Statistical Properties of the Square Map Modulo a Power of Two
|
|
- Joan Sutton
- 5 years ago
- Views:
Transcription
1 Statistical Properties of the Square Map Modulo a Power of Two S. M. Dehnavi, A. Mahmoodi Rishakani, M. R. Mirzaee Shamsabad 3, Einollah Pasha Kharazmi University, Faculty of Mathematical and Computer Sciences, Tehran, Iran: std_dehnavism@khu.ac.ir Shahid Rajaee Teacher Training University, Faculty of Sciences, Tehran, Iran: am.rishakani@srttu.edu 3 Shahid Bahonar University, Faculty of Mathematics and Computer Science, Kerman, Iran: mohammadmirzaeesh@yahoo.com Kharazmi University, Faculty of Mathematical and Computer Sciences, Tehran, Iran: pasha@khu.ac.ir Abstract: The square map is one of the functions that is used in cryptography. For instance, the square map is used in Rabin encryption scheme, block cipher RC6 and stream cipher Rabbit, in different forms. In this paper we study a special case of the square map, namely the square function modulo a power of two. We obtain probability distribution of the output of this map as a vectorial Boolean function. We find probability distribution of the component Boolean functions of this map. We present the joint probability distribution of the component Boolean functions of this function. We introduce a new function which is similar to the function that is used in Rabbit cipher and we compute the probability distribution of the component Boolean functions of this new map. Key Words: Square map modulo a power of two, Vectorial Boolean function, Component Boolean function, Rabbit cipher. Introduction The square map, like the operator of multiplication, has various applications in cryptography. For instance in asymmetric cryptography, RSA encryption scheme [] makes use of multiplication and Rabin encryption scheme [] applies the square map. In symmetric cryptography, some symmetric ciphers have the operator of multiplication or the square map in their design. For example block cipher Mars [] uses the operator of multiplication and in design of block cipher RC6 [3] the square map (the operator of multiplication) is used. In designing some stream ciphers, the operator of multiplication and the square map is also used. For instance, the stream cipher Sosemanuk [] uses the operator of multiplication and the stream cipher Rabbit [5] uses the square map. In all the aforementioned cases the operator of multiplication and the
2 square map is used in a variety of methods. In this paper we investigate a special case of the square map, i.e. the square map modulo a power of two and we study probability distribution of this map along with its component Boolean functions. In [6,7] we have studied some statistical and algebraic properties of the operator of multiplication modulo a power of two, but in this paper we study statistical properties of the square map modulo a power of two. At first we consider the square map modulo a power of two as a vectorial Boolean function [8] and we obtain probability distribution of its output. Then, we investigate component Boolean functions of this map and we obtain the probability distribution of these component functions. After that, we consider the joint probability distribution of these component functions for the case of two component functions and we compute the joint probability distribution of these component functions. We introduce a new function similar to what is presented in Rabbit cipher and using joint probability distribution of component Boolean functions of the square map, we obtain the probability distribution of component Boolean functions of this new function. In Section we present the definitions and notations. Section 3 studies probability distribution of the output of the square map modulo a power of two as a vectorial Boolean function. In Section we investigate probability distribution of the component Boolean functions of square map modulo a power of two. In Section 5 we obtain the joint probability distribution of the component Boolean functions of square map modulo a power of two for the case of two component Boolean functions and finally in Section 6 we conclude.. Notations and Definitions In this article, the number of elements or cardinality of a finite set A is denoted by A. For a function f: A B, the preimage of an element b B is denoted by f (b) and is defined as {a A f(a) = b}. The greatest power of that divides a natural number a is denoted by p (a) and the odd part of a or a p (a) is denoted by O (a). Let F be the finite field with two elements. Each element of F n (The Cartesian product of n copies of F ) can be considered as a vector of length n. Each function f: F n F is called a Boolean function and each function f: F n F m with m > is called a vectorial Boolean function; such a function can be viewed as a vector (f m,, f ) of f i s, i < m. Here, f i s are Boolean functions from F n to F. These Boolean functions are called component Boolean functions of the vectorial Boolean function f. Also, if x F n, then the i-th bit of x is denoted by x i. Note that for each vectorial Boolean function f: F n F m we have vectorial Boolean functions f i,j : F n F, i > j, This Paper is an English version of a paper with the same title (in Persian) presented in ISCISC.
