Thesis Research Notes
|
|
- Linette Atkinson
- 5 years ago
- Views:
Transcription
1 Thesis Research Notes Week Christopher Wood June 29, 2012 Abstract This week was devoted to reviewing some classical literature on the subject of Boolean functions and their application to cryptography. 1 Perfect nonlinear S-boxes [1] This paper deals with the fundamental mathematical properties of bent functions and their role in constructing perfect nonlinear permutations (S-boxes). It is comprised of three main sections as follows: 1. Bent functions, properties, and constructions 2. Perfect nonlinear transformations 3. Efficient construction mechanisms (targeting actual implementations) 1.1 Informal Discussion of Bent Functions Before getting into formal definitions of bent functions, we first discuss some basic ideas around their definition and properties. First, a bent function is a special type of Boolean function that is named as such because they are as different as possible from all linear and affine functions. Clearly, this is an important property of cryptographic non-linear functions, as functions that behave linearly are susceptible to linear and differential cryptanalysis. 1.2 Some Properties of Bent Functions Most definitions of bent functions (at least in the context of Nyberg s discussion) rely on the Fourier transformation. Several other properties, such as the shifted cross-correlation, are utilized as well. For completeness, we define them all as follows: Definition 1. The Fourier transform of u (the qth root of unity in C is defined as follows F (w) = 1 q n x Z n q u f(x) w x, w Z n q 1
2 This defintion is defined with respect to C partly due to its simplicity in notation (i.e. we make use of Euler s identity e ix = cos(x) + i sin(x)); we could just have easily defined it with respect to R using sines and cosines. Definition 2. The shifted cross-correlation of two functions f and g from Z n q to Z q is defined as follows: c(f, g)(w) = 1 q n x Z n q u f(x+w) g(x) We now utilize this transformation to define bent functions. Definition 3. A function f : Z n q Z n q is bent if F (w) = 1 for all w Z n q. This definition was first given in [?]. This definition contains a lot of subtle information and needs to be explored in more detail. 2 Fourier Transform and its Applications in Cryptography In [2], Massey discusses the practical applications of the Discrete Fourier Transform (DFT) in both coding theory and cryptography. In doing so, he first describes the usual DFT in terms of fields as follows. Definition 4. Let u be a primitive Nth root of unity in the field F (i.e. u N = 1 but u i 1 for 1 i < N). The Discrete Fourier Transform of length N generated by u is the mapping DF T u ( ) from F N F N defined by B as follows B[i] = N 1 n=0 [n]u in In this context, = (b[0], b[1],..., b[n 1]) is the time domain sequence and B = (B[0], B[1],..., B[N 1]) is the frequency domain sequence. The inverse of this transform b is as follows b[i] = 1 N N 1 i=0 B[i]u in With this transformation it is common to measure the linear complexity of sequences, where the linear complexity is defined as the length L of the shortest linear feedback shift register (LFSR) that produces the entire sequence (of size n) when loaded with the sequence of size L. In particular, the DFT is used to analyze sequences of produced by nonlinear combinations of sequences. 2
3 3 Linear Cryptanalysis and S-box Analysis This is a slight change of pace from the other papers read this week, but something that aligns with the overall goal of the thesis. In particular, I hope to use this tool in the analysis of S-boxes. In this brief note I review the concepts discussed by Stinson in [3]. Generally speaking, the idea of linear cryptanalysis is to attempt to find some linear relationship between a subset of the plaintext bits and a subset of the state bits before the last XOR operation in the cipher algorithm that is satisfied with some probability p. Then, using a large set of plaintext/ciphertext pairs, the attacker then decrypts each ciphertext block using all possible canidate keys (which come from the last round of encryption determined from the XOR operation). While doing so, a counter associated with each candidate key is incremented every time the bit subset relationship is satisfied. Then, when finished decrypting all given ciphertexts, the attacker chooses the candidate key that has a frequency count furthest from 1/2 times the number of plaintext/ciphertext pairs. Before getting into more specific details, we first review some fundamental rules from probability theory that are used to justify (and prove ) the correctness of these attacks. 