9 research outputs found
Mathematical methods in solutions of the problems from the Third International Students' Olympiad in Cryptography
The mathematical problems and their solutions of the Third International
Students' Olympiad in Cryptography NSUCRYPTO'2016 are presented. We consider
mathematical problems related to the construction of algebraic immune vectorial
Boolean functions and big Fermat numbers, problems about secrete sharing
schemes and pseudorandom binary sequences, biometric cryptosystems and the
blockchain technology, etc. Two open problems in mathematical cryptography are
also discussed and a solution for one of them proposed by a participant during
the Olympiad is described. It was the first time in the Olympiad history
The Seventh International Olympiad in Cryptography: problems and solutions
The International Olympiad in Cryptography NSUCRYPTO is the unique Olympiad
containing scientific mathematical problems for professionals, school and
university students from any country. Its aim is to involve young researchers
in solving curious and tough scientific problems of modern cryptography. In
2020, it was held for the seventh time. Prizes and diplomas were awarded to 84
participants in the first round and 49 teams in the second round from 32
countries. In this paper, problems and their solutions of NSUCRYPTO'2020 are
presented. We consider problems related to attacks on ciphers and hash
functions, protocols, permutations, primality tests, etc. We discuss several
open problems on JPEG encoding, Miller -- Rabin primality test, special bases
in the vector space, AES-GCM. The problem of a modified Miller -- Rabin
