Results 1  10
of
132
Links Between Differential and Linear Cryptanalysis
, 1994
"... Linear cryptanalysis, introduced last year by Matsui, will most certainly openup the way to new attack methods which may be made more efficient when compared or combined with differential cryptanalysis. This report exhibits new relations between linear and differential cryptanalysis and presents ne ..."
Abstract

Cited by 73 (4 self)
 Add to MetaCart
Linear cryptanalysis, introduced last year by Matsui, will most certainly openup the way to new attack methods which may be made more efficient when compared or combined with differential cryptanalysis. This report exhibits new relations between linear and differential cryptanalysis and presents new classes of functions which are optimally resistant to these attacks. In particular, we prove that linearresistant functions, which generally present Bent properties, are differentialresistant as well and thus, present Perfect Nonlinear properties. 1 On leave from D'el'egation G'en'erale de l'Armement Links between differential and linear cryptanalysis 1  I Introduction Matsui has introduced last year a new cryptanalysis method for DESlike cryptosystems [Mat94]. The idea of the method is to approximate the nonlinear Sboxes with linear forms. Beside, the performances of linear cryptanalysis seems next to differential cryptanalysis ones, though a little better. These similitudes s...
Hash Functions Based on Block Ciphers
 Proc. of EUROCRYPT 92
, 1993
"... . Iterated hash functions based on block ciphers are treated. Five attacks on an iterated hash function and on its round function are formulated. The wisdom of strengthening such hash functions by constraining the last block of the message to be hashed is stressed. Schemes for constructing mbit ..."
Abstract

Cited by 62 (7 self)
 Add to MetaCart
(Show Context)
. Iterated hash functions based on block ciphers are treated. Five attacks on an iterated hash function and on its round function are formulated. The wisdom of strengthening such hash functions by constraining the last block of the message to be hashed is stressed. Schemes for constructing mbit and 2mbit hash round functions from mbit block ciphers are studied. A principle is formalized for evaluating the strength of hash round functions, viz., that applying computationally simple #in both directions# invertible transformations to the input and output of a hash round function yields a new hash round function with the same security. By applying this principle, four attacks on three previously proposed 2mbit hash round functions are formulated. Finally, three new hash round functions based on an mbit block cipher with a 2mbit key are proposed. 1 Introduction This paper is intended to provide a rather rounded treatment of hash functions that are obtained by iterati...
Provable Security Against a Differential Attack
 Journal of Cryptology
, 1995
"... . The purpose of this paper is to show that there exist DESlike iterated ciphers, which are provably resistant against differential attacks. The main result on the security of a DESlike cipher with independent round keys is Theorem 1, which gives an upper bound to the probability of sround differe ..."
Abstract

Cited by 34 (2 self)
 Add to MetaCart
(Show Context)
. The purpose of this paper is to show that there exist DESlike iterated ciphers, which are provably resistant against differential attacks. The main result on the security of a DESlike cipher with independent round keys is Theorem 1, which gives an upper bound to the probability of sround differentials, as defined in [4] and this upper bound depends only on the round function of the iterated cipher. Moreover, it is shown that there exist functions such that the probabilities of differentials are less than or equal to 2 3\Gamman , where n is the length of the plaintext block. We also show a prototype of an iterated block cipher, which is compatible with DES and has proven security against differential attacks. Key words. DESlike ciphers, Differential cryptanalysis, Almost perfect nonlinear permutations, Markov Ciphers. 1 Introduction A DESlike cipher is a block cipher based on iterating a function, called F, several times. Each iteration is called a round. The input to each rou...
SubstitutionPermutation Networks Resistant to Differential and Linear Cryptanalysis
 JOURNAL OF CRYPTOLOGY
, 1996
"... In this paper we examine a class of product ciphers referred to as substitutionpermutation networks. We investigate the resistance of these cryptographic networks to two important attacks: differential cryptanalysis and linear cryptanalysis. In particular, we develop upper bounds on the differenti ..."
Abstract

Cited by 30 (10 self)
 Add to MetaCart
In this paper we examine a class of product ciphers referred to as substitutionpermutation networks. We investigate the resistance of these cryptographic networks to two important attacks: differential cryptanalysis and linear cryptanalysis. In particular, we develop upper bounds on the differential characteristic probability and on the probability of a linear approximation as a function of the number of rounds of substitutions. Further, it is shown that using large Sboxes with good diffusion characteristics and replacing the permutation between rounds by an appropriate linear transformation is effective in improving the cipher security in relation to these two attacks.
Searching for the Optimum Correlation Attack
 FSE’94, LNCS 1008
, 1995
"... We present some new ideas on attacking stream ciphers based on regularly clocked shift registers. The nonlinear lter functions used in such systems may leak information if they interact with shifted copies of themselves, and this gives us a systematic way to search for correlations between a keystr ..."
Abstract

Cited by 29 (0 self)
 Add to MetaCart
(Show Context)
We present some new ideas on attacking stream ciphers based on regularly clocked shift registers. The nonlinear lter functions used in such systems may leak information if they interact with shifted copies of themselves, and this gives us a systematic way to search for correlations between a keystream and the underlying shift register sequence.
Symmetric Boolean functions
 IEEE Transactions on Information Theory
, 2004
"... Abstract—We present an extensive study of symmetric Boolean functions, especially of their cryptographic properties. Our main result establishes the link between the periodicity of the simplified value vector of a symmetric Boolean function and its degree. Besides the reduction of the amount of memo ..."
Abstract