3 f i,j (x) = (f i (x), f j (x)), x F n. We call these vectorial Boolean functions joint Boolean functions of f. In this paper, we consider the complete set of remainders modulo n as {,,, n } and denote it by Z n. We define the inverse parity function e j as follows: e j = { j odd, j even. Let (G, ) be a group and φ: G G be a group endomorphism; we denote the kernel of φ by ker(φ) and the image of φ by Im(φ). In the sequel, by the square map (and its component Boolean functions) we mean the square map modulo a power of two. 3. Probability Distribution of the Square Map as a Vectorial Boolean Function In this section, we consider the square map as a vectorial Boolean function and we obtain probability distribution of the output of this map. In Theorem, we employ some facts from group theory [9] and number theory. One of the results of this theorem is identifying the square numbers modulo a power of two. We note that the square of each odd natural number is in the form of 8k +, but not every natural number in the form of 8k + is a square number. Lemma shows that in Z n the square of each odd element is in the form of 8k + ; the interesting point is that, based on Theorem, in Z n every element in the form of 8k + is also a square element. Lemma : Let a Z n be an odd element; we have a = mod 8. Proof: Since a is odd, so there exists a q Z n such that a = q + mod n. Therefore, a = q(q + ) + = 8 ( q(q+) ) + mod n = mod 8. Theorem : Suppose that n > and f: Z n Z n is defined as f(x) = x mod n ; then we have: a) For the case a =, the case a = n with e n =, and the case a = n with e n = :
4 f (a) = n+e n ; b) For the case p (a) mod and the case p (a) mod = with p (a) n 3 and O (a) mod 8 : f (a) = ; c) For the case p (a) mod = with p (a) n 3 and O (a) mod 8 = : f (a) = p (a)+. Proof: a) Consider the equation x = mod n ; on one hand, every x Z n with p (x) n satisfies x = mod n. So, f () is at least n n = n = n+e n. On the other hand, for each x Z n with p (x) < n we have x mod n. Thus, f () = n+e n. Suppose that n is odd and p (a) = n. So a equals to n. Consider the equation x = n mod n ; let x = r q with q odd. We have r q = n mod n. So r = n, q n+ and q = mod. Thus, only odd q s satisfy the equation x = n mod n ; therefore, f (a) = n = n+e n. Now suppose that n is even and p (a) = n. So p (a) = n and a = s n, where s {,3}. If s =, then we consider the equation x = n mod n. Let x = r q with q odd. We have r q = n mod n. Hence r = n, q n+ and q = mod. So only half of odd q s satisfy the equation x = n mod n ; therefore, f (a) = n = n+e n. b) Continuing the proof of the Case a, if s = 3, then considering the equation x = n. 3 mod n and supposing that x = r q with q odd, we have r q = n. 3 mod n ; so, r = n and q = 3 mod. Thus, according to Lemma, we conclude that f (a) =. Suppose that p (a) = mod. Consider the equation x = a mod n. Since the square of any odd element is an odd element, so only even elements x Z n can satisfy
5 x = a mod n. Suppose that x = r q where r and q is odd. We have p (x ) = r which contradicts p (a) = mod. Therefore, f (a) =. Now suppose that p (a) = mod and O (a) mod 8 ; then a = j t, where p (a) = j and t = O (a). Consider the equation x = a mod n. Let x = r q with q odd. We have r q = j t mod n. Consequently, r = j and q = t mod nj ; therefore, regarding Lemma, we have f (a) =. c) We use Theorem 3.3 in [9] to prove this case. Suppose that p (a) = and a = mod 8; the algebraic structure (G, ), where G is the subset of odd elements in Z n and is the operator of multiplication modulo n is a group structure. The function φ: G G with φ(g) = g g is a group endomorphism on G. To compute ker(φ) we must count the number of solutions for the equation x x = G. In other words, we must count the number of solutions for the equation x = mod n. We have (x )(x + ) = mod n. Since x is odd, for some q Z n we have x = q +. So, q(q + ) = mod n. Consequently, we have q =, q = n, q = n or q + = n, q + = n, q + = n. Substituting the values of q, we have these solutions: x =, x = n, x 3 = n +, x = n +. Thus, ker (φ) = and since Im(φ) = G ker (φ), we have Im(φ) = n = n3. On the other hand, according to Lemma and since the number of elements in Z n in the form of 8q + is equal to n3 and Im(φ) = n3, so every element in the form of 8q + in Z n is a square element. Therefore, the equation x = a mod n at least has a solution x = t. It is not hard to verify that
6 x = t. ( n ) mod n, x 3 = t. ( n ) mod n, and x = t. ( n + ) mod n, are the only other solutions for the equation. Consequently, we have f (a) = ker (φ) = = p (a)+. Now suppose that p (a) = mod with p (a) n 3 and O (a) mod 8 =. In this case, we have a = j t with p (a) = j and t = O (a). Consider the equation x = a mod n. Let x = r q with q odd. We have r q = j t mod n ; so, r = j and q = t mod nj. Regarding Lemma and the proof of Case b, this equation has four solutions with q nj. For each of these solutions we present j solutions We have x = j (s nj+ + q), s j. x = j (s nj+ + q + sq nj+ ) = s nj+ + j q + sq n+ = j q mod n. In fact, regarding the inequality j n 3, we have n j n + 3. Thus, f (a) = p (a) + = p (a)+.. Probability Distribution of Component Boolean Functions of the Square Map In this section, we study the component Boolean functions of square map and we find the probability distribution of these component functions. Theorem has been proved in [] with the help of some concepts in T-function theory. Here, we reprove this theorem using Theorem. Theorem : Suppose that n > and the function f: Z n Z n is defined as z = f(x) = x mod n ; then we have
7 i = P(z i = ) = { + i+ i < n Proof: The cases i =, are obvious. Suppose that < i < n and i is odd; the number of elements a with p (a) = j is equal to nj and the number of a s with p (a) = j and O (a) mod 8 is equal to nj3. By Theorem, P(z i = ) = f (a) n p (a)<i p (a) mod = a i = i3 = nj3 j+ n. j= = ( i ) = i+. Suppose that < i < n and i is even; the number of elements a with p (a) = j is equal to nj and the number of a s with p (a) = j and O (a) mod 8 is equal to nj3. By Theorem, P(z i = ) = f (a) n p (a)<i p (a) mod = a i = i = nj3 j+ n. j= = ( i ) = i+. Now suppose that i = n and i is even; we have
8 P(z n = ) = f (a) p (a)<n n p (a) mod = a n = = f ( n ) n + n6 nj3 j+ j= n. = n = i+. Now if i = n and i is odd, then we have P(z n = ) = f (a) n p (a)<n p (a) mod = a n = n5 = nj3 j+ n. j= Now if i = n and i is even, then we have Finally, if i = n and i is odd, then we have = i+. P(z n = ) = f (a) n p (a)<n p (a) mod = a n = n3 = nj3 j+ n. j= = i+.