primality test was solved during the Olympiad. The problem for finding special
bases was partially solved
Problems, solutions and experience of the first international student\u27s Olympiad in cryptography
A detailed overview of the problems, solutions and experience of the
first international student\u27s Olympiad in cryptography,
NSUCRYPTO\u272014, is given. We start with rules of participation and
description of rounds. All 15 problems of the Olympiad and their
solutions are considered in detail. There are discussed solutions of
the mathematical problems related to cipher constructing such as
studying of differential characteristics of S-boxes, S-box masking,
determining of relations between cyclic rotation and additions
modulo and , constructing of special linear subspaces in
; problems about the number of solutions of the
equation over the finite field
and APN functions. Some unsolved problems in symmetric cryptography
are also considered
Simplicity conditions for binary orthogonal arrays
It is known that correlation-immune (CI) Boolean functions used in the
framework of side-channel attacks need to have low Hamming weights. The
supports of CI functions are (equivalently) simple orthogonal arrays when their
elements are written as rows of an array. The minimum Hamming weight of a CI
function is then the same as the minimum number of rows in a simple orthogonal
array. In this paper, we use Rao's Bound to give a sufficient condition on the
number of rows, for a binary orthogonal array (OA) to be simple. We apply this
result for determining the minimum number of rows in all simple binary
orthogonal arrays of strengths 2 and 3; we show that this minimum is the same
