JK Lakshmipat University, Jaipur

Institute Of Engineering and Technology

Security Metrics/Properties to analyze Modern Cryptography

Introduction to Cryptography

Submitted To Submitted By
Dr. Surbhi Chhabra Chitraksh Gupta
Institute of Engineering and 2021Btech063
Technology
Table Of Contents
Introduction...........................................................................................................................................3
Frequency Test.......................................................................................................................................5
Bit-Independence Tests.........................................................................................................................6
Avalanche Effect (AE).........................................................................................................................6
Completeness...................................................................................................................................8
Bitwise-Uncorrelation Tests (BUCT).......................................................................................................9
Frequency Test...................................................................................................................................9
Runs Test..........................................................................................................................................10
Poker Test........................................................................................................................................11
Hardware Security...............................................................................................................................12
Physical Unclonable Functions (PUFs)..............................................................................................12
Side-Channel Analysis (SCA)............................................................................................................13
 Introduction

In this modern era, cyber threats are becoming increasingly prevalent, and data
breaches are also on the rise. However, the field of cryptography is continuously
evolving to ensure data confidentiality, integrity, and authenticity. It's necessary
to understand the metrics and properties that define their security.
This article includes the minimum requirements for keys that should be
fulfilled, or we can say key security metrics, from encryption strength to
algorithm efficiency in modern cryptography. Before creating a key or key
algorithm, certain key metrics must always be fulfilled to ensure better security
that is difficult to break.
Modern encryption algorithms depends significantly on key scheduling
algorithms, whose security is just as important as the encryption algorithms'
own. Numerous research have been conducted on the cryptographic strength
assessment of encryption algorithms; however, the strength assessment of key
scheduling algorithms frequently receives less attention, which may indicate a
potential vulnerability in the encryption process as a whole.

Before understanding the metrics, first we have to understand the importance of

the key in modern cryptography. In modern cryptography, the eavesdropper
(middlemen) knows everything about the encryption algorithm, but the key is
the only thing that is known. So, the cryptographer always tries to make it as
complex as possible. Under the hood, we are discussing the main points/key
features that are always kept in mind for designing a good key.
Here we are discussing the metrics which are as follows:
1. Frequency Test
2. Bit-Independence Tests (BITs)
a. Avalanche Effect (AE)
b. Completeness
3. Bitwise-Uncorrelation Tests (BUCT)
a. Frequency Test
b. Poker Test
c. Runs Test
 Frequency Test

The objective of the frequency test is to assess whether the distribution of zeros
and ones in randomly generated data is approximately balanced, with each
occurring roughly half of the time. Specifically, this test is applied to the
subkeys produced by a Key Scheduling Algorithm
If the counts of ones and zeros in these subkeys is not almost same the n the
randomness criterion is not met which reselts to be not good ksa .

k 0 −k 1
z=
n

 K0 : no of zeros in n bit sequence

 K1 : no of one’s in n bit sequence
Z has to follow x2 distribution with one degree of freedom with n ≥ 10

Example: In a 16-bit key sequence, if there are 9 occurrences of 1s and 7

occurrences of 0s, it does not meet the frequency test requirement since the
frequencies are not approximately equal.
 Bit-Independence Tests

One of the essential critical evaluation metrics/criteria for designing a key that
involves bit independency tests whose primary goal is to evaluate and take care
of the bit confusion and diffusion properties; this property ensures that the
secret key and generated keys are intricate, guaranteeing that a modification in a
single bit of the private key will affect all bits of the subkeys. The objective of
these properties within the KSA is to enhance the cypher's resilience against
statistical and cryptanalysis attacks, such as related-key attacks and slide
attacks.

Some mathematical definition of this methods are as follows

Avalanche Effect (AE)

The avalanche effect is a fundamental property in cryptography that measures
the sensitivity of a cryptographic algorithm to changes in its input. Specifically,
it quantifies how much even a small alteration in the input data propagates
through the algorithm, causing significant differences in the output.

In this context, the avalanche effect can be quantified by measuring the extent
of change in the output of the Boolean function f when a single bit in the input
is flipped. More formally, let x and x′ be two n-bit input strings that differ only
in one bit position. Then, the avalanche effect can be defined as:
m
1
f = ∑ ¿ f ( x)i−f ( x ' )i ∨¿
m i=1
  f(x)i represents the i-th bit of the output of f for input x.
 f(x′)i represents the i-th bit of the output of f for input x′.
 ∣⋅∣ denotes the absolute value.
 The sum is taken over all m bits of the output of the Boolean function f.
 The average is computed by dividing the sum by m, the total number of
output bits.
This formula captures the average proportion of output bits that differ between
the outputs of f for inputs x and x′, providing a quantitative measure of the
avalanche effect of the Boolean function f. A higher value indicates a stronger
avalanche effect, implying that small changes in the input propagate widely
throughout the output.
Example:
 Input Key: 1010101010101010
 Output Key: 1100101001000010
 Changing the first bit of the input key results in 9 out of 16 bits changing
in the output key, indicating a good avalanche effect.
2. Completeness
Completeness refers to the degree to which a change in the secret key
propagates through the subkeys.