9 P(z i = ) = f (a) n p (a)<i p (a) mod = a i = n = nj3 j+ n. j= = i+ 5. Joint Probability Distribution of Component Boolean Functions of the Square Map In this section, we investigate the joint component Boolean functions of square map and we obtain the joint probability distribution of these component functions. Then, using these distributions, we introduce a new map similar to what is presented in Rabbit cipher and we find the probability distribution of component Boolean functions of this new map. Theorem 3: Suppose that n > and the function f: Z n Z n is defined as z = f(x) = x mod n ; we have: a) For j + < i, b) For j < i j + with j >, c) For the other cases, + ()a () b + ( a) j, j + i + P(z i = b, z j = a) = ()b + ( a) j =. { i + P(z i = b, z j = a) = + e j(a b) + e a + ea()b. j+3 j+ j+ i+
10 + ( e ae i+j ) ()b j =, i =, P(z i = b, z j = a) = ( a) ( + ()b ) j =, i =,3 a+ b j =, i = 3 3e a { 8 + ae b j =, i =. (These probabilities for n is also presented in the Appendix.) Proof: At first, suppose that j is even; or j = r, r >. We have P(z i = b, z r = ) = P(z = c) c i =b,c r = = P(z = c). p (c) r p (c) mod = c i =b,c r = () In summation (), if p (c) = k, k r, then binary representation of c is in this form: c = (,,, b,,,,,,,, i r k+, k+,,,,). Consequently, k + 5 bits are determined and so we have nk5 nonzero summands, the p(c)+ probability of each is equal to, by Theorem. Thus, the contribution of this case in () is n equal to (k+3). We note that the case k = r contradicts Theorem. For the case k = r, r + bits are determined, and so we have nr nonzero summands, the probability of each p(c)+ equals to by Theorem. Therefore, the contribution of this case in () is equal to n (r+). Hence, r P(z i = b, z r = ) = ( (k+3) ) + (r+) k= Now, using basic probability theory and Theorem and (), we have k = r+. () P(z i = b, z r = ) = P(z i = b ) P(z r = ) + P(z i = b, z r = )
11 = + ()b +. r+ i + So, P(z i = b, z r = a) = + ()a ()b r+ + ( a) i +. At this point, suppose that j is odd; i.e. j = r +, r. We have P(z i = b, z r+ = ) = c i =b,c r+ = P(z = c) = P(z = c). p (c) r+ p (c) mod = c i =b,c r+ = (3) In (3), according to Theorem, p (c) can be,,,r. Similar to the previous case, and So, Thus, in the case j, we have Now, suppose that j = : P(z i = b, z r+ = ) = r+, P(z i = b, z r+ = ) = + ()b +. r+ i + P(z i = b, z r+ = a) = + ()a ()b + ( a). r+ i + P(z i = b, z j = a) = + ()a j + + ( a) P(z i = b, z = ) = P(z = c) c i =b,c = () b i +. = P(z = c). p (c)=,c i =b ()
12 In (), four bits are determined and so we have n summands, the probability of each is equal to n by Theorem. Hence, and similarly, P(z i = b, z = ) = n. n =, P(z i = b, z = ) = P(z i = b ) P(z = ) + P(z i = b, z = ) So, for the case j =, we have = + ()b. i+ P(z i = b, z = a) = b) For < j and i = j + or = j +, we have P(z i = b, z j = ) = P(z = c) c i =b,c j = + ( a) ()b i +. = P(z = c). p (c) j p (c) mod = c i =b,c j = According to the proof of Case a and regarding the binary representation of c, for the even and odd cases of j, we have and P(z i = b, z j = ) = 3 n5 + n7 n = + e je b. j n( n j+ j+ j+ +) n + e je b n(j+3) P(z i = b, z j = ) = (P(z i = b ) + P(z j = ) P(z i = b, z j = )) = j+3 + j+ j+ + ()b + be j. i+ j+ j+ n
13 So, for j < i j + and j >, we have P(z i = b, z j = a) = + e j(a b) + e a + ea()b j+3 j+ j+. i+ c) All the cases are simple. Now, we introduce a new function similar to what is presented in stream cipher Rabbit and we obtain the probability distribution of its component Boolean functions. Theorem : Suppose that n 8 is an even natural number, the function f: Z n Z n is defined as z = f(x) = x mod n and w = g(x) = x (x n ) mod n. Here, is the bitwise right shift operator and means the bitwise XOR. We have Proof: According to Theorem 3, we have P(w i = ) = + i + n i ( n ), i < n. P(w = ) = P(z z n = ) = P(z =, z n = ) + P(z =, z n = ) and for < i < n, = + n+, P(w i = ) = P(z i z i+(n ) = ) = P(z i =, z i+(n ) = ) + P(z i =, z i+(n ) = ) = + i+n+. For n, according to Theorem, we have Therefore, P(w i = ) = + i+n+. P(w i = ) = + i + n i ( n ).
14 References [] D.R. STINSON, Cryptography - Theory and Practice, 3rd edn. Chapman & Hall/CRC, Boca Raton, 3. [] C. Burwick, D. Coppersmith, E. D Avingnon, R. Gennaro, Sh. Halevi, Ch. Jutla, S. M. Matyas Jr., L. O Connor, M. Peyravian, D. Safford, N. Zunic: MARS - a Candidate Cipher for AES, proceeding of st Advanced Encryption Standard Candidate Conference, Venture, California, Aug [3] R. L. Rivest, M. J. B. Robshaw, R. Sidney, Y.L. Yin: The RC6 Block Cipher, Proceeding of st Advanced Encryption Standard Candidate Conference, Venture, California, Aug [] C. Berbain, O. Billet, A. Canteaut, N. Courtois, H. Gilbert, L. Goubin, A. Gouget, L. Granboulan, C. Lauradoux, M. Minier, T. Pornin, and H. Sibert, Sosemanuk, a Fast Software-Oriented Stream Cipher, submitted to Ecrypt, 5. [5] M. Boesgaard, M. Vesterager, T. Pedersen, J. Christiansen, and O. Scavenius, Rabbit: A New High- Performance Stream Cipher, in Fast Software Encryption (FSE 3), LNCS 887, pp , Springer-Verlag, 3. [6] A. Mahmoodi Rishakani, M. R. Mirzaee Shamsabad, S. M. Dehnavi, Hamidreza Maimani, Einollah Pasha, Statistical Properties of Modular Multiplication Modulo a Power of Two, 9 th International Conference on Information Security and Cryptology (ISCISC ), University of Tabriz, Tabriz, Iran, [7] S. M. Dehnavi, A. Mahmoodi Rishakani, M. R. Mirzaee Shamsabad, Einollah Pasha, Cryptographic Properties of Modular Multiplication Modulo a Power of Two, Kharazmi Journal of Science, No. -, pp , 3 (In Persian) [8] Claude Carlet, Boolean functions for Cryptography and Error Correcting Codes, available via [9] J. B. Fraleigh. A First Course in Abstract Algebra, Sixth edition, ADDISON-WESLEY publishing company Inc, 999. [] A. Klimov and A. Shamir, A New Class of Invertible Mappings, Workshop on Cryptographic Hardware and Embedded Systems (CHES),.
