Some Words on Cryptanalysis of Stream Ciphers

In the world of cryptography, stream ciphers are known as primitives used to ensure privacy over a communication channel. One common way to build a stream cipher is to use a keystream generator to produce a pseudo-random sequence of symbols. In such algorithms, the ciphertext is the sum of the keystream and the plaintext, resembling the one-time pad principal. Although the idea behind stream ciphers is simple, serious investigation of these primitives has started only in the late 20th century. Therefore, cryptanalysis and design of stream ciphers are important. In recent years, many designs of stream ciphers have been proposed in an effort to find a proper candidate to be chosen as a world standard for data encryption. That potential candidate should be proven good by time and by the results of cryptanalysis. Different methods of analysis, in fact, explain how a stream cipher should be constructed. Thus, techniques for cryptanalysis are also important. This thesis starts with an overview of cryptography in general, and introduces the reader to modern cryptography. Later, we focus on basic principles of design and analysis of stream ciphers. Since statistical methods are the most important cryptanalysis techniques, they will be described in detail. The practice of statistical methods reveals several bottlenecks when implementing various analysis algorithms. For example, a common property of a cipher to produce n-bit words instead of just bits makes it more natural to perform a multidimensional analysis of such a design. However, in practice, one often has to truncate the words simply because the tools needed for analysis are missing. We propose a set of algorithms and data structures for multidimensional cryptanalysis when distributions over a large probability space have to be constructed. This thesis also includes results of cryptanalysis for various cryptographic primitives, such as A5/1, Grain, SNOW 2.0, Scream, Dragon, VMPC, RC4, and RC4A. Most of these results were achieved with the help of intensive use of the proposed tools for cryptanalysis

Efficient Numerical Methods to Solve Sparse Linear Equations with Application to PageRank

In this paper, we propose three methods to solve the PageRank problem for the transition matrices with both row and column sparsity. Our methods reduce the PageRank problem to the convex optimization problem over the simplex. The first algorithm is based on the gradient descent in L1 norm instead of the Euclidean one. The second algorithm extends the Frank-Wolfe to support sparse gradient updates. The third algorithm stands for the mirror descent algorithm with a randomized projection. We proof converges rates for these methods for sparse problems as well as numerical experiments support their effectiveness.Comment: 26 page

Topological Manin pairs and (n,s)(n,s)-type series

Lie subalgebras of $L = \mathfrak{g}(\!(x)\!) \times \mathfrak{g}[x]/x^n\mathfrak{g}[x]$, complementary to the diagonal embedding $\Delta$ of $\mathfrak{g}[\![x]\!]$ and Lagrangian with respect to some particular form, are in bijection with formal classical $r$-matrices and topological Lie bialgebra structures on the Lie algebra of formal power series $\mathfrak{g}[\![x]\!]$. In this work we consider arbitrary subspaces of $L$ complementary to $\Delta$ and associate them with so-called series of type $(n,s)$. We prove that Lagrangian subspaces are in bijection with skew-symmetric $(n,s)$-type series and topological quasi-Lie bialgebra structures on $\mathfrak{g}[\![x]\!]$. Using the classificaiton of Manin pairs we classify up to twisting and coordinate transformations all quasi-Lie bialgebra structures. Series of type $(n,s)$, solving the generalized Yang-Baxter equation, correspond to subalgebras of $L$. We discuss their possible utility in the theory of integrable systems

Some observations on ZUC-256

In this report we study efficient binary approximations of the FSM of ZUC-256 with high correlation around $2^{-21.1}$ between the keystream words and the LFSR. We then map these approximations into a binary distinguisher with complexity around $2^{234}$. Thereafter, we convert to an approximation in the LFSR\u27s field $\mathbb{Z}_p$ with correlation around $2^{-33.6}$. We share a number of observations and state open problems for further research and considerations

On Roots Factorization for PQC Algorithms

In this paper we consider several methods for an efficient extraction of roots of a polynomial over large finite fields. The problem of computing such roots is often the performance bottleneck for some multivariate quantum-immune cryptosystems, such as HFEv-based Quartz, Gui, etc. We also discuss a number of techniques for fast computation of traces as part of the factorization process. These optimization methods could significantly improve the performance of cryptosystems where roots factorization is a part thereof

On Fast Multiplication in Binary Finite Fields and Optimal Primitive Polynomials over GF(2)

In this paper we present a number of algorithms and optimization techniques to speedup computations in binary extension fields over GF(2). Particularly, we consider multiplication and modular reduction solutions. Additionally, we provide the table of optimal binary primitive polynomials over GF(2) of degree $2\le d<2048$, and the class of functions for optimal modular reduction algorithms for each of the listed polynomials. We give implementation examples targeting Intel CPU architectures, but generic results can be applied on other platforms as well

Security analysis of the Milenage-construction based on a PRF

This paper analyses the security of the so-called Milenage construction, developed by ETSI SAGE, when it is based on a non-one-to-one pseudo-random function (PRF) rather than a one-to-one pseudo-random permutation (PRP). It is shown that Milenage based on an $n$-bit random function and producing $t$ $n$-bit outputs, is indistinguishable from a random $tn$-bit function up to $q = O(2^{n/2}/t)$ queries. We also extend the existing security proof for PRP-based Milenage due to Gilbert by generalising the model and incorporating the Milenage message authentication function in the proof