Algorithm 959: VBF: A Library of C plus plus Classes for Vector Boolean Functions in Cryptography

VBF is a collection of C++ classes designed for analyzing vector Boolean functions (functions that map a Boolean vector to another Boolean vector) from a cryptographic perspective. This implementation uses the NTL library from Victor Shoup, adding new modules that call NTL functions and complement the existing ones, making it better suited to cryptography. The class representing a vector Boolean function can be initialized by several alternative types of data structures such as Truth Table, Trace Representation, and Algebraic Normal Form (ANF), among others. The most relevant cryptographic criteria for both block and stream ciphers as well as for hash functions can be evaluated with VBF: it obtains the nonlinearity, linearity distance, algebraic degree, linear structures, and frequency distribution of the absolute values of the Walsh Spectrum or the Autocorrelation Spectrum, among others. In addition, operations such as equality testing, composition, inversion, sum, direct sum, bricklayering (parallel application of vector Boolean functions as employed in Rijndael cipher), and adding coordinate functions of two vector Boolean functions are presented. Finally, three real applications of the library are described: the first one analyzes the KASUMI block cipher, the second one analyzes the Mini-AES cipher, and the third one finds Boolean functions with very high nonlinearity, a key property for robustness against linear attacks

Investigations in the design and analysis of key-stream generators

iv+113hlm.;24c

Security of lightweight cryptographic algorithms

Η διπλωματική εργασία μελετά τους lightweight κρυπτογραφικούς αλγορίθμους, εστιάζοντας σε συγκεκριμένα χαρακτηριστικά ασφάλειας. Πιο συγκεκριμένα, θα αναλυθούν, θα αξιολογηθούν και θα ταξινομηθούν σε διάφορες κατηγορίες, όπως αν είναι block ή stream ciphers και αν είναι authenticated ή όχι, κάποιοι lightweight αλγόριθμοι. Αυτή η ταξινόμηση αφορά αλγόριθμους που βρίσκονται σε διαδικασία προτυποποίησης και συμμετέχουν στο διαγωνισμό του NIST (National Institution of Standards and Technology), Lightweight Crypto. Στη συνέχεια, θα δοθεί έμφαση στις Boolean Functions που χρησιμοποιούν αυτοί οι lightweight κρυπτογραφικοί αλγόριθμοι, με σκοπό να υπολογιστούν οι κρυπτογραφικές ιδιότητες των συναρτήσεων αυτών και να αξιολογηθεί η ανθεκτικότητα αυτών των αλγορίθμων ενάντια σε κρυπταναλυτικές επιθέσεις. Η ανάλυσή μας δείχνει πως δεν υπάρχει καμία Boolean function που να ικανοποιεί όλες τις κρυπτογραφικές ιδιότητες και έτσι απαιτείται περαιτέρω έρευνα για να διευκρινιστεί αν οι ευπάθειες αυτές των Boolean functions μπορούν να χρησιμοποιηθούν για την διεξαγωγή κρυπταναλυτικής επίθεσης.This thesis studies the lightweight cryptographic algorithms, focusing on specific security features. In particular, many lightweight algorithms are being analyzed, evaluated and classified into several categories including but not limited to block/stream ciphers, either being authenticated or not. This categorization consists of algorithms that are in the progress of standardization, competing in the NIST (National Institution of Standards and Technology) Lightweight Crypto Standardization process. Next, emphasis will be given on the Boolean functions that these Lightweight cryptographic algorithms utilize, with the aim to calculate the cryptographic properties of such functions towards evaluating the resistance of these algorithms against several cryptanalytic attacks. Our analysis illustrates that there is no cryptographic Boolean function satisfying all the cryptographic properties and, thus, further research is needed in order to evaluate whether such vulnerabilities of underlying Boolean functions can actually be exploited in order to mount a cryptanalytic attac

