Comments on A design of Boolean functions resistant to (fast) algebraic cryptanalysis with efficient implementation
|
|
- Emmeline Norton
- 5 years ago
- Views:
Transcription
1 Cryptogr. Commun. (0 5: 6 DOI 0.007/s Comments on A design of Boolean functions resistant to (fast algebraic cryptanalysis with efficient implementation Wenhao Wang Meicheng Liu Yin Zhang Received: December 0 / Accepted: 4 July 0 / Published online: 9 July 0 Springer Science+Business Media LLC 0 Abstract In this correspondence it is shown that the Boolean functions constructed by Pasalic (Cryptogr Commun 4(: do not always have the high degree product of order n as expected. Keywords Boolean functions High degree product Fast algebraic attacks Mathematics Subject Classifications (00 T55 T7 Introduction A Boolean function on n variables is a mapping from F n to F. Denote the set of all n-variable Boolean functions by B n.any f B n can be uniquely represented as a multivariate polynomial over F called the algebraic normal form (ANF as f (x x n = u F n λ u n i= x ui i λ u F u = (u u n. The algebraic degree of f denoted by deg( f is the maximal value of the Hamming weight of u such that λ u = 0. Supported by the National 97 Program of China under Grant 0CB0400 the National Natural Science Foundation of China under Grants and 674 the Grand Project of Institute of Software of CAS under Grant YOCX W. Wang M. Liu (B Y. Zhang The State Key Laboratory of Information Security Institute of Information Engineering Chinese Academy of Sciences Beijing 0095 People s Republic of China meicheng.liu@gmail.com W. Wang wangwenhao@is.iscas.ac.cn Y. Zhang zhangy@is.iscas.ac.cn
2 Cryptogr. Commun. (0 5: 6 A preprocessing of fast algebraic attacks on linear feedback shift register based stream ciphers which use a Boolean function f as the filter or combination generator is to find a function g of small degree such that the multiple gf has reasonable degree. In [] Pasalic introduced the notion of high degree product (HDP to scale the ability of Boolean functions resistant to fast algebraic attacks. A Boolean function f B n satisfies the HDP of order n if for any non-annihilating function g of degree e e n we necessarily have that d = deg(gf satisfies e + d n. The author presented an iterative construction of Boolean functions with almost optimal HDP thatisthehdp of order n. In this letter it is shown that the constructed functions do not always achieve desired properties. First we point out that there is a flaw in the proof of [ Theorem 4] which is used to construct functions with almost optimal HDP. Then we examine the example given by the author and it turns out that some of the constructed functions do not satisfy the HDP of order n as claimed. Review of Pasalic s construction A Boolean function f B n+ can be considered as a concatenation of four functions denoted by f = f f f f 4 with f i B n.the ANF of f is given by f = x n+ x n+ ( f + f + f + f 4 + x n+ ( f + f + x n+ ( f + f + f. ( The iterative construction is described as follows f i = f i f i + f i f i f i = f i + f i f i + f i f i = + f i f i f i f i ( where f 0 f 0 f 0 B n are initial functions and f i f i f i B n+i the constructed functions. Statement [ Theorem 4] Let f 0 f 0 f 0 B n and for any g = g 0 g0 g0 g0 4 B n+ of degree e [ n ] the following is satisf ied deg f 0 b j g 0 j + f 0 c j g 0 j + f 0 d j g 0 j n e b j c j d j F. j= j= ( Then the functions f j i B n+i i 0 and j = def ined by ( have almost optimal HDP that is satisfying e + d n + i for e [ n +i ]. Let g i+ = g i gi gi gi 4 B n+i+ deg(g i+ = e and μ i e = deg f i b j g i j + f i c j g i j + f i d j g i j b j c j d j F. j= j= j= j= Here is omitted from [] that the functions f 0 f 0 f 0 achieve maximum algebraic immunity since it does not influence the HDP properties of the constructed functions.
3 Cryptogr. Commun. (0 5: 6 In [] the proof of the above statement was presented by induction for n ] μ i e [ n + i e e + i (4 which implies the functions f j i have almost optimal HDP. Thecasei = 0 follows directly from (. Suppose the conditions are satisfied for all k < i thatisfor any g k+ = g k gk gk gk 4 B n+k+ of degree e [ n +k ] it holds that μk e n + k e (which was misprinted in []asμ k e n + k e. Then it needs to show the conditions hold for k + as well. Considering the function f k+ = f k f k + f k f k B n+k+ and a degree e function g k+ B n+k+ it is necessary that deg( f k+ g k+ n + k e + for any e [ n +k]. The author focused on the following term in the product f k+ g k+ x n+k+ x n+k+ [ g k + f k 4 gk 4 + f k (gk + gk + f k gk ] and claimed that deg [ f k 4 gk 4 + f k ( g k + g k + f k g k ] n + k e (5 according to (4. Note that (4 holds for e [ n +k ] but not necessarily for e = n +k. Therefore (5 may not hold then the function f j i B n+i may admit a function g of degree n +k for k < i such that deg(gfi j n + i n k i.e. the function may not achieve almost optimal HDP. In particular the function f j i may admit a function g of degree n such that deg(gfi j n + i n. For example when n = 4 the 0-variable function f may admit a function g of degree such that deg(gf 6. Observation on the constructed functions For i according to ( it holds that and therefore by ( we have f i = f i f i + f i f i f i = f i + f i f i + f i f i = + f i f i f i f i f i = x n+i x n+i ( f i + f i + + x n+i ( f i + f i + x n+i + f i f i = x n+i x n+i ( f i + f i + x n+i ( f i + f i + + x n+i ( f i + f i + f i f i = x n+i x n+i ( f i + f i + + x n+i ( f i + f i + + x n+i ( f i + f i + + f i +.
