1 / 27

Security Analysis of Block Cipher

Security Analysis of Block Cipher. 2002. 10. 8 20022057 Park, SangBae. Contents. Introduction of Boolean Function Block Cipher Design Review Cryptanalysis Method &Provable Security Design Issue S-box Design & Diffusion Layer Example of S-box analysis Future Works. Introduction.

pandora-kramer
Download Presentation

Security Analysis of Block Cipher

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Analysis of Block Cipher 2002. 10. 8 20022057 Park, SangBae

  2. Contents • Introduction of Boolean Function • Block Cipher Design Review • Cryptanalysis Method &Provable Security • Design Issue • S-box Design & Diffusion Layer • Example of S-box analysis • Future Works pinnon@lycos.co.kr

  3. Introduction • Boolean Fucntion • Function from GF(2n) to GF(2m) • Generally, when m > 1, Vector-valued Boolean Function (or Vector Boolean Function) • Example • f(x1, x2, x3) = x1 x2 + x2 x3 • Sequence of f(): 00010010 pinnon@lycos.co.kr

  4. Introduction • Block Cipher as Boolean Function • Block Cipher • F: P ⅹ K → C with F(P, K) = C • GF(2128) ⅹ GF(2128) → GF(2128) • Round Function • f: Pi ⅹ Ki → Ci with F(Pi, Ki) = Ci • GF(264) ⅹ GF(264) → GF(264) • S-box • s: Ini ⅹ ki → Outi with F(Ini, ki) = Outi • GF(28) ⅹ GF(28) → GF(28) pinnon@lycos.co.kr

  5. Basic Properties • Representation • The Algebraic Normal Form • Well known representation • ex) x1 x2 + x3 x1 • The Sequence of Given function • Value of given Boolean function • ex) 00010010 • The Walsh-Hadamard Transform • The correlation value to linear functions • ex) 2 0 -2 0 0 2 0 -2 pinnon@lycos.co.kr

  6. Basic Properties • Balancedness • Hamming weight of given sequence • Nonlinear Order • Algebraic Nonlinear Order (Not Robust) • Completeness • Every input bit affect to the outptu bit pinnon@lycos.co.kr

  7. Basic Properties • Nonlinearity • minimum Hamming distance to linear functions • Correlation • autocorrelation • cross correlation • Propagation Criterion (including SAC) • can be guaranteed by high nonlinearity • diffusion property pinnon@lycos.co.kr

  8. Cryptanalysis Methods • Differential Cryptanalysis • Linear Cryptanalysis • Interpolation Attack • Square Attack pinnon@lycos.co.kr

  9. Differential Cryptanalysis • General • The First Attack against full round DES • Using the biased distribution of XOR pairs = Input XOR(Uniform) Uniform Uniform f (S-Box) f (S-Box) Uniform Uniform = Output XOR(Biased) pinnon@lycos.co.kr

  10. Differential Cryptanalysis • Difference Distribution Table • number of pairs satisfying given Input, output XOR Input XOR Output XOR 0x 1x 2x 3x 4x 5x 6x 7x 8x 9x Ax Bx Cx Dx Ex Fx 0x 64 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1x 0 0 0 6 0 2 4 4 0 10 12 4 10 6 2 4 … … 3Fx 4 8 4 2 4 0 2 4 4 2 4 8 8 6 2 2 pinnon@lycos.co.kr

  11. Differential Cryptanalysis • Example of 2 round characteristic P = 00 80 82 00 60 00 00 00x 00 80 82 00x 60 00 00 00x F p = 14/64 0 0 F p = 1 T = 60 00 00 00 00 00 00 00x pinnon@lycos.co.kr

  12. Differential Cryptanalysis • Research Issue • Cryptanalysis • How to find a characteristic with high probability • Cryptography • How to construct secure S-Boxes • Markov Cipher • Boolean Function • Nonlinearity • Propagation criteria • Bent function • Vector-valued Boolean function pinnon@lycos.co.kr

  13. Provable Security • Main Idea • Approach in the view of differential • Provable Security against DC and LC • KN-Cipher • Lars R. Knudsen, Kaisa Nyberg • Round Function : g(x) = x3 in GF(233) • MISTY • Mitsuru Matsui • Recursive Structure • Modified Feistel Network pinnon@lycos.co.kr

