Cryptanalysis of Symmetric Cryptographic Primitives

Symmetric key cryptographic primitives are the essential building blocks in modern information security systems. The overall security of such systems is crucially dependent on these mathematical functions, which makes the analysis of symmetric key primitives a goal of critical importance. The security argument for the majority of such primitives in use is only a heuristic one and therefore their respective security evaluation continually remains an open question. In this thesis, we provide cryptanalytic results for several relevant cryptographic hash functions and stream ciphers. First, we provide results concerning two hash functions: HAS-160 and SM3. In particular, we develop a new heuristic for finding compatible differential paths and apply it to the the Korean hash function standard HAS-160. Our heuristic leads to a practical second order collision attack over all of the HAS-160 function steps, which is the first practical-complexity distinguisher on this function. An example of a colliding quartet is provided. In case of SM3, which is a design that builds upon the SHA-2 hash and is published by the Chinese Commercial Cryptography Administration Office for the use in the electronic authentication service system, we study second order collision attacks over reduced-round versions and point out a structural slide-rotational property that exists in the function. Next, we examine the security of the following three stream ciphers: Loiss, SNOW 3G and SNOW 2.0. Loiss stream cipher is designed by Dengguo Feng et al. aiming to be implemented in byte-oriented processors. By exploiting some differential properties of a particular component utilized in the cipher, we provide an attack of a practical complexity on Loiss in the related-key model. As confirmed by our experimental results, our attack recovers 92 bits of the 128-bit key in less than one hour on a PC with 3 GHz Intel Pentium 4 processor. SNOW 3G stream cipher is used in 3rd Generation Partnership Project (3GPP) and the SNOW 2.0 cipher is an ISO/IEC standard (IS 18033-4). For both of these two ciphers, we show that the initialization procedure admits a sliding property, resulting in several sets of related-key pairs. In addition to allowing related-key key recovery attacks against SNOW 2.0 with 256-bit keys, the presented properties reveal non-random behavior of the primitives, yield related-key distinguishers for the two ciphers and question the validity of the security proofs of protocols based on the assumption that these ciphers behave like perfect random functions of the key-IV. Finally, we provide differential fault analysis attacks against two stream ciphers, namely, HC-128 and Rabbit. In this type of attacks, the attacker is assumed to have physical influence over the device that performs the encryption and is able to introduce random faults into the computational process. In case of HC-128, the fault model in which we analyze the cipher is the one in which the attacker is able to fault a random word of the inner state of the cipher but cannot control its exact location nor its new faulted value. Our attack requires about 7968 faults and recovers the complete internal state of HC-128 by solving a set of 32 systems of linear equations over Z2 in 1024 variables. In case of Rabbit stream cipher, the fault model in which the cipher is analyzed is the one in which a random bit of the internal state of the cipher is faulted, however, without control over the location of the injected fault. Our attack requires around 128 − 256 faults, precomputed table of size 2^41.6 bytes and recovers the complete internal state of Rabbit in about 2^38 steps

Loiss: A Byte-Oriented Stream Cipher

This paper presents a byte-oriented stream cipher -- Loiss, which takes a 128-bit initial key and a 128-bit initial vector as inputs, and outputs a key stream of bytes. The algorithm is based on a linear feedback shift register, and uses a structure called BOMM in the filter generator, which has good property on resisting against algebraic attacks, linear distinguishing attacks and fast correlation attacks. In order for BOMM to be balanced, the S-boxes in BOMM must be orthomorphic permutations. To further improve the capability in resisting against those attacks, the S-boxes in BOMM must also possess some good cryptographic properties, for example, high algebraic immunity, high nonlinearity, and so on. However current researches on orthomorphic permutations pay little attention on their cryptographic properties, and we believe that Loiss not only enriches applications of orthomorphic permutations in cryptography, but also motivates the research on a variety of cryptographic properties of orthomorphic permutations

Some properties of the output sequences of combined generator over finite fields

The sequences are an important part of the cryptography and analysis of their properties is of great interest. In this paper, the following characteristics of combined generator are analyzed: period of output sequences and the distribution of elements in the output sequences over finite field