4 4 Cryptogr. Commun. (0 5: 6 Furthermore we represent f i i by f f i and f i f i = x n+ix n+i ( f i + f i + x n+i ( f i + f i + + x n+i ( f i + f i + f i Let then we calculate that = x n+i x n+i x n+i x n+i ( f i + f i + x n+i x n+i x n+i ( f i + f i + x n+i x n+i x n+i ( f i + f i + + x n+i x n+i ( f i + f i + + x n+i x n+i x n+i ( f i + f i + + x n+i x n+i ( f i + f i + + x n+i x n+i ( f i + f i + + x n+i ( f i + f i + x n+i x n+i x n+i ( f i + f i + + x n+i x n+i ( f i + f i + + x n+i x n+i ( f i + f i + x n+i ( f i + f i + x n+i x n+i ( f i + f i + x n+i ( f i + f i + x n+i ( f i + f i + + f i. g = (x n+i + x n+i (x n+i + x n+i g( f i + f i = x n+i x n+i x n+i x n+i + x n+i x n+i x n+i + x n+i x n+i + x n+i x n+i x n+i + x n+i x n+i + x n+i x n+i (6 which has degree 4. Therefore we have gf i = gfi + x n+i x n+i x n+i x n+i + x n+i x n+i x n+i + x n+i x n+i + x n+i x n+i x n+i + x n+i x n+i + x n+i x n+i (7 This can be examined in Magma see also Appendix for the Magma source codes.
5 Cryptogr. Commun. (0 5: 6 5 and e = deg(g = d = deg(gf i = max{deg(gfi 4} =max{deg( f i + 4}. For n + i 7 if f i is a balanced function which implies deg( f i n + i 5 then e + d n + i and f i never achieves the optimal HDP. For n + i 8 if deg( f i n + i 6 thene + d n + i and f i does not have almost optimal HDP. For i let and Similarly to (7 we can obtain that g = x n+i (x n+i + x n+i + x n+i + g = (x n+i + (x n+i +. g f i = g f i + x n+i x n+i x n+i + x n+i x n+i x n+i + x n+i x n+i + x n+i x n+i + x n+i x n+i + x n+i g f i = g f i + x n+i x n+i x n+i + x n+i x n+i + x n+i x n+i + x n+i + x n+i x n+i x n+i + x n+i x n+i + x n+i x n+i + x n+i. The above equations and (7 show that f i or f i has not almost optimal HDP if one of the functions f i f i f i has degree at most n + i 6. Example Hereinafter is an example in [] of the initial functions with n = 4. f 0 = x + x x + x x 4 + x x x + x x x x 4 f 0 = x + x 4 + x x + x x 4 + x x 4 + x x x + x x x 4 + x x x 4 + x x x x 4 f 0 = x + x + x x + x x + x x 4 + x x x + x x x x 4. We verify that the above functions satisfy relation (. From (and( we have f = x 5x 6 ( f 0 + f 0 + x 5( + f 0 + f 0 + x 6( f 0 + f 0 + f 0 = x x x x 4 + x x x + x x + x x x 4 x 5 + x x x 4 x 6 + x x x 4 + x x 5 x 6 + x x 6 + x x x 4 x 5 + x x x 4 x 6 + x x x 4 + x x x 5 x 6 + x x x 5 + x x 4 x 5 + x x 4 x 6 + x x 4 + x x 5 x 6 + x x 6 + x + x x 4 + x x 5 x 6 + x x 5 + x 4 x 5 + x 4 x 6 + x 4 + x 5 and therefore deg( f = 4.Letg = (x 7 + x 9 (x 8 + x 0 then it follows from (7that gf = gf + x 7x 8 x 9 x 0 + x 7 x 8 x 0 + x 7 x 8 + x 7 x 9 x 0 + x 8 x 9 + x 9 x 0 where g has degree and gf has degree 6. This shows that the 0-variable function has not the HDP of order 9. f
6 6 Cryptogr. Commun. (0 5: 6 As a matter of fact the degree of the i-variable function f i equals to i by our computational experiment for i. Then as mentioned previously the function f i ( i has not almost optimal HDP. We also examine the functions f i and f i with i up to 6. It turns out that f 5 B 4 admits e + d = for e = 4 and f 6 f 6 B 6 admit e + d = 4 for e = 4. Conclusion The functions constructed by ( are not always balanced functions with the HDP of order n whatever initial functions are. Yet the constructed functions do not always achieve the HDP of order n even though the initial functions satisfy the condition (. This raises the question whether these functions have the HDP of order n. We check the constructed functions on variables for dozens of initial functions which satisfy ( and no function is found to have the HDP of order< n. Iterative construction of (almost optimal Boolean functions resistant to fast algebraic attacks seems to be a challenge since it seems very difficult to ensure the lower bound of e + d from B n to B n+ for every n. Acknowledgements The authors thank the anonymous referees for their valuable comments and suggestions on improving the manuscript. The authors also thank Tao Shi and Tianze Wang for helpful discussions and seminar participants at SKLOIS: Shaoyu Du Lin Jiao Yao Lu Wenlun Pan et. al. Appendix: Magma codes P<[x]>:=PolynomialRing(GF(7; Q<xxxx4fff>:=quo<P [x[i]^-x[i]:i in [..7]]>; x:=[xxxx4]; f:=[fff]; for i:= to do n:=*i; tp:=(f[]+f[]+*x[n-]*x[n] +(f[]+f[]*x[n-]+x[n]+f[]; tp:=(f[]+f[]*x[n-]*x[n]+(f[]+f[]+*x[n-] +(f[]+f[]*x[n]+f[]; tp:=(f[]+f[]+*x[n-]*x[n]+(f[]+f[]+ *x[n-]+(f[]+f[]+*x[n]+f[]+; f:=[tptptp]; end for; (x[]+x[]*(x[]+x[4]*(f+f[]; x[]*(x[]+x[]+x[4]+*(f+f[]; (x[]+*(x[]+*(f+f[]; Reference. Pasalic E.: A design of Boolean functions resistant to (fast algebraic cryptanalysis with efficient implementation. Cryptogr. Commun. 4( 5 45 (0 This question is suggested by one of the anonymous reviewers.