|S ( K ) Δ S ( K ' )|
Completeness ( C )=
|S ( K )|

 C represents completeness.
 S(K) and S(K′) are the sets of subkeys generated from the original key K
and the modified key K′, respectively.
 ∣S(K)ΔS(K′)∣ denotes the size of the symmetric difference between the
sets of subkeys generated from K and K′. This represents the number of
subkey bits that differ between the two sets.
 ∣S(K)∣ represents the total number of subkey bits generated from the
original key K.

This formula computes the ratio of the number of altered subkey bits to the total
number of subkey bits generated from the original key. A completeness value
close to 1 indicates that a change in a single bit of the secret key significantly
impacts a large proportion of the subkeys, reflecting a high level of
completeness in the key scheduling algorithm.
Example: In a cryptographic algorithm, each output bit depends on all input
bits. For instance, if changing any input bit affects all output bits, the
completeness requirement is satisfied.
 Bitwise-Uncorrelation Tests (BUCT)
Frequency Test
This metric quantifies the degree of correlation between the bits of subkeys. A
correlation coefficient close to zero indicates low correlation, which is desirable
for cryptographic strength. It involves performing XOR operations between all
possible combinations of bits within subkeys and analyzing the resulting
sequences

To illustrate the connection between each bit of Ki and Kj, conduct XOR
operations on all potential combinations of their respective bits. Then, combine
the resulting bit strings through concatenation to form the necessary sequence,
as detailed below:

 Key1: 10101100
 Key2: 11001010
 XOR Result: 01100110
 In the XORed sequence, if there are 4 occurrences of 1s and 4
occurrences of 0s, it meets the frequency test requirement.
Runs Test
The runs test evaluates the presence of consecutive sequences (runs) of identical
bits within a key sequence. It examines the distribution of run lengths to
determine if the sequence displays randomness or exhibits patterns. Deviations
from expected run lengths can indicate potential vulnerabilities to cryptographic
attacks, highlighting the importance of assessing the unpredictability of key
sequences.

 XOR Result: 01100110

 There are 3 runs of consecutive bits (011, 00, 11), which may or may not
meet the expected bounds based on the specific requirements of the runs
test.
Poker Test

The poker test partitions the key sequence into blocks and treats each block as a
poker hand. By analyzing the distribution of different types of poker hands
within these blocks, it assesses the entropy and randomness of the sequence. A
uniform distribution of poker hands across blocks indicates randomness,
whereas skewed distributions suggest biases or non-randomness. This test
provides further insights into the cryptographic strength of key sequences by
examining their diversity and uniformity.

 XOR Result: 01100110

 Dividing the sequence into blocks of 2 bits: 01, 10, 01, 10
 Each block forms a pair, meeting the poker test requirement of having
uniform distribution among different poker hands.
 Hardware Security

Till now we have discussed various methods but these methods are generally
use in the software level but we also want to know about hardware , so now we
are discussing Security Metrics for hardware security and it uses in various
devices such as IOT

Physical Unclonable Functions (PUFs)

PUFs are hardware-based security primitives that exploit the inherent

randomness and uniqueness of physical characteristics in integrated circuits
(ICs). They generate unique responses to challenges based on manufacturing
variations, such as transistor threshold voltages or delay variations. PUF
responses serve as cryptographic keys or identifiers, offering secure
authentication, key generation, and anti-counterfeiting capabilities. Analyzing
the reliability, uniqueness, and entropy of PUF responses is essential for
assessing their effectiveness in hardware security applications.
Side-Channel Analysis (SCA)

Hardware security involves addressing vulnerabilities such as side-channel

attacks, where an attacker exploits information leaked during the execution of
cryptographic algorithms. Countermeasures may include techniques like
constant-time implementations, masking, and adding noise to prevent the
extraction of sensitive information from side-channel observations. This is one
of the most powerful attack in cryptography and it is most expensive as well
References
https://www.sciencedirect.com/science/article/abs/pii/S221421261931049X
https://csrc.nist.gov/files/pubs/conference/1997/10/10/proceedings-of-the-20th-
nissc-1997/final/docs/128.pdf
https://www.hindawi.com/journals/scn/2020/3189601/