14 research outputs found

    Regular complete permutation polynomials over quadratic extension fields

    Full text link
    Let r≥3r\geq 3 be any positive integer which is relatively prime to pp and q2≡1(modr)q^2\equiv 1 \pmod r. Let τ1,τ2\tau_1, \tau_2 be any permutation polynomials over Fq2,\mathbb{F}_{q^2}, σM\sigma_M is an invertible linear map over Fq2\mathbb{F}_{q^2} and σ=τ1∘σM∘τ2\sigma=\tau_1\circ\sigma_M\circ\tau_2. In this paper, we prove that, for suitable τ1,τ2\tau_1, \tau_2 and σM\sigma_M, the map σ\sigma could be rr-regular complete permutation polynomials over quadratic extension fields.Comment: 10 pages. arXiv admin note: substantial text overlap with arXiv:2212.1286

    XS-circuits in Block Ciphers

    Get PDF
    XS-circuits describe block ciphers that utilize 2 operations: X) bitwise modulo 2 addition of binary words and S) substitution of words using key-dependent S-boxes with possibly complicated internal structure. We propose a model of XS-circuits which, despite the simplicity, covers a rather wide range of block ciphers. In our model, several instances of a simple round circuit, which contains only one S~operation, are linked together and form a compound circuit called a cascade. S operations of a cascade are interpreted as independent round oracles. We deal with diffusion characteristics of cascades. These characteristics are related to the cryptographic strength of corresponding block ciphers. We obtain results on invertibility, transitivity and 2-transitivity of mappings induced by round circuits and their cascades. We provide estimates on the first and second activation times where the i-th activation time is the minimum number of rounds which guarantees that at least i round oracles get different queries while processing two different cascade\u27s inputs. The activation times are related to differential cryptanalysis. We introduce the similarity and duality relations between round circuits. Cascades of related circuits have the same or dual diffusion characteristics. We find canonical representatives of classes of similar circuits and show that the duality between circuits is related to duality between differential and linear attacks against corresponding block ciphers. We discuss families of circuits with growing number of inputs. Such families can be used to build wide-block ciphers

    A general construction of regular complete permutation polynomials

    Full text link
    Let r≥3r\geq 3 be a positive integer and Fq\mathbb{F}_q the finite field with qq elements. In this paper, we consider the rr-regular complete permutation property of maps with the form f=τ∘σM∘τ−1f=\tau\circ\sigma_M\circ\tau^{-1} where τ\tau is a PP over an extension field Fqd\mathbb{F}_{q^d} and σM\sigma_M is an invertible linear map over Fqd\mathbb{F}_{q^d}. We give a general construction of rr-regular PPs for any positive integer rr. When τ\tau is additive, we give a general construction of rr-regular CPPs for any positive integer rr. When τ\tau is not additive, we give many examples of regular CPPs over the extension fields for r=3,4,5,6,7r=3,4,5,6,7 and for arbitrary odd positive integer rr. These examples are the generalization of the first class of rr-regular CPPs constructed by Xu, Zeng and Zhang (Des. Codes Cryptogr. 90, 545-575 (2022)).Comment: 24 page

    Application of Fault Analysis to Some Cryptographic Standards

    Get PDF
    Cryptanalysis methods can be classified as pure mathematical attacks, such as linear and differential cryptanalysis, and implementation dependent attacks such as power analysis and fault analysis. Pure mathematical attacks exploit the mathematical structure of the cipher to reveal the secret key inside the cipher. On the other hand, implementation dependent attacks assume that the attacker has access to the cryptographic device to launch the attack. Fault analysis is an example of a side channel attack in which the attacker is assumed to be able to induce faults in the cryptographic device and observe the faulty output. Then, the attacker tries to recover the secret key by combining the information obtained from the faulty and the correct outputs. Even though fault analysis attacks may require access to some specialized equipment to be able to insert faults at specific locations or at specific times during the computation, the resulting attacks usually have time and memory complexities which are far more practical as compared to pure mathematical attacks. Recently, several AES-based primitives were approved as new cryptographic standards throughout the world. For example, Kuznyechik was approved as the standard block cipher in Russian Federation, and Kalyna and Kupyna were approved as the standard block cipher and the hash function, respectively, in Ukraine. Given the importance of these three new primitives, in this thesis, we analyze their resistance against fault analysis attacks. Firstly, we modified a differential fault analysis (DFA) attack that was applied on AES and applied it on Kuzneychik. Application of DFA on Kuznyechik was not a trivial task because of the linear transformation layer used in the last round of Kuznyechik. In order to bypass the effect of this linear transformation operation, we had to use an equivalent representation of the last round which allowed us to recover the last two round keys using a total of four faults and break the cipher. Secondly, we modified the attack we applied on Kuzneychik and applied it on Kalyna. Kalyna has a complicated key scheduling and it uses modulo 264 addition operation for applying the first and last round keys. This makes Kalyna more resistant to DFA as com- pared to AES and Kuznyechik but it is still practically breakable because the number of key candidates that can be recovered by DFA can be brute-forced in a reasonable time. We also considered the case where the SBox entries of Kalyna are not known and showed how to recover a set of candidates for the SBox entries. Lastly, we applied two fault analysis attacks on Kupyna hash function. In the first case, we assumed that the SBoxes and all the other function parameters are known, and in the second case we assumed that the SBoxes were kept secret and attacked the hash function accordingly. Kupyna can be used as the underlying hash function for the construction of MAC schemes such as secret IV, secret prefix, HMAC or NMAC. In our analysis, we showed that secret inputs of Kupyna can be recovered using fault analysis. To conclude, we analyzed two newly accepted standard ciphers (Kuznyechik, Kalyna) and one newly approved standard hash function (Kupyna) for their resistance against fault attacks. We also analyzed Kalyna and Kupyna with the assumption that these ciphers can be deployed with secret user defined SBoxes in order to increase their security