Perfect Algebraic Immune Functions
Perfect Algebraic Immune Functions Meicheng Liu, Yin Zhang, and Dongdai Lin SKLOIS, Institute of Information Engineering, CAS, Beijing 100195, P. R. China meicheng.liu@gmail.com, zhangy@is.iscas.ac.cn,
More informationFast Algebraic Immunity of 2 m + 2 & 2 m + 3 variables Majority Function
Fast Algebraic Immunity of 2 m + 2 & 2 m + 3 variables Majority Function Yindong Chen a,, Fei Guo a, Liu Zhang a a College of Engineering, Shantou University, Shantou 515063, China Abstract Boolean functions
More informationCharacterizations on Algebraic Immunity for Multi-Output Boolean Functions
Characterizations on Algebraic Immunity for Multi-Output Boolean Functions Xiao Zhong 1, and Mingsheng Wang 3 1. Institute of Software, Chinese Academy of Sciences, Beijing 100190, China. Graduate School
More informationCorrelation Cube Attacks: From Weak-Key Distinguisher to Key Recovery
Correlation Cube Attacks: From Weak-Key Distinguisher to Key Recovery Meicheng Liu, Jingchun Yang, Wenhao Wang, and Dongdai Lin State Key Laboratory of Information Security, Institute of Information Engineering,
More informationRevisit and Cryptanalysis of a CAST Cipher
2017 3rd International Conference on Electronic Information Technology and Intellectualization (ICEITI 2017) ISBN: 978-1-60595-512-4 Revisit and Cryptanalysis of a CAST Cipher Xiao Zhou, Jingwei Li, Xuejia
More informationHeriot-Watt University
Heriot-Watt University Heriot-Watt University Research Gateway New constructions of resilient functions with strictly almost optimal nonlinearity via nonoverlap spectra functions Wei, Yongzhuang; Pasalic,
More informationConstruction of 1-Resilient Boolean Functions with Optimal Algebraic Immunity and Good Nonlinearity
Pan SS, Fu XT, Zhang WG. Construction of 1-resilient Boolean functions with optimal algebraic immunity and good nonlinearity. JOURNAL OF COMPUTER SCIENCE AND TECHNOLOGY 26(2): 269 275 Mar. 2011. DOI 10.1007/s11390-011-1129-4
More informationFinding Low Degree Annihilators for a Boolean Function Using Polynomial Algorithms
Finding Low Degree Annihilators for a Boolean Function Using Polynomial Algorithms Vladimir Bayev Abstract. Low degree annihilators for Boolean functions are of great interest in cryptology because of
More informationFunctions on Finite Fields, Boolean Functions, and S-Boxes
Functions on Finite Fields, Boolean Functions, and S-Boxes Claude Shannon Institute www.shannoninstitute.ie and School of Mathematical Sciences University College Dublin Ireland 1 July, 2013 Boolean Function
More informationA Conjecture on Binary String and Its Applications on Constructing Boolean Functions of Optimal Algebraic Immunity
A Conjecture on Binary String and Its Applications on Constructing Boolean Functions of Optimal Algebraic Immunity Ziran Tu and Yingpu deng Abstract In this paper, we propose a combinatoric conjecture
More informationA construction of Boolean functions with good cryptographic properties
A construction of Boolean functions with good cryptographic properties Jong H. Chung 1, Pantelimon Stănică 1, Chik-How Tan, and Qichun Wang 1 Department of Applied Mathematics, Naval Postgraduate School,
More informationOptimized Interpolation Attacks on LowMC
Optimized Interpolation Attacks on LowMC Itai Dinur 1, Yunwen Liu 2, Willi Meier 3, and Qingju Wang 2,4 1 Département d Informatique, École Normale Supérieure, Paris, France 2 Dept. Electrical Engineering
More informationNew Construction of Single Cycle T-function Families
New Construction of Single Cycle T-function Families Shiyi ZHANG 1, Yongjuan WANG, Guangpu GAO Luoyang Foreign Language University, Luoyang, Henan Province, China Abstract The single cycle T-function is
More informationDirichlet Product for Boolean Functions
Dirichlet Product for Boolean Functions Abderrahmane Nitaj 1, Willy Susilo 2 and Joseph Tonien 2 1 Laboratoire de Mathématiques Nicolas Oresme, Université de Caen Normandie, France 2 Centre for Computer
More informationAnalysis of Some Quasigroup Transformations as Boolean Functions
M a t h e m a t i c a B a l k a n i c a New Series Vol. 26, 202, Fasc. 3 4 Analysis of Some Quasigroup Transformations as Boolean Functions Aleksandra Mileva Presented at MASSEE International Conference
More informationConstructions of Resilient S-Boxes with Strictly Almost Optimal Nonlinearity Through Disjoint Linear Codes
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL 60, NO 3, 2014 1 Constructions of Resilient S-Boxes with Strictly Almost Optimal Nonlinearity Through Disjoint Linear Codes Wei-Guo Zhang, Member, IEEE, and
More informationMaiorana-McFarland class: Degree optimization and algebraic properties