  14. Provable Security • Characteristic • Fixed Path P a1 b1 p1 F b2 a2 p2 p =  pi F b3 a3 p3 F T pinnon@lycos.co.kr

  15. Provable Security • Differential • Consider all possible path P a1i b1i p1i F b2j a2j p2j p =  (p1i  p2j  p2j) F b3k a3k p3k F T pinnon@lycos.co.kr

  16. Provable Security • Recursive Structure of MISTY1 32 32 16 16 9 7 FI S9 FO FI S7 FO S7 FI FO pinnon@lycos.co.kr

  17. Practical Security • The Wide Trail Strategy • Design the round transformation in such a way that only trails with many S-boxes occur • Maximize the number of Active S-boxes • Branch Number B(f) = minx0(wh(x) + wh(f(x))) • SQUARE • following the Wide Trail Strategy • MDS (Maximal Distance Separable) code • Maximum Branch number • Self-reciprocal structure pinnon@lycos.co.kr

  18. Recent Block Ciphers • CAST Diffusion Effects • 8  32 S-box << S1 S2 S3 S4 pinnon@lycos.co.kr

  19. Recent Block Ciphers • CRYPTON SEED Diffusion Transform pinnon@lycos.co.kr

  20. Recent Block Ciphers • E2 Round Function (SPS-Structure) Round key S P Round key S pinnon@lycos.co.kr

  21. S-box Construction • Simulation • DES • Combination of Boolean Function • CAST • Vector-valued Boolean Function • KN-Cipher, SEED, AES • Small Feistel Network • MISTY, Crypton pinnon@lycos.co.kr

  22. Diffusion Layer • Perfect S-box cannot guarantee the security of round function • 8  32 S-box • Wide Trail Strategy (using a MDS code) • SPS Structure pinnon@lycos.co.kr

  23. Project Progress • Boolean function analysis library • Three Representation • sequence • algebraic normal form • Walsh-Hadamard • Hamming Weight • Nonlinearity • Autocorrelation • Review recent block cipher algorithm and cryptanalysis methods pinnon@lycos.co.kr

  24. Project Progress • DES S-box (S1) • The first bit • Algebraic Normal Form 1 + x1 + x2 + x1 x2 x3 + x4 + x3 x4 + x1 x3 x4 + x2 x3 x4 + x5 + x4 x5 + x3 x4 x5 + x6 + x2 x6 + x3 x6 + x1 x3 x6 + x2 x4 x6 + x3 x4 x6 + x1 x3 x4 x6 + x2 x3 x4 x6 + x1 x2 x5 x6 + x3 x5 x6 + x1 x3 x5 x6 + x2 x3 x5 x6 + x4 x5 x6 + x1 x2 x4 x5 x6 + x3 x4 x5 x6 + x1 x3 x4 x5 x6 • Nonlinearity : 18 • Hamming Weight : 32 • Sequence : 1 0 0 1 1 0 0 0 0 1 1 0 1 1 1 0 0 1 1 0 0 1 1 1 0 1 1 0 0 0 0 1 0 1 0 1 1 1 1 0 1 0 0 1 0 0 1 0 1 0 1 1 1 0 0 1 0 1 1 0 0 0 0 1 pinnon@lycos.co.kr

  25. Project Progress • DES S-box (S1) • The first bit • W-H Sequence : 0 0 4 4 -4 4 0 8 -8 0 -4 -12 4 4 8 -8 0 -8 -12 -4 4 20 8 -24 8 8 -4 -4 -4 4 0 8 0 0 -4 12 4 -4 0 8 8 0 4 -4 -4 -4 -8 -8 0 -8 -4 -12 -4 -4 8 8 8 -8 4 -28 -12 -4 0 -8 • Autocorrelation : 64 -32 -24 24 0 0 -8 8 0 -8 0 -16 -24 24 8 -16 -32 24 8 -8 0 0 8 0 -8 0 0 16 24 -24 -16 8 0 0 8 -16 -24 32 16 -16 24 -16 -8 8 -8 8 -8 0 0 0 -8 16 24 -32 -16 16 -32 24 16 -16 0 0 16 -8 pinnon@lycos.co.kr

  26. Future Works • Security analysis of block ciphers consisting of Boolean function of low algebraic order • Implement S-box Analysis Tools using current library pinnon@lycos.co.kr

  27. QnA pinnon@lycos.co.kr

More Related