3.1 Piling Up Lemma Lemma 1. ( The Piling Up Lemma) Let ɛ i1,i 2,...,i k denote the bias of the random variable X i1 X ik. Then ɛ i1,i 2,...,i k = 2 k 1 In the context of this lemma, all of the X i random variables can only hold values from the set {0, 1}, where Pr[X i = 0] = p i, and we make assert that all random variables X i, X j, i j, are independent. With these conditions, we can easily formulate the PDFs for each random variable, and subsequently the distributions of X i X j. The proof of the Lemma 1 comes from a straightforward induction argument on k, where k = 1 and k = 2 are two unique base cases (the singleton variable and the result of one XOR between two random variables). From this lemma we also obtain the following corrolary. Corollary 0.1. Let ɛ i1,i 2,...,i k denote the bias of the random variable X i1 X ik. Suppose that ɛ ij = 0 for some j, then ɛ i1,i 2,...,i k = Linear Approximations of S-boxes Let π S : {0, 1} m {0, 1} n be the S-box in question. Each element of the input vector x i corresponds to some random variable X i, and each of these variables are independent. In addition, each element 3 k j=1 ɛ ij
4 of the output vector y i corresponds to some random variable Y i. However, these variables are not specifically independent from each other or from the X i variables. One approximation method of the S-box might entail computing the bias of the random variable X i1 X ik Y j1 Y jl It seems as though such a computation cannot rely on the Piling Up Lemma discussed in the previous section because the random variables are not strictly independent. It would be an interesting exercise to analytically solve for the bias. 4 Unkown Terms Cross-correlation Definition 5. For two continuous functions f and g, the cross-correlation is defined as: (f g)(t) = where f is the complex conjugate of f. f (τ)g(t + τ)dτ, This quanity is a measure of similarity of two waveforms as a function of time-lag applied to one of them. In terms of cryptography, this can be utilized as a pattern recognition tool, which turns out to be particularly helpful when performing cryptanalysis. This idea is similar in nature to the convolution of f and g. 5 Ideas Would it be feasible to replace the S-box in Rijndael with a nonlinear recurrence relation that has similar security properties? Conversely, what can we gain by representing the current S-box as a recurrence relation? What is the linear complexity of the Rijndael S-box? LFSRs are commonly used to construct stream ciphers and pseudo-random number generators (PRNGs). In particular, combinations of multiple LFSRs that are evaluated in parallel are often used to create non-linear output sequences. Is this a viable technique for block ciphers? Another technique is referred to as non-linear updating, in which the memory of the generating function (i.e. the transition function between two states) is partitioned into two bit sets of size l 1 and l 2 (where l 1 + l 2 = l, the length of the memory) and two update functions f 1 : {0, 1} l 1 {0, 1} l 1 and f 2 : {0, 1} l {0, 1} l 2 are applied (where f 1 is linear and f 2 is nonlinear and uses some of the nonlinear bits in l 2 ) [4]. It would be interesting to compare 4
5 the security of such a construction in Rijndael, where the SubBytes routine is now composed of a non-linear S-box and a linear LFSR-equivalent function. References [1] K. Nyberg, Perfect nonlinear s-boxes, in EUROCRYPT, 1991, pp [2] J. L. Massey, The discrete fourier transform in coding and cryptography, in IEEE Inform. Theory Workshop, ITW 98, 1998, pp [3] D. R. Stinson, Cryptography - theory and practice, ser. Discrete mathematics and its applications series. CRC Press, [4] E. Zenner, Cryptanalysis of lfsr-based pseudorandom generators a survey, Tech. Rep.,
Correcting Codes in Cryptography
EWSCS 06 Palmse, Estonia 5-10 March 2006 Lecture 2: Orthogonal Arrays and Error- Correcting Codes in Cryptography James L. Massey Prof.-em. ETH Zürich, Adjunct Prof., Lund Univ., Sweden, and Tech. Univ.
More informationProduct Systems, Substitution-Permutation Networks, and Linear and Differential Analysis
Product Systems, Substitution-Permutation Networks, and Linear and Differential Analysis Cryptology, lecture 3 Stinson, Section 2.7 3.4 Tuesday, February 12th, 2008 1 Composition Product 2 Substitution-Permutation
More informationStatistical and Linear Independence of Binary Random Variables
Statistical and Linear Independence of Binary Random Variables Kaisa Nyberg Department of Computer Science, Aalto University School of Science, Finland kaisa.nyberg@aalto.fi October 10, 2017 Abstract.
More informationLecture 12: Block ciphers
Lecture 12: Block ciphers Thomas Johansson T. Johansson (Lund University) 1 / 19 Block ciphers A block cipher encrypts a block of plaintext bits x to a block of ciphertext bits y. The transformation is
More informationChapter 1 - Linear cryptanalysis.