15 Appendix In the following tables, the probability corresponding to the i-th column and the j-th row is equal to P(z i = b, z j = a). a = b = a = b = 3 a = b = 3 a = b = 3
Statistical Properties of Multiplication mod 2 n
Noname manuscript No. (will be inserted by the editor) Statistical Properties of Multiplication mod 2 n A. Mahmoodi Rishakani S. M. Dehnavi M. R. Mirzaee Shamsabad Hamidreza Maimani Einollah Pasha Received:
More informationCRYPTOGRAPHIC PROPERTIES OF ADDITION MODULO 2 n
CRYPTOGRAPHIC PROPERTIES OF ADDITION MODULO 2 n S. M. DEHNAVI, A. MAHMOODI RISHAKANI, M. R. MIRZAEE SHAMSABAD, HAMIDREZA MAIMANI, EINOLLAH PASHA Abstract. The operation of modular addition modulo a power
More informationarxiv: v1 [math.nt] 9 Nov 2017
Complete solving the quadratic equation mod 2 n S. M. Dehnavi 1, M. R. Mirzaee Shamsabad 2, and A. Mahmoodi Rishakani 3 arxiv:1711.03621v1 [math.nt] 9 Nov 2017 1 Department of Mathematical and Computer
More informationStatistical Properties of the Square Map Modulo a Power of Two
Statistical Properties of the Square Map Modulo a Power of Two S. M. Dehavi, A. Mahmoodi Rishakai, M. R. Mirzee Shamsabad 3, Hamidreza Maimai, Eiollah Pasha Kharazmi Uiversity, Faculty of Mathematical
More informationBitwise Linear Mappings with Good Cryptographic Properties and Efficient Implementation
Noname manuscript No. (will be inserted by the editor) Bitwise Linear Mappings with Good Cryptographic Properties and Efficient Implementation S. M. Dehnavi A. Mahmoodi Rishakani M. R. Mirzaee Shamsabad
More informationCHARACTERIZATION OF MDS MAPPINGS. 1. Introduction
CHARACTERIZATION OF MDS MAPPINGS S. M. DEHNAVI, A. MAHMOODI RISHAKANI, M. R. MIRZAEE SHAMSABAD Abstract. MDS codes and matrices are closely related to combinatorial objects like orthogonal arrays and multipermutations.
More informationA Sound Method for Switching between Boolean and Arithmetic Masking
A Sound Method for Switching between Boolean and Arithmetic Masking Louis Goubin CP8 Crypto Lab, SchlumbergerSema 36-38 rue de la Princesse, BP45 78430 Louveciennes Cedex, France Louis.Goubin@louveciennes.tt.slb.com
More informationCryptanalysis of the Stream Cipher DECIM
Cryptanalysis of the Stream Cipher DECIM Hongjun Wu and Bart Preneel Katholieke Universiteit Leuven, ESAT/SCD-COSIC Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, Belgium {wu.hongjun, bart.preneel}@esat.kuleuven.be
More informationA Byte-Based Guess and Determine Attack on SOSEMANUK
A Byte-Based Guess and Determine Attack on SOSEMANUK Xiutao Feng, Jun Liu, Zhaocun Zhou, Chuankun Wu and Dengguo Feng State Key Laboratory of Information Security, Institute of Software, Chinese Academy
More informationImproved Linear Cryptanalysis of SOSEMANUK
Improved Linear Cryptanalysis of SOSEMANUK Joo Yeon Cho and Miia Hermelin Helsinki University of Technology, Department of Information and Computer Science, P.O. Box 5400, FI-02015 TKK, Finland {joo.cho,miia.hermelin}@tkk.fi
More informationA Byte-Based Guess and Determine Attack on SOSEMANUK
A Byte-Based Guess and Determine Attack on SOSEMANUK Xiutao Feng, Jun Liu, Zhaocun Zhou, Chuankun Wu, and Dengguo Feng State Key Laboratory of Information Security, Institute of Software, Chinese Academy
More informationCryptanalysis of Sosemanuk and SNOW 2.0 Using Linear Masks
Cryptanalysis of Sosemanuk and SNOW 2.0 Using Linear Masks Jung-Keun Lee, Dong Hoon Lee, and Sangwoo Park ETRI Network & Communication Security Division, 909 Jeonmin-dong, Yuseong-gu, Daejeon, Korea Abstract.
More informationNew Construction of Single Cycle T-function Families
New Construction of Single Cycle T-function Families Shiyi ZHANG 1, Yongjuan WANG, Guangpu GAO Luoyang Foreign Language University, Luoyang, Henan Province, China Abstract The single cycle T-function is
More informationNear Optimal Algorithms for Solving Differential Equations of Addition with Batch Queries
A shortened version of this paper appears under the same title in the proceedings of Indocrypt 2005 (S. Maitra, C.E. Venimadhavan, R. Venkatesan (eds.)), LNCS, Springer-Verlag. Near Optimal Algorithms
More informationPublication VI Springer Science+Business Media. Reprinted with kind permission from Springer Science and Business Media.
Publication VI Joo Yeon Cho and Miia Hermelin. 2010. Improved linear cryptanalysis of SOSEMANUK. In: Donghoon Lee and Seokhie Hong (editors). Revised Selected Papers of the 12th International Conference
More informationA Five-Round Algebraic Property of the Advanced Encryption Standard
A Five-Round Algebraic Property of the Advanced Encryption Standard Jianyong Huang, Jennifer Seberry and Willy Susilo Centre for Computer and Information Security Research (CCI) School of Computer Science
More informationX-FCSR: a new software oriented stream cipher based upon FCSRs
X-FCSR: a new software oriented stream cipher based upon FCSRs François Arnault 1, Thierry P. Berger 1, Marine Minier 2, and Cédric Lauradoux 3 1 XLIM, Faculté des Sciences de Limoges 23 avenue Albert
More informationVirtual isomorphisms of ciphers: is AES secure against differential / linear attack?
Alexander Rostovtsev alexander. rostovtsev@ibks.ftk.spbstu.ru St. Petersburg State Polytechnic University Virtual isomorphisms of ciphers: is AES secure against differential / linear attack? In [eprint.iacr.org/2009/117]
More informationAn Algebraic Approach to NTRU (q = 2 n ) via Witt Vectors and Overdetermined Systems of Nonlinear Equations
An Algebraic Approach to NTRU (q = 2 n ) via Witt Vectors and Overdetermined Systems of Nonlinear Equations J.H. Silverman 1, N.P. Smart 2, and F. Vercauteren 2 1 Mathematics Department, Box 1917, Brown
More informationImproved Linear Distinguishers for SNOW 2.0
Improved Linear Distinguishers for SNOW 2.0 Kaisa Nyberg 1,2 and Johan Wallén 1 1 Helsinki University of Technology and 2 Nokia Research Center, Finland Email: kaisa.nyberg@nokia.com; johan.wallen@tkk.fi
More informationPeriodicity and Distribution Properties of Combined FCSR Sequences
Periodicity and Distribution Properties of Combined FCSR Sequences Mark Goresky 1, and Andrew Klapper, 1 Institute for Advanced Study, Princeton NJ www.math.ias.edu/~goresky Dept. of Computer Science,
More informationMod n Cryptanalysis, with Applications Against RC5P and M6
Mod n Cryptanalysis, with Applications Against RC5P and M6 John Kelsey, Bruce Schneier, and David Wagner Abstract. We introduce mod n cryptanalysis, a form of partitioning attack that is effective against
More informationDecim, a new stream cipher for hardware applications
Decim, a new stream cipher for hardware applications C. Berbain 1, O. Billet 1, A. Canteaut 2, N. Courtois 3, B. Debraize 3,4, H. Gilbert 1, L. Goubin 4, A. Gouget 5, L. Granboulan 6, C. Lauradoux 2, M.
