At Crypto ’06, Bellare presented new security proofs for HMAC and NMAC, under the assumption that the underlying compression function is a pseudo-random function family. Conversely, at Asiacrypt ’06, Contini and Yin used collision techniques to obtain forgery and partial key-recovery attacks on HMAC and NMAC instantiated with MD4, MD5, SHA-0 and reduced SHA-1. In this paper, we present the firs...

The traditional chaos algorithm is based on the logistic maps and has some drawbacks. In order to enhance the security, improved chaos system is used. It is based on location Transform and pixel value alteration using random sequence. The proposed algorithm shuffles the image based on the chaotic sequence and change the value of each pixel. The key generates 16 chaotic sequences from given sequ...

In this paper we present improvements to the differential fault analysis (DFA) of the stream cipher Trivium proposed in the work of M. Hojśık and B. Rudolf. In particular, we optimize the algebraic representation of obtained DFA information applying the concept of Mutants, which represent low degree equations derived after processing of DFA information. As a result, we are able to minimize the ...

At CHES 2011 Goubin and Martinelli described a new countermeasure against side-channel analysis for AES based on Shamir’s secret-sharing scheme. In the present paper, we exhibit a flaw in this scheme and we show that it is always theoretically broken by a firstorder side-channel analysis. As a consequence of this attack, only a slight adaptation of the scheme proposed by Ben-Or et al. at STOC i...

In this work, we describe a new polynomial-time attack on the multilinear maps of Coron, Lepoint, and Tibouchi (CLT13), when used in candidate iO schemes. More specifically, we show that given the obfuscation of the simple branching program that computes the always zero functionality previously considered by Miles, Sahai and Zhandry (Crypto 2016), one can recover the secret parameters of CLT13 ...

The chosen-message in the power analysis attack is easy to be forbidden. For circumvent this problem, a new method is proposed, which is based on the analysis of the Montgomery Modular Multiplication algorithm. In this method, a large number which has very small Hamming weight is chosen as the plaintext and the information of the secret key is directed shown in the power curve. In the experimen...

We investigate side-channel attacks where the attacker only needs the Hamming weights of several secret exponents to guess a longterm secret. Such weights can often be recovered by SPA, EMA, or simply timing attack. We apply this principle to propose a timing attack on the GPS identification scheme. We consider implementations of GPS where the running time of the exponentiation (commitment phas...

We propose a security approach that uses secret key cryptography and key management along with re-keying support. A salient feature of our approach is that a secret key is embedded in the source code of every node to protect the other keys in its nonvolatile memory. Even the node is captured physically; the sensitive information cannot be retrieved. Our key selection protocol uses the node ID a...

Secure authentication schemes between an authentication server and users are required to avoid many risks on the Internet. There are three authentication schemes: static password authentications like Basic and Digest Access Authentication[1], public-key certificate schemes, and one-time password schemes. In spite of using SSL/TLS, the static password authentications are known as being insecure ...

This paper describes an attack on cryptographic devices called Differential Behavioral Analysis (or DBA). This is an hybrid attack between two already powerful attacks: differential power analysis (DPA) for the statistical treatment and safe-error attack for the fault type. DBA, simulated on an algorithmic model of AES appears to be very efficient. The attacker is able to recover the entire sec...