Using Local Reduction for the Experimental Evaluation of the Cipher Security

Evaluating the strength of block ciphers against algebraic attacks can be difficult. The attack methods often use different metrics, and experiments do not scale well in practice. We propose a methodology that splits the algebraic attack into a polynomial part (local reduction), and an exponential part (guessing), respectively. The evaluator uses instances with known solutions to estimate the complexity of the attacks, and the response to changing parameters of the problem (e.g. the number of rounds). Although the methodology does not provide a positive answer ("the cipher is secure"), it can be used to construct a negative test (reject weak ciphers), or as a tool of qualitative comparison of cipher designs. Potential applications in other areas of computer science are discussed in the concluding parts of the article

Computing Indexes and Periods of All Boolean Matrices Up to Dimension n=8

A set of n x n Boolean matrices along with the Boolean matrix multiplication operation form a semigroup. For each matrix A it is possible to find index r and period  , such that A, = A ++ and  , , are the smallest positive integers with this property. We are concerned with a question: How many n times n Boolean matrices have the given index, and period? A new algorithm is presented that was used to compute index and period statistics of all square Boolean matrices up to n=8. Computed statistics are presented in the appendix of the paper

A note on CCA2-protected McEliece Cryptosystem with a systematic public key

We show that the plaintext of some of the proposed CCA2 conversions of McEliece cryptosystem with a public key in systematic form can be recovered faster than with a general linear decoding. This is due to the fact that an attacker only needs to recover a part of the cleartext to decrypt the relevant plaintext

MRHS Solver Based on Linear Algebra and Exhaustive Search

We show how to build a binary matrix from the MRHS representation of a symmetric-key cipher. The matrix contains the cipher represented as an equation system and can be used to assess a cipher\u27s resistance against algebraic attacks. We give an algorithm for solving the system and compute its complexity. The complexity is normally close to exhaustive search on the variables representing the user-selected key. Finally, we show that for some variants of LowMC, the joined MRHS matrix representation can be used to speed up regular encryption in addition to exhaustive key search

A Reaction Attack on LEDApkc

We propose a new reaction attack on the public-key cryptosystem LEDApkc. The adversary uses the decoding failure rate (DFR) analysis to learn information about the secret masking matrix $Q$. Provided the adversary learns information about $Q$ within $10^4\times \text{DFR}^{-1}$ decryptions (as prescribed by LEDApkc design to thwart previously known attacks), the adversary builds a small set of candidates for $Q$. Using these candidates, the adversary obtains candidates for a generator matrix of the secret LDPC code. Afterwards, the adversary applies Stern\u27s algorithm to recover the secret matrix $H$, thus recovering the full private key. Provided the adversary can learn information about the matrix $Q$, the complexity of the attack is below $2^{99}$ for a parameter set for 128-bit security. In order to study whether the adversary can learn information about $Q$ from $10^4\times \text{DFR}^{-1}$ decryptions, we conducted experiments with a modified parameter set. The parameter set was modified only in order to increase the DFR, and thus make experiments less computationally expensive. We show that with the modified parameter set it is indeed possible to learn the required information about the matrix $Q$

Special Issue on Cryptology : Guest Editorial

This special issue brings selected papers from the 2019 Central European Conference on Cryptology, held in Telč, June 12-14, 2019

Tai Chi and vestibular rehabilitation improve vestibulopathic gait via different neuromuscular mechanisms: Preliminary report

BACKGROUND: Vestibular rehabilitation (VR) is a well-accepted exercise program intended to remedy balance impairment caused by damage to the peripheral vestibular system. Alternative therapies, such as Tai Chi (TC), have recently gained popularity as a treatment for balance impairment. Although VR and TC can benefit people with vestibulopathy, the degree to which gait improvements may be related to neuromuscular adaptations of the lower extremities for the two different therapies are unknown. METHODS: We examined the relationship between lower extremity neuromuscular function and trunk control in 36 older adults with vestibulopathy, randomized to 10 weeks of either VR or TC exercise. Time-distance measures (gait speed, step length, stance duration and step width), lower extremity sagittal plane mechanical energy expenditures (MEE), and trunk sagittal and frontal plane kinematics (peak and range of linear and angular velocity), were measured. RESULTS: Although gait time-distance measures were improved in both groups following treatment, no significant between-groups differences were observed for the MEE and trunk kinematic measures. Significant within groups changes, however, were observed. The TC group significantly increased ankle MEE contribution and decreased hip MEE contribution to total leg MEE, while no significant changes were found within the VR group. The TC group exhibited a positive relationship between change in leg MEE and change in trunk velocity peak and range, while the VR group exhibited a negative relationship. CONCLUSION: Gait function improved in both groups consistent with expectations of the interventions. Differences in each group's response to therapy appear to suggest that improved gait function may be due to different neuromuscular adaptations resulting from the different interventions. The TC group's improvements were associated with reorganized lower extremity neuromuscular patterns, which appear to promote a faster gait and reduced excessive hip compensation. The VR group's improvements, however, were not the result of lower extremity neuromuscular pattern changes. Lower-extremity MEE increases corresponded to attenuated forward trunk linear and angular movement in the VR group, suggesting better control of upper body motion to minimize loss of balance. These data support a growing body of evidence that Tai Chi may be a valuable complementary treatment for vestibular disorders

A new representation of S-boxes for algebraic differential cryptanalysis

Algebraic cryptanalysis can be used to break (small versions of) block ciphers with small data complexity. If we have access to a large number of P-C pairs, algebraic cryptanalysis can be combined with differential techniques. Differential characteristic produces extra linear equations, which can be used to augment the original algebraic system. In our experiments with algebraic differential cryptanalysis, we have developed a different technique to represent the system. In our new method, we model a single P-C pair based encryption, but we use the differential to restrict the equations that model active S-boxes. An algebraic system created with our new model is smaller, and can theoretically be solved faster. Our experiments show that the advantage depends on the overall number of P-C pairs available and whether the chosen differential characteristic is correctly estimated. One of the advantages of the new method is that it can use partial information from the differential and still determine a correct solution faster than both the standard algebraic attack and the standard algebraic-differential attack

Phase Transition in a System of Random Sparse Boolean Equations

Many problems, including algebraic cryptanalysis, can be transformed to a problem of solving a (large) system of sparse Boolean equations. In this article we study 2 algorithms that can be used to remove some redundancy from such a system: Agreeing, and Syllogism method. Combined with appropriate guessing strategies, these methods can be used to solve the whole system of equations. We show that a phase transition occurs in the initial reduction of the randomly generated system of equations. When the number of (partial) solutions in each equation of the system is binomially distributed with probability of partial solution p, the number of partial solutions remaining after the initial reduction is very low for p’s below some threshold pt, on the other hand for p > pt the reduction only occurs with a quickly diminishing probability

Algebraic Cryptanalysis with MRHS Equations

In this work, we survey the existing research in the area of algebraic cryptanalysis based on Multiple Right-Hand Sides (MRHS) equations (MRHS cryptanalysis). MRHS equation is a formal inclusion that contains linear combinations of variables on the left-hand side, and a potential set of values for these combinations on the right-hand side. We describe MRHS equation systems in detail, including the evolution of this representation. Then we provide an overview of the methods that can be used to solve MRHS equation systems. Finally, we explore the use of MRHS equation systems in algebraic cryptanalysis and survey existing experimental results