AI helps you reading Science

AI generates interpretation videos

AI extracts and analyses the key points of the paper to generate videos automatically


pub
Go Generating

AI Traceability

AI parses the academic lineage of this thesis


Master Reading Tree
Generate MRT

AI Insight

AI extracts a summary of this paper


Weibo:
For the Sboxes with multiplicative-invariant derivatives or Walsh transform, we can compute a lower bound on MEDP2 and MELP2 independently of the choice of the MDS diffusion layer

On the Behaviors of Affine Equivalent Sboxes Regarding Differential and Linear Attacks.

ADVANCES IN CRYPTOLOGY - EUROCRYPT 2015, PT I, (2015): 45-74

Cited by: 30|Views209
EI

Abstract

This paper investigates the effect of affine transformations of the Sbox on the maximal expected differential probability MEDP and linear potential MELP over two rounds of a substitution-permutation network, when the diffusion layer is linear over the finite field defined by the Sbox alphabet. It is mainly motivated by the fact that the 2...More

Code:

Data:

0
Introduction
  • Cryptographic functions, including the so-called Sboxes, are usually classified up to affine equivalence since many of the relevant cryptographic properties are invariant under affine transformations
  • Both Sboxes S and A2 ◦ S ◦ A1, where A1 and A2 are two affine permutations, have the same algebraic degree, the same non-linearity and the same differential uniformity, which are the usual criteria measuring the resistance of an Sbox against higher-order differential attacks [29,31], linear cryptanalysis [37,44] and differential cryptanalysis [5] respectively.
Highlights
  • Cryptographic functions, including the so-called Sboxes, are usually classified up to affine equivalence since many of the relevant cryptographic properties are invariant under affine transformations
  • We show that, for these families of Sboxes, the two-round MEDP and MELP are two quantities which essentially depend on the Sbox only
  • We study the exact values of the two-round MEDP and MELP for any cipher of the form SPN(m, t, S, M ) where the diffusion layer M is linear over F2m, like in the AES
  • We have shown that, for the Sboxes with multiplicative-invariant derivatives or Walsh transform, we can compute a lower bound on MEDP2 and MELP2 independently of the choice of the MDS diffusion layer
  • We have shown that involutional power permutations are the weakest Sboxes in their equivalence class whatever MDS linear layer is chosen
  • The difficulty comes from the fact that, exactly as for the FSE 2003 bound, applying our upper bound twice successively requires the knowledge of the whole difference table of the superbox
Results
  • Computing the MEDP and MELP for an SPN, even for a small number of rounds, is usually non-trivial.
  • An easier task consists in computing the expected probability of an r-round differential characteristic (i.e., a collection of (r+1) differences), or the expected square correlation of a linear trail (i.e., a collection of (r + 1) linear masks).
  • A simple upper bound on this quantity can be derived from the differential uniformity [39] of the Sbox, and from the differential branch number of the linear layer.
Conclusion
  • The authors have improved the general upper bounds on the two-round MEDP and MELP for a given Sbox over Fm 2 and any F2m -linear diffusion layer with given branch numbers.
  • The authors have shown that, for the Sboxes with multiplicative-invariant derivatives or Walsh transform, the authors can compute a lower bound on MEDP2 and MELP2 independently of the choice of the MDS diffusion layer.
  • This result applies for instance to all Sboxes of the form x → A(xs), as in the AES.
  • The authors' new bound can be combined with (1) only, to get a bound of the 4-round MEDP and MELP
Reference
  • Abdelraheem, M.A., ̊Agren, M., Beelen, P., Leander, G.: On the distribution of linear biases: three instructive examples. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 50–67. Springer, Heidelberg (2012)
    Google ScholarLocate open access versionFindings
  • Barreto, P.S.: Implementation of the SQUARE block cipher. http://www.larc.usp.br/∼pbarreto/sqjava21.zip
    Findings
  • Bending, T.D., Fon-Der-Flaass, D.: Crooked Functions, Bent Functions, and Distance Regular Graphs. Electr. J. Comb. 5 (1998)
    Google ScholarLocate open access versionFindings
  • Bierbrauer, J., Kyureghyan, G.M.: Crooked binomials. Designs, Codes and Cryptography 46(3), 269–301 (2008)
    Google ScholarLocate open access versionFindings
  • Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. Journal of Cryptology, 3–72 (1991)
    Google ScholarLocate open access versionFindings
  • Biryukov, A., De Canniere, C., Braeken, A., Preneel, B.: A toolbox for cryptanalysis: linear and affine equivalence algorithms. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 33–50. Springer, Heidelberg (2003)
    Google ScholarLocate open access versionFindings
  • Blondeau, C., Bogdanov, A., Leander, G.: Bounds in shallows and in miseries. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 204–221. Springer, Heidelberg (2013)
    Google ScholarLocate open access versionFindings
  • Blondeau, C., Nyberg, K.: New links between differential and linear cryptanalysis. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 388–404. Springer, Heidelberg (2013)
    Google ScholarLocate open access versionFindings
  • Borghoff, J., Canteaut, A., Guneysu, T., Kavun, E.B., Knezevic, M., Knudsen, L.R., Leander, G., Nikov, V., Paar, C., Rechberger, C., Rombouts, P., Thomsen, S.S., Yalcın, T.: PRINCE – A low-latency block cipher for pervasive computing applications. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 208–225. Springer, Heidelberg (2012)
    Google ScholarLocate open access versionFindings
  • Borghoff, J., Canteaut, A., Guneysu, T., Kavun, E.B., Knezevic, M., Knudsen, L.R., Leander, G., Nikov, V., Paar, C., Rechberger, C., Rombouts, P., Thomsen, S.S., Yalcin, T.: PRINCE - A Low-latency Block Cipher for Pervasive Computing Applications (Full version). IACR Cryptology ePrint Archive 529 (2012)
    Google ScholarLocate open access versionFindings
  • Brinkmann, M., Leander, G.: On the classification of APN functions up to dimension five. Designs, Codes and Cryptography 49(1–3), 273–288 (2008)
    Google ScholarLocate open access versionFindings
  • Budaghyan, L., Carlet, C., Leander, G.: Two Classes of Quadratic APN Binomials Inequivalent to Power Functions. IEEE Transactions on Information Theory 54(9), 4218–4229 (2008)
    Google ScholarLocate open access versionFindings
  • Canteaut, A., Charpin, P.: Decomposing bent functions. IEEE Transactions on Information Theory 49(8), 2004–2019 (2003)
    Google ScholarLocate open access versionFindings
  • Chun, K., Kim, S., Lee, S., Sung, S.H., Yoon, S.: Differential and linear cryptanalysis for 2-round SPNs. Inf. Process. Lett. 87(5), 277–282 (2003)
    Google ScholarLocate open access versionFindings
  • Daemen, J.: Cipher and hash function design strategies based on linear and differential cryptanalysis. Ph.D. thesis, K.U. Leuven (1995)
    Google ScholarFindings
  • Daemen, J., Knudsen, L.R., Rijmen, V.: The block cipher SQUARE. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–165. Springer, Heidelberg (1997)
    Google ScholarLocate open access versionFindings
  • Daemen, J., Lamberger, M., Pramstaller, N., Rijmen, V., Vercauteren, F.: Computational aspects of the expected differential probability of 4-round AES and AES-like ciphers. Computing 85(1–2), 85–104 (2009)
    Google ScholarLocate open access versionFindings
  • Daemen, J., Rijmen, V.: The wide trail design strategy. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 222–238. Springer, Heidelberg (2001)
    Google ScholarLocate open access versionFindings
  • Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography. Springer (2002)
    Google ScholarLocate open access versionFindings
  • Daemen, J., Rijmen, V.: Understanding two-round differentials in AES. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 78–94. Springer, Heidelberg (2006)
    Google ScholarLocate open access versionFindings
  • Daemen, J., Rijmen, V.: Probability distributions of correlation and differentials in block ciphers. Journal of Mathematical Cryptology 1(3), 221–242 (2007)
    Google ScholarLocate open access versionFindings
  • Daemen, J., Rijmen, V.: New criteria for linear maps in AES-like ciphers. Cryptography and Communications 1(1), 47–69 (2009)
    Google ScholarLocate open access versionFindings
  • Daemen, J., Rijmen, V.: Correlation analysis in GF (2n). In: Advanced Linear Cryptanalysis of Block and Stream Ciphers. Cryptology and information security, pp. 115–131. IOS Press (2011)
    Google ScholarLocate open access versionFindings
  • Gong, Z., Nikova, S., Law, Y.W.: KLEIN: A new family of lightweight block ciphers. In: Juels, A., Paar, C. (eds.) RFIDSec 2011. LNCS, vol. 7055, pp. 1–18.
    Google ScholarLocate open access versionFindings
  • Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.: The LED block cipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 326–341. Springer, Heidelberg (2011)
