Cryptography: Key Issues in Security
|
|
- Kristopher Miles
- 5 years ago
- Views:
Transcription
1 L. Babinkostova J. Keller B. Schreiner J. Schreiner-McGraw K. Stubbs August 1, 2014
2 Introduction Motivation Group Generated Questions and Notation Translation Based Ciphers Previous Results Definitions Advanced Encryption Standard (AES) Definition of AES AES as a tb cipher Results Proper Mixing Layer Non-Surjective Key Schedule Conclusions
3 Motivation
4 Motivation
5 Group Generated General Cryptosystems Definition A cryptosystem is an ordered 4-tuple (M, C, K, T ) where M, C, and K are called the message space, the ciphertext space, and the key space respectively, and where T : M K C is a transformation such that for each k K, the mapping T [k] : M C, called an encryption transformation, is invertible.
6 Group Generated General Cryptosystems Definition A cryptosystem is an ordered 4-tuple (M, C, K, T ) where M, C, and K are called the message space, the ciphertext space, and the key space respectively, and where T : M K C is a transformation such that for each k K, the mapping T [k] : M C, called an encryption transformation, is invertible. For any cryptosystem Π = (M, C, K, T ), let T Π = {T [k] : k K} be the set of all encryption transformations.
7 Group Generated General Cryptosystems Definition A cryptosystem is an ordered 4-tuple (M, C, K, T ) where M, C, and K are called the message space, the ciphertext space, and the key space respectively, and where T : M K C is a transformation such that for each k K, the mapping T [k] : M C, called an encryption transformation, is invertible. For any cryptosystem Π = (M, C, K, T ), let T Π = {T [k] : k K} be the set of all encryption transformations. Definition The symbol G = T Π denotes group that is generated by the set T Π.
8 Group Generated Group Generated by One Round Function Definition Let T [k] denote the round function of the cipher under the key k K, where K denotes the set of all round keys.
9 Group Generated Group Generated by One Round Function Definition Let T [k] denote the round function of the cipher under the key k K, where K denotes the set of all round keys. Definition Let L = {T [k] k K} be the set of all round functions.
10 Group Generated Group Generated by One Round Function Definition Let T [k] denote the round function of the cipher under the key k K, where K denotes the set of all round keys. Definition Let L = {T [k] k K} be the set of all round functions. Definition We denote G T = {T [k] k K} generated by these permutations.
11 Group Generated Key Schedule Definition An s-round cipher has key schedule KS : K K s so that any key k K produces a set of subkeys k i K, 1 i s.
12 Group Generated Key Schedule Definition An s-round cipher has key schedule KS : K K s so that any key k K produces a set of subkeys k i K, 1 i s. Definition The group G s T = T [k s]t [k s 1 ] T [k 1 ] k i K is the group generated by s round functions (independently chosen).
13 Group Generated Relation between these groups G T = T [k] k K G s T = T [k s ]T [k s 1 ] T [k 1 ] k i K G = T [k s ]T [k s 1 ] T [k 1 ] KS(k) = (k 1, k 2,, k s )
14 Group Generated Relation between these groups G T = T [k] k K G s T = T [k s ]T [k s 1 ] T [k 1 ] k i K G = T [k s ]T [k s 1 ] T [k 1 ] KS(k) = (k 1, k 2,, k s ) G = T Π
15 Group Generated Relation between these groups G T = T [k] k K G s T = T [k s ]T [k s 1 ] T [k 1 ] k i K G = T [k s ]T [k s 1 ] T [k 1 ] KS(k) = (k 1, k 2,, k s ) G = T Π G G s T G T
16 Group Generated Primitivity Definition Recall that a group action on a set V is transitive if x, y V, g G s.t. xg = y.
17 Group Generated Primitivity Definition Recall that a group action on a set V is transitive if x, y V, g G s.t. xg = y. Definition A transitive group G is imprimitive in its action on V if there exists a non-trivial partition B of V (i.e. B {V }, B {{v} v V }) such that Bg B, B B and g G. We call such a B a block system for G. A group action is primitive if it is not imprimitive.
18 Group Generated Examples of Block Systems Example T (Z n ), the group of translations on Z n, where x a + x (mod n) has as many block systems as there are factorizations of n into two integers a and b, both greater than 1.
19 Group Generated Examples of Block Systems Example T (Z n ), the group of translations on Z n, where x a + x (mod n) has as many block systems as there are factorizations of n into two integers a and b, both greater than 1. Example The subgroup of the symmetric group on S = {1, 2, 3, 4}, σ, where σ = (1234), is imprimitive. A block system B is {{1, 3}, {2, 4}}.
20 Questions and Notation Our Questions Is the set of encryption functions a group?
21 Questions and Notation Our Questions Is the set of encryption functions a group? When is the group generated transitive?
22 Questions and Notation Our Questions Is the set of encryption functions a group? When is the group generated transitive? When is the group generated primitive?
23 Questions and Notation Our Questions Is the set of encryption functions a group? When is the group generated transitive? When is the group generated primitive? When is the group generated by the encryption functions the symmetric or alternating group?
24 Questions and Notation Notation Message Space: r, m, n Z +, M = GF(p rmn ) = (GF(p r )) mn
25 Questions and Notation Notation Message Space: r, m, n Z +, M = GF(p rmn ) = (GF(p r )) mn Internal Representation: t : (GF(p r )) mn M m,n (GF(p r )) t : [a 1,..., a mn ] a 1 a 2... a n a n+1 a n+2... a 2n a (m 1)n a (m 1)n+1... a mn
26 Previous Results Theorem Let C be a translation-based cipher over F q, and suppose that the h-th round is proper. If each brick of γ h is 1. weakly p r -uniform, and 2. strongly r-anti-invariant then the group generated by C is primitive.