Chapter 1 - Linear cryptanalysis. James McLaughlin 1 Introduction. Linear cryptanalysis was first introduced by Mitsuru Matsui in [12]. The cryptanalyst attempts to find a linear equation x 1... x i =
More informationMaximum Correlation Analysis of Nonlinear S-boxes in Stream Ciphers
Maximum Correlation Analysis of Nonlinear S-boxes in Stream Ciphers Muxiang Zhang 1 and Agnes Chan 2 1 GTE Laboratories Inc., 40 Sylvan Road LA0MS59, Waltham, MA 02451 mzhang@gte.com 2 College of Computer
More informationOn Stream Ciphers with Small State
ESC 2017, Canach, January 16. On Stream Ciphers with Small State Willi Meier joint work with Matthias Hamann, Matthias Krause (University of Mannheim) Bin Zhang (Chinese Academy of Sciences, Beijing) 1
More informationImprovements to Correlation Attacks Against Stream. Ciphers with Nonlinear Combiners. Brian Stottler Elizabethtown College
Improvements to Correlation Attacks Against Stream Ciphers with Nonlinear Combiners Brian Stottler Elizabethtown College Spring 2018 1 Background 1.1 Stream Ciphers Throughout the multi-thousand year history
More informationImproved Fast Correlation Attacks Using Parity-Check Equations of Weight 4 and 5
Improved Fast Correlation Attacks Using Parity-Check Equations of Weight 4 and 5 Anne Canteaut 1 and Michaël Trabbia 1,2 1 INRIA projet CODES B.P. 105 78153 Le Chesnay Cedex - France Anne.Canteaut@inria.fr
More informationDD2448 Foundations of Cryptography Lecture 3
DD2448 Foundations of Cryptography Lecture 3 Douglas Wikström KTH Royal Institute of Technology dog@kth.se February 3, 2016 Linear Cryptanalysis of the SPN Basic Idea Linearize Find an expression of the
More informationLinear and Statistical Independence of Linear Approximations and their Correlations
Linear and Statistical Independence of Linear Approximations and their Correlations Kaisa Nyberg Aalto University School of Science kaisa.nyberg@aalto.fi Boolean Functions and their Applications Os, Norway,
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 9: Encryption modes. AES
CS355: Cryptography Lecture 9: Encryption modes. AES Encryption modes: ECB } Message is broken into independent blocks of block_size bits; } Electronic Code Book (ECB): each block encrypted separately.
More informationIEOR SEMINAR SERIES Cryptanalysis: Fast Correlation Attacks on LFSR-based Stream Ciphers
IEOR SEMINAR SERIES Cryptanalysis: Fast Correlation Attacks on LFSR-based Stream Ciphers presented by Goutam Sen Research Scholar IITB Monash Research Academy. 1 Agenda: Introduction to Stream Ciphers
More informationSTREAM CIPHER. Chapter - 3
STREAM CIPHER Chapter - 3 S t r e a m C i p h e r P a g e 38 S t r e a m C i p h e r P a g e 39 STREAM CIPHERS Stream cipher is a class of symmetric key algorithm that operates on individual bits or bytes.
More informationGENERALIZED NONLINEARITY OF S-BOXES. Sugata Gangopadhyay
Volume X, No. 0X, 0xx, X XX doi:0.3934/amc.xx.xx.xx GENERALIZED NONLINEARITY OF -BOXE ugata Gangopadhyay Department of Computer cience and Engineering, Indian Institute of Technology Roorkee, Roorkee 47667,
More informationStream Ciphers: Cryptanalytic Techniques
Stream Ciphers: Cryptanalytic Techniques Thomas Johansson Department of Electrical and Information Technology. Lund University, Sweden ECRYPT Summer school 2007 (Lund University) Stream Ciphers: Cryptanalytic
More informationLinear Approximations for 2-round Trivium
Linear Approximations for 2-round Trivium Meltem Sönmez Turan 1, Orhun Kara 2 1 Institute of Applied Mathematics, Middle East Technical University Ankara, Turkey msonmez@metu.edu.tr 2 TUBITAK-UEKAE, Gebze,
More informationTowards Provable Security of Substitution-Permutation Encryption Networks
Towards Provable Security of Substitution-Permutation Encryption Networks Zhi-Guo Chen and Stafford E. Tavares Department of Electrical and Computer Engineering Queen s University at Kingston, Ontario,
More informationSmart Hill Climbing Finds Better Boolean Functions
Smart Hill Climbing Finds Better Boolean Functions William Millan, Andrew Clark and Ed Dawson Information Security Research Centre Queensland University of Technology GPO Box 2434, Brisbane, Queensland,
More informationStream ciphers I. Thomas Johansson. May 16, Dept. of EIT, Lund University, P.O. Box 118, Lund, Sweden
Dept. of EIT, Lund University, P.O. Box 118, 221 00 Lund, Sweden thomas@eit.lth.se May 16, 2011 Outline: Introduction to stream ciphers Distinguishers Basic constructions of distinguishers Various types
More informationSOBER Cryptanalysis. Daniel Bleichenbacher and Sarvar Patel Bell Laboratories Lucent Technologies
SOBER Cryptanalysis Daniel Bleichenbacher and Sarvar Patel {bleichen,sarvar}@lucent.com Bell Laboratories Lucent Technologies Abstract. SOBER is a new stream cipher that has recently been developed by
More informationComputing the biases of parity-check relations
Computing the biases of parity-check relations Anne Canteaut INRIA project-team SECRET B.P. 05 7853 Le Chesnay Cedex, France Email: Anne.Canteaut@inria.fr María Naya-Plasencia INRIA project-team SECRET
More informationCryptanalysis of the Light-Weight Cipher A2U2 First Draft version
Cryptanalysis of the Light-Weight Cipher A2U2 First Draft version Mohamed Ahmed Abdelraheem, Julia Borghoff, Erik Zenner Technical University of Denmark, DK-2800 Kgs. Lyngby, Denmark {M.A.Abdelraheem,J.Borghoff,E.Zenner}@mat.dtu.dk
