Unique Aspects of Usage of the Quadratic Cryptanalysis Method to the GOST 28147-89 Encryption Algorithm

In this article, issues related to the application of the quadratic cryptanalysis method to the five rounds of GOST 28147-89 encryption algorithm are given. For example, the role of the bit gains in the application of the quadratic cryptanalysis method, which is formed in the operation of addition according to mod232 used in this algorithm is described. In this case, it is shown that the selection of the relevant bits of the incoming plaintext and cipher text to be equal to zero plays an important role in order to obtain an effective result in cryptanalysi

Maiorana-McFarland Functions with High Second-Order Nonlinearity

The second-order nonlinearity, and the best quadratic approximations, of Boolean functions are studied in this paper. We prove that cubic functions within the Maiorana-McFarland class achieve very high second order nonlinearity, which is close to an upper bound that was recently proved by Carlet et al., and much higher than the second order nonlinearity obtained by other known constructions. The structure of the cubic Boolean functions considered allows the efficient computation of (a subset of) their best quadratic approximations

How Far Can We Go Beyond Linear Cryptanalysis?

Several generalizations of linear cryptanalysis have been proposed in the past, as well as very similar attacks in a statistical point of view. In this paper, we define a rigorous general statistical framework which allows to interpret most of these attacks in a simple and unified way. Then, we explicitely construct optimal distinguishers, we evaluate their performance, and we prove that a block cipher immune to classical linear cryptanalysis possesses some resistance to a wide class of generalized versions, but not all. Finally, we derive tools which are necessary to set up more elaborate extensions of linear cryptanalysis, and to generalize the notions of bias, characteristic, and piling-up lemma

Distinguishing Error of Nonlinear Invariant Attacks

Linear cryptanalysis considers correlations between linear input and output combiners for block ciphers and stream ciphers. Daeman and Rijmen (2007) had obtained the distributions of the correlations between linear input and output combiners of uniform random functions and uniform random permutations. Our first contribution is to generalise these results to obtain the distributions of the correlations between arbitrary input and output combiners of uniform random functions and uniform random permutations. Recently, Todo et al. (2018) have proposed nonlinear invariant attacks which consider correlations between nonlinear input and output combiners for a key-alternating block cipher. In its basic form, a nonlinear invariant attack is a distinguishing attack. The second and the main contribution of this paper is to obtain precise expressions for the errors of nonlinear invariant attacks in distinguishing a key-alternating cipher from either a uniform random function or a uniform random permutation

Generalized Nonlinear Invariant Attack and a New Design Criterion for Round Constants

The nonlinear invariant attack was introduced at ASIACRYPT 2016 by Todo et al.. The attack has received extensive attention of cryptographic community due to its practical application on the full-round block ciphers SCREAM, iSCREAM, and Midori64. However, the attack heavily relies on the choice of round constants and it becomes inefficient in the case these constants nonlinearly affect the so-called nonlinear invariants. In this article, to eliminate the impact from the round constants, a generalized nonlinear invariant attack which uses a pair of constants in the input of nonlinear invariants is proposed. The efficiency of this extended framework is practically confirmed by mounting a distinguishing attack on a variant of full-round iSCREAM cipher under a class of 280 weak keys. The considered variant of iSCREAM is however resistant against nonlinear invariant attack of Todo et al.. Furthermore, we investigate the resistance of block ciphers against generalized nonlinear invariant attacks with respect to the choice of round constants in an extended framework. We introduce a useful concept of closed-loop invariants of the substitution box (S-box) and show that the choice of robust round constants is closely related to the existence of linear structure of the closed-loop invariants of the substitution layer. In particular, we demonstrate that the design criteria for the round constants in Beierle et al.’s work at CRYPTO 2017 is not an optimal strategy. The round constants selected using this method may induce certain weaknesses that can be exploited in our generalized nonlinear invariant attack model. This scenario is efficiently demonstrated in the case of a slightly modified variant of the Midori64 block cipher

Nonlinear cryptanalysis of reduced-round Serpent and metaheuristic search for S-box approximations.

We utilise a simulated annealing algorithm to find several nonlinear approximations to various S-boxes which can be used to replace the linear approximations in the outer rounds of existing attacks. We propose three variants of a new nonlinear cryptanalytic algorithm which overcomes the main issues that prevented the use of nonlinear approximations in previous research, and we present the statistical frameworks for calculating the complexity of each version. We present new attacks on 11-round Serpent with better data complexity than any other known-plaintext or chosen-plaintext attack, and with the best overall time complexity for a 256-bit key

Statistical cryptanalysis of block ciphers

Since the development of cryptology in the industrial and academic worlds in the seventies, public knowledge and expertise have grown in a tremendous way, notably because of the increasing, nowadays almost ubiquitous, presence of electronic communication means in our lives. Block ciphers are inevitable building blocks of the security of various electronic systems. Recently, many advances have been published in the field of public-key cryptography, being in the understanding of involved security models or in the mathematical security proofs applied to precise cryptosystems. Unfortunately, this is still not the case in the world of symmetric-key cryptography and the current state of knowledge is far from reaching such a goal. However, block and stream ciphers tend to counterbalance this lack of "provable security" by other advantages, like high data throughput and ease of implementation. In the first part of this thesis, we would like to add a (small) stone to the wall of provable security of block ciphers with the (theoretical and experimental) statistical analysis of the mechanisms behind Matsui's linear cryptanalysis as well as more abstract models of attacks. For this purpose, we consider the underlying problem as a statistical hypothesis testing problem and we make a heavy use of the Neyman-Pearson paradigm. Then, we generalize the concept of linear distinguisher and we discuss the power of such a generalization. Furthermore, we introduce the concept of sequential distinguisher, based on sequential sampling, and of aggregate distinguishers, which allows to build sub-optimal but efficient distinguishers. Finally, we propose new attacks against reduced-round version of the block cipher IDEA. In the second part, we propose the design of a new family of block ciphers named FOX. First, we study the efficiency of optimal diffusive components when implemented on low-cost architectures, and we present several new constructions of MDS matrices; then, we precisely describe FOX and we discuss its security regarding linear and differential cryptanalysis, integral attacks, and algebraic attacks. Finally, various implementation issues are considered