More informationA new version of the RC6 algorithm, stronger against χ 2 cryptanalysis
A new version of the RC6 algorithm, stronger against χ 2 cryptanalysis Routo Terada 1 Eduardo T. Ueda 2 1 Dept. of Computer Science University of São Paulo, Brazil Email: rt@ime.usp.br 2 Dept. of Computer
More informationAffine equivalence in the AES round function
Discrete Applied Mathematics 148 (2005) 161 170 www.elsevier.com/locate/dam Affine equivalence in the AES round function A.M. Youssef a, S.E. Tavares b a Concordia Institute for Information Systems Engineering,
More informationNonlinear Equivalence of Stream Ciphers
Sondre Rønjom 1 and Carlos Cid 2 1 Crypto Technology Group, Norwegian National Security Authority, Bærum, Norway 2 Information Security Group, Royal Holloway, University of London Egham, United Kingdom
More informationPrime and irreducible elements of the ring of integers modulo n
Prime and irreducible elements of the ring of integers modulo n M. H. Jafari and A. R. Madadi Department of Pure Mathematics, Faculty of Mathematical Sciences University of Tabriz, Tabriz, Iran Abstract
More informationCryptanalysis of the Stream Cipher ABC v2
Cryptanalysis of the Stream Cipher ABC v2 Hongjun Wu and Bart Preneel Katholieke Universiteit Leuven, ESAT/SCD-COSIC Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, Belgium {wu.hongjun,bart.preneel}@esat.kuleuven.be
More informationLinear Cryptanalysis of RC5 and RC6
Linear Cryptanalysis of RC5 and RC6 Johan Borst, Bart Preneel, and Joos Vandewalle K.U. Leuven, Dept. Elektrotechniek-ESAT/COSIC Kardinaal Mercierlaan 94, B-3001 Heverlee Belgium Johan.Borst@esat.kuleuven.ac.be
More informationOn The Nonlinearity of Maximum-length NFSR Feedbacks
On The Nonlinearity of Maximum-length NFSR Feedbacks Meltem Sönmez Turan National Institute of Standards and Technology meltem.turan@nist.gov Abstract. Linear Feedback Shift Registers (LFSRs) are the main
More informationSets. We discuss an informal (naive) set theory as needed in Computer Science. It was introduced by G. Cantor in the second half of the nineteenth
Sets We discuss an informal (naive) set theory as needed in Computer Science. It was introduced by G. Cantor in the second half of the nineteenth century. Most students have seen sets before. This is intended
More informationHaar Spectrum of Bent Boolean Functions
Malaysian Journal of Mathematical Sciences 1(S) February: 9 21 (216) Special Issue: The 3 rd International Conference on Mathematical Applications in Engineering 21 (ICMAE 1) MALAYSIAN JOURNAL OF MATHEMATICAL
More informationA New Class of Single Cycle T-Functions
A New Class of Single Cycle T-Functions Jin Hong, Dong Hoon Lee, Yongjin Yeom, and Daewan Han National Security Research Institute, 161 Gajeong-dong, Yuseong-gu Daejeon, 305-350, Korea {jinhong, dlee,
More informationAnalysis of SHA-1 in Encryption Mode
Analysis of SHA- in Encryption Mode [Published in D. Naccache, Ed., Topics in Cryptology CT-RSA 00, vol. 00 of Lecture Notes in Computer Science, pp. 70 83, Springer-Verlag, 00.] Helena Handschuh, Lars
More informationF-FCSR: Design of a New Class of Stream Ciphers
F-FCSR: Design of a New Class of Stream Ciphers François Arnault and Thierry P. Berger LACO, Université de Limoges, 123 avenue A. Thomas, 87060 Limoges CEDEX, France {arnault, thierry.berger}@unilim.fr
More informationEssential Algebraic Structure Within the AES
Essential Algebraic Structure Within the AES Sean Murphy and Matthew J.B. Robshaw Information Security Group, Royal Holloway, University of London, Egham, Surrey, TW20 0EX, U.K. s.murphy@rhul.ac.uk m.robshaw@rhul.ac.uk
More informationOpen problems related to algebraic attacks on stream ciphers
Open problems related to algebraic attacks on stream ciphers Anne Canteaut INRIA - projet CODES B.P. 105 78153 Le Chesnay cedex - France e-mail: Anne.Canteaut@inria.fr Abstract The recently developed algebraic
More informationModular Reduction without Pre-Computation for Special Moduli
Modular Reduction without Pre-Computation for Special Moduli Tolga Acar and Dan Shumow Extreme Computing Group, Microsoft Research, Microsoft One Microsoft Way, Redmond, WA 98052, USA {tolga,danshu}@microsoft.com
More informationjorge 2 LSI-TEC, PKI Certification department
Linear Analysis of reduced-round CAST-28 and CAST-256 Jorge Nakahara Jr, Mads Rasmussen 2 UNISANTOS, Brazil jorge nakahara@yahoo.com.br 2 LSI-TEC, PKI Certification department mads@lsitec.org.br Abstract.
