Filters








95 Hits in 7.4 sec

Non-linear Cryptanalysis Revisited: Heuristic Search for Approximations to S-Boxes [chapter]

Juan M. E. Tapiador, John A. Clark, Julio C. Hernandez-Castro
Cryptography and Coding  
As the size of S-boxes (the elements usually approximated) increases, the computational resources available to the cryptanalyst for the search become rapidly insufficient.  ...  Non-linear cryptanalysis is a natural extension to Matsui's linear cryptanalitic techniques in which linear approximations are replaced by nonlinear expressions.  ...  Acknowledgements We would like to express our gratitude to the anonymous reviewers for their insights and comments, which have greatly contributed to enhance the quality of the original manuscript.  ... 
doi:10.1007/978-3-540-77272-9_7 dblp:conf/ima/Estevez-TapiadorCC07 fatcat:3hu2xsdmrre5patcay763yc6xe

Constructive Non-Linear Polynomial Cryptanalysis of a Historical Block Cipher [article]

Nicolas T. Courtois, Marios Georgiou
2019 arXiv   pre-print
However all this complexity is not that useful if we are able to construct powerful non-linear invariants which work for any number of rounds.  ...  We have Generalised Linear Cryptanalysis (GLC) and Partitioning Cryptanalysis (PC).  ...  In this paper we revisit the question of non-linear cryptanalysis and give it a fresh start.  ... 
arXiv:1902.02748v1 fatcat:b7wrqo2lubaqxk7bgxq4f4e6fi

Nonlinear Approximations in Cryptanalysis Revisited

Christof Beierle, Anne Canteaut, Gregor Leander
2018 IACR Transactions on Symmetric Cryptology  
This work studies deterministic and non-deterministic nonlinear approximations for cryptanalysis of block ciphers and cryptographic permutations and embeds it into the well-understood framework of linear  ...  For non-deterministic nonlinear approximations, by transforming the cipher under consideration by conjugating each keyed instance with a fixed permutation, we are able to transfer many methods from linear  ...  Acknowledgements We thank the anonymous reviewers for their helpful comments.  ... 
doi:10.46586/tosc.v2018.i4.80-101 fatcat:2h6u7f2do5bs5b5hbckokweudi

Nonlinear Approximations in Cryptanalysis Revisited

Christof Beierle, Anne Canteaut, Gregor Leander
2018 IACR Transactions on Symmetric Cryptology  
This work studies deterministic and non-deterministic nonlinear approximations for cryptanalysis of block ciphers and cryptographic permutations and embeds it into the well-understood framework of linear  ...  For non-deterministic nonlinear approximations, by transforming the cipher under consideration by conjugating each keyed instance with a fixed permutation, we are able to transfer many methods from linear  ...  Acknowledgements We thank the anonymous reviewers for their helpful comments.  ... 
doi:10.13154/tosc.v2018.i4.80-101 dblp:journals/tosc/BeierleCL18 fatcat:33n6ibzsazcszf6ij4a56snqwm

ElimLin Algorithm Revisited [chapter]

Nicolas T. Courtois, Pouyan Sepehrdad, Petr Sušil, Serge Vaudenay
2012 Lecture Notes in Computer Science  
ElimLin is a simple algorithm for solving polynomial systems of multivariate equations over small finite fields. It was initially proposed as a single tool by Courtois to attack DES.  ...  It implies that the linear space generated by ElimLin is invariant with respect to any variable ordering during elimination and substitution.  ...  They are also overdefined due to the non-linear operations.  ... 
doi:10.1007/978-3-642-34047-5_18 fatcat:wpa7d7fib5d4fhp63dr3jacp6e

