On weakly APN functions and 4-bit S-Boxes

S-Boxes are important security components of block ciphers. We provide theoretical results on necessary or sufficient criteria for an (invertible) 4-bit S-Box to be weakly APN. Thanks to a classification of 4-bit invertible S-Boxes achieved independently by De Canni\'ere and Leander-Poschmann, we can strengthen our results with a computer-aided proof

Wave-Shaped Round Functions and Primitive Groups

Round functions used as building blocks for iterated block ciphers, both in the case of Substitution-Permutation Networks and Feistel Networks, are often obtained as the composition of different layers which provide confusion and diffusion, and key additions. The bijectivity of any encryption function, crucial in order to make the decryption possible, is guaranteed by the use of invertible layers or by the Feistel structure. In this work a new family of ciphers, called wave ciphers, is introduced. In wave ciphers, round functions feature wave functions, which are vectorial Boolean functions obtained as the composition of non-invertible layers, where the confusion layer enlarges the message which returns to its original size after the diffusion layer is applied. This is motivated by the fact that relaxing the requirement that all the layers are invertible allows to consider more functions which are optimal with regard to non-linearity. In particular it allows to consider injective APN S-boxes. In order to guarantee efficient decryption we propose to use wave functions in Feistel Networks. With regard to security, the immunity from some group-theoretical attacks is investigated. In particular, it is shown how to avoid that the group generated by the round functions acts imprimitively, which represent a serious flaw for the cipher

Wave-shaped round functions and primitive groups

Round functions used as building blocks for iterated block ciphers, both in the case of Substitution-Permutation Networks (SPN) and Feistel Networks (FN), are often obtained as the composition of different layers. The bijectivity of any encryption function is guaranteed by the use of invertible layers or by the Feistel structure. In this work a new family of ciphers, called wave ciphers, is introduced. In wave ciphers, round functions feature wave functions, which are vectorial Boolean functions obtained as the composition of non-invertible layers, where the confusion layer enlarges the message which returns to its original size after the diffusion layer is applied. Efficient decryption is guaranteed by the use of wave functions in FNs. It is shown how to avoid that the group generated by the round functions acts imprimitively, a serious flaw for the cipher. The primitivity is a consequence of a more general result, which reduce the problem of proving that a given FN generates a primitive group to proving that an SPN, directly related to the given FN, generates a primitive group. Finally, a concrete instance of real-world size wave cipher is proposed as an example, and its resistance against differential and linear cryptanalyses is also established.acceptedVersio

On Boolean functions, symmetric cryptography and algebraic coding theory

In the first part of this thesis we report results about some “linear” trapdoors that can be embedded in a block cipher. In particular we are interested in any block cipher which has invertible S-boxes and that acts as a permutation on the message space, once the key is chosen. The message space is a vector space and we can endow it with alternative operations (hidden sums) for which the structure of vector space is preserved. Each of this operation is related to a different copy of the affine group. So, our block cipher could be affine with respect to one of these hidden sums. We show conditions on the S-box able to prevent a type of trapdoors based on hidden sums, in particular we introduce the notion of Anti-Crooked function. Moreover we shows some properties of the translation groups related to these hidden sums, characterizing those that are generated by affine permutations. In that case we prove that hidden sum trapdoors are practical and we can perform a global reconstruction attack. We also analyze the role of the mixing layer obtaining results suggesting the possibility to have undetectable hidden sum trapdoors using MDS mixing layers. In the second part we take into account the index coding with side information (ICSI) problem. Firstly we investigate the optimal length of a linear index code, that is equal to the min-rank of the hypergraph related to the instance of the ICSI problem. In particular we extend the the so-called Sandwich Property from graphs to hypergraphs and also we give an upper bound on the min-rank of an hypergraph taking advantage of incidence structures such as 2-designs and projective planes. Then we consider the more general case when the side information are coded, the index coding with coded side information (ICCSI) problem. We extend some results on the error correction index codes to the ICCSI problem case and a syndrome decoding algorithm is also given

Some group-theoretical results on Feistel Networks in a long-key scenario

Under embargo until: 2021-07-01The study of the trapdoors that can be hidden in a block cipher is and has always been a high-interest topic in symmetric cryptography. In this paper we focus on Feistel-network-like ciphers in a classical long-key scenario and we investigate some conditions which make such a construction immune to the partition-based attack introduced recently by Bannier et al.acceptedVersio

Towards a deeper understanding of APN functions and related longstanding problems

This dissertation is dedicated to the properties, construction and analysis of APN and AB functions. Being cryptographically optimal, these functions lack any general structure or patterns, which makes their study very challenging. Despite intense work since at least the early 90's, many important questions and conjectures in the area remain open. We present several new results, many of which are directly related to important longstanding open problems; we resolve some of these problems, and make significant progress towards the resolution of others. More concretely, our research concerns the following open problems: i) the maximum algebraic degree of an APN function, and the Hamming distance between APN functions (open since 1998); ii) the classification of APN and AB functions up to CCZ-equivalence (an ongoing problem since the introduction of APN functions, and one of the main directions of research in the area); iii) the extension of the APN binomial $x^3 + \beta x^{36}$ over $F_{2^{10}}$ into an infinite family (open since 2006); iv) the Walsh spectrum of the Dobbertin function (open since 2001); v) the existence of monomial APN functions CCZ-inequivalent to ones from the known families (open since 2001); vi) the problem of efficiently and reliably testing EA- and CCZ-equivalence (ongoing, and open since the introduction of APN functions). In the course of investigating these problems, we obtain i.a. the following results: 1) a new infinite family of APN quadrinomials (which includes the binomial $x^3 + \beta x^{36}$ over $F_{2^{10}}$); 2) two new invariants, one under EA-equivalence, and one under CCZ-equivalence; 3) an efficient and easily parallelizable algorithm for computationally testing EA-equivalence; 4) an efficiently computable lower bound on the Hamming distance between a given APN function and any other APN function; 5) a classification of all quadratic APN polynomials with binary coefficients over $F_{2^n}$ for $n \le 9$; 6) a construction allowing the CCZ-equivalence class of one monomial APN function to be obtained from that of another; 7) a conjecture giving the exact form of the Walsh spectrum of the Dobbertin power functions; 8) a generalization of an infinite family of APN functions to a family of functions with a two-valued differential spectrum, and an example showing that this Gold-like behavior does not occur for infinite families of quadratic APN functions in general; 9) a new class of functions (the so-called partially APN functions) defined by relaxing the definition of the APN property, and several constructions and non-existence results related to them.Doktorgradsavhandlin