More informationHans Delfs & Helmut Knebl: Kryptographie und Informationssicherheit WS 2008/2009. References. References
Hans Delfs & Helmut Knebl: Kryptographie und Informationssicherheit WS 2008/2009 Die Unterlagen sind ausschliesslich zum persoenlichen Gebrauch der Vorlesungshoerer bestimmt. Die Herstellung von elektronischen
More informationQuadratic Equations from APN Power Functions
IEICE TRANS. FUNDAMENTALS, VOL.E89 A, NO.1 JANUARY 2006 1 PAPER Special Section on Cryptography and Information Security Quadratic Equations from APN Power Functions Jung Hee CHEON, Member and Dong Hoon
More informationNew attacks on RSA with Moduli N = p r q
New attacks on RSA with Moduli N = p r q Abderrahmane Nitaj 1 and Tajjeeddine Rachidi 2 1 Laboratoire de Mathématiques Nicolas Oresme Université de Caen Basse Normandie, France abderrahmane.nitaj@unicaen.fr
More informationNumber Theory. Modular Arithmetic
Number Theory The branch of mathematics that is important in IT security especially in cryptography. Deals only in integer numbers and the process can be done in a very fast manner. Modular Arithmetic
More informationAn Algebraic Framework for Cipher Embeddings
An Algebraic Framework for Cipher Embeddings C. Cid 1, S. Murphy 1, and M.J.B. Robshaw 2 1 Information Security Group, Royal Holloway, University of London, Egham, Surrey, TW20 0EX, U.K. 2 France Télécom
More informationGurgen Khachatrian Martun Karapetyan
34 International Journal Information Theories and Applications, Vol. 23, Number 1, (c) 2016 On a public key encryption algorithm based on Permutation Polynomials and performance analyses Gurgen Khachatrian
More informationThe ANF of the Composition of Addition and Multiplication mod 2 n with a Boolean Function
The ANF of the Composition of Addition and Multiplication mod 2 n with a Boolean Function An Braeken 1 and Igor Semaev 2 1 Department Electrical Engineering, ESAT/COSIC, Katholieke Universiteit Leuven,
More informationSmart Hill Climbing Finds Better Boolean Functions
Smart Hill Climbing Finds Better Boolean Functions William Millan, Andrew Clark and Ed Dawson Information Security Research Centre Queensland University of Technology GPO Box 2434, Brisbane, Queensland,
More informationModular Multiplication in GF (p k ) using Lagrange Representation
Modular Multiplication in GF (p k ) using Lagrange Representation Jean-Claude Bajard, Laurent Imbert, and Christophe Nègre Laboratoire d Informatique, de Robotique et de Microélectronique de Montpellier
More informationTransform Domain Analysis of DES. Guang Gong and Solomon W. Golomb. University of Southern California. Tels and
Transform Domain Analysis of DES Guang Gong and Solomon W. Golomb Communication Sciences Institute University of Southern California Electrical Engineering-Systems, EEB # 500 Los Angeles, California 90089-2565
More informationOn the Sosemanuk Related Key-IV Sets
On the Sosemanuk Related Key-IV Sets Aleksandar Kircanski and Amr M. Youssef Concordia Institute for Information Systems Engineering Concordia University Montreal, Quebec, H3G 1M8, Canada {a kircan,youssef}@encs.concordia.ca
More informationImproved Analysis of Some Simplified Variants of RC6
Improved Analysis of Some Simplified Variants of RC6 Scott Contini 1, Ronald L. Rivest 2, M.J.B. Robshaw 1, and Yiqun Lisa Yin 1 1 RSA Laboratories, 2955 Campus Drive San Mateo, CA 94403, USA {scontini,matt,yiqun}@rsa.com
More informationA New Class of Invertible Mappings
A New Class of Invertible Mappings Alexander Klimov and Adi Shamir Computer Science department, The Weizmann Institute of Science Rehovot 76100, Israel {ask,shamir}@wisdom.weizmann.ac.il Abstract. Invertible
More informationOn the Salsa20 Core Function
On the Salsa20 Core Function Julio Cesar Hernandez-Castro, Juan M. E. Tapiador, and Jean-Jacques Quisquater Crypto Group, DICE, Universite Louvain-la-Neuve Place du Levant, 1 B-1348 Louvain-la-Neuve, Belgium
More informationA new simple technique to attack filter generators and related ciphers
A new simple technique to attack filter generators and related ciphers Håkan Englund and Thomas Johansson Dept. of Information Techonolgy, Lund University, P.O. Box 118, 221 00 Lund, Sweden Abstract. This
More informationPublic Key Perturbation of Randomized RSA Implementations
Public Key Perturbation of Randomized RSA Implementations A. Berzati, C. Dumas & L. Goubin CEA-LETI Minatec & Versailles St Quentin University Outline 1 Introduction 2 Public Key Perturbation Against R2L
More informationDPA on n-bit sized Boolean and Arithmetic Operations and its Application to IDEA, RC6 and the HMAC-Construction
DPA on n-bit sized Boolean and Arithmetic Operations and its Application to IDEA, RC6 and the HMAC-Construction Kerstin Lemke, Kai Schramm and Christof Paar Communication Security Group (COSY) Department
More informationEfficient Masked S-Boxes Processing A Step Forward
Efficient Masked S-Boxes Processing A Step Forward Vincent Grosso 1, Emmanuel Prouff 2, François-Xavier Standaert 1 1 ICTEAM/ELEN/Crypto Group, Université catholique de Louvain, Belgium. 2 ANSSI, 51 Bd
More informationMatrix Power S-Box Construction
Matrix Power S-Box Construction Eligijus Sakalauskas a and Kestutis Luksys b Department of Applied Mathematics, Kaunas University of Technology, Studentu g. 50, 52368 Kaunas, Lithuania a Eligijus.Sakalauskas@ktu.lt
More informationRoyal Holloway University of London
Projective Aspects of the AES Inversion Wen-Ai Jackson and Sean Murphy Technical Report RHUL MA 2006 4 25 November 2005 Royal Holloway University of London Department of Mathematics Royal Holloway, University
More informationAutomatic Expectation and Variance Computing for Attacks on Feistel Schemes
Automatic Expectation and Variance Computing for Attacks on Feistel Schemes Emmanuel Volte 1 and Valérie Nachef 1 and Nicolas Marrière 1 Department of Mathematics, University of Cergy-Pontoise, CNRS UMR
More informationGeneralized hyper-bent functions over GF(p)
Discrete Applied Mathematics 55 2007) 066 070 Note Generalized hyper-bent functions over GFp) A.M. Youssef Concordia Institute for Information Systems Engineering, Concordia University, Montreal, QC, H3G