27 Previous Results Theorem Let C be a translation-based cipher such that 1. C satisfies the hypotheses of the above theorem, and 2. for all 0 a V i, {(x + a)γ i xγ i x V i } is not a coset of a subgroup of V i then the group generated by C is either Alt(V) or Sym(V). R. Aragona, A. Caranti, F. Dalla Volta, and M. Sala, On the group generated by round functions of translation based ciphers over arbitrary finite fields, Elsevier, (2013).
28 Definitions Definition An element γ Sym(V ) is called a bricklayer transformation with respect to V = V 1 V n if γ acts on an element v = v v n with v i V i as vγ = v 1 γ v n γ n for some γ i Sym(V ).
29 Definitions Definition Let ψ GL(V ) be a linear map. Then ψ is called a mixing layer. If ψ leaves no sum V i invariant, then ψ is called a proper mixing layer.
30 Definitions Key Schedule: KS : K K s. Key Mapping: φ(k, h) : K {1,..., s} M.
31 Definitions Key Schedule: KS : K K s. Key Mapping: φ(k, h) : K {1,..., s} M. In both cases the key k is called the master key.
32 Definitions A block cipher C = {τ k : k K} over F q is translation based (tb) if 1. each τ k is the composition of h round functions τ k,h, and h = 1,..., s where in turn each round function can be written as a composition σ φ(k,h) ψ h γ h of three permutations of V, where γ h is a bricklayer transformation not depending on k and with 0γ h = 0, ψ h is a linear transformation not depending on k, φ : K {1,..., s} V is the key schedule 2. for one round h 0 is a proper mixing layer, and ψ h0 the map K V by k φ(k, h 0 ) is surjective on V.
33 AES as a tb cipher AES as a tb cipher For reference a single round of AES is the following composition of functions: σ k ρ π λ Recall, our definition of tb cipher had three components:
34 AES as a tb cipher AES as a tb cipher For reference a single round of AES is the following composition of functions: σ k ρ π λ Recall, our definition of tb cipher had three components: A bricklayer transformation.
35 AES as a tb cipher AES as a tb cipher For reference a single round of AES is the following composition of functions: σ k ρ π λ Recall, our definition of tb cipher had three components: A bricklayer transformation. A mixing layer.
36 AES as a tb cipher AES as a tb cipher For reference a single round of AES is the following composition of functions: σ k ρ π λ Recall, our definition of tb cipher had three components: A bricklayer transformation. A mixing layer. A surjective key schedule.
37 AES as a tb cipher SubBytes, λ a 0 a 1 a 2 a 3 a 0 a 1 a 2 a 3 a 4 a 5 a 6 a 7 a 4 a 5 a 6 a 7 a 8 a 9 a 10 a 11 a 8 a 9 a 10 a 11 a 12 a 13 a 14 a 15 a 12 a 13 a 14 a 15 a i Aa 1 i + B
38 AES as a tb cipher ShiftRows, π a 0 a 1 a 2 a 3 shift c 0 a 0 a 1 a 2 a 3 a 4 a 5 a 6 a 7 shift c 1 a 7 a 4 a 5 a 6 a 8 a 9 a 10 a 11 shift c 2 a 10 a 11 a 8 a 9 a 12 a 13 a 14 a 15 a 13 a 14 a 15 shift c 3 a 12
39 AES as a tb cipher MixColumns, ρ c 0 c 1 c 2 c 3 a 0 a 1 a 2 a 3 a 0 a 1 a 2 a 3 c 1 c 2 c 2 c 3 c 3 c 0 c 0 c 1 a 4 a 5 a 6 a 7 = a 8 a 9 a 10 a 11 a 4 a 8 a 5 a 9 a 6 a 10 a 7 a 11 c 3 c 0 c 1 c 2 a 12 a 13 a 14 a 15 a 12 a 13 a 14 a 15
40 AES as a tb cipher AddRoundKey, σ k a 15 a 11 a 7 a 3 k 0 k 1 k 2 k 3 a 0 a 1 a 2 a 3 a 14 a 13 a 10 a 9 a 6 a 5 a 2 a 1 k 4 k 5 k 6 k 7 = k 8 k 9 k 10 k 11 a 4 a 8 a 5 a 9 a 6 a 10 a 7 a 11 a 12 a 8 a 4 a 0 a 12 a 13 a 14 k 12 k 13 k 14 k 15 a 15
41 Proper Mixing Layer Proper Mixing Layer Definition A linear map ψ is a proper mixing layer if it leaves no nontrivial, nonzero subspace W of V invariant, where W = i I V i, V = M m,n (GF(p r )) = V 1 V mn, and I {1,..., mn}.
42 Proper Mixing Layer ShiftRows Conditions Theorem The composition ρ π is a proper mixing layer if and only if ρ properly mixes columns and for all k (1,..., n 1), there exists some c i such that j a c a + + j b c b n k for j i N.
43 Proper Mixing Layer MixColumns Conditions Theorem Let C M m,m GF (p r ) be a circulant matrix with first row [c 1, c 2,..., c m ] such that the only nonzero terms are indexed c i+1 for i I = {α 1, α 2,..., α k }. Then C is a proper mixing matrix if and only if < I >= Z m.