More informationCryptographic D-morphic Analysis and Fast Implementations of Composited De Bruijn Sequences
Cryptographic D-morphic Analysis and Fast Implementations of Composited De Bruijn Sequences Kalikinkar Mandal, and Guang Gong Department of Electrical and Computer Engineering University of Waterloo Waterloo,
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Appendix A: Symmetric Techniques Block Ciphers A block cipher f of block-size
More informationChapter 2 Balanced Feistel Ciphers, First Properties
Chapter 2 Balanced Feistel Ciphers, First Properties Abstract Feistel ciphers are named after Horst Feistel who studied these schemes in the 1960s. In this chapter, we will only present classical Feistel
More informationBISON Instantiating the Whitened Swap-Or-Not Construction November 14th, 2018
BION Instantiating the Whitened wap-or-not Construction November 14th, 2018 FluxFingers Workgroup ymmetric Cryptography, Ruhr University Bochum Virginie Lallemand, Gregor Leander, Patrick Neumann, and
More informationExtended Criterion for Absence of Fixed Points
Extended Criterion for Absence of Fixed Points Oleksandr Kazymyrov, Valentyna Kazymyrova Abstract One of the criteria for substitutions used in block ciphers is the absence of fixed points. In this paper
More informationLinear Cryptanalysis. Kaisa Nyberg. Department of Computer Science Aalto University School of Science. S3, Sackville, August 11, 2015
Kaisa Nyberg Department of Computer Science Aalto University School of Science s 2 r t S3, Sackville, August 11, 2015 Outline Linear characteristics and correlations Matsui s algorithms Traditional statistical
More informationDifferential-Linear Cryptanalysis of Serpent
Differential-Linear Cryptanalysis of Serpent Eli Biham, 1 Orr Dunkelman, 1 Nathan Keller 2 1 Computer Science Department, Technion. Haifa 32000, Israel {biham,orrd}@cs.technion.ac.il 2 Mathematics Department,
More informationSequences, DFT and Resistance against Fast Algebraic Attacks
Sequences, DFT and Resistance against Fast Algebraic Attacks Guang Gong Department of Electrical and Computer Engineering University of Waterloo Waterloo, Ontario N2L 3G1, CANADA Email. ggong@calliope.uwaterloo.ca
More informationAn average case analysis of a dierential attack. on a class of SP-networks. Distributed Systems Technology Centre, and
An average case analysis of a dierential attack on a class of SP-networks Luke O'Connor Distributed Systems Technology Centre, and Information Security Research Center, QUT Brisbane, Australia Abstract
More informationLinear Cryptanalysis of Reduced-Round PRESENT
Linear Cryptanalysis of Reduced-Round PRESENT Joo Yeon Cho 1 Helsinki University of Technology, Finland 2 Nokia A/S, Denmark joo.cho@tkk.fi Abstract. PRESENT is a hardware-oriented block cipher suitable
More informationType 1.x Generalized Feistel Structures
Noname manuscript No. (will be inserted by the editor) Type 1.x Generalized eistel Structures Shingo Yanagihara Tetsu Iwata Received: date / Accepted: date Abstract We formalize the Type 1.x Generalized
More informationBlock Cipher Cryptanalysis: An Overview
0/52 Block Cipher Cryptanalysis: An Overview Subhabrata Samajder Indian Statistical Institute, Kolkata 17 th May, 2017 0/52 Outline Iterated Block Cipher 1 Iterated Block Cipher 2 S-Boxes 3 A Basic Substitution
More informationAlgebraic attack on stream ciphers Master s Thesis
Comenius University Faculty of Mathematics, Physics and Informatics Department of Computer Science Algebraic attack on stream ciphers Master s Thesis Martin Vörös Bratislava, 2007 Comenius University Faculty
More informationGeneralized Correlation Analysis of Vectorial Boolean Functions
Generalized Correlation Analysis of Vectorial Boolean Functions Claude Carlet 1, Khoongming Khoo 2, Chu-Wee Lim 2, and Chuan-Wen Loe 2 1 University of Paris 8 (MAATICAH) also with INRIA, Projet CODES,
More informationTHE UNIVERSITY OF CALGARY FACULTY OF SCIENCE DEPARTMENT OF COMPUTER SCIENCE DEPARTMENT OF MATHEMATICS & STATISTICS MIDTERM EXAMINATION 1 FALL 2018
THE UNIVERSITY OF CALGARY FACULTY OF SCIENCE DEPARTMENT OF COMPUTER SCIENCE DEPARTMENT OF MATHEMATICS & STATISTICS MIDTERM EXAMINATION 1 FALL 2018 CPSC 418/MATH 318 L01 October 17, 2018 Time: 50 minutes
More informationNew Results in the Linear Cryptanalysis of DES
New Results in the Linear Cryptanalysis of DES Igor Semaev Department of Informatics University of Bergen, Norway e-mail: igor@ii.uib.no phone: (+47)55584279 fax: (+47)55584199 May 23, 2014 Abstract Two
More informationDesign of Filter Functions for Key Stream Generators using Boolean Power Functions Jong-Min Baek
Design of Filter Functions for Key Stream Generators using Boolean Power Functions Jong-Min Baek The Graduate School Yonsei University Department of Electrical and Electronic Engineering Design of Filter
More informationLinear Cryptanalysis
Linear Cryptanalysis Linear cryptanalysis is a powerful method of cryptanalysis introduced by Matsui in 1993 [11]. It is a known plaintext attack in which the attacker studies the linear approximations
More informationIntroduction on Block cipher Yoyo Game Application on AES Conclusion. Yoyo Game with AES. Navid Ghaedi Bardeh. University of Bergen.