Revisiting and Improving Algorithms for the 3XOR Problem

Charles Bouillaguet, Claire Delaplace, Pierre-Alain Fouque
2018 IACR Transactions on Symmetric Cryptology  
This is why we first restricted our attention to solving the 3XOR problem for which the total number of queries to F, G and H is minimal.  ...  In this problem, the attacker is given black-box access to three random functions F,G and H and she has to find three inputs x, y and z such that F(x) ⊕ G(y) ⊕ H(z) = 0.  ...  We thank the anonymous reviewers for their comments.  ... 
doi:10.46586/tosc.v2018.i1.254-276 fatcat:cigx253uqvbhbdcbk2id5ivkty

MILP-Based Automatic Search Algorithms for Differential and Linear Trails for Speck [chapter]

Kai Fu, Meiqin Wang, Yinghua Guo, Siwei Sun, Lei Hu
2016 Lecture Notes in Computer Science  
We use this representation as an input to the publicly available MILP optimizer Gurobi to search for differential characteristics and linear approximations for ARX ciphers.  ...  In this paper, we propose an MILP-based method for automatic search for differential characteristics and linear approximations in ARX ciphers.  ...  Another bit variable A j is used to denote the activity of an S-box, i.e., A j = 0 if the S-box is non-active; Otherwise, A j = 1.  ... 
doi:10.1007/978-3-662-52993-5_14 fatcat:ddwmbwqbineelae5hkizzjpyd4

MILP Modeling for (Large) S-boxes to Optimize Probability of Differential Characteristics

Ahmed Abdelkhalek, Yu Sasaki, Yosuke Todo, Mohamed Tolba, Amr M. Youssef
2017 IACR Transactions on Symmetric Cryptology  
Current Mixed Integer Linear Programming (MILP)-based search against symmetric-key primitives with 8-bit S-boxes can only build word-wise model to search for truncated differential characteristics.  ...  In particular, we first propose an algorithm to generate a bit-wise model of the DDT for large S-boxes.  ...  Independently, Cui et al. proposed a similar tool to search for impossible differentials and zero-correlation linear approximations with emphasis on ARX block ciphers [CJF + 16].  ... 
doi:10.46586/tosc.v2017.i4.99-129 fatcat:ceqktcqmmnaxvkxf6zypgxpocy

MILP Modeling for (Large) S-boxes to Optimize Probability of Differential Characteristics

Ahmed Abdelkhalek, Yu Sasaki, Yosuke Todo, Mohamed Tolba, Amr M. Youssef
2017 IACR Transactions on Symmetric Cryptology  
Current Mixed Integer Linear Programming (MILP)-based search against symmetric-key primitives with 8-bit S-boxes can only build word-wise model to search for truncated differential characteristics.  ...  In particular, we first propose an algorithm to generate a bit-wise model of the DDT for large S-boxes.  ...  Independently, Cui et al. proposed a similar tool to search for impossible differentials and zero-correlation linear approximations with emphasis on ARX block ciphers [CJF + 16].  ... 
doi:10.13154/tosc.v2017.i4.99-129 dblp:journals/tosc/0001STTY17 fatcat:suzzrqd2a5aoxo64eygovuerja

LS-Designs: Bitslice Encryption for Efficient Masked Software Implementations [chapter]

Vincent Grosso, Gaëtan Leurent, François-Xavier Standaert, Kerem Varıcı
2015 Lecture Notes in Computer Science  
Side-channel analysis is an important issue for the security of embedded cryptographic devices, and masking is one of the most investigated solutions to mitigate such attacks.  ...  In this paper, we study possible optimizations when specializing the designs to Boolean masking.  ...  François-Xavier Standaert is an associate researcher of the Belgian Fund for Scientific Research (FNRS-F.R.S.).  ... 
doi:10.1007/978-3-662-46706-0_2 fatcat:atvtcoqs7rg5po7mbzx27tynzu

