A Key-Recovery Attack on SOBER-128

In this talk we consider linear approximations of layered cipher constructions with secret key-dependent constants that are inserted between layers, and where the layers have strong interdependency. Then clearly, averaging over the constant would clearly be wrong as it will break the interdependencies, and the Piling Up-lemma cannot be used. We show how to use linear approximations to divide the constants into constant classes, not necessary determined by a linear relation. As an example, a nonlinear filter generator SOBER-128 is considered and we show how to extend Matsui\u27s Algorithm I in this case. Also the possibility of using multiple linear approximations simultaneously is considered

Provable Security Against a Differential Attack

The purpose of this paper is to show that there exist DES-like iterated ciphers, which are provably resistant against differential attacks. The main result on the security of a DES-like cipher with independent round keys is Theorem 1, which gives an upper bound to the probability of s-round differentials, as defined in Markov Ciphers and Differential Cryptanalysis by X. Lai et al. and this upper bound depends only on the round function of the iterated cipher. Moreover, it is shown that there exist functions such that the probabilities of differentials are less than or equal to 23-n, where n is the length of the plaintext block. We also show a prototype of an iterated block cipher, which is compatible with DES and has proven security against differential attacks

Kun toinen puhuu aidasta ja toinen aidanseipäästä : persoonallisuusdynaaminen näkökulma hoitotyöntyöntekijöiden muutoskokemuksiin työssä

Tämän empiirisen tutkimuksen tavoitteena on selvittää, miten sosiaali- ja terveydenhuoltoalan työntekijät kokevat työssä viimeisen kolmen vuoden aikana tapahtuneet muutokset ja niiden johtamisen. Työntekijöiden kokemuksia tulkitaan yhdistämällä Jungin psykodynaaminen persoonallisuusteoria muutosjohtamisen kenttään. Tutkimus on toteutettu hermeneuttisfenomenologisena kokemuksen tutkimuksena ja menetelmätriangulaationa. Empiirinen tutkimus on tehty haastattelemalla viittä työntekijää, jotka edustavat tutkijan aiemmin keräämän aineiston mukaan kyseisten hoitoyhteisöjen yleisimpiä persoonallisuustyyppejä Myers – Briggs - tyyppiindikaattorilla mitattuna. Tutkimuksen tulokset osoittavat, että sosiaali- ja terveydenhuoltoalan työntekijät suhtautuvat periaatteessa myönteisesti muutoksiin ja haluavat kehittää omaa työtään. Muutostilanteisiin liittyvä tyytymättömyys ja muutoksen vastustaminen liittyy 1) tapaan miten muutoksia johdetaan sekä 2) vaikeuteen mieltää muutoksen tarvetta tai päämäärää. Sosiaali- ja terveydenhuoltoalan työssä tehtävän muutoksen onnistumiseen vaikuttavat, muutosjohtamisessa huomioitavat kriittiset tekijät ovat 1) koko työyhteisön osallisuus ja 2) askeltava, työntekijöiden kognitiivinen tyylin huomioiva johtaminen. Näiden kautta saavutetaan kolmas kriittinen tekijä 3) jaettu visio, joka tekee mahdolliseksi yhteisen ymmärryksen muutoksen tarpeesta ja päämäärästä. Tämän työn tuloksia muutosten kokemisesta ja persoonallisuuden ulottuvuuksien merkityksestä muutosprosessissa voidaan hyödyntää kehitettäessä organisaatioita ja johdettaessa muutosta.The study investigates employees’ experiences of organizational changes and change management in the social welfare and mental health care sectors. The results are interpreted using Jung's approach to psychodynamic personality. The empirical data for the research comprise phenomenological interviews of five employees who exhibit the personality types typical of health care workers as measured by the Myers-Briggs Personality Type Indicator (MBTI). Recognizing the significance of the dimensions of employees’ personalities in the social welfare and health care sector gives a manager new knowledge that can prove useful particularly when change occurs in the organization. The study aims to increase understanding of and generate new ideas about human-driven leadership and leadership that acknowledges employee needs when organizational changes are implemented. The interviews indicate that social and health care workers want to develop their work and in principle welcome changes. Changes that reflect their wishes are felt to be rewarding but changes prompted by the organization’s needs are mainly perceived as negative. Discontent and resistance to change are related to 1) the way change is managed and 2) the difficulty of perceiving the need for or aim of changes. The results indicate the importance of 1) a shared vision, 2) the involvement of the entire working community and 3) managing change step by step with due regard for the cognitive style of employees

