6 research outputs found
Conjecturally Superpolynomial Lower Bound for Share Size
Information ratio, which measures the maximum/average share size per shared bit, is a criterion of efficiency of a secret sharing scheme. It is generally believed that there exists a family of access structures such that the information ratio of any secret sharing scheme realizing it is , where the parameter stands for the number of participants. The best known lower bound, due to Csirmaz (1994), is . Closing this gap is a long-standing open problem in cryptology.
In this paper, using a technique called \emph{substitution}, we recursively construct a family of access structures having information ratio , assuming a well-stated information-theoretic conjecture is true. Our conjecture emerges after introducing the notion of \emph{convec set} for an access structure, a subset of -dimensional real space. We prove some topological properties about convec sets and raise several open problems
Quantum Differential and Linear Cryptanalysis
Quantum computers, that may become available one day, would impact many
scientific fields, most notably cryptography since many asymmetric primitives
are insecure against an adversary with quantum capabilities. Cryptographers are
already anticipating this threat by proposing and studying a number of
potentially quantum-safe alternatives for those primitives. On the other hand,
symmetric primitives seem less vulnerable against quantum computing: the main
known applicable result is Grover's algorithm that gives a quadratic speed-up
for exhaustive search.
In this work, we examine more closely the security of symmetric ciphers
against quantum attacks. Since our trust in symmetric ciphers relies mostly on
their ability to resist cryptanalysis techniques, we investigate quantum
cryptanalysis techniques. More specifically, we consider quantum versions of
differential and linear cryptanalysis. We show that it is usually possible to
use quantum computations to obtain a quadratic speed-up for these attack
techniques, but the situation must be nuanced: we don't get a quadratic
speed-up for all variants of the attacks. This allows us to demonstrate the
following non-intuitive result: the best attack in the classical world does not
necessarily lead to the best quantum one. We give some examples of application
on ciphers LAC and KLEIN. We also discuss the important difference between an
adversary that can only perform quantum computations, and an adversary that can
also make quantum queries to a keyed primitive.Comment: 25 page
A New Linear Distinguisher for Four-Round AES
In SACâ14, Biham and Carmeli presented a novel attack on DES, involving
a variation of Partitioning Cryptanalysis. This was further extended in ToSCâ18
by Biham and Perle into the Conditional Linear Cryptanalysis in the context of
Feistel ciphers. In this work, we formalize this cryptanalytic technique for block
ciphers in general and derive several properties. This conditional approximation is
then used to approximate the inv : GF(2^8) â GF(2^8) : x â x^254 function which
forms the only source of non-linearity in the AES. By extending the approximation to
encompass the full AES round function, a linear distinguisher for four-round AES in
the known-plaintext model is constructed; the existence of which is often understood
to be impossible. We furthermore demonstrate a key-recovery attack capable of
extracting 32 bits of information in 4-round AES using 2^125.62 data and time. In
addition to suggesting a new approach to advancing the cryptanalysis of the AES,
this result moreover demonstrates a caveat in the standard interpretation of the
Wide Trail Strategy â the design framework underlying many SPN-based ciphers
published in recent years
Conditional Linear Cryptanalysis â Cryptanalysis of DES with Less Than 242 Complexity
In this paper we introduce a new extension of linear cryptanalysis that may reduce the complexity of attacks by conditioning linear approximations on other linear approximations. We show that the bias of some linear approximations may increase under such conditions, so that after discarding the known plaintexts that do not satisfy the conditions, the bias of the remaining known plaintexts increases. We show that this extension can lead to improvements of attacks, which may require fewer known plaintexts and time of analysis. We present several types of such conditions, including one that is especially useful for the analysis of Feistel ciphers. We exemplify the usage of such conditions for attacks by a careful application of our extension to Matsuiâs attack on the full 16-round DES, which succeeds to reduce the complexity of the best attack on DES to less than 242. We programmed a test implementation of our attack and verified our claimed results with a large number of runs. We also introduce a new type of approximations, to which we call scattered approximations, and discuss its applications