    Google ScholarLocate open access versionFindings
  • Hong, S.H., Lee, S.-J., Lim, J.-I., Sung, J., Cheon, D.H., Cho, I.: Provable security against differential and linear cryptanalysis for the SPN structure. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 273–283. Springer, Heidelberg (2001)
    Google ScholarLocate open access versionFindings
  • Kavun, E.B., Lauridsen, M.M., Leander, G., Rechberger, C., Schwabe, P., Yalcın, T.: Prøst v1.1. Submission to the CAESAR competition (2014). http://proest.compute.dtu.dk/proestv11.pdf
    Findings
  • Keliher, L., Sui, J.: Exact maximum expected differential and linear probability for two-round Advanced Encryption Standard. IET Information Security 1(2), 53–57 (2007)
    Google ScholarLocate open access versionFindings
  • Knudsen, L.R.: Truncated and higher order differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196–211. Springer, Heidelberg (1995)
    Google ScholarFindings
  • Kyureghyan, G.M.: Crooked maps in F2n. Finite Fields and Their Applications 13(3), 713–726 (2007)
    Google ScholarLocate open access versionFindings
  • Lai, X.: Higher order derivatives and differential cryptanalysis. In: Symposium on Communication, Coding and Cryptography. Kluwer Academic Publishers (1994)
    Google ScholarFindings
  • Lai, X., Massey, J.L., Murphy, S.: Markov ciphers and differential cryptanalysis. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 17–38. Springer, Heidelberg (1991)
    Google ScholarLocate open access versionFindings
  • Leander, G.: On linear hulls, statistical saturation attacks, PRESENT and a cryptanalysis of PUFFIN. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 303–322. Springer, Heidelberg (2011)
    Google ScholarLocate open access versionFindings
  • Leander, G., Poschmann, A.: On the classification of 4 bit S-Boxes. In: Carlet, C., Sunar, B. (eds.) WAIFI 2007. LNCS, vol. 4547, pp. 159–176. Springer, Heidelberg (2007)
    Google ScholarLocate open access versionFindings
  • Lim, C.H., Korkishko, T.: mCrypton – A lightweight block cipher for security of low-cost RFID tags and sensors. In: Song, J.-S., Kwon, T., Yung, M. (eds.) WISA 2005. LNCS, vol. 3786, pp. 243–258. Springer, Heidelberg (2006)
    Google ScholarLocate open access versionFindings
  • MacWilliams, F.J., Sloane, N.J.: The theory of error-correcting codes. NorthHolland (1977)
    Google ScholarFindings
  • Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)
    Google ScholarFindings
  • Murphy, S.: The effectiveness of the linear hull effect. J. Mathematical Cryptology 6(2), 137–147 (2012)
    Google ScholarLocate open access versionFindings
  • Nyberg, K.: Differentially uniform mappings for cryptography. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 55–64. Springer, Heidelberg (1994)
    Google ScholarFindings
  • Nyberg, K.: Linear approximation of block ciphers. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 439–444.
    Google ScholarFindings
  • Park, S., Sung, S.H., Lee, S.-J., Lim, J.-I.: Improving the upper bound on the maximum differential and the maximum linear hull probability for SPN structures and AES. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 247–260. Springer, Heidelberg (2003)
    Google ScholarLocate open access versionFindings
  • Rijmen, V., Daemen, J., Preneel, B., Bosselaers, A., Win, E.D.: The cipher SHARK. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 99–111. Springer, Heidelberg (1996)
    Google ScholarLocate open access versionFindings
  • Saarinen, M.-J.O.: Cryptographic analysis of all 4 × 4-bit S-boxes. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 118–133. Springer, Heidelberg (2012)
    Google ScholarLocate open access versionFindings
  • Tardy-Corfdir, A., Gilbert, H.: A known plaintext attack of FEAL-4 and FEAL-6. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 172–182. Springer, Heidelberg (1992)
    Google ScholarLocate open access versionFindings
  • Zheng, Y., Zhang, X.-M.: Plateaued functions. In: Varadharajan, V., Mu, Y. (eds.) ICICS 1999. LNCS, vol. 1726, pp. 284–300. Springer, Heidelberg (1999)
    Google ScholarLocate open access versionFindings
  • 6. Again, we give a generic version of this proposition which captures both settings.
    Google ScholarFindings
  • 1. Then, we get t
    Google ScholarLocate open access versionFindings
Author
Joëlle Roué
Joëlle Roué
Your rating :
0

 

Tags
Comments
数据免责声明
页面数据均来自互联网公开来源、合作出版商和通过AI技术自动分析结果,我们不对页面数据的有效性、准确性、正确性、可靠性、完整性和及时性做出任何承诺和保证。若有疑问,可以通过电子邮件方式联系我们:report@aminer.cn
小科