44 Proper Mixing Layer MixColumns Conditions Theorem Let C M m,m GF (p r ) be a circulant matrix with first row [c 1, c 2,..., c m ] such that the only nonzero terms are indexed c i+1 for i I = {α 1, α 2,..., α k }. Then C is a proper mixing matrix if and only if < I >= Z m. Example Example on Board
45 Non-Surjective Key Schedule Non-Surjective Key Schedules Instead of surjectivity, we actually need T (V ) T s [k] : k K. Theorem If the key mapping function is onto a set of generators and the zero key, then T (V ) T s [k] : k K. Conjecture If T s [k] is a generlized AES cipher with a proper mixing layer than the converse holds.
46 Implications and future work Analyze existing hash functions based on AES.
47 Implications and future work Analyze existing hash functions based on AES. Construct future ciphers over more complicated fields.
48 Implications and future work Analyze existing hash functions based on AES. Construct future ciphers over more complicated fields. Prove the Non-surjectivity conjecture.
49 Implications and future work Analyze existing hash functions based on AES. Construct future ciphers over more complicated fields. Prove the Non-surjectivity conjecture. Analyze the effects of using a Mixing Matrix with zero entries.
50 Implications and future work Analyze existing hash functions based on AES. Construct future ciphers over more complicated fields. Prove the Non-surjectivity conjecture. Analyze the effects of using a Mixing Matrix with zero entries. Analyze the effects of using a key schedule surjective onto generators.
51 Acknowledgements Boise State University and NSF DMS
52 References R. Aragona, A. Caranti, F. Dalla Volta, and M. Sala, On the group generated by the round functions of translation based ciphers over arbitrary finite fields, Finite Fields and Their Applications, Vol , (2014). L. Babinkostova, K. Bombardier, M. Cole, T. Morrell, and C. Scott, Algebraic Structure of generalized Rijndael-like SP networks, Groups Complexity Cryptology, Vol. 6 Issue , (2014) R. Sparr, R. Wernsdorf, Group Theoretic Properties of Rijndael-like Ciphers, Discrete Applied Mathematics, 156(16): (2008)
REU 2015: Complexity Across Disciplines. Introduction to Cryptography
REU 2015: Complexity Across Disciplines Introduction to Cryptography Iterated Block Ciphers Definition Let KS : K K s be a function that produces a set of subkeys k i K, 1 i s from any key k K. A block
More informationREU 2015: Complexity Across Disciplines. Introduction to Cryptography
REU 2015: Complexity Across Disciplines Introduction to Cryptography Symmetric Key Cryptosystems Iterated Block Ciphers Definition Let KS : K K s be a function that produces a set of subkeys k i K, 1 i
More informationarxiv: v2 [math.gr] 3 Oct 2018
On Hidden Sums Compatible with A Given Block Cipher Diffusion Layer Carlo Brunetta a, Marco Calderini b,, Massimiliano Sala a arxiv:1702.08384v2 [math.gr] 3 Oct 2018 a Department of Mathematics, University
More informationOutline. 1 Arithmetic on Bytes and 4-Byte Vectors. 2 The Rijndael Algorithm. 3 AES Key Schedule and Decryption. 4 Strengths and Weaknesses of Rijndael
Outline CPSC 418/MATH 318 Introduction to Cryptography Advanced Encryption Standard Renate Scheidler Department of Mathematics & Statistics Department of Computer Science University of Calgary Based in
More informationLow Complexity Differential Cryptanalysis and Fault Analysis of AES
Low Complexity Differential Cryptanalysis and Fault Analysis of AES Michael Tunstall May/June, 2011 Michael Tunstall (University of Bristol) May/June, 2011 1 / 34 Introduction We present a survey of low
More informationExtended Criterion for Absence of Fixed Points
Extended Criterion for Absence of Fixed Points Oleksandr Kazymyrov, Valentyna Kazymyrova Abstract One of the criteria for substitutions used in block ciphers is the absence of fixed points. In this paper
More informationTHE UNIVERSITY OF CALGARY FACULTY OF SCIENCE DEPARTMENT OF COMPUTER SCIENCE DEPARTMENT OF MATHEMATICS & STATISTICS MIDTERM EXAMINATION 1 FALL 2018
THE UNIVERSITY OF CALGARY FACULTY OF SCIENCE DEPARTMENT OF COMPUTER SCIENCE DEPARTMENT OF MATHEMATICS & STATISTICS MIDTERM EXAMINATION 1 FALL 2018 CPSC 418/MATH 318 L01 October 17, 2018 Time: 50 minutes
More informationTable Of Contents. ! 1. Introduction to AES
1 Table Of Contents! 1. Introduction to AES! 2. Design Principles behind AES Linear Cryptanalysis Differential Cryptanalysis Square Attack Biclique Attack! 3. Quantum Cryptanalysis of AES Applying Grover
More informationIntroduction on Block cipher Yoyo Game Application on AES Conclusion. Yoyo Game with AES. Navid Ghaedi Bardeh. University of Bergen.