Yoyo Game with AES Navid Ghaedi Bardeh University of Bergen May 8, 2018 1 / 33 Outline 1 Introduction on Block cipher 2 Yoyo Game 3 Application on AES 4 Conclusion 2 / 33 Classical Model of Symmetric Cryptography
More informationFirst-Order DPA Attack Against AES in Counter Mode w/ Unknown Counter. DPA Attack, typical structure
Josh Jaffe CHES 2007 Cryptography Research, Inc. www.cryptography.com 575 Market St., 21 st Floor, San Francisco, CA 94105 1998-2007 Cryptography Research, Inc. Protected under issued and/or pending US
More informationTransform Domain Analysis of DES. Guang Gong and Solomon W. Golomb. University of Southern California. Tels and
Transform Domain Analysis of DES Guang Gong and Solomon W. Golomb Communication Sciences Institute University of Southern California Electrical Engineering-Systems, EEB # 500 Los Angeles, California 90089-2565
More informationSymmetric Cryptanalytic Techniques. Sean Murphy ショーン マーフィー Royal Holloway
Symmetric Cryptanalytic Techniques Sean Murphy ショーン マーフィー Royal Holloway Block Ciphers Encrypt blocks of data using a key Iterative process ( rounds ) Modified by Modes of Operation Data Encryption Standard
More informationTHEORETICAL SIMPLE POWER ANALYSIS OF THE GRAIN STREAM CIPHER. A. A. Zadeh and Howard M. Heys
THEORETICAL SIMPLE POWER ANALYSIS OF THE GRAIN STREAM CIPHER A. A. Zadeh and Howard M. Heys Electrical and Computer Engineering Faculty of Engineering and Applied Science Memorial University of Newfoundland
More informationSecurity of Random Feistel Schemes with 5 or more Rounds
Security of Random Feistel Schemes with 5 or more Rounds Jacques Patarin Université de Versailles 45 avenue des Etats-Unis 78035 Versailles Cedex - France Abstract. We study cryptographic attacks on random
More informationA Weak Cipher that Generates the Symmetric Group
A Weak Cipher that Generates the Symmetric Group Sean Murphy Kenneth Paterson Peter Wild Information Security Group, Royal Holloway and Bedford New College, University of London, Egham, Surrey TW20 0EX,
More informationGeneralized hyper-bent functions over GF(p)
Discrete Applied Mathematics 55 2007) 066 070 Note Generalized hyper-bent functions over GFp) A.M. Youssef Concordia Institute for Information Systems Engineering, Concordia University, Montreal, QC, H3G
More informationImproved Cascaded Stream Ciphers Using Feedback
Improved Cascaded Stream Ciphers Using Feedback Lu Xiao 1, Stafford Tavares 1, Amr Youssef 2, and Guang Gong 3 1 Department of Electrical and Computer Engineering, Queen s University, {xiaolu, tavares}@ee.queensu.ca
More informationOn The Nonlinearity of Maximum-length NFSR Feedbacks
On The Nonlinearity of Maximum-length NFSR Feedbacks Meltem Sönmez Turan National Institute of Standards and Technology meltem.turan@nist.gov Abstract. Linear Feedback Shift Registers (LFSRs) are the main
More informationExperiments on the Multiple Linear Cryptanalysis of Reduced Round Serpent
Experiments on the Multiple Linear Cryptanalysis of Reduced Round Serpent B. Collard, F.-X. Standaert, J.-J. Quisquater UCL Crypto Group Microelectronics Laboratory Catholic University of Louvain - UCL
More informationCryptography - Session 2
Cryptography - Session 2 O. Geil, Aalborg University November 18, 2010 Random variables Discrete random variable X: 1. Probability distribution on finite set X. 2. For x X write Pr(x) = Pr(X = x). X and
More informationBlock vs. Stream cipher
Block vs. Stream cipher Idea of a block cipher: partition the text into relatively large (e.g. 128 bits) blocks and encode each block separately. The encoding of each block generally depends on at most
More informationLinear Cryptanalysis of Reduced-Round Speck
Linear Cryptanalysis of Reduced-Round Speck Tomer Ashur Daniël Bodden KU Leuven and iminds Dept. ESAT, Group COSIC Address Kasteelpark Arenberg 10 bus 45, B-3001 Leuven-Heverlee, Belgium tomer.ashur-@-esat.kuleuven.be
More informationAnalysis of cryptographic hash functions
Analysis of cryptographic hash functions Christina Boura SECRET Project-Team, INRIA Paris-Rocquencourt Gemalto, France Ph.D. Defense December 7, 2012 1 / 43 Symmetric key cryptography Alice and Bob share