Boolean Network Topologies and the Determinative Power of Nodes

Boolean networks have been used extensively for modeling networks whose node activity could be simplified to a binary outcome, such as on-off. Each node is influenced by the states of the other nodes via a logical Boolean function. The network is described by its topological properties which refer to the links between nodes, and its dynamical properties which refer to the way each node uses the information obtained from other nodes to update its state. This work explores the correlation between the information stored in the Boolean functions for each node in a property known as the determinative power and some topological properties of each node, in particular the clustering coefficient and the betweenness centrality. The determinative power of nodes is defined using concepts from information theory, in particular the mutual information. The primary motivation is to construct models of real world networks to examine if the determinative power is sensitive to any of the considered topological properties. The findings indicate that, for a homogeneous network in which all nodes obey the same threshold function under three different topologies, the determinative power can have a negative correlation with the clustering coefficient and a positive correlation with the betweenness centrality, depending on the topological properties of the network. A statistical analysis on a collection of 36 Boolean models of signal transduction networks reveals that the correlations observed in the theoretical cases are suppressed in the biological networks, thus supporting previous research results

Contributions to Confidentiality and Integrity Algorithms for 5G

The confidentiality and integrity algorithms in cellular networks protect the transmission of user and signaling data over the air between users and the network, e.g., the base stations. There are three standardised cryptographic suites for confidentiality and integrity protection in 4G, which are based on the AES, SNOW 3G, and ZUC primitives, respectively. These primitives are used for providing a 128-bit security level and are usually implemented in hardware, e.g., using IP (intellectual property) cores, thus can be quite efficient. When we come to 5G, the innovative network architecture and high-performance demands pose new challenges to security. For the confidentiality and integrity protection, there are some new requirements on the underlying cryptographic algorithms. Specifically, these algorithms should: 1) provide 256 bits of security to protect against attackers equipped with quantum computing capabilities; and 2) provide at least 20 Gbps (Gigabits per second) speed in pure software environments, which is the downlink peak data rate in 5G. The reason for considering software environments is that the encryption in 5G will likely be moved to the cloud and implemented in software. Therefore, it is crucial to investigate existing algorithms in 4G, checking if they can satisfy the 5G requirements in terms of security and speed, and possibly propose new dedicated algorithms targeting these goals. This is the motivation of this thesis, which focuses on the confidentiality and integrity algorithms for 5G. The results can be summarised as follows.1. We investigate the security of SNOW 3G under 256-bit keys and propose two linear attacks against it with complexities 2172 and 2177, respectively. These cryptanalysis results indicate that SNOW 3G cannot provide the full 256-bit security level. 2. We design some spectral tools for linear cryptanalysis and apply these tools to investigate the security of ZUC-256, the 256-bit version of ZUC. We propose a distinguishing attack against ZUC-256 with complexity 2236, which is 220 faster than exhaustive key search. 3. We design a new stream cipher called SNOW-V in response to the new requirements for 5G confidentiality and integrity protection, in terms of security and speed. SNOW-V can provide a 256-bit security level and achieve a speed as high as 58 Gbps in software based on our extensive evaluation. The cipher is currently under evaluation in ETSI SAGE (Security Algorithms Group of Experts) as a promising candidate for 5G confidentiality and integrity algorithms. 4. We perform deeper cryptanalysis of SNOW-V to ensure that two common cryptanalysis techniques, guess-and-determine attacks and linear cryptanalysis, do not apply to SNOW-V faster than exhaustive key search. 5. We introduce two minor modifications in SNOW-V and propose an extreme performance variant, called SNOW-Vi, in response to the feedback about SNOW-V that some use cases are not fully covered. SNOW-Vi covers more use cases, especially some platforms with less capabilities. The speeds in software are increased by 50% in average over SNOW-V and can be up to 92 Gbps.Besides these works on 5G confidentiality and integrity algorithms, the thesis is also devoted to local pseudorandom generators (PRGs). 6. We investigate the security of local PRGs and propose two attacks against some constructions instantiated on the P5 predicate. The attacks improve existing results with a large gap and narrow down the secure parameter regime. We also extend the attacks to other local PRGs instantiated on general XOR-AND and XOR-MAJ predicates and provide some insight in the choice of safe parameters