Yoyo Game with AES Navid Ghaedi Bardeh University of Bergen May 8, 2018 1 / 33 Outline 1 Introduction on Block cipher 2 Yoyo Game 3 Application on AES 4 Conclusion 2 / 33 Classical Model of Symmetric Cryptography
More informationImproved Impossible Differential Cryptanalysis of Rijndael and Crypton
Improved Impossible Differential Cryptanalysis of Rijndael and Crypton Jung Hee Cheon 1, MunJu Kim 2, Kwangjo Kim 1, Jung-Yeun Lee 1, and SungWoo Kang 3 1 IRIS, Information and Communications University,
More informationA Weak Cipher that Generates the Symmetric Group
A Weak Cipher that Generates the Symmetric Group Sean Murphy Kenneth Paterson Peter Wild Information Security Group, Royal Holloway and Bedford New College, University of London, Egham, Surrey TW20 0EX,
More informationDifferential Attacks: Using Alternative Operations
Differential Attacks: Using Alternative Operations Céline Blondeau 1, Roberto Civino 2, and Massimiliano Sala 2 1 Aalto University, School of Science, Finland celine.blondeau@aalto.fi 2 University of Trento,
More informationA Polynomial Description of the Rijndael Advanced Encryption Standard
A Polynomial Description of the Rijndael Advanced Encryption Standard arxiv:cs/0205002v1 [cs.cr] 2 May 2002 Joachim Rosenthal Department of Mathematics University of Notre Dame Notre Dame, Indiana 46556,
More informationarxiv: v1 [math.gr] 2 Feb 2017
Elementary abelian regular subgroups as hidden sums for cryptographic trapdoors M. Calderini a, M. Sala a a Department of Mathematics, University of Trento, Via Sommarive 4, 800 Povo (Trento), Italy arxiv:702.0058v
More informationOn Boolean functions, symmetric cryptography and algebraic coding theory
University of Trento Department of Mathematics Ph.D. in Mathematics XXVII Cycle On Boolean functions, symmetric cryptography and algebraic coding theory Marco Calderini Supervisor: Prof. Massimiliano Sala
More informationThe XL and XSL attacks on Baby Rijndael. Elizabeth Kleiman. A thesis submitted to the graduate faculty
The XL and XSL attacks on Baby Rijndael by Elizabeth Kleiman A thesis submitted to the graduate faculty in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE Major: Mathematics
More informationSymmetric key cryptography over non-binary algebraic structures
Symmetric key cryptography over non-binary algebraic structures Kameryn J Williams Boise State University 26 June 2012 AAAS Pacific Conference 24-27 June 2012 Acknowledgments These results are due to collaboration
More informationFamily Feud Review. Linear Algebra. October 22, 2013
Review Linear Algebra October 22, 2013 Question 1 Let A and B be matrices. If AB is a 4 7 matrix, then determine the dimensions of A and B if A has 19 columns. Answer 1 Answer A is a 4 19 matrix, while
More informationUNDERSTANDING THE COST OF GROVER'S ALGORITHM FOR FINDING A SECRET KEY
UNDERSTANDING THE COST OF GROVER'S ALGORITHM FOR FINDING A SECRET KEY Rainer Steinwandt 1,2 Florida Atlantic University, USA (joint work w/ B. Amento, M. Grassl, B. Langenberg 2, M. Roetteler) 1 supported
More information(Solution to Odd-Numbered Problems) Number of rounds. rounds
CHAPTER 7 AES (Solution to Odd-Numbered Problems) Review Questions. The criteria defined by NIST for selecting AES fall into three areas: security, cost, and implementation. 3. The number of round keys
More informationThe Advanced Encryption Standard
Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 48 The Advanced Encryption Standard Successor of DES DES considered insecure; 3DES considered too slow. NIST competition in 1997 15
More informationStructural Cryptanalysis of SASAS
tructural Cryptanalysis of AA Alex Biryukov and Adi hamir Computer cience department The Weizmann Institute Rehovot 76100, Israel. Abstract. In this paper we consider the security of block ciphers which
More informationA Five-Round Algebraic Property of the Advanced Encryption Standard
A Five-Round Algebraic Property of the Advanced Encryption Standard Jianyong Huang, Jennifer Seberry and Willy Susilo Centre for Computer and Information Security Research (CCI) School of Computer Science
More informationSymmetric Crypto Systems
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Symmetric Crypto Systems EECE 412 Copyright 2004-2008 Konstantin Beznosov 09/16/08 Module Outline Stream ciphers under the hood Block ciphers
More informationLemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).