Statistical and Linear Independence of Binary Random Variables

Linear cryptanalysis makes use of statistical models that consider linear approximations over practical and ideal block ciphers as binary random variables. Recently, more complex models have been proposed that take also into account the statistical behavior of correlations of linear approximations over the key space of the cipher and over the randomness of the ideal cipher. The goal of this ongoing work is to investigate independence properties of linear approximations and their relationships. In this third revised version we show that the assumptions of Proposition~1 of the previous version are contradictory and hence renders that result useless. In particular, we prove that linear and statistical independence of binary random variables are equivalent properties in a vector space of variables if and only if all non-zero variables in this vector space are balanced, that is, correspond to components of a permutation. This study is motivated by finding reasonable wrong-key hypotheses for linear cryptanalysis and its generalizations which will also be discussed

The Extended Autocorrelation and Boomerang Tables and Links Between Nonlinearity Properties of Vectorial Boolean Functions

Given the links between nonlinearity properties and the related tables such as LAT, DDT, BCT and ACT that have appeared in the literature, the boomerang connectivity table BCT seems to be an outlier as it cannot be derived from the others using Walsh-Hadamard transform. In this paper, a brief unified summary of the existing links for general vectorial Boolean functions is given first and then a link between the autocorrelation and boomerang connectivity tables is established

Characterisation of Bijectivity Preserving Componentwise Modification of S-Boxes

Various systematic modifications of vectorial Boolean functions have been used for finding new previously unknown classes of S-boxes with good or even optimal differential uniformity and nonlinearity. Recently, a new method was proposed for modification a component of a bijective vectorial Boolean function by using a linear function. It was shown that the modified function remains bijective under the assumption that the inverse of the function admits a linear structure. A previously known construction of such a modification based on bijective Gold functions in odd dimension is a special case of this type of modification. In this paper, we show that the existence of a linear structure is necessary. Further, we consider replacement of a component of a bijective vectorial Boolean function in the general case. We prove that a permutation on $\mathbb{F}_2^n$ remains bijective if and only if the replacement is done by composing the permutation with an unbalanced Feistel transformation where the round function is any Boolean function on $\mathbb{F}_2^{n-1}$

Modifications of Bijective S-Boxes with Linear Structures

Various systematic modifications of vectorial Boolean functions have been used for finding new previously unknown classes of S-boxes with good or even optimal differential uniformity and nonlinearity. In this paper, a new general modification method is given that preserves the bijectivity property of the function in case the inverse of the function admits a linear structure. A previously known construction of such a modification based on bijective Gold functions in odd dimension is a special case of the new method

Statistical Tests for Key Recovery Using Multidimensional Extension of Matsui\u27s Algorithm 1

In one dimension, there is essentially just one binomially distributed statistic, bias or correlation, for testing correctness of a key bit in Matsui\u27s Algorithm 1. In multiple dimensions, different statistical approaches for finding the correct key candidate are available. The purpose of this work is to investigate the efficiency of such test in theory and practice, and propose a new key class ranking statistic using distributions based on multidimensional linear approximation and generalisation of the ranking statistic presented by Selc cuk

Joint Data and Key Distribution of Simple, Multiple, and Multidimensional Linear Cryptanalysis Test Statistic and Its Impact to Data Complexity

The power of a statistical attack is inversely proportional to the number of plaintexts needed to recover information on the encryption key. By analyzing the distribution of the random variables involved in the attack, cryptographers aim to provide a good estimate of the data complexity of the attack. In this paper, we analyze the hypotheses made in simple, multiple, and multidimensional linear attacks that use either non-zero or zero correlations, and provide more accurate estimates of the data complexity of these attacks. This is achieved by taking, for the first time, into consideration the key variance of the statistic for both the right and wrong keys. For the family of linear attacks considered in this paper, we differentiate between the attacks which are performed in the known-plaintext and those in the distinct-known-plaintext model