Downloaded from orbitdtudk on: Jan 10, 2019 Maiorana-McFarland class: Degree optimization and algebraic properties Pasalic, Enes Published in: I E E E Transactions on Information Theory Link to article,
More informationConstructions of Resilient S-Boxes with Strictly Almost Optimal Nonlinearity Through Disjoint Linear Codes
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL 60, NO 3, PP 1638-1651, 2014 1 Constructions of Resilient S-Boxes with Strictly Almost Optimal Nonlinearity Through Disjoint Linear Codes Wei-Guo Zhang, Member,
More informationOpen problems related to algebraic attacks on stream ciphers
Open problems related to algebraic attacks on stream ciphers Anne Canteaut INRIA - projet CODES B.P. 105 78153 Le Chesnay cedex - France e-mail: Anne.Canteaut@inria.fr Abstract The recently developed algebraic
More informationA Byte-Based Guess and Determine Attack on SOSEMANUK
A Byte-Based Guess and Determine Attack on SOSEMANUK Xiutao Feng, Jun Liu, Zhaocun Zhou, Chuankun Wu and Dengguo Feng State Key Laboratory of Information Security, Institute of Software, Chinese Academy
More informationA GENERAL FRAMEWORK FOR GUESS-AND-DETERMINE AND TIME-MEMORY-DATA TRADE-OFF ATTACKS ON STREAM CIPHERS
A GENERAL FRAMEWORK FOR GUESS-AND-DETERMINE AND TIME-MEMORY-DATA TRADE-OFF ATTACKS ON STREAM CIPHERS Guanhan Chew, Khoongming Khoo DSO National Laboratories, 20 Science Park Drive, Singapore 118230 cguanhan,kkhoongm@dso.org.sg
More informationPractically Secure against Differential Cryptanalysis for Block Cipher SMS4
Practically Secure against Differential Cryptanalysis for Block Cipher SMS4 Zhang MeiLing 1, Liu YuanHua 1, Liu JingMei 2,3, Min XiangShen 1 1. School of communication and information engineering, Xi an
More information1-Resilient Boolean Function with Optimal Algebraic Immunity
1-Resilient Boolean Function with Optimal Algebraic Immunity Qingfang Jin Zhuojun Liu Baofeng Wu Key Laboratory of Mathematics Mechanization Institute of Systems Science, AMSS Beijing 100190, China qfjin@amss.ac.cn
More informationSequences, DFT and Resistance against Fast Algebraic Attacks
Sequences, DFT and Resistance against Fast Algebraic Attacks Guang Gong Department of Electrical and Computer Engineering University of Waterloo Waterloo, Ontario N2L 3G1, CANADA Email. ggong@calliope.uwaterloo.ca
More informationConstruction and Count of Boolean Functions of an Odd Number of Variables with Maximum Algebraic Immunity
arxiv:cs/0605139v1 [cs.cr] 30 May 2006 Construction and Count of Boolean Functions of an Odd Number of Variables with Maximum Algebraic Immunity Na Li, Wen-Feng Qi Department of Applied Mathematics, Zhengzhou
More informationA Byte-Based Guess and Determine Attack on SOSEMANUK
A Byte-Based Guess and Determine Attack on SOSEMANUK Xiutao Feng, Jun Liu, Zhaocun Zhou, Chuankun Wu, and Dengguo Feng State Key Laboratory of Information Security, Institute of Software, Chinese Academy
More informationSecurity of the SMS4 Block Cipher Against Differential Cryptanalysis
Su BZ, Wu WL, Zhang WT. Security of the SMS4 block cipher against differential cryptanalysis. JOURNAL OF COM- PUTER SCIENCE AND TECHNOLOGY 26(1): 130 138 Jan. 2011. DOI 10.1007/s11390-011-1116-9 Security
More informationIN this paper, we exploit the information given by the generalized
4496 IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 52, NO. 10, OCTOBER 2006 A New Upper Bound on the Block Error Probability After Decoding Over the Erasure Channel Frédéric Didier Abstract Motivated by
More informationMaximum Correlation Analysis of Nonlinear S-boxes in Stream Ciphers
Maximum Correlation Analysis of Nonlinear S-boxes in Stream Ciphers Muxiang Zhang 1 and Agnes Chan 2 1 GTE Laboratories Inc., 40 Sylvan Road LA0MS59, Waltham, MA 02451 mzhang@gte.com 2 College of Computer
More informationOn Stream Ciphers with Small State
ESC 2017, Canach, January 16. On Stream Ciphers with Small State Willi Meier joint work with Matthias Hamann, Matthias Krause (University of Mannheim) Bin Zhang (Chinese Academy of Sciences, Beijing) 1
More informationTwo Generic Methods of Analyzing Stream Ciphers
Two Generic Methods of Analyzing Stream Ciphers Lin Jiao 1,2, Bin Zhang 1,3, and Mingsheng Wang 4 1 TCA, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China 2 University of Chinese
More informationOn values of vectorial Boolean functions and related problems in APN functions
On values of vectorial Boolean functions and related problems in APN functions George Shushuev Sobolev Institute of Mathematics, Novosibirsk, Russia Novosibirsk State University, Novosibirsk, Russia E-mail:
More information3.8 MEASURE OF RUNDOMNESS:
Lec 10 : Data Security Stream Cipher Systems 1 3.8 MEASURE OF RUNDOMNESS: 3.9.1 DEFINITION: Run: sequence of identical bits (0 or 1) Ex.01110000111 Runs are 0,111, 0000, 111 Gap: runs of zeroes 1000011
