Design and Analysis of Lightweight Symmetric-Key Primitives

This thesis tackles the broad domain of symmetric-key cryptography. As the domain in itself is very versatile and in continuous development, the thesis approaches the subject of symmetric-key cryptography from different angles, leading to a deeper connection of the reader to this broad subject. As symmetric-key cryptography assumes both offensive and defensive actors, this thesis adheres to both. Therefore, the first chapters of the thesis regards the security analysis of cryptographic primitives, while the last two chapters discuss the design of symmetric-key primitives from different perspectives. 

The first contribution of this thesis is the introduction of a new type of attack called the strictly-zero correlation attack. This new attack is an extension of linear cryptanalysis which exploits a property introduced at IndoCrypt 2016. For exemplification, the attack is applied to the DES cipher. 

In order to contribute to the academic effort in analysing the security of primitives submitted to the NIST's Lightweight competition, in this thesis two of the submissions to this competition are analysed: the first round candidate Fountain and the second round candidate SpoC. To the best of the author's knowledge, the results presented in this thesis represent the only third-party analysis of both ciphers before the decision of the organizers to not promote the two primitives to the following rounds of the competition. 

Furthermore, the thesis tackles the sensitivity of the security/efficiency trade-offs, by presenting a security analysis of two types of primitives: the symmetric-key primitive K-cipher, proposed by Intel Labs in 2020 and three recently published Strong PUFs. The analysis of these primitives led to the exposure of vulnerabilities that can be exploited in practice. The analysis presented in this thesis strengthens the belief that the security/efficiency trade-off is a sensitive issue which needs to be prudently managed. 

In this thesis the transition from the perspective of an attacker to the one of a designer was built progressively, by approaching the perspective of the designer as an attacker. In this sense, the thesis introduces ЯooႧ, a proof-of-concept of a block cipher with a backdoor. Moreover, the thesis presents the security analysis of the cipher with respect to linear and differential cryptanalysis, by using an approach consistent with the literature. The goal of this work is to increase the awareness regarding the use of security arguments outside the premises in which they should be applied.

The last contribution of this thesis represents the design of RAMus, a new lightweight tweakable block cipher suitable for RAM encryption solutions. The cipher attains all the requirements imposed by the (German) Federal Office of Information Security with respect to memory encryption schemes used in smartcards. RAMus is designed following the 2S-strategy, a new design framework introduced in this thesis. Moreover, the thesis presents both a security and a performance analysis of the cipher.