Two IFEA-M Modifications to Withstand New Attack

1. Two IFEA-M Modifications to Withstand New Attack Alexander G. Chefranov Computer Engineering Department Eastern Mediterranean University

2. Introduction • Fast Encryption Algorithm for Multimedia (FEA-M) uses matrix transforms for encryption/decryption. Proposed by X. Yi, C.H. Tan, C.K. Siew, and M.R. Syed in 2001. Its performance is three matrix multiplications and two additions giving 196 microoperations vs 616 for Rijndael (AES).

3. FEA-M

4. IFEA-M • FEA-M was successfully attacked because of used in it chaining, and different way of processing the 1st and next blocks. IFEA-M is free of these:

5. Differential Known Plaintext Attack on IFEA-M

6. Conditions for the Attack • Such an attack is possible if the involved (pseudo) random process can be tampered. One of such situations is when the pseudo-random process is uniquely controlled by an external source. An attack on IFEA-M exploits an assumption that some it’s improper implementation can allow an intruder to use the same key in two consecutive sessions (this may happen due to the control of pseudo-random generator, used for generating new keys, by the intruder), and the intruder performs differential chosen plaintext (ciphertext) attack. The latter means that the intruder can generate plaintext (ciphertext) blocks with a known difference and can view respective ciphertext (plaintext) block differences.

7. IFEA-M Weakness Reason • Such an attack is possible due to i-depending (dynamic) term in IFEA-M used as the rightmost multiplier in the first contributor, . This would not be possible if the dynamic term would be used as a middle term.

8. IFEA-M Performance • Encryption/decryption requires 4 multiplications and 2 additions, giving 260 microoperations according to the formula (with n=64)

9. I2FEA-M Encryption/Decryption • The improved twice fast encryption algorithm for multimedia I2FEA-M is as follows: where power is used in the first factor to enhance resistance of the algorithm, and in the last factor - to avoid low powers of K for small values of i.

10. I2FEA-M Properties • I2FEA-M resists differential known plaintext and ciphertext attack if matrices K and V do not commute. • Performance of I2FEA-M is defined for encryption by three matrix multiplications and two additions, if one uses incremental calculation of powers, and holds constant matrix products. Decryption in such a case needs four matrix multiplications and two additions. On average, for encryption-decryption, it needs 3.5 matrix multiplications, and two additions. Hence, the number of micro-operations for I2FEA-M is 228, and I2FEA-M has performance about 10% better than that of IFEA-M.

11. PIFEA-M Encryption/Decryption • The parameterized improved fast encryption algorithm for multimedia PIFEA-M is as follows:

12. PIFEA-M Parameters • Session parameters, r, are to be delivered to a receiver by a sender together with and in a way similar to the session key matrices. The parameters are integer numbers which can be represented as the first five rows of an additional parameter matrix, the rest rows of which are zeros.

13. PIFEA-M Properties • PIFEA-M resists differential known plaintext and ciphertext attack if matrices K and V do not commute. • Performance of PIFEA-M is defined for encryption/decryption by 3 matrix multiplications and 2 additions Hence, the number of micro-operations for PIFEA-M is 196, and PIFEA-M has performance about 25% better than that of IFEA-M, and the same as of FEA-M

14. Conclusion • Thus far, we proposed and analyzed PIFEA-M and I2FEA-M algorithms. They have about 25% and 10% better performance respectively than that of IFEA-M. They are resistant to all attacks to which IFEA-M is resistant (because they do not use chaining, and the first encryption proceeds in the same manner as the other ones). They withstand also differential known plaintext-ciphertext attack on IFEA-M that became possible due to the inside position of the dynamic term. Used in PIFEA-M set of five 64-bit parameters also hardens possible attacks. As far as these parameters are considered as the five first rows of the parameter matrix, and the rest rows are assumed as zeroes, there is a high potential to increase size of the parameters by utilization of these currently not used zero rows.

15. References • S. Li and K.-T. Lo, “Security problems with improper implementations of improved FEA-M,” Journal of Systems and Software, vol. 80, no. 5, May 2007, pp. 791-794; arXiv: cs: cr/0509036 v2 25 Jun 2006 • M.J. Mihaljevic, “On vulnerabilities and improvements of fast encryption algorithm for multimedia FEA-M,” IEEE Transactions on Consumer Electronics, vol. 49, no. 4, Nov. 2003, pp. 1199-1207. • X. Yi, C.H. Tan, C.K. Siew, and M.R. Syed, “Fast encryption for multimedia,” IEEE Transactions on Consumer Electronics, vol. 47, no. 1, Feb. 2001, pp. 101-107. • X. Yi, C.H. Tan, C.K. Siew, and M.R. Syed, “ID-based key agreement for multimedia encryption,” IEEE Transactions on Consumer Electronics, vol. 48, no. 2, May 2002, pp. 298-303. • M.J. Mihaljevic and R. Kohno, “Cryptanalysis of fast encryption algorithm for multimedia FEA-M,” IEEE Communications Letters, vol. 6, no. 9, Sep. 2002, pp. 382-384. • A.M. Youssef and S.E. Tavares, “Comments on the security of fast encryption algorithm for multimedia (FEA-M),” IEEE Transactions on Consumer Electronics, vol. 49, no. 1, Feb. 2003, pp. 168-170. • A.G. Chefranov, “Improved Twice Fast Encryption Algorithm for Multimedia I2FEA-M,” IEEE Transactions on Dependable and Secure Computing (gönderilen). • A.G. Chefranov, “Parameterized Improved Fast Encryption Algorithm for Multimedia PIFEA-M,” IEEE Communications Letters (yayınlanması kabul edilen makale).