Results 1  10
of
16
General Principles of Algebraic Attacks and New Design Criteria for Components of Symmetric Ciphers
 in AES 4 Conference, Bonn May 1012 2004, LNCS 3373
, 2005
"... Abstract. This paper is about the design of multivariate public key schemes, as well as block and stream ciphers, in relation to recent attacks that exploit various types of multivariate algebraic relations. We survey these attacks focusing on their common fundamental principles and on how to avoid ..."
Abstract

Cited by 14 (7 self)
 Add to MetaCart
Abstract. This paper is about the design of multivariate public key schemes, as well as block and stream ciphers, in relation to recent attacks that exploit various types of multivariate algebraic relations. We survey these attacks focusing on their common fundamental principles and on how to avoid them. From this we derive new very general design criteria, applicable for very different cryptographic components. These amount to avoiding (if possible) the existence of, in some sense “too simple” algebraic relations. Though many ciphers that do not satisfy this new paradigm probably still remain secure, the design of ciphers will never be the same again. Key Words: algebraic attacks, polynomial relations, multivariate equations, finite fields, design of cryptographic primitives, generalised linear cryptanalysis, multivariate public key encryption and signature schemes, HFE, Quartz, Sflash, stream ciphers, Boolean functions, combiners with memory, block ciphers, AES, Rijndael, Serpent, elimination methods, Gröbner bases. 1
Polynomials in the Nation's Service: Using Algebra to Design the Advanced Encryption Standard
 American Mathematical Monthly
, 2004
"... approaches to Sbox design. Meier and Staffelbach observed that certain nonlinearity properties (in particular, distance of nonlinear functions to affine functions) were preserved under affine transformations [28]. I need some formalism to explain what that means. ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
(Show Context)
approaches to Sbox design. Meier and Staffelbach observed that certain nonlinearity properties (in particular, distance of nonlinear functions to affine functions) were preserved under affine transformations [28]. I need some formalism to explain what that means.
Towards a Unifying View of Block Cipher Cryptanalysis
, 2004
"... We introduce commutative diagram cryptanalysis, a framework for expressing certain kinds of attacks on product ciphers. We show that many familiar attacks, including linear cryptanalysis, differential cryptanalysis, differentiallinear cryptanalysis, mod n attacks, truncated differential cryptan ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
We introduce commutative diagram cryptanalysis, a framework for expressing certain kinds of attacks on product ciphers. We show that many familiar attacks, including linear cryptanalysis, differential cryptanalysis, differentiallinear cryptanalysis, mod n attacks, truncated differential cryptanalysis, impossible differential cryptanalysis, higherorder differential cryptanalysis, and interpolation attacks can be expressed within this framework. Thus, we show that commutative diagram attacks provide a unifying view into the field of block cipher cryptanalysis.
The Inverse Sbox, Nonlinear Polynomial Relations and Cryptanalysis of Block Ciphers
 in AES 4 Conference, Bonn May 1012 2004, LNCS 3373
, 2005
"... Abstract. This paper is motivated by the design of AES. We consider a broader question of cryptanalysis of block ciphers having very good nonlinearity and diffusion. Can we expect anyway, to attacks such ciphers, clearly designed to render hopeless the main classical attacks? Recently a lot of atte ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
(Show Context)
Abstract. This paper is motivated by the design of AES. We consider a broader question of cryptanalysis of block ciphers having very good nonlinearity and diffusion. Can we expect anyway, to attacks such ciphers, clearly designed to render hopeless the main classical attacks? Recently a lot of attention have been drawn to the existence of multivariate algebraic relations for AES (and other) Sboxes. Then, if the XSLtype algebraic attacks on block ciphers [11] are shown to work well, the answer would be positive. In this paper we show that the answer is certainly positive for many other constructions of ciphers. This is not due to an algebraic attack, but to new types of generalised linear cryptanalysis, highlynonlinear in flavour. We present several constructions of somewhat special practical block ciphers, seemingly satisfying all the design criteria of AES and using similar Sboxes, and yet being extremely weak. They can be generalised, and evolve into general attacks that can be applied potentially to any block cipher. Key Words: block ciphers, AES, Rijndael, interpolation attack on block ciphers, fractional transformations, homographic functions, multivariate equations,
Linear cryptanalysis of substitutionpermutation networks
, 2003
"... The subject of this thesis is linear cryptanalysis of substitutionpermutation networks (SPNs). We focus on the rigorous form of linear cryptanalysis, which requires the concept of linear hulls. First, we consider SPNs in which the sboxes are selected independently and uniformly from the set of al ..."
Abstract

Cited by 7 (3 self)
 Add to MetaCart
(Show Context)
The subject of this thesis is linear cryptanalysis of substitutionpermutation networks (SPNs). We focus on the rigorous form of linear cryptanalysis, which requires the concept of linear hulls. First, we consider SPNs in which the sboxes are selected independently and uniformly from the set of all bijective n × n sboxes. We derive an expression for the expected linear probability values of such an SPN, and give evidence that this expression converges to the corresponding value for the true random cipher. This adds quantitative support to the claim that the SPN structure is a good approximation to the true random cipher. We conjecture that this convergence holds for a large class of SPNs. In addition, we derive a lower bound on the probability that an SPN with randomly selected sboxes is practically secure against linear cryptanalysis after a given number of rounds. For common block sizes, experimental evidence indicates that this probability rapidly approaches 1 with an increasing number of rounds.