in such case as for all OA, and we extend this observation to some OA of
strengths and . This allows us to reply positively, in the case of
strengths 2 and 3, to a question raised by the first author and X. Chen on the
monotonicity of the minimum Hamming weight of 2-CI Boolean functions, and to
partially reply positively to the same question in the case of strengths 4 and
5
Simplicity conditions for binary orthogonal arrays
It is known that correlation-immune (CI) Boolean functions used in the framework of side channel attacks need to have low Hamming weights. The supports of CI functions are (equivalently) simple orthogonal arrays, when their elements are written as rows of an array. The minimum Hamming weight of a CI function is then the same as the minimum number of rows in a simple orthogonal array. In this paper, we use Rao's Bound to give a sufficient condition on the number of rows, for a binary orthogonal array (OA) to be simple. We apply this result for determining the minimum number of rows in all simple binary orthogonal arrays of strengths 2 and 3; we show that this minimum is the same in such case as for all OA, and we extend this observation to some OA of strengths 4 and 5. This allows us to reply positively, in the case of strengths 2 and 3, to a question raised by the first author and X. Chen on the monotonicity of the minimum Hamming weight of 2-CI Boolean functions, and to partially reply positively to the same question in the case of strengths 4 and 5
Π ΠΊΠ»Π°ΡΡΠΈΡΠΈΠΊΠ°ΡΠΈΠΈ n-ΡΠ°Π·Π΄Π΅Π»ΠΈΠΌΡΡ ΡΡΠ½ΠΊΡΠΈΠΉ ΠΌΠ½ΠΎΠ³ΠΈΡ ΠΏΠ΅ΡΠ΅ΠΌΠ΅Π½Π½ΡΡ Π½Π°Π΄ ΠΊΠΎΠ½Π΅ΡΠ½ΡΠΌΠΈ ΠΏΠΎΠ»ΡΠΌΠΈ ΠΈ ΠΎΠ΄Π½ΠΎΠΉ Π·Π°Π΄Π°ΡΠ΅ ΠΎΠ»ΠΈΠΌΠΏΠΈΠ°Π΄Ρ NSUCryptoβ2019