More informationHow Biased Are Linear Biases
How Biased Are Linear Biases Adnan Baysal and Orhun Kara TÜBİTAK BİLGEM UEKAE Gebze, 41470 Kocaeli Turkey. E-mails: {abaysal,orhun}@uekae.tubitak.gov.tr Abstract In this paper we re-visit the Matsui s
More informationImproved Linear (hull) Cryptanalysis of Round-reduced Versions of SIMON
Improved Linear (hull) Cryptanalysis of Round-reduced Versions of SIMON Danping Shi 1,2, Lei Hu 1,2, Siwei Sun 1,2, Ling Song 1,2, Kexin Qiao 1,2, Xiaoshuang Ma 1,2 1 State Key Laboratory of Information
More informationAffine equivalence in the AES round function
Discrete Applied Mathematics 148 (2005) 161 170 www.elsevier.com/locate/dam Affine equivalence in the AES round function A.M. Youssef a, S.E. Tavares b a Concordia Institute for Information Systems Engineering,
More informationDistinguishing Attacks on a Kind of Generalized Unbalanced Feistel Network
Distinguishing Attacks on a Kind of Generalized Unbalanced Feistel Network Ruilin Li, Bing Sun, and Chao Li Department of Mathematics and System Science, Science College, National University of Defense
More informationA Pseudo-Random Encryption Mode
A Pseudo-Random Encryption Mode Moni Naor Omer Reingold Block ciphers are length-preserving private-key encryption schemes. I.e., the private key of a block-cipher determines a permutation on strings of
More informationSolution of Exercise Sheet 7
saarland Foundations of Cybersecurity (Winter 16/17) Prof. Dr. Michael Backes CISPA / Saarland University university computer science Solution of Exercise Sheet 7 1 Variants of Modes of Operation Let (K,
More informationBlock Ciphers and Systems of Quadratic Equations
Block Ciphers and Systems of Quadratic Equations Alex Biryukov and Christophe De Cannière Katholieke Universiteit Leuven, Dept. ESAT/SCD-COSIC, Kasteelpark Arenberg 10, B 3001 Leuven-Heverlee, Belgium
More informationOutline. 1 Arithmetic on Bytes and 4-Byte Vectors. 2 The Rijndael Algorithm. 3 AES Key Schedule and Decryption. 4 Strengths and Weaknesses of Rijndael
Outline CPSC 418/MATH 318 Introduction to Cryptography Advanced Encryption Standard Renate Scheidler Department of Mathematics & Statistics Department of Computer Science University of Calgary Based in
More informationConstructing differential 4-uniform permutations from know ones
Noname manuscript No. (will be inserted by the editor) Constructing differential 4-uniform permutations from know ones Yuyin Yu Mingsheng Wang Yongqiang Li Received: date / Accepted: date Abstract It is
More informationOn the computation of best second order approximations of Boolean Functions ΕΤΗΣΙΑ ΕΚΘΕΣΗ 2010
Introduction Boolean functions 2nd order nonlinearity Summary ARXH PROSTASIAS_APOLOGISMOS 2010.indd 1 20/04/2011 12:54 ΜΜ On the computation of best second order approximations of Boolean Functions ΕΤΗΣΙΑ
More informationCRC Press has granted the following specific permissions for the electronic version of this book:
This is a Chapter from the Handbook of Applied Cryptography, by A. Menezes, P. van Oorschot, and S. Vanstone, CRC Press, 1996. For further information, see www.cacr.math.uwaterloo.ca/hac CRC Press has
More informationLecture 5: Pseudorandom functions from pseudorandom generators
Lecture 5: Pseudorandom functions from pseudorandom generators Boaz Barak We have seen that PRF s (pseudorandom functions) are extremely useful, and we ll see some more applications of them later on. But
More information4.3 General attacks on LFSR based stream ciphers
67 4.3 General attacks on LFSR based stream ciphers Recalling our initial discussion on possible attack scenarios, we now assume that z = z 1,z 2,...,z N is a known keystream sequence from a generator
More informationCryptography. Lecture 2: Perfect Secrecy and its Limitations. Gil Segev
Cryptography Lecture 2: Perfect Secrecy and its Limitations Gil Segev Last Week Symmetric-key encryption (KeyGen, Enc, Dec) Historical ciphers that are completely broken The basic principles of modern
More informationCryptanalysis of Achterbahn