More informationON DISTINGUISHING ATTACK AGAINST THE REDUCED VERSION OF THE CIPHER NLSV2
t m Mathematical Publications DOI: 10.2478/v10127-012-0037-5 Tatra Mt. Math. Publ. 53 (2012), 21 32 ON DISTINGUISHING ATTACK AGAINST THE REDUCED VERSION OF THE CIPHER NLSV2 Michal Braško Jaroslav Boor
More informationDistinguishing Attack on Common Scrambling Algorithm
410 The International Arab Journal of Information Technology, Vol. 12, No. 4, July 2015 Distinguishing Attack on Common Scrambling Algorithm Kai Zhang and Jie Guan Zhengzhou Information Science and Technology
More informationImproved Linear (hull) Cryptanalysis of Round-reduced Versions of SIMON
Improved Linear (hull) Cryptanalysis of Round-reduced Versions of SIMON Danping Shi 1,2, Lei Hu 1,2, Siwei Sun 1,2, Ling Song 1,2, Kexin Qiao 1,2, Xiaoshuang Ma 1,2 1 State Key Laboratory of Information
More informationFIBONACCI NUMBERS AND DECIMATION OF BINARY SEQUENCES
FIBONACCI NUMBERS AND DECIMATION OF BINARY SEQUENCES Jovan Dj. Golić Security Innovation, Telecom Italia Via Reiss Romoli 274, 10148 Turin, Italy (Submitted August 2004-Final Revision April 200) ABSTRACT
More informationWell known bent functions satisfy both SAC and PC(l) for all l n, b not necessarily SAC(k) nor PC(l) of order k for k 1. On the other hand, balancedne
Design of SAC/PC(l) of order k Boolean functions and three other cryptographic criteria Kaoru Kurosawa 1 and Takashi Satoh?2 1 Dept. of Comper Science, Graduate School of Information Science and Engineering,
More informationCryptanalysis of the Stream Cipher ABC v2
Cryptanalysis of the Stream Cipher ABC v2 Hongjun Wu and Bart Preneel Katholieke Universiteit Leuven, ESAT/SCD-COSIC Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, Belgium {wu.hongjun,bart.preneel}@esat.kuleuven.be
More informationFIXED POINTS OF MEROMORPHIC SOLUTIONS OF HIGHER ORDER LINEAR DIFFERENTIAL EQUATIONS
Annales Academiæ Scientiarum Fennicæ Mathematica Volumen 3, 2006, 9 2 FIXED POINTS OF MEROMORPHIC SOLUTIONS OF HIGHER ORDER LINEAR DIFFERENTIAL EQUATIONS Liu Ming-Sheng and Zhang Xiao-Mei South China Normal
More informationLecture 10-11: General attacks on LFSR based stream ciphers
Lecture 10-11: General attacks on LFSR based stream ciphers Thomas Johansson T. Johansson (Lund University) 1 / 23 Introduction z = z 1, z 2,..., z N is a known keystream sequence find a distinguishing
More informationDe Bruijn Sequences from Nonlinear Feedback Shift Registers
De Bruijn Sequences from Nonlinear Feedback Shift Registers Ming Li and Dongdai Lin State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing
More informationFast Near Collision Attack on the Grain v1 Stream Cipher
Fast Near Collision Attack on the Grain v1 Stream Cipher Bin Zhang 1,,3,4, Chao Xu 1,, and Willi Meier 5 1 TCA Laboratory, SKLCS, Institute of Software, Chinese Academy of Sciences {zhangbin,xuchao}@tca.iscas.ac.cn
More informationDifferential Attack on Five Rounds of the SC2000 Block Cipher
Differential Attack on Five Rounds of the SC2 Block Cipher Jiqiang Lu Department of Mathematics and Computer Science, Eindhoven University of Technology, 56 MB Eindhoven, The Netherlands lvjiqiang@hotmail.com
More informationSearching Cubes for Testing Boolean Functions and Its Application to Trivium
Searching Cubes for Testing Boolean Functions and Its Application to Trivium Meicheng Liu, Dongdai Lin and Wenhao Wang State Key Laboratory of Information Security Institute of Information Engineering
More informationA survey of algebraic attacks against stream ciphers
A survey of algebraic attacks against stream ciphers Frederik Armknecht NEC Europe Ltd. Network Laboratories frederik.armknecht@netlab.nec.de Special semester on Gröbner bases and related methods, May
More informationCryptanalysis of the Stream Cipher DECIM
Cryptanalysis of the Stream Cipher DECIM Hongjun Wu and Bart Preneel Katholieke Universiteit Leuven, ESAT/SCD-COSIC Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, Belgium {wu.hongjun, bart.preneel}@esat.kuleuven.be
More informationImpossible Differential-Linear Cryptanalysis of Reduced-Round CLEFIA-128
Impossible Differential-Linear Cryptanalysis of Reduced-Round CLEFIA-8 Zheng Yuan,,, ian Li, Beijing Electronic Science & Technology Institute, Beijing 7, P.R. China zyuan@tsinghua.edu.cn, sharonlee95@6.com
More informationOptimizing the placement of tap positions. joint work with Enes Pasalic, Samed Bajrić and Yongzhuang Wei
Optimizing the placement of tap positions Samir Hodžić joint work with Enes Pasalic, Samed Bajrić and Yongzhuang Wei Filtering generator Linear feedback shift register (LFSR). Nonlinear filtering function
More informationLinear Approximations for 2-round Trivium