1 Background 1.1 The group of units MAT 3343, APPLIED ALGEBRA, FALL 2003 Handout 3: The RSA Cryptosystem Peter Selinger Let (R, +, ) be a ring. Then R forms an abelian group under addition. R does not
More informationAffine equivalence in the AES round function
Discrete Applied Mathematics 148 (2005) 161 170 www.elsevier.com/locate/dam Affine equivalence in the AES round function A.M. Youssef a, S.E. Tavares b a Concordia Institute for Information Systems Engineering,
More informationStructural Evaluation by Generalized Integral Property
Structural Evaluation by Generalized Integral Property Yosue Todo NTT Secure Platform Laboratories, Toyo, Japan todo.yosue@lab.ntt.co.jp Abstract. In this paper, we show structural cryptanalyses against
More informationSecret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General considerations for cipher design:
Secret Key Systems (block encoding) Encrypting a small block of text (say 64 bits) General considerations for cipher design: Secret Key Systems Encrypting a small block of text (say 64 bits) General considerations
More informationBlock ciphers. Block ciphers. Data Encryption Standard (DES) DES: encryption circuit
Block ciphers Block ciphers Myrto Arapinis School o Inormatics University o Edinburgh January 22, 2015 A block cipher with parameters k and l is a pair o deterministic algorithms (E, D) such that Encryption
More informationSubspace Trail Cryptanalysis and its Applications to AES
Subspace Trail Cryptanalysis and its Applications to AES Lorenzo Grassi 1, Christian Rechberger 1,3 and Sondre Rønjom 2,4 1 IAIK, Graz University of Technology, Austria 2 Nasjonal sikkerhetsmyndighet,
More informationInside Keccak. Guido Bertoni 1 Joan Daemen 1 Michaël Peeters 2 Gilles Van Assche 1. Keccak & SHA-3 Day Université Libre de Bruxelles March 27, 2013
Inside Keccak Guido Bertoni 1 Joan Daemen 1 Michaël Peeters 2 Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Keccak & SHA-3 Day Université Libre de Bruxelles March 27, 2013 1 / 49 Outline
More informationEssential Algebraic Structure Within the AES
Essential Algebraic Structure Within the AES Sean Murphy and Matthew J.B. Robshaw Information Security Group, Royal Holloway, University of London, Egham, Surrey, TW20 0EX, U.K. s.murphy@rhul.ac.uk m.robshaw@rhul.ac.uk
More informationLOOKING INSIDE AES AND BES
23 LOOKING INSIDE AES AND BES Ilia Toli, Alberto Zanoni Università degli Studi di Pisa Dipartimento di Matematica Leonida Tonelli Via F. Buonarroti 2, 56127 Pisa, Italy {toli, zanoni}@posso.dm.unipi.it
More informationRank 3 Latin square designs
Rank 3 Latin square designs Alice Devillers Université Libre de Bruxelles Département de Mathématiques - C.P.216 Boulevard du Triomphe B-1050 Brussels, Belgium adevil@ulb.ac.be and J.I. Hall Department
More informationAccelerating AES Using Instruction Set Extensions for Elliptic Curve Cryptography. Stefan Tillich, Johann Großschädl
Accelerating AES Using Instruction Set Extensions for Elliptic Curve Cryptography International Workshop on Information Security & Hiding (ISH '05) Institute for Applied Information Processing and Communications
More informationSome integral properties of Rijndael, Grøstl-512 and LANE-256
Some integral properties of Rijndael, Grøstl-512 and LANE-256 Marine Minier 1, Raphael C.-W. Phan 2, and Benjamin Pousse 3 1 Universit de Lyon, INRIA, INSA-Lyon, CITI, 2 Electronic & Electrical Engineering,
More informationThe Outer Automorphism of S 6
Meena Jagadeesan 1 Karthik Karnik 2 Mentor: Akhil Mathew 1 Phillips Exeter Academy 2 Massachusetts Academy of Math and Science PRIMES Conference, May 2016 What is a Group? A group G is a set of elements
More informationFinite Fields and Symmetric Cryptography. Andrea Caranti
Finite Fields and Symmetric Cryptography Andrea Caranti Dipartimento di Matematica, Università degli Studi di Trento, via Sommarive 14, I-38050 Povo (Trento), Italy E-mail address: caranti@science.unitn.it
More informationIntroduction to Modern Cryptography. (1) Finite Groups, Rings and Fields. (2) AES - Advanced Encryption Standard
Introduction to Modern Cryptography Lecture 3 (1) Finite Groups, Rings and Fields (2) AES - Advanced Encryption Standard +,0, and -a are only notations! Review - Groups Def (group): A set G with a binary
More informationAn Analytical Approach to S-Box Generation
An Analytical Approach to Generation K. J. Jegadish Kumar 1, K. Hariprakash 2, A.Karunakaran 3 1 (Department of ECE, SSNCE, India) 2 (Department of ECE, SSNCE, India) 3 (Department of ECE, SSNCE, India)
More informationApplications of Finite Sets Jeremy Knight Final Oral Exam Texas A&M University March 29 th 2012
Finite Fields and Cryptography Applications of Finite Sets Jeremy Knight Final Oral Exam Texas A&M University March 29 th 2012 A field is a set that 1. is associative, commutative, and distributive for
More informationSymmetric Crypto Systems
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Symmetric Crypto Systems EECE 412 Copyright 2004-2012 Konstantin Beznosov 1 Module Outline! Stream ciphers under the hood Block ciphers under
More informationA SIMPLIFIED RIJNDAEL ALGORITHM AND ITS LINEAR AND DIFFERENTIAL CRYPTANALYSES
A SIMPLIFIED RIJNDAEL ALGORITHM AND ITS LINEAR AND DIFFERENTIAL CRYPTANALYSES MOHAMMAD MUSA, EDWARD F SCHAEFER, AND STEPHEN WEDIG Abstract In this paper, we describe a simplified version of the Rijndael
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 9: Encryption modes. AES
CS355: Cryptography Lecture 9: Encryption modes. AES Encryption modes: ECB } Message is broken into independent blocks of block_size bits; } Electronic Code Book (ECB): each block encrypted separately.
