Data

Tools

Indexes

Applications

Experiments

Open Source Science

halfloop

Implementation of attacks on HALFLOOP-24.

https://github.com/dansarie/halfloop

Science Score: 67.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
    Found CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
    Found 4 DOI reference(s) in README
  • Academic publication links
    Links to: zenodo.org
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (12.4%) to scientific vocabulary
Last synced: 6 months ago · JSON representation ·

Repository

Implementation of attacks on HALFLOOP-24.

Basic Info
  • Host: GitHub
  • Owner: dansarie
  • License: gpl-3.0
  • Language: C
  • Default Branch: master
  • Size: 47.9 KB
Statistics
  • Stars: 4
  • Watchers: 3
  • Forks: 0
  • Open Issues: 1
  • Releases: 2
Created over 3 years ago · Last pushed over 3 years ago
Metadata Files
Readme License Citation

README.md

Implementation of attacks on HALFLOOP-24

License: GPL v3 DOI

HALFLOOP-24 is a cipher specified in MIL-STD-188-141 and used for encrypting Automatic Link Etablishment (ALE) frames in the second and third generations of the ALE standards. This repository contains implementations of the attacks on HALFLOOP-24 described in Breaking HALFLOOP-24. A bitslicing implementation of HALFLOOP-24 is used for the brute force key search phase of the main attack.

The related tweak attack requires at least three good pairs of plaintext, ciphertext, and tweak. A utility, halfloop-generate-data, that generates random good pairs is provided for testing. Another utility, halfloop-tweak, aids in interpreting the data format of HALFLOOP-24 tweaks.

System requirements

An x86-64 processor with the AVX instruction set.

Dependencies

console apt install cmake

Build

console mkdir build cd build cmake .. make

Tip: clang produces significantly faster results than gcc. Call cmake with CC=clang cmake .. to build with clang if it is not already set as the default compiler.

Test

Run halfloop-test to check that the implementation is correct. The program will also print an estimated speed of the bitslice implementation.

Run

Start by generating test data. halfloop-generate-data will generate a random key and print it to stderr. It will then attempt generate good pairs of plaintext-ciphertext-tuples with that key and print them to stdout. console ./halfloop-generate-data 4 > data.txt

Use halfloop-tweak to interpret a hexadecimal tweak value. console ./halfloop-tweak 543bd88000017550

Use the test data to perform an attack. If more than three good pairs are available, the program will combine them to attempt to reduce the number of 80-bit candidate keys as much as possible. It will then perform a brute force search for the remaining 48 bits of each candidate key. Progress information is continuously printed to the console. When a key is found, the program quits after printing the key to the console. console ./halfloop-attack data.txt The -t command line argument can be used to control the number of threads used in the brute force search phase. By default, one thread per processor is created. console ./halfloop-attack -t 4 data.txt

Citing

If you use this software, please cite the following article: Dansarie, M., Derbez, P., Leander, G., & Stennes, L. (2022). Breaking HALFLOOP-24. IACR Transactions on Symmetric Cryptology, 2022(3), 217–238. https://doi.org/10.46586/tosc.v2022.i3.217-238 Citation information is also provided in CITATION.cff.

License

This project is licensed under the GNU General Public License — see the LICENSE file for details.

Owner

  • Name: Marcus Dansarie
  • Login: dansarie
  • Kind: user
  • Location: Stockholm, Sweden

Citation (CITATION.cff) 

cff-version: 1.2.0
message: >-
  If you use this software, please cite the article from
  preferred-citation.

title: Implementation of attacks on HALFLOOP-24
authors:
  - given-names: Marcus
    family-names: Dansarie
    affiliation: >-
      Swedish Defence University, Stockholm, Sweden;
      University of Skövde, Skövde, Sweden
    orcid: 'https://orcid.org/0000-0001-9246-0263'
  - family-names: Derbez
    given-names: Patrick
    affiliation: >-
      Univ Rennes, Centre National de la Recherche
      Scientifique (CNRS), Institut de Recherche en
      Informatique et Systèmes Aléatoires (IRISA),
      Rennes, France
  - family-names: Leander
    given-names: Gregor
    affiliation: 'Ruhr University Bochum, Bochum, Germany'
    orcid: 'https://orcid.org/0000-0002-2579-8587'
  - family-names: Stennes
    given-names: Lukas
    affiliation: 'Ruhr University Bochum, Bochum, Germany'
license: GPL-3.0

preferred-citation:
  type: article
  title: Breaking HALFLOOP-24
  journal: IACR Transactions on Symmetric Cryptology
  year: 2022
  volume: 2022
  issue: 3
  authors:
    - given-names: Marcus
      family-names: Dansarie
      affiliation: >-
        Swedish Defence University, Stockholm, Sweden;
        University of Skövde, Skövde, Sweden
      orcid: 'https://orcid.org/0000-0001-9246-0263'
    - family-names: Derbez
      given-names: Patrick
      affiliation: >-
        Univ Rennes, Centre National de la Recherche
        Scientifique (CNRS), Institut de Recherche en
        Informatique et Systèmes Aléatoires (IRISA),
        Rennes, France
    - family-names: Leander
      given-names: Gregor
      affiliation: 'Ruhr University Bochum, Bochum, Germany'
      orcid: 'https://orcid.org/0000-0002-2579-8587'
    - family-names: Stennes
      given-names: Lukas
      affiliation: 'Ruhr University Bochum, Bochum, Germany'
  identifiers:
    - type: doi
      value: 10.46586/tosc.v2022.i3.217-238
      description: The encompassing academic article
  abstract: >-
    HALFLOOP-24 is a tweakable block cipher that is
    used to protect automatic link establishment
    messages in high frequency radio, a technology
    commonly used by government agencies and industries
    that need highly robust long-distance
    communications. We present the first public
    cryptanalysis of HALFLOOP-24 and show that
    HALFLOOP-24, despite its key size of 128 bits, is
    far from providing 128 bit security. More
    precisely, we give attacks for ciphertext-only,
    known-plaintext, chosen-plaintext and
    chosen-ciphertext scenarios. In terms of their
    complexities, most of them can be considered
    practical. However, in the real world, the amount
    of available data is too low for our attacks to
    work. Our strongest attack, a boomerang
    key-recovery, finds the first round key with less
    than 2<sup>10</sup> encryption and decryption
    queries. In conclusion, we strongly advise against
    using HALFLOOP-24.
  keywords:
    - HF Radio
    - ALE
    - HALFLOOP
    - Boomerang
  license: CC-BY-4.0

GitHub Events

Total
  • Watch event: 5
  • Create event: 1
Last Year
  • Watch event: 5
  • Create event: 1