Linear Approximations for 2-round Trivium Meltem Sönmez Turan 1, Orhun Kara 2 1 Institute of Applied Mathematics, Middle East Technical University Ankara, Turkey msonmez@metu.edu.tr 2 TUBITAK-UEKAE, Gebze,
More informationLinear Extension Cube Attack on Stream Ciphers ABSTRACT 1. INTRODUCTION
Malaysian Journal of Mathematical Sciences 9(S) June: 139-156 (015) Special ssue: The 4 th nternational Cryptology and nformation Security Conference 014 (Cryptology 014) MALAYSAN JOURNAL OF MATHEMATCAL
More information4.3 General attacks on LFSR based stream ciphers
67 4.3 General attacks on LFSR based stream ciphers Recalling our initial discussion on possible attack scenarios, we now assume that z = z 1,z 2,...,z N is a known keystream sequence from a generator
More informationImpossible Differential Attacks on 13-Round CLEFIA-128
Mala H, Dakhilalian M, Shakiba M. Impossible differential attacks on 13-round CLEFIA-128. JOURNAL OF COMPUTER SCIENCE AND TECHNOLOGY 26(4): 744 750 July 2011. DOI 10.1007/s11390-011-1173-0 Impossible Differential
More informationAn algorithm for computing minimal bidirectional linear recurrence relations
Loughborough University Institutional Repository An algorithm for computing minimal bidirectional linear recurrence relations This item was submitted to Loughborough University's Institutional Repository
More informationCryptanalysis of the Wu}Dawson Public Key Cryptosystem
Finite Fields and Their Applications 5, 386}392 (1999) Article ID!ta.1999.0264, available online at http://www.idealibrary.com on Cryptanalysis of the Wu}Dawson Public Key Cryptosystem Peter Roelse Philips
More informationAlgebraic attack on stream ciphers Master s Thesis
Comenius University Faculty of Mathematics, Physics and Informatics Department of Computer Science Algebraic attack on stream ciphers Master s Thesis Martin Vörös Bratislava, 2007 Comenius University Faculty
More informationCryptographic D-morphic Analysis and Fast Implementations of Composited De Bruijn Sequences
Cryptographic D-morphic Analysis and Fast Implementations of Composited De Bruijn Sequences Kalikinkar Mandal, and Guang Gong Department of Electrical and Computer Engineering University of Waterloo Waterloo,
More informationAlgebraic Immunity of S-boxes and Augmented Functions
Algebraic Immunity of S-boxes and Augmented Functions Simon Fischer and Willi Meier S. Fischer and W. Meier AI of Sbox and AF 1 / 23 Outline 1 Algebraic Properties of S-boxes 2 Augmented Functions 3 Application
More informationAlgebraic Attacks on Stream Ciphers with Linear Feedback
Algebraic Attacks on Stream Ciphers with Linear Feedback Extended Version of the Eurocrypt 2003 paper, August 24, 2003 Nicolas T. Courtois 1 and Willi Meier 2 1 Cryptography Research, Schlumberger Smart
More informationA New Classification of 4-bit Optimal S-boxes and its Application to PRESENT, RECTANGLE and SPONGENT
A New Classification of 4-bit Optimal S-boxes and its Application to PRESENT, RECTANGLE and SPONGENT Wentao Zhang 1, Zhenzhen Bao 1, Vincent Rijmen 2, Meicheng Liu 1 1.State Key Laboratory of Information
More informationDifferential Fault Analysis of Trivium
Differential Fault Analysis of Trivium Michal Hojsík 1,2 and Bohuslav Rudolf 2,3 1 Department of Informatics, University of Bergen, N-5020 Bergen, Norway 2 Department of Algebra, Charles University in
More informationMultiplicative Complexity Reductions in Cryptography and Cryptanalysis
Multiplicative Complexity Reductions in Cryptography and Cryptanalysis THEODOSIS MOUROUZIS SECURITY OF SYMMETRIC CIPHERS IN NETWORK PROTOCOLS - ICMS - EDINBURGH 25-29 MAY/2015 1 Presentation Overview Linearity
More informationCryptographically Robust Large Boolean Functions. Debdeep Mukhopadhyay CSE, IIT Kharagpur
Cryptographically Robust Large Boolean Functions Debdeep Mukhopadhyay CSE, IIT Kharagpur Outline of the Talk Importance of Boolean functions in Cryptography Important Cryptographic properties Proposed
More informationDeterministic Cube Attacks:
Deterministic Cube Attacks: A New Method to Recover Superpolies in Practice Chen-Dong Ye and Tian Tian National Digital Switching System Engineering & Technological Research Center, P.O. Box 407, 62 Kexue
More informationCube Analysis of KATAN Family of Block Ciphers
Cube Analysis of KATAN Family of Block Ciphers Speaker: Bingsheng Zhang University of Tartu, Estonia This talk covers partial results of the paper Algebraic, AIDA/Cube and Side Channel Analysis of KATAN
More informationGeneralized Correlation Analysis of Vectorial Boolean Functions
Generalized Correlation Analysis of Vectorial Boolean Functions Claude Carlet 1, Khoongming Khoo 2, Chu-Wee Lim 2, and Chuan-Wen Loe 2 1 University of Paris 8 (MAATICAH) also with INRIA, Projet CODES,