A problem of great importance that arises in designing and implementation of a cryptosystem is countering side channel attacks. Often an appropriate mathematical algorithm, implemented on a specific physical device to work in the physical environment, Β Β becomes vulnerable to such attacks.The βfunction sharingβ technique is a prospective and efficient way to avoid this problem. In the paper we investigate βnon-complete sharingβ of Boolean functions and mappings, and functions and mappings over finite fields and provide a complete description of the set of functions with n variables, which have sharing.The main findings are the following: introducing and investigating a new concept of βweakβ non-complete n-sharing, establishing its connection with βweakβ and βclassicalβ n-sharing, and substantiating its advantages from the algebraic point-of-view as well as establishing and proving a criterion for the existence of weak non-complete n-sharing for an arbitrary function. The results also include an explicit description of a set of functions which have weak sharing in terms of algebraic normal form, obtaining the precise and simple descriptions for the boundary (βborderβ) cases: n = 2, n=m and binary fields. Β Applying these results to the AES S-box allows complete solving the problem, Β i.e. a complete answer to the question of a representability of the S-box of the AES cipher as a sharing is available. We believe that the same way can be successful for other cryptographic algorithms.ΠΠ΄Π½ΠΎΠΉ ΠΈΠ· Π²Π°ΠΆΠ½ΡΡ
ΠΏΡΠΎΠ±Π»Π΅ΠΌ, Π²ΠΎΠ·Π½ΠΈΠΊΠ°ΡΡΠΈΡ
ΠΏΡΠΈ ΠΏΡΠΎΠ΅ΠΊΡΠΈΡΠΎΠ²Π°Π½ΠΈΠΈ ΠΈ ΠΏΡΠ°ΠΊΡΠΈΡΠ΅ΡΠΊΠΎΠΉ ΡΠ΅Π°Π»ΠΈΠ·Π°ΡΠΈΠΈ ΠΊΡΠΈΠΏΡΠΎΡΠΈΡΡΠ΅ΠΌ, ΡΠ²Π»ΡΠ΅ΡΡΡ ΠΏΡΠΎΡΠΈΠ²ΠΎΠ΄Π΅ΠΉΡΡΠ²ΠΈΠ΅ Π°ΡΠ°ΠΊΠ°ΠΌ ΠΏΠΎ ΠΏΠΎΠ±ΠΎΡΠ½ΡΠΌ ΠΊΠ°Π½Π°Π»Π°ΠΌ. ΠΠ΅ΡΠ΅Π΄ΠΊΠΎ Π°Π»Π³ΠΎΡΠΈΡΠΌΡ, ΡΡΠΎΠΉΠΊΠΎΡΡΡ ΠΊΠΎΡΠΎΡΡΡ
