Walsh-Hadamard Transform and Cryptographic Applications in Bias Computing

Walsh-Hadamard transform is used in a wide variety of scientific and engineering applications, including bent functions and cryptanalytic optimization techniques in cryptography. In linear cryptanalysis, it is a key question to find a good linear approximation, which holds with probability $(1+d)/2$ and the bias $d$ is large in absolute value. Lu and Desmedt (2011) take a step toward answering this key question in a more generalized setting and initiate the work on the generalized bias problem with linearly-dependent inputs. In this paper, we give fully extended results. Deep insights on assumptions behind the problem are given. We take an information-theoretic approach to show that our bias problem assumes the setting of the maximum input entropy subject to the input constraint. By means of Walsh transform, the bias can be expressed in a simple form. It incorporates Piling-up lemma as a special case. Secondly, as application, we answer a long-standing open problem in correlation attacks on combiners with memory. We give a closed-form exact solution for the correlation involving the multiple polynomial of any weight \emph{for the first time}. We also give Walsh analysis for numerical approximation. An interesting bias phenomenon is uncovered, i.e., for even and odd weight of the polynomial, the correlation behaves differently. Thirdly, we introduce the notion of weakly biased distribution, and study bias approximation for a more general case by Walsh analysis. We show that for weakly biased distribution, Piling-up lemma is still valid. Our work shows that Walsh analysis is useful and effective to a broad class of cryptanalysis problems

On Resistance of DES to Related-Key Differential Cryptanalysis

The key schedule of the Data Encryption Standard is analyzed, and it is shown that the properties of the permuted choice PC-2 transformation and the number of bits that are left shifted during the key generation are critical for the security of the algorithm. More precisely, we were able to mount a low complexity related-key attack on DES with slightly modified key schedule although no related-key attack is known for the original algorithm

Efficient 2-Round General Perfectly Secure Message Transmission: A Minor Correction to Yang and Desmedt\u27s Protocol

At Asiacrypt~\u2710, Yang and Desmedt proposed a number of perfectly secure message transmission protocols in the general adversary model. However, there is a minor flaw in the 2-round protocol in an undirected graph to transmit multiple messages. A small correction solves the problem. Here we fix the protocol and prove its security

A Tree-based Model of Unicast Stream Authentication

When proving the security of a message authentication scheme, the messages are considered to be atomic objects. Straightforward application of such schemes to some information resources may introduce security flaws. Gennaro and Rohatgi (Crypto \u2797) identified the streams of data as an important class of information resources that can not be considered to be message-like, and they proposed a solution to the problem of stream signing when the stream is not known in advance. The disadvantage of digital signing streams of data is that it is not efficient when non-repudiation is not important, as in the case of point-to-point communications. We present several schemes and also a family of schemes for stream authentication in a unicast setting. Since many authentication schemes have been broken, we will prove our solutions

Controlled Homomorphic Encryption: Definition and Construction

Abstract. Fully Homomorphic Encryption schemes (FHEs) and Functional Encryption schemes (FunctEs) have a tremendous impact in cryptography both for the natural questions that they address and for the wide range of applications in which they have been (sometimes critically) used. In this work we put forth the notion of a Controllable Homomorphic Encryption scheme (CHES), a new primitive that includes features of both FHEs and FunctEs. In a CHES it is possible (similarly to a FHE) to homomorphically evaluate a ciphertext Ct = Enc(m) and a circuit C therefore obtaining Enc(C(m)) but only if (similarly to a FunctE) a token for C has been received from the owner of the secret key. We discuss difficulties in constructing a CHES and then show a construction based on any FunctE. As a byproduct our CHES also represents a FunctE supporting the reencryption functionality and in that respect improves existing solutions

Controlled Homomorphic Encryption: Definition and Construction

In this work we put forth the notion of a Controllable Homomorphic Encryption scheme (CHES), a new primitive that includes features of both FHEs and FunctEs. In a CHES it is possible (similarly to a FHE) to homomorphically evaluate a ciphertext Ct = Enc(m) and a circuit C therefore obtaining Enc(C(m)) but only if (similarly to a FunctE) a token for C has been received from the owner of the secret key. We discuss difficulties in constructing a CHES and then show a construction based on any FunctE. As a byproduct our CHES also represents a FunctE supporting the re-encryption functionality and in that respect improves existing solutions