629 research outputs found
Wave-Shaped Round Functions and Primitive Groups
Round functions used as building blocks for iterated block ciphers, both in
the case of Substitution-Permutation Networks and Feistel Networks, are often
obtained as the composition of different layers which provide confusion and
diffusion, and key additions. The bijectivity of any encryption function,
crucial in order to make the decryption possible, is guaranteed by the use of
invertible layers or by the Feistel structure. In this work a new family of
ciphers, called wave ciphers, is introduced. In wave ciphers, round functions
feature wave functions, which are vectorial Boolean functions obtained as the
composition of non-invertible layers, where the confusion layer enlarges the
message which returns to its original size after the diffusion layer is
applied. This is motivated by the fact that relaxing the requirement that all
the layers are invertible allows to consider more functions which are optimal
with regard to non-linearity. In particular it allows to consider injective APN
S-boxes. In order to guarantee efficient decryption we propose to use wave
functions in Feistel Networks. With regard to security, the immunity from some
group-theoretical attacks is investigated. In particular, it is shown how to
avoid that the group generated by the round functions acts imprimitively, which
represent a serious flaw for the cipher
Can a Differential Attack Work for an Arbitrarily Large Number of Rounds?
Differential cryptanalysis is one of the oldest attacks on block ciphers. Can anything new be discovered on this topic? A related question is that of backdoors and hidden properties. There is substantial amount of research on how Boolean functions affect the security of ciphers, and comparatively, little research, on how block cipher wiring can be very special or abnormal. In this article we show a strong type of anomaly: where the complexity of a differential attack does not grow exponentially as the number of rounds increases. It will grow initially, and later will be lower bounded by a constant. At the end of the day the vulnerability is an ordinary single differential attack on the full state. It occurs due to the existence of a hidden polynomial invariant. We conjecture that this type of anomaly is not easily detectable if the attacker has limited resources
- …