More informationImproved Linear (hull) Cryptanalysis of Round-reduced Versions of SIMON
Improved Linear (hull) Cryptanalysis of Round-reduced Versions of SIMON Danping Shi 1,2, Lei Hu 1,2, Siwei Sun 1,2, Ling Song 1,2, Kexin Qiao 1,2, Xiaoshuang Ma 1,2 1 State Key Laboratory of Information
More informationPoly Dragon: An efficient Multivariate Public Key Cryptosystem
Poly Dragon: An efficient Multivariate Public Key Cryptosystem Rajesh P Singh, A.Saikia, B.K.Sarma Department of Mathematics Indian Institute of Technology Guwahati Guwahati -781039, India May 19, 2010
More informationHadamard Matrices, d-linearly Independent Sets and Correlation-Immune Boolean Functions with Minimum Hamming Weights
Hadamard Matrices, d-linearly Independent Sets and Correlation-Immune Boolean Functions with Minimum Hamming Weights Qichun Wang Abstract It is known that correlation-immune (CI) Boolean functions used
More informationLittle Dragon Two: An efficient Multivariate Public Key Cryptosystem
Little Dragon Two: An efficient Multivariate Public Key Cryptosystem Rajesh P Singh, A.Saikia, B.K.Sarma Department of Mathematics Indian Institute of Technology Guwahati Guwahati -781039, India October
More information1-Resilient Boolean Function with Optimal Algebraic Immunity
1-Resilient Boolean Function with Optimal Algebraic Immunity Qingfang Jin Zhuojun Liu Baofeng Wu Key Laboratory of Mathematics Mechanization Institute of Systems Science, AMSS Beijing 100190, China qfjin@amss.ac.cn
More informationStructural Evaluation by Generalized Integral Property
Structural Evaluation by Generalized Integral Property Yosue Todo NTT Secure Platform Laboratories, Toyo, Japan todo.yosue@lab.ntt.co.jp Abstract. In this paper, we show structural cryptanalyses against
More informationAlgebraic Techniques in Differential Cryptanalysis
Algebraic Techniques in Differential Cryptanalysis Martin Albrecht and Carlos Cid Information Security Group, Royal Holloway, University of London FSE 2009, Leuven, 24.02.2009 Martin Albrecht and Carlos
More informationWell known bent functions satisfy both SAC and PC(l) for all l n, b not necessarily SAC(k) nor PC(l) of order k for k 1. On the other hand, balancedne
Design of SAC/PC(l) of order k Boolean functions and three other cryptographic criteria Kaoru Kurosawa 1 and Takashi Satoh?2 1 Dept. of Comper Science, Graduate School of Information Science and Engineering,
More informationImproved Distinguishing Attacks on HC-256
Improved Distinguishing Attacks on HC-256 Gautham Sekar 1,2, and Bart Preneel 1,2 1 Department of Electrical Engineering ESAT/SCD-COSIC, Katholieke Universiteit Leuven, Kasteelpark Arenberg 10, B-3001
More informationA Conjecture on Binary String and Its Applications on Constructing Boolean Functions of Optimal Algebraic Immunity
A Conjecture on Binary String and Its Applications on Constructing Boolean Functions of Optimal Algebraic Immunity Ziran Tu and Yingpu deng Abstract In this paper, we propose a combinatoric conjecture
More informationLow-weight Pseudo Collision Attack on Shabal and Preimage Attack on Reduced Shabal-512
Low-weight Pseudo Collision Attack on Shabal and Preimage Attack on Reduced Shabal-512 Takanori Isobe and Taizo Shirai Sony Corporation 1-7-1 Konan, Minato-ku, Tokyo 108-0075, Japan {Takanori.Isobe,Taizo.Shirai}@jp.sony.com
More informationDifferential Fault Analysis of Trivium
Differential Fault Analysis of Trivium Michal Hojsík 1,2 and Bohuslav Rudolf 2,3 1 Department of Informatics, University of Bergen, N-5020 Bergen, Norway 2 Department of Algebra, Charles University in
More informationSynopsis of the thesis entitled Cryptographic and Combinatorial Properties of Boolean Functions and S-boxes
Synopsis of the thesis entitled Cryptographic and Combinatorial Properties of Boolean Functions and S-boxes by Kishan Chand Gupta Applied Statistics Unit Indian Statistical Institute 2004 under the supervision
More informationFurther improving security of Vector Stream Cipher
NOLTA, IEICE Paper Further improving security of Vector Stream Cipher Atsushi Iwasaki 1a) and Ken Umeno 2 1 Fukuoka Institute of Technology Wajiro-higashi, Higashiku, Fukuoka 811-0295, Japan 2 Graduate
More informationAnalysis of Modern Stream Ciphers
Analysis of Modern Stream Ciphers Josef Pieprzyk Centre for Advanced Computing Algorithms and Cryptography, Macquarie University, Australia CANS - Singapore - December 2007 estream Outline 1. estream Project
More informationFinding Low Degree Annihilators for a Boolean Function Using Polynomial Algorithms
Finding Low Degree Annihilators for a Boolean Function Using Polynomial Algorithms Vladimir Bayev Abstract. Low degree annihilators for Boolean functions are of great interest in cryptology because of
More informationRevisit and Cryptanalysis of a CAST Cipher
2017 3rd International Conference on Electronic Information Technology and Intellectualization (ICEITI 2017) ISBN: 978-1-60595-512-4 Revisit and Cryptanalysis of a CAST Cipher Xiao Zhou, Jingwei Li, Xuejia
More informationCOMS W4995 Introduction to Cryptography October 12, Lecture 12: RSA, and a summary of One Way Function Candidates.
COMS W4995 Introduction to Cryptography October 12, 2005 Lecture 12: RSA, and a summary of One Way Function Candidates. Lecturer: Tal Malkin Scribes: Justin Cranshaw and Mike Verbalis 1 Introduction In
More informationComplementing Feistel Ciphers
Complementing Feistel Ciphers Alex Biryukov 1 and Ivica Nikolić 2 1 University of Luxembourg 2 Nanyang Technological University, Singapore alex.biryukov@uni.lu inikolic@ntu.edu.sg Abstract. In this paper,
More informationComparison of cube attacks over different vector spaces
Comparison of cube attacks over different vector spaces Richard Winter 1, Ana Salagean 1, and Raphael C.-W. Phan 2 1 Department of Computer Science, Loughborough University, Loughborough, UK {R.Winter,
More informationHardware Design and Analysis of Block Cipher Components
Hardware Design and Analysis of Block Cipher Components Lu Xiao and Howard M. Heys Electrical and Computer Engineering Faculty of Engineering and Applied Science Memorial University of Newfoundland St.