More informationPacific Journal of Mathematics
Pacific Journal of Mathematics PICARD VESSIOT EXTENSIONS WITH SPECIFIED GALOIS GROUP TED CHINBURG, LOURDES JUAN AND ANDY R. MAGID Volume 243 No. 2 December 2009 PACIFIC JOURNAL OF MATHEMATICS Vol. 243,
More informationMATH3302 Cryptography Problem Set 2
MATH3302 Cryptography Problem Set 2 These questions are based on the material in Section 4: Shannon s Theory, Section 5: Modern Cryptography, Section 6: The Data Encryption Standard, Section 7: International
More informationProperties of Linear Transformations from R n to R m
Properties of Linear Transformations from R n to R m MATH 322, Linear Algebra I J. Robert Buchanan Department of Mathematics Spring 2015 Topic Overview Relationship between the properties of a matrix transformation
More information0 Sets and Induction. Sets
0 Sets and Induction Sets A set is an unordered collection of objects, called elements or members of the set. A set is said to contain its elements. We write a A to denote that a is an element of the set
More informationAkelarre. Akelarre 1
Akelarre Akelarre 1 Akelarre Block cipher Combines features of 2 strong ciphers o IDEA mixed mode arithmetic o RC5 keyed rotations Goal is a more efficient strong cipher Proposed in 1996, broken within
More informationInvariant Subspace Attack Against Midori64 and The Resistance Criteria for S-box Designs
Invariant Subspace Attack Against Midori64 and The Resistance Criteria for S-box Designs Jian Guo 1, Jeremy Jean 2, Ivica Nikolić 1, Kexin Qiao 3, Yu Sasaki 4, and Siang Meng Sim 1 1. Nanyang Technological
More informationSubspace Trail Cryptanalysis and its Applications to AES
Subspace Trail Cryptanalysis and its Applications to AES Lorenzo Grassi, Christian Rechberger and Sondre Rønjom March, 2017 1 / 28 Introduction In the case of AES, several alternative representations (algebraic
More informationLightweight Multiplication in GF (2 n ) with Applications to MDS Matrices
Lightweight Multiplication in GF (2 n ) with Applications to MDS Matrices Christof Beierle, Thorsten Kranz, and Gregor Leander Horst Görtz Institute for IT Security, Ruhr-Universität Bochum, Germany {christof.beierle,
More informationSection 10: Counting the Elements of a Finite Group
Section 10: Counting the Elements of a Finite Group Let G be a group and H a subgroup. Because the right cosets are the family of equivalence classes with respect to an equivalence relation on G, it follows
More informationAttacks on Hash Functions based on Generalized Feistel Application to Reduced-Round Lesamnta and SHAvite-3 512
Attacks on Hash Functions based on Generalized Feistel Application to Reduced-Round Lesamnta and SHAvite-3 512 Charles Bouillaguet 1, Orr Dunkelman 2, Gaëtan Leurent 1, and Pierre-Alain Fouque 1 1 Département
More informationRoyal Holloway University of London
Projective Aspects of the AES Inversion Wen-Ai Jackson and Sean Murphy Technical Report RHUL MA 2006 4 25 November 2005 Royal Holloway University of London Department of Mathematics Royal Holloway, University
More informationChapter 1. Vectors, Matrices, and Linear Spaces
1.6 Homogeneous Systems, Subspaces and Bases 1 Chapter 1. Vectors, Matrices, and Linear Spaces 1.6. Homogeneous Systems, Subspaces and Bases Note. In this section we explore the structure of the solution
More informationBlock Ciphers and Feistel cipher
introduction Lecture (07) Block Ciphers and cipher Dr. Ahmed M. ElShafee Modern block ciphers are widely used to provide encryption of quantities of information, and/or a cryptographic checksum to ensure
More informationSome results on the existence of t-all-or-nothing transforms over arbitrary alphabets
Some results on the existence of t-all-or-nothing transforms over arbitrary alphabets Navid Nasr Esfahani, Ian Goldberg and Douglas R. Stinson David R. Cheriton School of Computer Science University of
More informationMath 210A: Algebra, Homework 6
Math 210A: Algebra, Homework 6 Ian Coley November 13, 2013 Problem 1 For every two nonzero integers n and m construct an exact sequence For which n and m is the sequence split? 0 Z/nZ Z/mnZ Z/mZ 0 Let
More informationSome attacks against block ciphers
Some attacks against block ciphers hristina Boura École de printemps en codage et cryptographie May 19, 2016 1 / 59 Last-round attacks Outline 1 Last-round attacks 2 Higher-order differential attacks 3
More informationMath 250A, Fall 2004 Problems due October 5, 2004 The problems this week were from Lang s Algebra, Chapter I.
Math 250A, Fall 2004 Problems due October 5, 2004 The problems this week were from Lang s Algebra, Chapter I. 24. We basically know already that groups of order p 2 are abelian. Indeed, p-groups have non-trivial
More informationMA441: Algebraic Structures I. Lecture 18
MA441: Algebraic Structures I Lecture 18 5 November 2003 1 Review from Lecture 17: Theorem 6.5: Aut(Z/nZ) U(n) For every positive integer n, Aut(Z/nZ) is isomorphic to U(n). The proof used the map T :
More informationAn Additive Characterization of Fibers of Characters on F p
An Additive Characterization of Fibers of Characters on F p Chris Monico Texas Tech University Lubbock, TX c.monico@ttu.edu Michele Elia Politecnico di Torino Torino, Italy elia@polito.it January 30, 2009
More informationDifferential-Linear Cryptanalysis of Serpent
Differential-Linear Cryptanalysis of Serpent Eli Biham, 1 Orr Dunkelman, 1 Nathan Keller 2 1 Computer Science Department, Technion. Haifa 32000, Israel {biham,orrd}@cs.technion.ac.il 2 Mathematics Department,
More informationREPRESENTATION THEORY OF S n
REPRESENTATION THEORY OF S n EVAN JENKINS Abstract. These are notes from three lectures given in MATH 26700, Introduction to Representation Theory of Finite Groups, at the University of Chicago in November
More informationL(C G (x) 0 ) c g (x). Proof. Recall C G (x) = {g G xgx 1 = g} and c g (x) = {X g Ad xx = X}. In general, it is obvious that
ALGEBRAIC GROUPS 61 5. Root systems and semisimple Lie algebras 5.1. Characteristic 0 theory. Assume in this subsection that chark = 0. Let me recall a couple of definitions made earlier: G is called reductive
More informationGRE Subject test preparation Spring 2016 Topic: Abstract Algebra, Linear Algebra, Number Theory.