Evolving nonlinear S-boxes with improved theoretical resilience to power attacks

Alejandro Freyre-Echevarria, Ismel Martinez-Diaz, Carlos Miguel Legon-Perez, Guillermo Sosa-Gsmez, Omar Rojas
2020 IEEE Access  
Through exhaustive search over bijective S-boxes of dimension three, the authors check that the best achievable confusion coefficient variance is approximately equaled to 1.13.  ...  As a counterpart, algebraic constructions ensure optimal cryptographic properties with respect to linear and differential cryptanalysis.  ... 
doi:10.1109/access.2020.3035163 fatcat:expapydvdjadzgnxucxv2kccei

Confused by Confusion: Systematic Evaluation of DPA Resistance of Various S-boxes [chapter]

Stjepan Picek, Kostas Papagiannopoulos, Barış Ege, Lejla Batina, Domagoj Jakobovic
2014 Lecture Notes in Computer Science  
For the 4 × 4 size we find S-boxes that belong to optimal classes, but they exhibit linear behavior when running a CPA attack, therefore preventing an attacker from achieving 100% success rate on recovering  ...  In this paper, we employ a novel heuristic technique to generate S-boxes with "better" values of the confusion coefficient in terms of improving their side-channel resistance.  ...  Optimal S-boxes When considering 4 × 4 S-boxes, there exist in total 16! bijective 4×4 S-boxes which is approximately 2 44 options to search from.  ... 
doi:10.1007/978-3-319-13039-2_22 fatcat:m2jpc7nlwzhchfbwfna54gvjmq

Structural Evaluation of AES and Chosen-Key Distinguisher of 9-Round AES-128 [chapter]

Pierre-Alain Fouque, Jérémy Jean, Thomas Peyrin
2013 Lecture Notes in Computer Science  
Provable security against differential and linear cryptanalysis in the related-key scenario is an important step towards a better understanding of its construction.  ...  Using a structural analysis, we show that the full AES-128 cannot be proven secure unless the exact coefficients of the MDS matrix and the S-Box differential properties are taken into account since its  ...  We would like to thank the Martjin Stam, Christian Rechberger and the anonyous referees for their valuable comments on our paper.  ... 
doi:10.1007/978-3-642-40041-4_11 fatcat:4c33qsv6sjfipcnz644mswmkuy

Linear Cryptanalysis for Block Ciphers [chapter]

Johannes Gehrke, Daniel Kifer, Ashwin Machanavajjhala, Arjen K. Lenstra, Phong Nguyen, Phong Nguyen, Daniele Micciancio, Scott Contini, Sabrina De Capitani diVimercati, Burt Kaliski, Stephen M Papa, William D. Casper (+13 others)
2011 Encyclopedia of Cryptography and Security  
Definition ℓ-diversity is a method for publishing data about individuals while limiting the amount of sensitive information disclosed about them.  ...  For nonlinear elements of a cipher such as S-boxes, one tries to find linear approximations with probability p that maximizes |p −   |.  ...  The above approach provides good heuristic arguments for the strength of a cipher, but in order to rigorously prove the security against linear cryptanalysis, the designer also needs to take into account  ... 
doi:10.1007/978-1-4419-5906-5_589 fatcat:zn4blza5ezggzhayzeuxeix5oa

Significantly Improved Multi-bit Differentials for Reduced Round Salsa and ChaCha

Arka Rai Choudhuri, Subhamoy Maitra
2017 IACR Transactions on Symmetric Cryptology  
One part of their attack was to apply input difference(s) to investigate biases after a few rounds. So far there have been certain kind of limited exhaustive searches to obtain such biases.  ...  The main idea here is to consider the multi-bit differentials as extension of suitable single-bit differentials with linear approximations, which is essentially a differential-linear attack.  ...  Acknowledgments: The authors are grateful to the anonymous reviewers for their detailed technical and editorial comments.  ... 
doi:10.13154/tosc.v2016.i2.261-287 dblp:journals/tosc/ChoudhuriM16 fatcat:emnkctssorfxhialmjuspis3dm
« Previous Showing results 1 — 15 out of 95 results