Cryptanalysis of Achterbahn Thomas Johansson 1, Willi Meier 2, and Frédéric Muller 3 1 Department of Information Technology, Lund University P.O. Box 118, 221 00 Lund, Sweden thomas@it.lth.se 2 FH Aargau,
More informationNew Implementations of the WG Stream Cipher
New Implementations of the WG Stream Cipher Hayssam El-Razouk, Arash Reyhani-Masoleh, and Guang Gong Abstract This paper presents two new hardware designs of the WG-28 cipher, one for the multiple output
More informationA Five-Round Algebraic Property of the Advanced Encryption Standard
A Five-Round Algebraic Property of the Advanced Encryption Standard Jianyong Huang, Jennifer Seberry and Willy Susilo Centre for Computer and Information Security Research (CCI) School of Computer Science
More informationStructural Cryptanalysis of SASAS
tructural Cryptanalysis of AA Alex Biryukov and Adi hamir Computer cience department The Weizmann Institute Rehovot 76100, Israel. Abstract. In this paper we consider the security of block ciphers which
More informationOptimized Interpolation Attacks on LowMC
Optimized Interpolation Attacks on LowMC Itai Dinur 1, Yunwen Liu 2, Willi Meier 3, and Qingju Wang 2,4 1 Département d Informatique, École Normale Supérieure, Paris, France 2 Dept. Electrical Engineering
More informationLecture 4: DES and block ciphers
Lecture 4: DES and block ciphers Johan Håstad, transcribed by Ernir Erlingsson 2006-01-25 1 DES DES is a 64 bit block cipher with a 56 bit key. It selects a 64 bit block and modifies it depending on the
More informationFast Correlation Attacks: An Algorithmic Point of View
Fast Correlation Attacks: An Algorithmic Point of View Philippe Chose, Antoine Joux, and Michel Mitton DCSSI, 18 rue du Docteur Zamenhof, F-92131 Issy-les-Moulineaux cedex, France, Philippe.Chose@ens.fr,
More informationDifferential Attack on Five Rounds of the SC2000 Block Cipher
Differential Attack on Five Rounds of the SC2 Block Cipher Jiqiang Lu Department of Mathematics and Computer Science, Eindhoven University of Technology, 56 MB Eindhoven, The Netherlands lvjiqiang@hotmail.com
More informationFast Correlation Attacks: an Algorithmic Point of View
Fast Correlation Attacks: an Algorithmic Point of View Philippe Chose, Antoine Joux, and Michel Mitton DCSSI, 18 rue du Docteur Zamenhof F-92131 Issy-les-Moulineaux cedex, France Philippe.Chose@ens.fr,
More informationA New Algorithm to Construct. Secure Keys for AES
Int. J. Contemp. Math. Sciences, Vol. 5, 2010, no. 26, 1263-1270 A New Algorithm to Construct Secure Keys for AES Iqtadar Hussain Department of Mathematics Quaid-i-Azam University, Islamabad, Pakistan
More informationFunctions on Finite Fields, Boolean Functions, and S-Boxes
Functions on Finite Fields, Boolean Functions, and S-Boxes Claude Shannon Institute www.shannoninstitute.ie and School of Mathematical Sciences University College Dublin Ireland 1 July, 2013 Boolean Function
More informationBlock Cipher Invariants as Eigenvectors of Correlation Matrices
Block Cipher Invariants as Eigenvectors of Correlation Matrices Tim Beyne imec-cosic, KU Leuven name.lastname@esat.kuleuven.be Abstract. A new approach to invariant subspaces and nonlinear invariants is
More informationThe Filter-Combiner Model for Memoryless Synchronous Stream Ciphers
The Filter-Combiner Model for Memoryless Synchronous Stream Ciphers Palash Sarkar Cryptology Research Centre Applied Statistics Unit Indian Statistical Institute 203, B.T. Road, Kolkata 700035 India palash@isical.ac.in
More informationLinear Cryptanalysis of RC5 and RC6
Linear Cryptanalysis of RC5 and RC6 Johan Borst, Bart Preneel, and Joos Vandewalle K.U. Leuven, Dept. Elektrotechniek-ESAT/COSIC Kardinaal Mercierlaan 94, B-3001 Heverlee Belgium Johan.Borst@esat.kuleuven.ac.be
More informationFiltering Nonlinear Feedback Shift Registers using Welch-Gong Transformations for Securing RFID Applications
Filtering Nonlinear Feedback Shift Registers using Welch-Gong Transformations for Securing RFID Applications Kalikinkar Mandal, and Guang Gong Department of Electrical and Computer Engineering University
More informationON DISTINGUISHING ATTACK AGAINST THE REDUCED VERSION OF THE CIPHER NLSV2