GRE Subject test preparation Spring 2016 Topic: Abstract Algebra, Linear Algebra, Number Theory. Linear Algebra Standard matrix manipulation to compute the kernel, intersection of subspaces, column spaces,
More informationHomework #5 Solutions
Homework #5 Solutions p 83, #16. In order to find a chain a 1 a 2 a n of subgroups of Z 240 with n as large as possible, we start at the top with a n = 1 so that a n = Z 240. In general, given a i we will
More informationEXAM 3 MAT 423 Modern Algebra I Fall c d a + c (b + d) d c ad + bc ac bd
EXAM 3 MAT 23 Modern Algebra I Fall 201 Name: Section: I All answers must include either supporting work or an explanation of your reasoning. MPORTANT: These elements are considered main part of the answer
More informationFirst-Order DPA Attack Against AES in Counter Mode w/ Unknown Counter. DPA Attack, typical structure
Josh Jaffe CHES 2007 Cryptography Research, Inc. www.cryptography.com 575 Market St., 21 st Floor, San Francisco, CA 94105 1998-2007 Cryptography Research, Inc. Protected under issued and/or pending US
More informationDifferential Fault Analysis of AES using a Single Multiple-Byte Fault
Differential Fault Analysis of AES using a Single Multiple-Byte Fault Subidh Ali 1, Debdeep Mukhopadhyay 1, and Michael Tunstall 2 1 Department of Computer Sc. and Engg, IIT Kharagpur, West Bengal, India.
More informationDickson Polynomials that are Involutions
Dickson Polynomials that are Involutions Pascale Charpin Sihem Mesnager Sumanta Sarkar May 6, 2015 Abstract Dickson polynomials which are permutations are interesting combinatorial objects and well studied.
More informationMath 121 Homework 5: Notes on Selected Problems
Math 121 Homework 5: Notes on Selected Problems 12.1.2. Let M be a module over the integral domain R. (a) Assume that M has rank n and that x 1,..., x n is any maximal set of linearly independent elements
More informationDifferential Fault Analysis on A.E.S.
Differential Fault Analysis on A.E.S. P. Dusart, G. Letourneux, O. Vivolo 01/10/2002 Abstract We explain how a differential fault analysis (DFA) works on AES 128, 192 or 256 bits. Contents 1 Introduction
More informationDetermine whether the following system has a trivial solution or non-trivial solution:
Practice Questions Lecture # 7 and 8 Question # Determine whether the following system has a trivial solution or non-trivial solution: x x + x x x x x The coefficient matrix is / R, R R R+ R The corresponding
More informationECS 189A Final Cryptography Spring 2011
ECS 127: Cryptography Handout F UC Davis Phillip Rogaway June 9, 2011 ECS 189A Final Cryptography Spring 2011 Hints for success: Good luck on the exam. I don t think it s all that hard (I do believe I
More informationCandidates must show on each answer book the type of calculator used. Only calculators permitted under UEA Regulations may be used.
UNIVERSITY OF EAST ANGLIA School of Mathematics May/June UG Examination 2010 2011 CRYPTOGRAPHY Time allowed: 2 hours Attempt THREE questions. Candidates must show on each answer book the type of calculator
More informationOn Feistel Ciphers Using Optimal Diffusion Mappings Across Multiple Rounds
On Feistel Ciphers Using Optimal Diffusion Mappings Across Multiple Rounds Taizo Shirai 1, and Bart Preneel 2 1 Sony Corporation, Tokyo, Japan taizo.shirai@jp.sony.com 2 ESAT/SCD-COSIC, Katholieke Universiteit
More informationWinter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod. Assignment #2
0368.3049.01 Winter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod Assignment #2 Published Sunday, February 17, 2008 and very slightly revised Feb. 18. Due Tues., March 4, in Rani Hod
More informationFix(g). Orb(x) i=1. O i G. i=1. O i. i=1 x O i. = n G
Math 761 Fall 2015 Homework 4 Drew Armstrong Problem 1 Burnside s Lemma Let X be a G-set and for all g G define the set Fix(g : {x X : g(x x} X (a If G and X are finite, prove that Fix(g Stab(x g G x X
More informationLecture Notes. Advanced Discrete Structures COT S
Lecture Notes Advanced Discrete Structures COT 4115.001 S15 2015-01-22 Recap Two methods for attacking the Vigenère cipher Frequency analysis Dot Product Playfair Cipher Classical Cryptosystems - Section
More informationModern Algebra I. Circle the correct answer; no explanation is required. Each problem in this section counts 5 points.