More informationDifferential Fault Analysis of Sosemanuk
Differential Fault Analysis of Sosemanuk Yaser Esmaeili Salehani, Aleksandar Kircanski, and Amr Youssef Concordia Institute for Information Systems Engineering, Concordia University Montreal, Quebec, H3G
More informationConvolutional block codes with cryptographic properties over the semi-direct product
Convolutional block codes with cryptographic properties over the semi-direct product Z/NZ Z/MZ Marion Candau 1,2, Roland Gautier 2 and Johannes Huisman 3 1 LMBA, UMR CNRS 6205, Université de Bretagne Occidentale,
More informationThird-order nonlinearities of some biquadratic monomial Boolean functions
Noname manuscript No. (will be inserted by the editor) Third-order nonlinearities of some biquadratic monomial Boolean functions Brajesh Kumar Singh Received: April 01 / Accepted: date Abstract In this
More informationA GENERAL FRAMEWORK FOR GUESS-AND-DETERMINE AND TIME-MEMORY-DATA TRADE-OFF ATTACKS ON STREAM CIPHERS
A GENERAL FRAMEWORK FOR GUESS-AND-DETERMINE AND TIME-MEMORY-DATA TRADE-OFF ATTACKS ON STREAM CIPHERS Guanhan Chew, Khoongming Khoo DSO National Laboratories, 20 Science Park Drive, Singapore 118230 cguanhan,kkhoongm@dso.org.sg
More informationIntroduction to Modern Cryptography. (1) Finite Groups, Rings and Fields. (2) AES - Advanced Encryption Standard
Introduction to Modern Cryptography Lecture 3 (1) Finite Groups, Rings and Fields (2) AES - Advanced Encryption Standard +,0, and -a are only notations! Review - Groups Def (group): A set G with a binary
More informationPractical Complexity Cube Attacks on Round-Reduced Keccak Sponge Function
Practical Complexity Cube Attacks on Round-Reduced Keccak Sponge Function Itai Dinur 1, Pawe l Morawiecki 2,3, Josef Pieprzyk 4 Marian Srebrny 2,3, and Micha l Straus 3 1 Computer Science Department, École
More informationTHEORETICAL SIMPLE POWER ANALYSIS OF THE GRAIN STREAM CIPHER. A. A. Zadeh and Howard M. Heys
THEORETICAL SIMPLE POWER ANALYSIS OF THE GRAIN STREAM CIPHER A. A. Zadeh and Howard M. Heys Electrical and Computer Engineering Faculty of Engineering and Applied Science Memorial University of Newfoundland
More informationOn Feistel Ciphers Using Optimal Diffusion Mappings Across Multiple Rounds
On Feistel Ciphers Using Optimal Diffusion Mappings Across Multiple Rounds Taizo Shirai 1, and Bart Preneel 2 1 Sony Corporation, Tokyo, Japan taizo.shirai@jp.sony.com 2 ESAT/SCD-COSIC, Katholieke Universiteit
More informationAnalysis of Some Quasigroup Transformations as Boolean Functions
M a t h e m a t i c a B a l k a n i c a New Series Vol. 26, 202, Fasc. 3 4 Analysis of Some Quasigroup Transformations as Boolean Functions Aleksandra Mileva Presented at MASSEE International Conference
More informationFast Algebraic Immunity of 2 m + 2 & 2 m + 3 variables Majority Function
Fast Algebraic Immunity of 2 m + 2 & 2 m + 3 variables Majority Function Yindong Chen a,, Fei Guo a, Liu Zhang a a College of Engineering, Shantou University, Shantou 515063, China Abstract Boolean functions
More informationBadger - A Fast and Provably Secure MAC
Badger - A Fast and Provably Secure MAC Martin Boesgaard, Ove Scavenius, Thomas Pedersen, Thomas Christensen, and Erik Zenner CRYPTICO A/S Fruebjergvej 3 2100 Copenhagen Denmark info@cryptico.com Abstract.
More informationSome results on the existence of t-all-or-nothing transforms over arbitrary alphabets
Some results on the existence of t-all-or-nothing transforms over arbitrary alphabets Navid Nasr Esfahani, Ian Goldberg and Douglas R. Stinson David R. Cheriton School of Computer Science University of
More informationFast Correlation Attacks: an Algorithmic Point of View
Fast Correlation Attacks: an Algorithmic Point of View Philippe Chose, Antoine Joux, and Michel Mitton DCSSI, 18 rue du Docteur Zamenhof F-92131 Issy-les-Moulineaux cedex, France Philippe.Chose@ens.fr,
More informationLinear Approximations for 2-round Trivium
Linear Approximations for 2-round Trivium Meltem Sönmez Turan 1, Orhun Kara 2 1 Institute of Applied Mathematics, Middle East Technical University Ankara, Turkey msonmez@metu.edu.tr 2 TUBITAK-UEKAE, Gebze,
More informationConstructing a Ternary FCSR with a Given Connection Integer
Constructing a Ternary FCSR with a Given Connection Integer Lin Zhiqiang 1,2 and Pei Dingyi 1,2 1 School of Mathematics and Information Sciences, Guangzhou University, China 2 State Key Laboratory of Information
More informationSymmetric key cryptography over non-binary algebraic structures
Symmetric key cryptography over non-binary algebraic structures Kameryn J Williams Boise State University 26 June 2012 AAAS Pacific Conference 24-27 June 2012 Acknowledgments These results are due to collaboration
More information3-Designs from PSL(2, q)
3-Designs from PSL(, q P. J. Cameron a,1 H. R. Maimani b,d G. R. Omidi b,c B. Tayfeh-Rezaie b a School of Mathematical Sciences, Queen Mary, University of London, U.K. b Institute for Studies in Theoretical
More informationP. J. Cameron a,1 H. R. Maimani b,d G. R. Omidi b,c B. Tayfeh-Rezaie b
3-designs from PSL(, q P. J. Cameron a,1 H. R. Maimani b,d G. R. Omidi b,c B. Tayfeh-Rezaie b a School of Mathematical Sciences, Queen Mary, University of London, U.K. b Institute for Studies in Theoretical
More information