More informationOn The Nonlinearity of Maximum-length NFSR Feedbacks
On The Nonlinearity of Maximum-length NFSR Feedbacks Meltem Sönmez Turan National Institute of Standards and Technology meltem.turan@nist.gov Abstract. Linear Feedback Shift Registers (LFSRs) are the main
More informationEfficient probabilistic algorithm for estimating the algebraic properties of Boolean functions for large n
Efficient probabilistic algorithm for estimating the algebraic properties of Boolean functions for large n Yongzhuang Wei Enes Pasalic Fengrong Zhang Samir Hodžić Abstract Although several methods for
More informationSome thoughts on Trivium
Some thoughts on Trivium Steve Babbage Vodafone Group R&D, Newbury, UK steve.babbage@vodafone.com 19 th January 2007 Abstract: This paper pulls together some thoughts about how the Trivium stream cipher
More informationLinear Classification: Perceptron
Linear Classification: Perceptron Yufei Tao Department of Computer Science and Engineering Chinese University of Hong Kong 1 / 18 Y Tao Linear Classification: Perceptron In this lecture, we will consider
More informationHard Fault Analysis of Trivium
1 Hard Fault Analysis of Trivium Yupu Hu, Fengrong Zhang, and Yiwei Zhang, arxiv:0907.2315v1 [cs.cr] 14 Jul 2009 Abstract Fault analysis is a powerful attack to stream ciphers. Up to now, the major idea
More informationAlgebraic Attacks and Decomposition of Boolean Functions
Algebraic Attacks and Decomposition of Boolean Functions Willi Meier 1, Enes Pasalic 2, and Claude Carlet 2 1 FH Aargau, CH-5210 Windisch, Switzerland meierw@fh-aargau.ch 2 INRIA, projet CODES, Domaine
More informationThird-order nonlinearities of some biquadratic monomial Boolean functions
Noname manuscript No. (will be inserted by the editor) Third-order nonlinearities of some biquadratic monomial Boolean functions Brajesh Kumar Singh Received: April 01 / Accepted: date Abstract In this
More informationAffine equivalence in the AES round function
Discrete Applied Mathematics 148 (2005) 161 170 www.elsevier.com/locate/dam Affine equivalence in the AES round function A.M. Youssef a, S.E. Tavares b a Concordia Institute for Information Systems Engineering,
More informationStream Ciphers: Cryptanalytic Techniques
Stream Ciphers: Cryptanalytic Techniques Thomas Johansson Department of Electrical and Information Technology. Lund University, Sweden ECRYPT Summer school 2007 (Lund University) Stream Ciphers: Cryptanalytic
More informationCryptographic Properties of the Hidden Weighted Bit Function
Cryptographic Properties of the Hidden Weighted Bit Function Qichun Wang a, Claude Carlet b, Pantelimon Stănică c, Chik How Tan a a Temasek Laboratories, National University of Singapore, 117411, Singapore.
More informationSmart Hill Climbing Finds Better Boolean Functions
Smart Hill Climbing Finds Better Boolean Functions William Millan, Andrew Clark and Ed Dawson Information Security Research Centre Queensland University of Technology GPO Box 2434, Brisbane, Queensland,
More informationELA
POSITIVE DEFINITE SOLUTION OF THE MATRIX EQUATION X = Q+A H (I X C) δ A GUOZHU YAO, ANPING LIAO, AND XUEFENG DUAN Abstract. We consider the nonlinear matrix equation X = Q+A H (I X C) δ A (0 < δ 1), where
More informationType 1.x Generalized Feistel Structures
Noname manuscript No. (will be inserted by the editor) Type 1.x Generalized eistel Structures Shingo Yanagihara Tetsu Iwata Received: date / Accepted: date Abstract We formalize the Type 1.x Generalized
More informationHigher-Dimensional Analogues of the Combinatorial Nullstellensatz
Higher-Dimensional Analogues of the Combinatorial Nullstellensatz Jake Mundo July 21, 2016 Abstract The celebrated Combinatorial Nullstellensatz of Alon describes the form of a polynomial which vanishes
More informationA Probabilistic Secret Sharing Scheme for a Compartmented Access Structure
A Probabilistic Secret Sharing Scheme for a Compartmented Access Structure Yuyin Yu and Mingsheng Wang The State Key Laboratory of Information Security, Institute of Software Chinese Academy of Sciences,
More informationTime-Memory-Data Trade-Off Attack on Stream Ciphers Based on Maiorana-McFarland Functions
IEICE TRANS. FUNDAMENTALS, VOL.E92 A, NO.1 JANUARY 2009 11 PAPER Special Section on Cryptography and Information Security Time-Memory-Data Trade-Off Attack on Stream Ciphers Based on Maiorana-McFarland
More informationCombinatorics of p-ary Bent Functions
Combinatorics of p-ary Bent Functions MIDN 1/C Steven Walsh United States Naval Academy 25 April 2014 Objectives Introduction/Motivation Definitions Important Theorems Main Results: Connecting Bent Functions
More informationThe ANF of the Composition of Addition and Multiplication mod 2 n with a Boolean Function
