Algebraic Techniques in Differential Cryptanalysis

Abstract. In this paper we propose a new cryptanalytic method against block ciphers, which combines both algebraic and statistical techniques. More specifically, we show how to use algebraic relations arising from differential characteristics to speed up and improve key-recovery differential attacks against block ciphers. To illustrate the new technique, we apply algebraic techniques to mount differential attacks against round reduced variants of Present-128.

C-DIFFERENTIALS AND GENERALIZED CRYPTOGRAPHIC PROPERTIES OF VECTORIAL BOOLEAN AND P-ARY FUNCTIONS

This dissertation investigates a newly defined cryptographic differential, called a c-differential, and its relevance to the nonlinear substitution boxes of modern symmetric block ciphers. We generalize the notions of perfect nonlinearity, bentness, and avalanche characteristics of vectorial Boolean and p-ary functions using the c-derivative and a new autocorrelation function, while capturing the original definitions as special cases (i.e., when c=1). We investigate the c-differential uniformity property of the inverse function over finite fields under several extended affine transformations. We demonstrate that c-differential properties do not hold in general across equivalence classes typically used in Boolean function analysis, and in some cases change significantly under slight perturbations. Thus, choosing certain affine equivalent functions that are easy to implement in hardware or software without checking their c-differential properties could potentially expose an encryption scheme to risk if a c-differential attack method is ever realized. We also extend the c-derivative and c-differential uniformity into higher order, investigate some of their properties, and analyze the behavior of the inverse function's second order c-differential uniformity. Finally, we analyze the substitution boxes of some recognizable ciphers along with certain extended affine equivalent variations and document their performance under c-differential uniformity.Commander, United States NavyApproved for public release. Distribution is unlimited

Partial and Higher Order Differentials and Applications to the DES

In 1994 Lai considered higher order derivatives of discrete functions andintroduced the concept of higher order differentials. We introduce the conceptof partial differentials and present attacks on ciphers presumably secureagainst differential attacks, but vulnerable to attacks using higher order andpartial differentials. Also we examine the DES for partial and higher orderdifferentials and give a differential attack using partial differentials on DESreduced to 6 rounds using only 46 chosen plaintexts with an expected running time of about the time of 3,500 encryptions. Finally it is shown how to find a minimum nonlinear order of a block cipher using higher order differentials

Polytopic Cryptanalysis

Standard differential cryptanalysis uses statistical dependencies between the difference of two plaintexts and the difference of the respective two ciphertexts to attack a cipher. Here we introduce polytopic cryptanalysis which considers interdependencies between larger sets of texts as they traverse through the cipher. We prove that the methodology of standard differential cryptanalysis can unambiguously be extended and transferred to the polytopic case including impossible differentials. We show that impossible polytopic transitions have generic advantages over impossible differentials. To demonstrate the practical relevance of the generalization, we present new low-data attacks on round-reduced DES and AES using impossible polytopic transitions that are able to compete with existing attacks, partially outperforming these

Block Ciphers: Analysis, Design and Applications

In this thesis we study cryptanalysis, applications and design of secret key block ciphers. In particular, the important class of Feistel ciphers is studied, which has a number of rounds, where in each round one applies a cryptographically weak function

Exercice de style

We present the construction and implementation of an 8-bit S-box with a differential and linear branch number of 3. We show an application by designing FLY, a simple block cipher based on bitsliced evaluations of the S-box and bit rotations that targets the same platforms as PRIDE, and which can be seen as a variant of PRESENT with 8-bit S-boxes. It achieves the same performance as PRIDE on 8-bit microcontrollers (in terms of number of instructions per round) while having 1.5 times more equivalent active S-boxes. The S-box also has an efficient implementation with SIMD instructions, a low implementation cost in hardware and it can be masked efficiently thanks to its sparing use of non-linear gates.Cette note présente la construction et l'implémentation d'une boîte S sur 8 bits qui a un branchement linéaire et différentiel de 3.Nous montrons une application en construisant un chiffre par bloc sur 64 bits dont la structure est très simple et est basée sur l'évaluationen tranches (bitsliced) de la boîte S et des rotations sur mots de 8 bits et qui peut être vu comme une variante de PRESENT avec une boîte S de 8 bits. La fonction de tour de ce chiffre peut s'implémenter avec le même nombred'instructions que celle de PRIDE sur micro-controleurs 8-bits, tout en ayant 1,5 fois plus de boîtes S actives (relativement).Cette boîte S peut aussi s'implémenter efficacement avec des instructions SIMD, a un coût faible en matériel etpeut se masquer efficacement grâce au peu de portes non-linéaires nécessaires