizes searchable **symmetric** **encryption** (SSE) and structured **encryption**. Then, we construct a queryable **encryption** scheme for substring queries. Our construction uses suffix trees and achieves asymptotic efficiency comparable to that of unencrypted suffix trees. **Encryption** of a string of length n takes O(λn) time and produces a ciphertext of size O(λn), and querying for a substring of length m that occurs k times takes O(λm+k) time and three rounds of communication, where λ is the security parameter. Our security definition guarantees correctness of query results and privacy of data and queries against a malicious, adaptive adversary. Following the line of work started by Curtmola et al. (ACM CCS 2006), in order to construct more efficient schemes we allow the query protocol to leak some limited information that is captured precisely in the definition. We prove security of our substring-searchable **encryption** scheme against malicious adversaries, where the query protocol leaks limited information about memory access patterns through the suffix tree of the encrypted string.

Show more
28 Read more

Motivation. Order-preserving **symmetric** **encryption** (OPE) is a deterministic **encryption** scheme (aka. cipher) whose **encryption** function preserves numerical ordering of the plaintexts. OPE has a long history in the form of one-part codes, which are lists of plaintexts and the corresponding ciphertexts, both arranged in alphabetical or numerical order so only a single copy is required for efficient **encryption** and decryption. One-part codes were used, for example, during World War I [3]. A more formal treatment of the concept of order-preserving **symmetric** **encryption** (OPE) was proposed in the database community by Agrawal et al. [1]. The reason for new interest in such schemes is that they allow efficient range queries on encrypted data. That is, a remote untrusted database server is able to index the (sensitive) data it receives, in encrypted form, in a data structure that permits efficient range queries (asking the server to return ciphertexts in the database whose decryptions fall within a given range, say [a, b]). By “efficient” we mean in time logarithmic (or at least sub-linear) in the size of the database, as performing linear work on each query is prohibitively slow in practice for large databases.

Show more
28 Read more

Abstract- Data security is important for various day to day activities of humans. Personal and business applications require security of data. The amount of information that companies must keep secure is increasing. As a result of technological advances, companies are constantly gaining more data about their clients and customers. They must ensure that data security and privacy remain a priority to protect against costly breaches. Genetic Algorithm (GA) is a search- based optimization technique based on the principles of Genetics and Natural Selection. It is frequently used to find optimal or near-optimal solutions to difficult problems which otherwise would take a lifetime to solve. In this paper a **symmetric** **encryption** technique using Genetic Algorithm and pseudo random number generation is used to encrypt text files.

Show more
Various **encryption** techniques are used in cryptography such as DES,,3DES,AES,RSA etc. The main problem is to select the algorithm with better key length. Other problem is to make choice on the implementation of cryptosystem. The choice of better algorithm depends on the advantages and disadvantages of each algorithm. **Symmetric** **encryption** technique have number of benefits. **Symmetric** **encryption** uses the same key to encrypt as well as to decrypt. Performance is relatively high. These algorithms can be directly implemented on hardware easily. The weakness of **symmetric** algorithm is sharing key between two parties. Asymmetric **encryption** uses two different keys for **encryption** and decryption. Private key is used to decrypt the encrypted message. Key distribution problem is solved by asymmetric **encryption**. The public key is known to everyone as it is used for encrypting the message. So, everyone can encrypt the message but, only authorized person can decrypt the message. Performance of asymmetric **encryption** is relatively low as compared to **symmetric** **encryption**. The main problem of asymmetric **encryption** is it works slower as compared to **symmetric** **encryption**.

Show more
Implementation of FFT algorithm using fused unit shows considerable reduction in power and area when compared with discrete floating point adder followed by multiplier.. The performance[r]

Asymmetric/Public-key cryptography refers to a set of cryptographic algorithms that are based on mathematical problems that currently admit no efficient solution -- particularly those inherent in certain integer factorization, discrete logarithm, and elliptic curve relationships. It is computationally easy for a user to generate a public and private key-pair and to use it for **encryption** and decryption. The strength lies in the "impossibility" (computational impracticality) for a properly generated private key to be determined from its corresponding public key. Thus the public key may be published without compromising security. Security depends only on keeping the private key private. Public key algorithms, unlike **symmetric** key algorithms, do not require a secure channel for the initial exchange of one (or more) secret keys between the parties.

Show more
Abstract- This paper deals with the solution to find the Shortest Path using Trident Form through Aggregation Operations such as Arithmetic Mean and Geometric Mea[r]

5.2 BLOWFISH [9] it was developed by Bruce Schneier in 1993. The aim of designing this algorithm to make the key strong so no one can crack the cipher key. This **symmetric** cipher splits messages in to blocks of 64 bits and encrypts them individually. It is one of the flexible **encryption** methods. Blowfish has a 64 bit block size and a key length of anywhere from 32 bit-448 bits. It is a 16-round feistel cipher and uses large key dependent boxes. Each line in S boxes represents 32 bits. The algorithm keeps two sub key arrays: the 18 entry P array and four 256 entry S boxes. The S boxes accept 8 bit input and produces 32-bit output. One entry of the p array is used every round and after the final round each half of the data block is XORED with one of two remaining unused p entries. Since blowfish is a feistel network it can be inverted simply by XORING P 17 and

Show more
Comparison of the number of attacked rounds by Cube Attacks and by ElimLin with the same samples. In our attacks, we observed an interesting phenomena which occurs for every cipher we tested. Our first phase consists of finding a cube attack against a R round ciphers. In the next phase, we consider R + r round cipher, build a system of equations, set plaintext bits correspondingly, and run ElimLin to obtain a sys- tem P. In the next step, we query the **encryption** oracle for ciphertexts, build a system of equations corresponding to rounds [R, R + r], and run ElimLin to obtain a system C. We found that the success of ElimLin to recover the secret key of R + r round cipher strongly depends on the selection of plaintexts: random samples perform worse than random cubes and random cubes preform worse than the ones which perform well in cube attack. The plaintexts selected based on a cube allow ElimLin to find more linear relations, which are in many cases of form s a,r j = s b,r j . Hence, we obtain a system with

Show more
138 Read more