On Closed-Cycle Loops and Applicability of Nonlinear Product Attacks to DES

In this article we look at the question of the security of Data Encryption Standard (DES) against non-linear polynomial invariant attacks. Is this sort of attack also possible for DES? We present a simple proof of concept attack on DES where a product of 5 polynomials is an invariant for 2 rounds of DES. Furthermore we present numerous additional examples of invariants with higher degrees. We analyse the success probability when the Boolean functions are chosen at random and compare to DES S-boxes. For more complex higher degree attacks the difficulties disappear progressively and up to 100 % of all Boolean functions in 6 variables are potentially vulnerable. A major limitation for all our attacks, is that they work only for a fraction of the key space. However in some cases, this fraction of the key space is very large for the full 16-round DES

Unifying a Geometric Framework of Evolutionary Algorithms and Elementary Landscapes Theory

Evolutionary algorithms (EAs) are randomised general-purpose strategies, inspired by natural evolution, often used for finding (near) optimal solutions to problems in combinatorial optimisation. Over the last 50 years, many theoretical approaches in evolutionary computation have been developed to analyse the performance of EAs, design EAs or measure problem difficulty via fitness landscape analysis. An open challenge is to formally explain why a general class of EAs perform better, or worse, than others on a class of combinatorial problems across representations. However, the lack of a general unified theory of EAs and fitness landscapes, across problems and representations, makes it harder to characterise pairs of general classes of EAs and combinatorial problems where good performance can be guaranteed provably. This thesis explores a unification between a geometric framework of EAs and elementary landscapes theory, not tied to a specific representation nor problem, with complementary strengths in the analysis of population-based EAs and combinatorial landscapes. This unification organises around three essential aspects: search space structure induced by crossovers, search behaviour of population-based EAs and structure of fitness landscapes. First, this thesis builds a crossover classification to systematically compare crossovers in the geometric framework and elementary landscapes theory, revealing a shared general subclass of crossovers: geometric recombination P-structures, which covers well-known crossovers. The crossover classification is then extended to a general framework for axiomatically analysing the population behaviour induced by crossover classes on associated EAs. This shows the shared general class of all EAs using geometric recombination P-structures, but no mutation, always do the same abstract form of convex evolutionary search. Finally, this thesis characterises a class of globally convex combinatorial landscapes shared by the geometric framework and elementary landscapes theory: abstract convex elementary landscapes. It is formally explained why geometric recombination P-structure EAs expectedly can outperform random search on abstract convex elementary landscapes related to low-order graph Laplacian eigenvalues. Altogether, this thesis paves a way towards a general unified theory of EAs and combinatorial fitness landscapes

Extreme Algebraic Attacks

When designing filter functions in Linear Feedback Shift Registers (LFSR) based stream ciphers, algebraic criteria of Boolean functions such as the Algebraic Immunity (AI) become key characteristics because they guarantee the security of ciphers against the powerful algebraic attacks. In this article, we investigate a generalization of the algebraic attacks proposed by Courtois and Meier on filtered LFSR twenty years ago. We consider how the standard algebraic attack can be generalized beyond filtered LFSR to stream ciphers applying a Boolean filter function to an updated state. Depending on the updating process, we can use different sets of annihilators than the ones used in the standard algebraic attack; it leads to a generalization of the concept of algebraic immunity, and more efficient attacks. To illustrate these strategies, we focus on one of these generalizations and introduce a new notion called Extreme Algebraic Immunity (EAI). We perform a theoretic study of the EAI criterion and explore its relation to other algebraic criteria. We prove the upper bound of the EAI of an $n$-variable Boolean function and further show that the EAI can be lower bounded by the AI restricted to a subset, as defined by Carlet, M\'{e}aux and Rotella at FSE 2017. We also exhibit functions with EAI guaranteed to be lower than the AI, in particular we highlight a pathological case of functions with optimal algebraic immunity and EAI only $n/4$. As applications, we determine the EAI of filter functions of some existing stream ciphers and discuss how extreme algebraic attacks using EAI could apply to some ciphers. Our generalized algebraic attack does not give a better complexity than Courtois and Meier's result on the existing stream ciphers. However, we see this work as a study to avoid weaknesses in the construction of future stream cipher designs