IET Information Security

Differential and linear cryptanalysis are two important methods to evaluate the security of block ciphers. Building on these two methods, differential-linear (DL) cryptanalysis was introduced by Langford and Hellman in 1994. This cryptanalytic method has been not only extensively researched but also proven to be effective. In this paper, a security evaluation framework for AND-RX ciphers against DL cryptanalysis is proposed, which is denoted as . In addition to modeling the structure of all the possible differential trails and linear trails at the bit level, we introduce a method to calculate this structure round by round. Based on this approach, an automatic algorithm is proposed to construct the DL distinguisher. Unlike previous methods, uses a truncated differential and a linear hull instead of a differential characteristic and a linear approximation, which brings the bias of the DL distinguisher close to the experimental value. To validate the effectiveness of the framework, is applied to Simon and Simeck, which are two typical AND-RX ciphers. With the automatic algorithm, we discover an 11-round DL distinguisher of Simon32 with bias and a 12-round DL distinguisher of Simeck32 with bias . Moreover, the 14-round DL distinguisher of Simon48 with bias is longer than the longest DL distinguisher currently known. In addition, the framework shows advantages when analyzing ciphers with large block sizes. As far as we know, for Simon64/96/128 and Simeck48/64, the first DL distinguishers are obtained with our framework. The DL distinguishers are 16, 23, 32, 17, and 22 rounds of Simon64/96/128 and Simeck48/64 with bias , , , , and , respectively. To prove the correctness of distinguishers, experiments on Simon32 and Simeck32 have been performed. The experimental bias are and , respectively. Comparisons of the theoretical and experimental results show good agreement.

Given a differential characteristic and an existing plaintext pair that satisfies it (referred to as a right pair), generating additional right pairs at a reduced cost is an appealing prospect. The neutral bit technique, referred to as neutral differences throughout this paper, provides a solution to this challenge. Traditionally, the search for neutral differences has heavily depended on experimental testing, leading to limitations in the search range. In this work, we propose the neutral difference table and establish a link between boomerang cryptanalysis and neutral differences. Furthermore, we propose an automated search for neutral differences to address the problem of a limited search range of neutral differences, as previous approaches relied on experimental testing. This approach provides a basis for the subspace spanned by the neutral differences, and we apply this technique to both SPECK32 and LEA, where the predicted results closely match the experimental ones. Consequently, we present the improved differential-linear distinguishers for SPECK32 and LEA, along with the 18-round attacks on LEA192 and LEA256 with the lowest time complexity up to date.

Adversarial examples have the property of transferring across models, which has created a great threat for deep learning models. To reveal the shortcomings in the existing deep learning models, the method of the ensemble has been introduced to the generating of transferable adversarial examples. However, most of the model ensemble attacks directly combine the different models’ output but ignore the large differences in optimization direction of them, which severely limits the transfer attack ability. In this work, we propose a new kind of ensemble attack method called stochastic average ensemble attack. Unlike the existing approach of averaging the outputs of each model as an integrated output, we continuously optimize the ensemble gradient in an internal loop using the model history gradient and the average gradient of different models. In this way, the adversarial examples can be updated in a more appropriate direction and make the crafted adversarial examples more transferable. Experimental results on ImageNet show that our method generates highly transferable adversarial examples and outperforms existing methods.

Threshold implementation (TI) is a lightweight countermeasure against side-channel attacks when glitches happen. As to masking schemes, an S-box is the key part to protection. In this paper, we propose a general first-order lightweight TI scheme for 4  4 S-boxes and name it as MiniSat-lightweight-threshold implementation (MS-LW-TI). First, we use MiniSat to optimally decompose an S-box into the least number of three different logic gate operations, AND, OR, and XOR. Among these operations, we define two primitives and the extension of two primitives for TI design. Furthermore, we prove that the primitives and their extensions strictly comply with the security properties. Finally, we implement MS-LW-TI on Xilinx Spartan-6 Field Programmable Gate Array (FPGA) to show that the S-boxes of PRESENT, GIFT, and PICCOLO consume only 17, 15, and 13 look-up-tables (LUTs), 16, 9, and 16 flip-flops (FFs), 6, 5, and 6 slices, respectively. Compared with the existing lightweight TI design, our TI for PRESENT S-box has a 22%, 38%, and 25% reduction of LUTs, FFs, and slices to the design by Shahmirzadi and Moradi at IACR Transactions on Cryptographic Hardware and Embedded Systems (TCHES) 2021, and our TI for GIFT S-box has a 6%, 25%, and 28% reduction of LUTs, FFs, and slices to the design by Jati et al., which is the smallest.

Existing healthcare data-sharing solutions often combine attribute-based encryption techniques with blockchain technology to achieve fine-grained access control. However, the transparency of blockchain technology may introduce potential risks of exposing access structures and user attributes. To address these concerns, this paper proposes a novel healthcare data-sharing scheme called HA-Med. By leveraging blockchain technology, HA-Med ensures the concealment of access policies and attributes, providing a secure solution for fine-grained access control of medical data. Furthermore, the scheme supports attribute revocation and forward secrecy to enhance user privacy. The security of HA-Med is rigorously verified through theoretical analysis, and its feasibility is demonstrated through experiments conducted using the Java-based JPBC library.

System on Wafer (SoW) based on chiplets may be implanted with hardware Trojans (HTs) by untrustworthy third-party chiplet vendors. However, traditional HTs protection techniques cannot guarantee complete protection against HTs, which poses a great challenge to the hardware security of SoW. In this paper, we propose a computing architecture based on endogenous security theory—dynamic heterogeneous redundant computing architecture (DHRCA) that can tolerate and detect HTs at runtime. The security of our approach is analyzed by building a generalized stochastic coloring petri net (GSCPN) model of DHRCA. The simulation results based on the GSCPN model show that our method can improve the system security probability to 0.8690 and the system availability probability to 0.9750 in the steady state compared with typical triple-mode redundancy and runtime monitoring methods. Furthermore, the impact of different attack and defense strategies on system security of different methods is simulated and analyzed in this paper.