Cryptographic properties and application of a generalized unbalanced Feistel network structure’,
 ACISP 2009, LNCS,
, 2009
"... Abstract. In this paper, we study GFNLFSR, a Generalized Unbalanced Feistel Network (GUFN) which can be considered as an extension of the outer function F O of the KASUMI block cipher. We prove upper bounds for the differential and linear hull probabilities for any n + 1 rounds of an ncell GFNLF ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
Abstract. In this paper, we study GFNLFSR, a Generalized Unbalanced Feistel Network (GUFN) which can be considered as an extension of the outer function F O of the KASUMI block cipher. We prove upper bounds for the differential and linear hull probabilities for any n + 1 rounds of an ncell GFNLFSR. Besides analyzing security against differential and linear cryptanalysis, we provide a frequency distribution for upper bounds on the true differential and linear hull probabilities. We also demonstrate a (2n − 1)round impossible differential distinguisher and a (3n − 1)round integral attack distinguisher on the ncell GFNLFSR. As an application, we design a new block cipher FourCell based on a 4cell GFNLFSR. We prove the security of FourCell against differential, linear, and boomerang attack. Based on the 7round impossible differential and 11round integral attack distinguisher, we set the number of rounds of FourCell to be 25 for protection against these attacks. Furthermore, FourCell can be shown to be secure against other attacks such as higher order differential attack, cube attack, interpolation attack, XSL attack and slide attack.
E.: Substitutionpermutation networks, pseudorandom functions, and natural proofs
 CRYPTO. Volume 7417 of Lecture Notes in Computer Science
, 2012
"... This paper takes a new step towards closing the troubling gap between pseudorandom functions (PRF) and their popular, boundedinputlength counterparts. This gap is both quantitative, because these counterparts are more efficient than PRF in various ways, and methodological, because these counterpar ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
(Show Context)
This paper takes a new step towards closing the troubling gap between pseudorandom functions (PRF) and their popular, boundedinputlength counterparts. This gap is both quantitative, because these counterparts are more efficient than PRF in various ways, and methodological, because these counterparts usually fit in the substitutionpermutation network paradigm (SPN) which has not been used to construct PRF. We give several candidate PRF Fi that are inspired by the SPN paradigm. This paradigm involves a “substitution function ” (Sbox). Our main candidates are: F1: {0,1} n → {0,1} n is an SPN whose Sbox is a random function on b bits given as part of the seed. We prove unconditionally that F1 resists attacks that run in time ≤ 2 ǫb. Setting b = ω(lgn) we obtain an inefficient PRF, which however seems to be the first such construction using the SPN paradigm. F2: {0,1} n → {0,1} n is an SPN where the Sbox is (patched) field inversion, a common choice in practical constructions. F2 is computable with Boolean circuits of size n · log O(1) n, and in particular with seed length n·log O(1) n. We prove that this candidate has exponential security 2 Ω(n) against linear and differential cryptanalysis. F3: {0,1} n → {0,1} is a nonstandard variant on the SPN paradigm, where “states ” grow in length. F3 is computable with size n 1+ǫ, for any ǫ> 0, in the restricted circuit class TC 0 of unbounded fanin majority circuits of constantdepth. We prove that F3 is almost 3wise independent. F4: {0,1} n → {0,1} uses an extreme setting of the SPN parameters (one round, one Sbox, no diffusion matrix). The Sbox is again (patched) field inversion. We prove that this candidate fools all parity tests that look at ≤ 2 0.9n outputs. Assumingthesecurity of our candidates, our work also narrows the gap between the “Natural Proofs barrier ” [Razborov & Rudich; JCSS ’97] and existing lower bounds, in three models: unboundeddepth circuits, TC 0 circuits, and Turing machines. In particular, the efficiency of the circuits computing F3 is related to a result by Allender and Koucky [JACM ’10] who show that a lower bound for such circuits would imply a lower bound for TC 0.
Genetic algorithm and tabu search attack on the monoalphabetic substitution cipher i adhoc networks
 Journal of Computer Science
, 2007
"... Abstract: With exponential growth of networked system and application such as eCommerce, the demand for effective Internet security is increasing. Cryptology is the science and study of systems for secret communication. In consists of two complementary fields of study: cryptography and cryptanalysi ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
Abstract: With exponential growth of networked system and application such as eCommerce, the demand for effective Internet security is increasing. Cryptology is the science and study of systems for secret communication. In consists of two complementary fields of study: cryptography and cryptanalysis. This study presents a cryptanalysis method based on Genetic Algorithm and Tabu Search to break a MonoAlphabetic Substitution Cipher in Adhoc networks. We have also compared and analyzed the performance of these algorithms in automated attacks on Monoalphabetic Substitution Cipher. The use of Tabu search is largely an unexplored area in the field of Cryptanalysis. A generalized version of these algorithms can be used for attacking other ciphers as well. Key words: Monoalphabetic substitution cipher, genetic algorithm, tabu search, key search
Parallelizing the Camellia and SMS4 Block Ciphers Extended Version
"... Abstract. The ncell GFNLFSR (Generalized FeistelNonLinear Feedback Shift Register) structure [8] is a generalized unbalanced Feistel network that can be considered as a generalization of the outer function FO of the KASUMI block cipher. An advantage of this cipher over other ncell generalized Fe ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
Abstract. The ncell GFNLFSR (Generalized FeistelNonLinear Feedback Shift Register) structure [8] is a generalized unbalanced Feistel network that can be considered as a generalization of the outer function FO of the KASUMI block cipher. An advantage of this cipher over other ncell generalized Feistel networks, e.g. SMS4 [11] and Camellia [5], is that it is parallelizable for up to n rounds. In hardware implementations, the benefits translate to speeding up encryption by up to n times while consuming similar area and significantly less power. At the same time ncell GFNLFSR structures offersimilarproofsofsecurityagainstdifferentialcryptanalysisasconventionalncellFeistelstructures. We also ensure that parallelized versions of Camellia and SMS4 are resistant against other block cipher attacks such as linear, boomerang, integral, impossible differential, higher order differential, interpolation, slide, XSL and relatedkey differential attacks.