Use this URL to cite or link to this record in EThOS:
Title: The design and analysis of symmetric cryptosystems
Author: Procter, Gordon
ISNI:       0000 0004 8498 6697
Awarding Body: Royal Holloway, University of London
Current Institution: Royal Holloway, University of London
Date of Award: 2015
Availability of Full Text:
Access from EThOS:
Access from Institution:
Message authentication schemes built from universal hash functions are commonly used for fast and secure message authentication. By studying universal hash functions based on polynomial evaluation, we identify some properties which arise from the underlying algebraic structure. As a result, we are able to describe a general forgery attack against the related message authentication schemes, as well as providing a common description of all known attacks against such schemes, and greatly expanding the number of known weak keys. Iterated Even--Mansour ciphers are also popular and we initiate the theoretical study of these ciphers' security against related-key attacks. The simplest one-round Even--Mansour cipher is shown to achieve a non-trivial level of related-key security. However, offsetting keys by constants is not included in this result; two rounds suffice to reach that level of security under chosen-plaintext attacks and three rounds boosts security to resist chosen-ciphertext attacks. Tweakable block ciphers are a generalisation of block ciphers that take an additional input (the tweak) in order to provide an efficient alternative to re-keying the cipher. We analyse the security reduction given for CLRW2, a method for constructing a tweakable block cipher from a (conventional) block cipher and a universal hash function. Having identified an error in the proof, we provide a revised proof with a new bound. Finally, we study the security of two schemes that have been proposed for standardisation. The first is a composition of Bernstein's ChaCha20 and Poly1305, as proposed for use in IETF protocols as an authenticated encryption scheme; the second is an ultra-lightweight RFID authentication protocol proposed as part of ISO/IEC 29167. We conclude that the first is a secure authenticated encryption scheme, while the second is catastrophically broken by algebraic attacks.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID:  DOI: Not available