Ρ ΡΠΈΡΡΠΎ ΠΌΠ°ΡΠ΅ΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΎΠΉ ΡΠΎΡΠΊΠΈ Π·ΡΠ΅Π½ΠΈΡ Π½Π΅ Π²ΡΠ·ΡΠ²Π°Π΅Ρ Π±ΠΎΠ»ΡΡΠΈΡ
ΡΠΎΠΌΠ½Π΅Π½ΠΈΠΉ, ΠΎΠΊΠ°Π·ΡΠ²Π°ΡΡΡΡ ΡΡΠ·Π²ΠΈΠΌΡΠΌΠΈ ΠΊ ΡΠ°ΠΊΠΈΠΌ Π°ΡΠ°ΠΊΠ°ΠΌ ΠΏΡΠΈ ΠΈΡ
ΡΠ΅Π°Π»ΠΈΠ·Π°ΡΠΈΠΈ Π½Π° ΠΊΠΎΠ½ΠΊΡΠ΅ΡΠ½ΠΎΠΌ ΡΠΈΠ·ΠΈΡΠ΅ΡΠΊΠΎΠΌ ΡΡΡΡΠΎΠΉΡΡΠ²Π΅.Π’Π΅Ρ
Π½ΠΈΠΊΠ° ΡΠ°Π·Π΄Π΅Π»Π΅Π½ΠΈΠΉ ΡΡΠ½ΠΊΡΠΈΠΉ ΠΈ ΠΎΡΠΎΠ±ΡΠ°ΠΆΠ΅Π½ΠΈΠΉ ΡΠ²Π»ΡΠ΅ΡΡΡ ΡΡΡΠ΅ΠΊΡΠΈΠ²Π½ΡΠΌ ΠΈΠ½ΡΡΡΡΠΌΠ΅Π½ΡΠΎΠΌ Π΄Π»Ρ ΡΠΎΠ·Π΄Π°Π½ΠΈΡ ΡΠ΅Π°Π»ΠΈΠ·Π°ΡΠΈΠΉ ΠΊΡΠΈΠΏΡΠΎΠ³ΡΠ°ΡΠΈΡΠ΅ΡΠΊΠΈΡ
Π°Π»Π³ΠΎΡΠΈΡΠΌΠΎΠ², Π·Π°ΡΠΈΡΠ΅Π½Π½ΡΡ
ΠΎΡ Π°ΡΠ°ΠΊ ΠΏΠΎ ΠΏΠΎΠ±ΠΎΡΠ½ΡΠΌ ΠΊΠ°Π½Π°Π»Π°ΠΌ. Π Π½Π°ΡΡΠΎΡΡΠ΅ΠΉ ΡΡΠ°ΡΡΠ΅ ΠΈΡΡΠ»Π΅Π΄ΡΡΡΡΡ Π½Π΅ΠΏΠΎΠ»Π½ΡΠ΅ ΡΠ°Π·Π΄Π΅Π»Π΅Π½ΠΈΡ Π±ΡΠ»Π΅Π²ΡΡ
ΠΎΡΠΎΠ±ΡΠ°ΠΆΠ΅Π½ΠΈΠΉ ΠΈ ΠΎΡΠΎΠ±ΡΠ°ΠΆΠ΅Π½ΠΈΠΉ Π½Π°Π΄ ΠΊΠΎΠ½Π΅ΡΠ½ΡΠΌΠΈ ΠΏΠΎΠ»ΡΠΌΠΈ. Π ΡΠ°ΠΌΠΊΠ°Ρ
Π΄Π°Π½Π½ΠΎΠΉ ΡΠ°Π±ΠΎΡΡ Π΄Π°Π½ΠΎ ΠΏΠΎΠ»Π½ΠΎΠ΅ ΠΎΠΏΠΈΡΠ°Π½ΠΈΠ΅ ΠΌΠ½ΠΎΠΆΠ΅ΡΡΠ²Π° ΡΡΠ½ΠΊΡΠΈΠΉ ΠΎΡ n ΠΏΠ΅ΡΠ΅ΠΌΠ΅Π½Π½ΡΡ
, Π΄ΠΎΠΏΡΡΠΊΠ°ΡΡΠΈΡ
ΡΠ°Π·Π΄Π΅Π»Π΅Π½ΠΈΡ Π½Π° ΡΡΠ½ΠΊΡΠΈΠΈ ΠΎΡ n-1 ΠΏΠ΅ΡΠ΅ΠΌΠ΅Π½Π½ΠΎΠΉ. ΠΠΎΠ»ΡΡΠ΅Π½Π½ΡΠ΅ ΡΠ΅Π·ΡΠ»ΡΡΠ°ΡΡ ΠΎΠ±ΠΎΠ±ΡΠ°ΡΡΡΡ Π½Π° ΡΠ»ΡΡΠ°ΠΉ ΠΎΡΠΎΠ±ΡΠ°ΠΆΠ΅Π½ΠΈΠΉ Π½Π°Π΄ ΠΏΡΠΎΠΈΠ·Π²ΠΎΠ»ΡΠ½ΡΠΌΠΈ ΠΊΠΎΠ½Π΅ΡΠ½ΡΠΌΠΈ ΠΏΠΎΠ»ΡΠΌΠΈ.ΠΡΠ½ΠΎΠ²Π½ΡΠΌΠΈ ΡΠ΅Π·ΡΠ»ΡΡΠ°ΡΠ°ΠΌΠΈ Π΄Π°Π½Π½ΠΎΠΉ ΡΠ°Π±ΠΎΡΡ ΡΠ²Π»ΡΡΡΡΡ ΡΠ»Π΅Π΄ΡΡΡΠΈΠ΅: Π²Π²Π΅Π΄Π΅Π½ΠΎ ΠΈ ΠΈΡΡΠ»Π΅Π΄ΠΎΠ²Π°Π½ΠΎ ΠΏΠΎΠ½ΡΡΠΈΠ΅ "ΡΠ»Π°Π±ΠΎΠ³ΠΎ Π½Π΅ΠΏΠΎΠ»Π½ΠΎΠ³ΠΎ n-ΡΠ°Π·Π΄Π΅Π»Π΅Π½ΠΈΡ"; ΡΡΡΠ°Π½ΠΎΠ²Π»Π΅Π½Π° Π΅Π³ΠΎ ΡΠ²ΡΠ·Ρ Ρ ΠΊΠ»Π°ΡΡΠΈΡΠ΅ΡΠΊΠΈΠΌ ΠΏΠΎΠ½ΡΡΠΈΠ΅ΠΌ n-ΡΠ°Π·Π΄Π΅Π»Π΅Π½ΠΈΡ, ΠΎΠ±ΠΎΡΠ½ΠΎΠ²Π°Π½Ρ Π΅Π³ΠΎ ΠΏΡΠ΅ΠΈΠΌΡΡΠ΅ΡΡΠ²Π° Ρ ΡΠΎΡΠΊΠΈ Π·ΡΠ΅Π½ΠΈΡ Π°Π»Π³Π΅Π±ΡΠ°ΠΈΡΠ΅ΡΠΊΠΎΠΉ ΡΡΡΡΠΊΡΡΡΡ; ΡΡΡΠ°Π½ΠΎΠ²Π»Π΅Π½ ΠΈ Π΄ΠΎΠΊΠ°Π·Π°Π½ ΠΊΡΠΈΡΠ΅ΡΠΈΠΉ ΡΡΡΠ΅ΡΡΠ²ΠΎΠ²Π°Π½ΠΈΡ ΡΠ»Π°Π±ΠΎΠ³ΠΎ Π½Π΅ΠΏΠΎΠ»Π½ΠΎΠ³ΠΎ n-ΡΠ°Π·Π΄Π΅Π»Π΅Π½ΠΈΡ Π΄Π»Ρ ΠΏΡΠΎΠΈΠ·Π²ΠΎΠ»ΡΠ½ΠΎΠΉ ΡΡΠ½ΠΊΡΠΈΠΈ Π½Π°Π΄ ΠΏΡΠΎΠΈΠ·Π²ΠΎΠ»ΡΠ½ΡΠΌ ΠΏΠΎΠ»Π΅ΠΌ; Π΄Π°Π½ΠΎ ΡΠ²Π½ΠΎΠ΅ ΠΎΠΏΠΈΡΠ°Π½ΠΈΠ΅ ΡΡΠ½ΠΊΡΠΈΠΉ ΠΎΡ m ΠΏΠ΅ΡΠ΅ΠΌΠ΅Π½Π½ΡΡ