t m Mathematical Publications DOI: 10.2478/v10127-012-0037-5 Tatra Mt. Math. Publ. 53 (2012), 21 32 ON DISTINGUISHING ATTACK AGAINST THE REDUCED VERSION OF THE CIPHER NLSV2 Michal Braško Jaroslav Boor
More informationAES side channel attacks protection using random isomorphisms
Rostovtsev A.G., Shemyakina O.V., St. Petersburg State Polytechnic University AES side channel attacks protection using random isomorphisms General method of side-channel attacks protection, based on random
More informationACORN: A Lightweight Authenticated Cipher (v3)
ACORN: A Lightweight Authenticated Cipher (v3) Designer and Submitter: Hongjun Wu Division of Mathematical Sciences Nanyang Technological University wuhongjun@gmail.com 2016.09.15 Contents 1 Specification
More informationCryptography Lecture 4 Block ciphers, DES, breaking DES
Cryptography Lecture 4 Block ciphers, DES, breaking DES Breaking a cipher Eavesdropper recieves n cryptograms created from n plaintexts in sequence, using the same key Redundancy exists in the messages
More informationA block cipher enciphers each block with the same key.
Ciphers are classified as block or stream ciphers. All ciphers split long messages into blocks and encipher each block separately. Block sizes range from one bit to thousands of bits per block. A block
More informationPseudo-Random Number Generators
Unit 41 April 18, 2011 1 Pseudo-Random Number Generators Recall the one-time pad: k = k 1, k 2, k 3... a random bit-string p = p 1, p 2, p 3,... plaintext bits E(p) = p k. We desire long sequences of numbers
More informationHaar Spectrum of Bent Boolean Functions
Malaysian Journal of Mathematical Sciences 1(S) February: 9 21 (216) Special Issue: The 3 rd International Conference on Mathematical Applications in Engineering 21 (ICMAE 1) MALAYSIAN JOURNAL OF MATHEMATICAL
More informationNew Methods for Cryptanalysis of Stream Ciphers. The Selmer Centre Department of Informatics University of Bergen Norway
New Methods for Cryptanalysis of Stream Ciphers Håvard Molland The Selmer Centre Department of Informatics University of Bergen Norway 18th May 2005 Acknowledgments I would like to express my gratitude
More informationS-box (Substitution box) is a basic component of symmetric
JOURNAL OF L A TEX CLASS FILES, VOL., NO., AUGUST 1 Characterizations of the Degraded Boolean Function and Cryptanalysis of the SAFER Family Wentan Yi and Shaozhen Chen Abstract This paper investigates
More informationbison Instantiating the Whitened Swap-Or-Not Construction
bison Instantiating the Whitened Swap-Or-Not Construction Anne Canteaut 1, Virginie Lallemand 2, Gregor Leander 2, Patrick Neumann 2 and Friedrich Wiemer 2 1 Inria, Paris, France anne.canteaut@inria.fr
More informationAlgebraic Aspects of Symmetric-key Cryptography
Algebraic Aspects of Symmetric-key Cryptography Carlos Cid (carlos.cid@rhul.ac.uk) Information Security Group Royal Holloway, University of London 04.May.2007 ECRYPT Summer School 1 Algebraic Techniques
More informationModified Alternating Step Generators
Modified Alternating Step Generators Robert Wicik, Tomasz Rachwalik Military Communication Institute Warszawska 22A, 05-130 Zegrze, Poland {r.wicik, t.rachwalik}@wil.waw.pl Abstract. Irregular clocking
More informationCryptanalysis of Grain
Cryptanalysis of Grain Côme Berbain 1, Henri Gilbert 1, and Alexander Maximov 2 1 France Telecom Research and Development 38-40 rue du Général Leclerc, 92794 Issy-les-Moulineaux, France 2 Dept. of Information
More informationUniv.-Prof. Dr. rer. nat. Rudolf Mathar. Written Examination. Cryptography. Tuesday, August 29, 2017, 01:30 p.m.
Cryptography Univ.-Prof. Dr. rer. nat. Rudolf Mathar 1 2 3 4 15 15 15 15 60 Written Examination Cryptography Tuesday, August 29, 2017, 01:30 p.m. Name: Matr.-No.: Field of study: Please pay attention to
More informationCombinatorics of p-ary Bent Functions
Combinatorics of p-ary Bent Functions MIDN 1/C Steven Walsh United States Naval Academy 25 April 2014 Objectives Introduction/Motivation Definitions Important Theorems Main Results: Connecting Bent Functions
More information