The ANF of the Composition of Addition and Multiplication mod 2 n with a Boolean Function An Braeken 1 and Igor Semaev 2 1 Department Electrical Engineering, ESAT/COSIC, Katholieke Universiteit Leuven,
More informationNON-MONOTONICITY HEIGHT OF PM FUNCTIONS ON INTERVAL. 1. Introduction
Acta Math. Univ. Comenianae Vol. LXXXVI, 2 (2017), pp. 287 297 287 NON-MONOTONICITY HEIGHT OF PM FUNCTIONS ON INTERVAL PINGPING ZHANG Abstract. Using the piecewise monotone property, we give a full description
More informationUncertain Quadratic Minimum Spanning Tree Problem
Uncertain Quadratic Minimum Spanning Tree Problem Jian Zhou Xing He Ke Wang School of Management Shanghai University Shanghai 200444 China Email: zhou_jian hexing ke@shu.edu.cn Abstract The quadratic minimum
More informationYet another side-channel attack: Multi-linear Power Analysis attack (MLPA)
Yet another side-channel attack: Multi-linear Power Analysis attack (MLPA) Thomas Roche, Cédric Tavernier Laboratoire LIG, Grenoble, France. Communications and Systems, Le Plessis Robinson, France. Cryptopuces
More informationNonlinear Equivalence of Stream Ciphers
Sondre Rønjom 1 and Carlos Cid 2 1 Crypto Technology Group, Norwegian National Security Authority, Bærum, Norway 2 Information Security Group, Royal Holloway, University of London Egham, United Kingdom
More informationNon-Separable Cryptographic Functions
International Symposium on Information Theory and Its Applications Honolulu, Hawaii, USA, November 5 8, 2000 Non-Separable Cryptographic Functions Yuliang Zheng and Xian-Mo Zhang School of Network Computing
More informationConstructing differential 4-uniform permutations from know ones
Noname manuscript No. (will be inserted by the editor) Constructing differential 4-uniform permutations from know ones Yuyin Yu Mingsheng Wang Yongqiang Li Received: date / Accepted: date Abstract It is
More informationAlgebraic Attacks and Stream Ciphers
November 25 th, 24 Algebraic Attacks and Stream Ciphers Helsinki University of Technology mkivihar@cc.hut.fi Overview Stream ciphers and the most common attacks Algebraic attacks (on LSFR-based ciphers)
More informationA Characteristic Set Method for Equation Solving in F 2 and Applications in Cryptanalysis of Stream Ciphers 1
MM Research Preprints, 42 56 KLMM, AMSS, Academia Sinica Vol. 25, December 2006 A Characteristic Set Method for Equation Solving in F 2 and Applications in Cryptanalysis of Stream Ciphers 1 Xiao-Shan Gao,
More informationExtended Criterion for Absence of Fixed Points
Extended Criterion for Absence of Fixed Points Oleksandr Kazymyrov, Valentyna Kazymyrova Abstract One of the criteria for substitutions used in block ciphers is the absence of fixed points. In this paper
More informationFast Correlation Attack on Stream Cipher ABC v3
Fast Correlation Attack on Stream Cipher ABC v3 Haina Zhang Lin Li Xiaoyun Wang Abstract ABC v3 is a stream cipher proposed as a candidate to ECRYPT Estream Project which enters the second evaluation phase.
More informationThe Adjacency Graphs of Linear Feedback Shift Registers with Primitive-like Characteristic Polynomials
The Adjacency Graphs of Linear Feedback Shift Registers with Primitive-like Characteristic Polynomials Ming Li and Dongdai Lin State Key Laboratory of Information Security, Institute of Information Engineering,
More informationTensor Complementarity Problem and Semi-positive Tensors
DOI 10.1007/s10957-015-0800-2 Tensor Complementarity Problem and Semi-positive Tensors Yisheng Song 1 Liqun Qi 2 Received: 14 February 2015 / Accepted: 17 August 2015 Springer Science+Business Media New
More informationarxiv: v1 [cs.it] 27 Sep 2016
Optimizing the placement of tap positions and guess and determine cryptanalysis with variable sampling S. Hodžić, E. Pasalic, and Y. Wei arxiv:1609.08422v1 [cs.it] 27 Sep 2016 Abstract 1 In this article
More informationON HOCHSCHILD EXTENSIONS OF REDUCED AND CLEAN RINGS
Communications in Algebra, 36: 388 394, 2008 Copyright Taylor & Francis Group, LLC ISSN: 0092-7872 print/1532-4125 online DOI: 10.1080/00927870701715712 ON HOCHSCHILD EXTENSIONS OF REDUCED AND CLEAN RINGS
More informationMILP-Aided Bit-Based Division Property for Primitives with Non-Bit-Permutation Linear Layers
MILP-Aided Bit-Based Division Property for Primitives with Non-Bit-Permutation Linear Layers Ling Sun 1, Wei Wang 1, Meiqin Wang 1,2 1 Key Laboratory of Cryptologic Technology and Information Security,
More informationAnalysis of Trivium Using Compressed Right Hand Side Equations
5.3 Analysis of Trivium Using Compressed Right Hand Side Equations 65 Analysis of Trivium Using Compressed Right Hand Side Equations Thorsten Ernst Schilling, Håvard Raddum thorsten.schilling@ii.uib.no,havard.raddum@ii.uib.no
More information