Cited by 28 (2 self)
 Add to MetaCart
Abstract—We present an extensive study of symmetric Boolean functions, especially of their cryptographic properties. Our main result establishes the link between the periodicity of the simplified value vector of a symmetric Boolean function and its degree. Besides the reduction of the amount of memory required for representing a symmetric function, this property has some consequences from a cryptographic point of view. For instance, it leads to a new general bound on the order of resiliency of symmetric functions, which improves Siegenthaler’s bound. The propagation characteristics of these functions are also addressed and the algebraic normal forms of all their derivatives are given. We finally detail the characteristics of the symmetric functions of degree at most 7, for any number of variables. Most notably, we determine all balanced symmetric functions of degree less than or equal to 7. Index Terms—Boolean functions, correlation immunity, degree, derivation, propagation criterion, resiliency, symmetric functions. I.
Nonlinearity and Propagation Characteristics of Balanced Boolean Functions
, 1993
"... Three important criteria for cryptographically strong Boolean functions are balance, nonlinearity and the propagation criterion. The main contribution of this paper is to reveal a number of interesting properties of balance and nonlinearity, and to study systematic methods for constructing Boolean f ..."
Abstract

Cited by 27 (17 self)
 Add to MetaCart
(Show Context)
Three important criteria for cryptographically strong Boolean functions are balance, nonlinearity and the propagation criterion. The main contribution of this paper is to reveal a number of interesting properties of balance and nonlinearity, and to study systematic methods for constructing Boolean functions that satisfy some or all of the three criteria. We show that concatenating, splitting, modifying and multiplying (in the sense of Kronecker) sequences can yield balanced Boolean functions with a very high nonlinearity. In particular, we show that balanced Boolean functions obtained by modifying and multiplying sequences achieve a nonlinearity higher than that attainable by any previously known construction method. We also present methods for constructing balanced Boolean functions that are highly nonlinear and satisfy the strict avalanche criterion (SAC). Furthermore we present methods for constructing highly nonlinear balanced Boolean functions satisfying the propagation criterion with respect to all but one or three vectors. A technique is developed to transform the vectors where the propagation criterion is not satisfied in such a way that the functions constructed satisfy the propagation criterion of high degree while preserving the balance and nonlinearity of the functions. The algebraic degrees of functions constructed are also discussed.
Nonlinearly balanced boolean functions and their propagation characteristics
 In Advances in Cryptology  CRYPTO'93
, 1994
"... Abstract. Three of the most important criteria for cryptographically strong Boolean functions are the balancedness, the nonlinearity and the propagation criterion. This paper studies systematic methods for constructing Boolean functions satisfying some or all of the three criteria. We show that conc ..."
Abstract

Cited by 27 (6 self)
 Add to MetaCart
(Show Context)
Abstract. Three of the most important criteria for cryptographically strong Boolean functions are the balancedness, the nonlinearity and the propagation criterion. This paper studies systematic methods for constructing Boolean functions satisfying some or all of the three criteria. We show that concatenating, splitting, modifying and multiplying sequences can yield balanced Boolean functions with a very high nonlinearity. In particular, we show that balanced Boolean functions obtained by modifying and multiplying sequences achieve a nonlinearity higher than that attainable by any previously known construction method. We also present methods for constructing highly nonlinear balanced Boolean functions satisfying the propagation criterion with respect to all but one or three vectors. A technique is developed to transform the vectors where the propagation criterion is not satis ed in such away that the functions constructed satisfy the propagation criterion of high degree while preserving the balancedness and nonlinearity of the functions. The algebraic degrees of functions constructed are also discussed, together with examples illustrating the various constructions. 1
Efficient computation of algebraic immunity for algebraic and fast algebraic attacks
, 2006
"... Abstract. In this paper we propose several efficient algorithms for assessing the resistance of Boolean functions against algebraic and fast algebraic attacks when implemented in LFSRbased stream ciphers. An algorithm is described which permits to compute the algebraic immunity d of a Boolean functi ..."
Abstract

Cited by 24 (10 self)
 Add to MetaCart
Abstract. In this paper we propose several efficient algorithms for assessing the resistance of Boolean functions against algebraic and fast algebraic attacks when implemented in LFSRbased stream ciphers. An algorithm is described which permits to compute the algebraic immunity d of a Boolean function with n variables in O(D 2) operations, for D ≈ � � n, rather d than in O(D 3) operations necessary in all previous algorithms. Our algorithm is based on multivariate polynomial interpolation. For assessing the vulnerability of arbitrary Boolean functions with respect to fast algebraic attacks, an efficient generic algorithm is presented that is not based on interpolation. This algorithm is demonstrated to be particularly efficient for symmetric Boolean functions. As an application it is shown that large classes of symmetric functions are very vulnerable to fast algebraic attacks despite their proven resistance against conventional algebraic attacks.
Propagation Characteristics and CorrelationImmunity of Highly Nonlinear Boolean Functions
 EUROCRYPT 2000, Lecture Notes in Comp. Sci
, 2000
"... Abstract. We investigate the link between the nonlinearity of a Boolean function and its propagation characteristics. We prove that highly nonlinear functions usually have good propagation properties regarding different criteria. Conversely, any Boolean function satisfying the propagation criterion ..."
Abstract

Cited by 24 (7 self)
 Add to MetaCart
(Show Context)
Abstract. We investigate the link between the nonlinearity of a Boolean function and its propagation characteristics. We prove that highly nonlinear functions usually have good propagation properties regarding different criteria. Conversely, any Boolean function satisfying the propagation criterion with respect to a linear subspace of codimension 1 or 2 has a high nonlinearity. We also point out that most highly nonlinear functions with a threevalued Walsh spectrum can be transformed into 1resilient functions. 1