1 2 3 style total Math 415 Please print your name: Answer Key 1 True/false Circle the correct answer; no explanation is required. Each problem in this section counts 5 points. 1. Every group of order 6
More informationMath 210A: Algebra, Homework 5
Math 210A: Algebra, Homework 5 Ian Coley November 5, 2013 Problem 1. Prove that two elements σ and τ in S n are conjugate if and only if type σ = type τ. Suppose first that σ and τ are cycles. Suppose
More informationSEMIFIELDS ARISING FROM IRREDUCIBLE SEMILINEAR TRANSFORMATIONS
J. Aust. Math. Soc. 85 (28), 333 339 doi:.7/s44678878888 SEMIFIELDS ARISING FROM IRREDUCIBLE SEMILINEAR TRANSFORMATIONS WILLIAM M. KANTOR and ROBERT A. LIEBLER (Received 4 February 28; accepted 7 September
More informationABELIAN HOPF GALOIS STRUCTURES ON PRIME-POWER GALOIS FIELD EXTENSIONS
ABELIAN HOPF GALOIS STRUCTURES ON PRIME-POWER GALOIS FIELD EXTENSIONS S. C. FEATHERSTONHAUGH, A. CARANTI, AND L. N. CHILDS Abstract. The main theorem of this paper is that if (N, +) is a finite abelian
More informationPermutation Groups. John Bamberg, Michael Giudici and Cheryl Praeger. Centre for the Mathematics of Symmetry and Computation
Notation Basics of permutation group theory Arc-transitive graphs Primitivity Normal subgroups of primitive groups Permutation Groups John Bamberg, Michael Giudici and Cheryl Praeger Centre for the Mathematics
More informationElliptic Curve Cryptography and Security of Embedded Devices
Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil Institut de Mathématiques de Bordeaux Inside Secure June 13th, 2012 V. Verneuil - Elliptic Curve Cryptography
More informationSolution of Exercise Sheet 7
saarland Foundations of Cybersecurity (Winter 16/17) Prof. Dr. Michael Backes CISPA / Saarland University university computer science Solution of Exercise Sheet 7 1 Variants of Modes of Operation Let (K,
More informationPermutation Generators Based on Unbalanced Feistel Network: Analysis of the Conditions of Pseudorandomness 1
Permutation Generators Based on Unbalanced Feistel Network: Analysis of the Conditions of Pseudorandomness 1 Kwangsu Lee A Thesis for the Degree of Master of Science Division of Computer Science, Department
More informationKey Difference Invariant Bias in Block Ciphers
Key Difference Invariant Bias in Block Ciphers Andrey Bogdanov, Christina Boura, Vincent Rijmen 2, Meiqin Wang 3, Long Wen 3, Jingyuan Zhao 3 Technical University of Denmark, Denmark 2 KU Leuven ESAT/SCD/COSIC
More informationDivision Property: a New Attack Against Block Ciphers
Division Property: a New Attack Against Block Ciphers Christina Boura (joint on-going work with Anne Canteaut) Séminaire du groupe Algèbre et Géometrie, LMV November 24, 2015 1 / 50 Symmetric-key encryption
More informationMILP-Aided Bit-Based Division Property for Primitives with Non-Bit-Permutation Linear Layers
MILP-Aided Bit-Based Division Property for Primitives with Non-Bit-Permutation Linear Layers Ling Sun 1, Wei Wang 1, Meiqin Wang 1,2 1 Key Laboratory of Cryptologic Technology and Information Security,
More informationMath 594, HW2 - Solutions
Math 594, HW2 - Solutions Gilad Pagi, Feng Zhu February 8, 2015 1 a). It suffices to check that NA is closed under the group operation, and contains identities and inverses: NA is closed under the group
More informationComputational and Algebraic Aspects of the Advanced Encryption Standard
Computational and Algebraic Aspects of the Advanced Encryption Standard Carlos Cid, Sean Murphy and Matthew Robshaw Information Security Group, Royal Holloway, University of London, Egham, Surrey, TW20
More informationTechnion - Computer Science Department - Ph.D. Thesis PHD Cryptanalysis of Ciphers and Protocols. Elad Pinhas Barkan
Cryptanalysis of Ciphers and Protocols Elad Pinhas Barkan Cryptanalysis of Ciphers and Protocols Research Thesis Submitted in partial fulfillment of the Requirements for the Degree of Doctor of Philosophy
More informationSecurity of the AES with a Secret S-box
Security of the AES with a Secret S-box Tyge Tiessen, Lars R Knudsen, Stefan Kölbl, and Martin M Lauridsen {tyti,lrkn,stek,mmeh}@dtudk DTU Compute, Technical University of Denmark, Denmark Abstract How
More informationHardware Design and Analysis of Block Cipher Components
Hardware Design and Analysis of Block Cipher Components Lu Xiao and Howard M. Heys Electrical and Computer Engineering Faculty of Engineering and Applied Science Memorial University of Newfoundland St.
More informationγ γ γ γ(α) ). Then γ (a) γ (a ) ( γ 1
The Correspondence Theorem, which we next prove, shows that the congruence lattice of every homomorphic image of a Σ-algebra is isomorphically embeddable as a special kind of sublattice of the congruence
More informationClassical Cryptography
Classical Cryptography CSG 252 Fall 2006 Riccardo Pucella Goals of Cryptography Alice wants to send message X to Bob Oscar is on the wire, listening to communications Alice and Bob share a key K Alice
More informationA Stochastic Model for Differential Side Channel Cryptanalysis
A Stochastic Model for Differential Side Channel Cryptanalysis Werner Schindler 1, Kerstin Lemke 2, Christof Paar 2 1 Bundesamt für Sicherheit in der Informationstechnik (BSI) 53175 Bonn, Germany 2 Horst
More information