Regular complete permutation polynomials over quadratic extension fields

Let $r\geq 3$ be any positive integer which is relatively prime to $p$ and $q^2\equiv 1 \pmod r$. Let $\tau_1, \tau_2$ be any permutation polynomials over $\mathbb{F}_{q^2},$ $\sigma_M$ is an invertible linear map over $\mathbb{F}_{q^2}$ and $\sigma=\tau_1\circ\sigma_M\circ\tau_2$. In this paper, we prove that, for suitable $\tau_1, \tau_2$ and $\sigma_M$, the map $\sigma$ could be $r$-regular complete permutation polynomials over quadratic extension fields.Comment: 10 pages. arXiv admin note: substantial text overlap with arXiv:2212.1286

Construction of New Families of ‎MDS‎ Diffusion Layers

Diffusion layers are crucial components of symmetric ciphers‎. ‎These components‎, ‎along with suitable Sboxes‎, ‎can make symmetric ciphers resistant against statistical attacks like linear and differential cryptanalysis‎. ‎Conventional ‎‎MDS diffusion layers, which are defined as matrices over finite fields, have been used in symmetric ciphers such as AES‎, ‎Twofish and SNOW‎. ‎In this paper‎, ‎we study linear, linearized and nonlinear MDS diffusion layers‎. We investigate linearized diffusion layers, ‎which are a generalization of conventional diffusion layers‎; t‎hese diffusion layers are used in symmetric ciphers like SMS4‎, ‎Loiss and ZUC‎. W‎e introduce some ‎new ‎families of linearized MDS diffusion layers ‎and as a consequence, ‎we ‎present a‎ ‎method ‎for ‎construction of ‎‎‎‎randomized linear ‎‎‎‎‎diffusion ‎layers over a finite field. Nonlinear MDS diffusion layers are introduced in Klimov\u27s thesis; we investigate nonlinear MDS diffusion layers theoretically, and we present a new family of nonlinear MDS diffusion layers. We show that these nonlinear diffusion layers can be made randomized with a low ‎implementatio‎n cost. An important fact about linearized and nonlinear diffusion layers is that they are more resistant against algebraic attacks in comparison to conventional diffusion layers. A ‎special case of diffusion layers are ‎‎‎(0,1)‎-‎diffusion layers. This type of diffusion layers are used in symmetric ciphers like ARIA‎. ‎W‎e examine (0,1)‎-‎diffusion layers and prove a theorem about them‎. ‎At last‎, ‎we study linearized MDS diffusion layers of symmetric ciphers Loiss, SMS4 and ZUC‎, from the mathematical viewpoint

A method for constructing permutations, involutions and orthomorphisms with strong cryptographic properties

S-Boxes are crucial components in the design of many symmetric ciphers. To construct permutations having strong cryptographic properties is not a trivial task. In this work, we propose a new scheme based on the well-known Lai-Massey structure for generating permutations of dimension n = 2к, к 2. The main cores of our constructions are: the inversion in GF(2k), an arbitrary к-bit non-bijective function (which has no pre-image for 0) and any к-bit permutation. Combining these components with the finite field multiplication, we provide new 8-bit permutations without fixed points possessing a very good combination for nonlinearity, differential uniformity and minimum degree — (104; 6; 7) which can be described by a system of polynomial equations with degree 3. Also, we show that our approach can be used for constructing involutions and orthomorphisms with strong cryptographic properties

A general construction of regular complete permutation polynomials

Let $r\geq 3$ be a positive integer and $\mathbb{F}_q$ the finite field with $q$ elements. In this paper, we consider the $r$-regular complete permutation property of maps with the form $f=\tau\circ\sigma_M\circ\tau^{-1}$ where $\tau$ is a PP over an extension field $\mathbb{F}_{q^d}$ and $\sigma_M$ is an invertible linear map over $\mathbb{F}_{q^d}$. We give a general construction of $r$-regular PPs for any positive integer $r$. When $\tau$ is additive, we give a general construction of $r$-regular CPPs for any positive integer $r$. When $\tau$ is not additive, we give many examples of regular CPPs over the extension fields for $r=3,4,5,6,7$ and for arbitrary odd positive integer $r$. These examples are the generalization of the first class of $r$-regular CPPs constructed by Xu, Zeng and Zhang (Des. Codes Cryptogr. 90, 545-575 (2022)).Comment: 24 page