    Analysis, classification and construction of optimal cryptographic Boolean functions

    Get PDF
    Modern cryptography is deeply founded on mathematical theory and vectorial Boolean functions play an important role in it. In this context, some cryptographic properties of Boolean functions are defined. In simple terms, these properties evaluate the quality of the cryptographic algorithm in which the functions are implemented. One cryptographic property is the differential uniformity, introduced by Nyberg in 1993. This property is related to the differential attack, introduced by Biham and Shamir in 1990. The corresponding optimal functions are called Almost Perfect Nonlinear functions, shortly APN. APN functions have been constructed, studied and classified up to equivalence relations. Very important is their classification in infinite families, i.e. constructing APN functions that are defined for infinitely many dimensions. In spite of an intensive study of these maps, many fundamental problems related to APN functions are still open and relatively few infinite families are known so far. In this thesis we present some constructions of APN functions and study some of their properties. Specifically, we consider a known construction, L1(x^3)+L2(x^9) with L1 and L2 linear maps, and we introduce two new constructions, the isotopic shift and the generalised isotopic shift. In particular, using the two isotopic shift constructing techniques, in dimensions 8 and 9 we obtain new APN functions and we cover many unclassified cases of APN maps. Here new stands for inequivalent (in respect to the so-called CCZ-equivalence) to already known ones. Afterwards, we study two infinite families of APN functions and their generalisations. We show that all these families are equivalent to each other and they are included in another known family. For many years it was not known whether all the constructed infinite families of APN maps were pairwise inequivalent. With our work, we reduce the list to those inequivalent to each other. Furthermore, we consider optimal functions with respect to the differential uniformity in fields of odd characteristic. These functions, called planar, have been valuable for the construction of new commutative semifields. Planar functions present often a close connection with APN maps. Indeed, the idea behind the isotopic shift construction comes from the study of isotopic equivalence, which is defined for quadratic planar functions. We completely characterise the mentioned equivalence by means of the isotopic shift and the extended affine equivalence. We show that the isotopic shift construction leads also to inequivalent planar functions and we analyse some particular cases of this construction. Finally, we study another cryptographic property, the boomerang uniformity, introduced by Cid et al. in 2018. This property is related to the boomerang attack, presented by Wagner in 1999. Here, we study the boomerang uniformity for some known classes of permutation polynomials.Doktorgradsavhandlin

    Attainable Unconditional Security for Shared-Key Cryptosystems

    Get PDF
    Preserving the privacy of private communication is a fundamental concern of computing addressed by encryption. Information-theoretic reasoning models unconditional security where the strength of the results does not depend on computational hardness or unproven results. Usually the information leaked on the message by the ciphertext is used to measure the privacy of a communication, with perfect secrecy when the leakage is zero. However this is hard to achieve in practice. An alternative measure is the equivocation, intuitively the average number of message/key pairs that could have produced a given ciphertext. We show a theoretical bound on equivocation called max-equivocation and show that this generalizes perfect secrecy when achievable, and provides an alternative measure when perfect secrecy is not. We derive bounds for max-equivocation for symmetric encoder functions and show that max-equivocation is achievable when the entropy of the ciphertext is minimized. We show that max-equivocation easily accounts for key re-use scenarios, and that large keys relative to the message perform very poorly under equivocation. We study encoders under this new perspective, deriving results on their achievable maximal equivocation and showing that some popular approaches such as Latin squares are not optimal. We show how unicity attacks can be naturally modeled, and how breaking encoder symmetry improves equivocation. We present some algorithms for generating encryption functions that are practical and achieve 90-95% of the theoretical best, improving with larger message spaces
    corecore