, Π΄ΠΎΠΏΡΡΠΊΠ°ΡΡΠΈΡ
Β n-ΡΠ°Π·Π΄Π΅Π»Π΅Π½ΠΈΡ Π΄Π»Ρ ΡΠ»ΡΡΠ°Ρ ΠΊΠΎΠ½Π΅ΡΠ½ΡΡ
ΠΏΠΎΠ»Π΅ΠΉ ΠΏΡΠΎΠΈΠ·Π²ΠΎΠ»ΡΠ½ΠΎΠΉ Ρ
Π°ΡΠ°ΠΊΡΠ΅ΡΠΈΡΡΠΈΠΊΠΈ Π² ΡΠ΅ΡΠΌΠΈΠ½Π°Ρ
Π°Π»Π³Π΅Π±ΡΠ°ΠΈΡΠ΅ΡΠΊΠΎΠΉ Π½ΠΎΡΠΌΠ°Π»ΡΠ½ΠΎΠΉ ΡΠΎΡΠΌΡ; ΠΏΠΎΠ»ΡΡΠ΅Π½Ρ ΡΠΎΡΠ½ΡΠ΅ ΠΈ ΠΏΡΠΎΡΡΡΠ΅ ΠΎΠΏΠΈΡΠ°Π½ΠΈΡ Π΄Π»Ρ Π³ΡΠ°Π½ΠΈΡΠ½ΡΡ
ΡΠ»ΡΡΠ°Π΅Π² n = 2, n=m ΠΈ Π΄Π²ΠΎΠΈΡΠ½ΡΡ
ΠΏΠΎΠ»Π΅ΠΉ; ΠΏΠΎΠ»ΡΡΠ΅Π½ ΠΏΠΎΠ»Π½ΡΠΉ ΠΎΡΠ²Π΅Ρ Π½Π° Π²ΠΎΠΏΡΠΎΡ ΠΎ ΠΏΡΠ΅Π΄ΡΡΠ°Π²ΠΈΠΌΠΎΡΡΠΈ S-Π±Π»ΠΎΠΊΠ° ΡΠΈΡΡΠ° AES Π² Π²ΠΈΠ΄Π΅ ΡΠ°Π·Π΄Π΅Π»Π΅Π½ΠΈΡ.Π£ΠΊΠ°Π·Π°Π½Π½ΡΠ΅ ΡΠ΅Π·ΡΠ»ΡΡΠ°ΡΡ ΠΌΠΎΠ³ΡΡ Π±ΡΡΡ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½Ρ Π΄Π»Ρ ΠΏΠΎΡΡΡΠΎΠ΅Π½ΠΈΡ ΡΠ΅Π°Π»ΠΈΠ·Π°ΡΠΈΠΉ ΠΊΡΠΈΠΏΡΠΎΠ³ΡΠ°ΡΠΈΡΠ΅ΡΠΊΠΈΡ
Π°Π»Π³ΠΎΡΠΈΡΠΌΠΎΠ², Π·Π°ΡΠΈΡΠ΅Π½Π½ΡΡ
ΠΎΡ Π°ΡΠ°ΠΊ ΠΏΠΎ ΠΏΠΎΠ±ΠΎΡΠ½ΡΠΌ ΠΊΠ°Π½Π°Π»Π°ΠΌ. Π’Π°ΠΊΠΆΠ΅ Π΄Π°Π½Π½ΡΠΉ ΠΏΠΎΠ΄Ρ
ΠΎΠ΄ ΠΏΠΎΠ·Π²ΠΎΠ»ΡΠ΅Ρ Π² ΡΡΠ΄Π΅ ΡΠ»ΡΡΠ°Π΅Π² ΠΎΠ±Π½Π°ΡΡΠΆΠΈΡΡ ΠΈ ΠΊΠΎΠ»ΠΈΡΠ΅ΡΡΠ²Π΅Π½Π½ΠΎ ΠΎΡΠ΅Π½ΠΈΡΡ ΠΏΡΠΈΠ½ΡΠΈΠΏΠΈΠ°Π»ΡΠ½ΡΡ ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΡ ΠΊΠΎΠ½ΠΊΡΠ΅ΡΠ½ΡΡ
ΠΊΡΠΈΠΏΡΠΎΠ³ΡΠ°ΡΠΈΡΠ΅ΡΠΊΠΈΡ
ΠΊΠΎΠ½ΡΡΡΡΠΊΡΠΈΠΉ ΠΊ Π°ΡΠ°ΠΊΠ°ΠΌ ΠΏΠΎ ΠΏΠΎΠ±ΠΎΡΠ½ΡΠΌ ΠΊΠ°Π½Π°Π»Π°ΠΌ.Π’Π°ΠΊΠΆΠ΅ Π΄Π°Π½Π½ΡΠ΅ ΡΠ΅Π·ΡΠ»ΡΡΠ°ΡΡ ΠΌΠΎΠ³ΡΡ Π±ΡΡΡ ΠΈΠ½ΡΠ΅ΡΠ΅ΡΠ½Ρ Ρ ΡΠ΅ΠΎΡΠ΅ΡΠΈΡΠ΅ΡΠΊΠΎΠΉ ΡΠΎΡΠΊΠΈ Π·ΡΠ΅Π½ΠΈΡ. Π ΡΠ°ΡΡΠ½ΠΎΡΡΠΈ, ΠΏΡΠ΅Π΄ΡΡΠ°Π²Π»ΡΠ΅ΡΡΡ ΠΈΠ½ΡΠ΅ΡΠ΅ΡΠ½ΡΠΌ ΠΈΡ
ΠΏΡΠΈΠΌΠ΅Π½Π΅Π½ΠΈΠ΅ Π΄Π»Ρ ΡΠ΅ΡΠ΅Π½ΠΈΡ Β Π·Π°Π΄Π°ΡΠΈ ΡΡΡΠ΅ΠΊΡΠΈΠ²Π½ΠΎΠΉ Π΄Π΅ΠΊΠΎΠΌΠΏΠΎΠ·ΠΈΡΠΈΠΈ ΡΡΠ½ΠΊΡΠΈΠΉ. ΠΠ°Π½Π½Π°Ρ ΡΡΠ½ΠΊΡΠΈΠΎΠ½Π°Π»ΡΠ½ΠΎΡΡΡ ΠΌΠΎΠΆΠ΅Ρ Π±ΡΡΡ ΠΏΡΠΈΠΌΠ΅Π½Π΅Π½Π°, Π½Π°ΠΏΡΠΈΠΌΠ΅Ρ, Π² ΡΠΎΠ²ΡΠ΅ΠΌΠ΅Π½Π½ΡΡ
ΡΠΈΡΡΠ΅ΠΌΠ°Ρ
ΠΊΠΎΠΌΠΏΡΡΡΠ΅ΡΠ½ΠΎΠΉ Π°Π»Π³Π΅Π±ΡΡ, ΡΠΈΠΌΠ²ΠΎΠ»ΡΠ½ΡΡ
Π²ΡΡΠΈΡΠ»Π΅Π½ΠΈΠΉ ΠΈ ΠΌΠ°ΡΠΈΠ½Π½ΠΎΠ³ΠΎ ΠΎΠ±ΡΡΠ΅Π½ΠΈΡ