Recent Methods for Cryptanalysis of Symmetric-key Cryptographic Algorithms (Recente Methoden voor de Cryptanalyse van Symmetrische-sleutel Cryptografische Algoritmen)

Cryptography is the art and science of secret communication. In the past it has been exclusively the occupation of the military. It is only during the last forty years that the study and practice of cryptography has reached the wide public. Nowadays, cryptography is not only actively studied in leading universities as part of their regular curriculum, but it is also widely used in our everyday lives. It protects our GSM communications and on-line financial transactions, our electronic health records and personal data. Internet services for which security is critical, such as online banking, electronic commerce, e-voting and the whole concept of the e-Government are utterly unimaginable without the necessary cryptographic mechanisms.In order for cryptography to serve its purposes well, secure and reliable cryptographic algorithms are necessary. The design of such algorithms on its part is intimately linked to the ability to analyze and understand their properties. The latter are the subject of study of cryptanalysis. The goal of this thesis is to research new techniques for cryptanalysis of symmetric-key cryptographic algorithms.The first part of the thesis focuses on methods for cryptanalysis of ARX algorithms. These are algorithms based on the operations modular addition, bit rotation and XOR, collectively denoted as ARX. Many contemporary algorithms fall into this class. For example, the block ciphers TEA, XTEA and RC5, the stream cipher Salsa20, the hash functions MD4, MD5, SHA-1 and SHA-2 as well as two of the candidate proposals for the next generation cryptographic hash function standard SHA-3: the hash functions BLAKE and Skein.In this thesis we propose a general framework for the differential analysis of ARX algorithms. This framework is used to compute the probabilities with which differences propagate through the ARX operations. The accurate computation of these probabilities is critical for estimating the success of one of the most powerful cryptanalytic techniques - differential cryptanalysis. We demonstrate that the proposed framework is general, simple to use and easy to extend by applying it both to confirm known results and to solve new problems.We further focus on the propagation of additive differences through the ARX operations, as a generalization of the technique of differential cryptanalysis. We propose a new type of difference, called UNAF (unsigned non-adjacent form). A UNAF represents a set of specially chosen additive differences that are used to obtain more accurate estimations of the probabilities of differentials through sequences of ARX operations. This is demonstrated by applying UNAF differences to the differential cryptanalysis of stream cipher Salsa20.The second part of the thesis is dedicated to algebraic cryptanalysis. More specifically, we present results on the algebraic cryptanalysis of algorithms based on the most widely used block cipher today - the Advanced Encryption Standard (AES). We first provide a full algebraic representation of the round transformationof AES. Next we use it to design the fully symbolic polynomial system generator SYMAES. The latter is a software tool that automatically constructs symbolic Boolean equations for AES. A derivative of this tool is applied to the algebraic analysis of a small-scale version of the AES-based stream cipher LEX. For the small scale LEX we construct systems of Boolean equations and we solve them using Grobner basis techniques.Several conclusions can be drawn on the basis of the results presented in this thesis. Firstly, we believe that more research is necessary in the area of ARX algorithms. The interplay between modular addition, bit rotation and XOR proves to be far more complex and intricate than one would expect from such simple operations. The general methodology for the analysis of such constructions that was proposed in the thesis is an attempt to address this problem. Only the test of time will show how successful this attempt has been and, more importantly, if we are even moving in the right direction.As to the area of algebraic cryptanalysis, our results seem to confirm a belief already held by other members of the cryptographic community: algebraic techniques are rarely able to provide an advantage over statistical techniques in the analysis of block ciphers. Finding an example that would counter this opinion is a general challenge for future work.1. Introduction 2. General Framework for the Differential Analysis of ARX 3. The Additive Differential Probability of ARX 4. UNAF: A Special Set of Additive Differences 5. Application of UNAF to the Analysis of the Stream Cipher Salsa20 6. Algebraic Cryptanalysis of AES-based Primitives Using Grobner Bases 7. Algebraic Cryptanalysis of a Small-Scale Version of Stream Cipher LEX 8. Conclusionnrpages: 256status: publishe