Impossible Differential Cryptanalysis Of Reduced Round Hight

Tezcan, Cihangir

01 August 2009

Design and analysis of lightweight block ciphers have become more popular due to the fact that the future use of block ciphers in ubiquitous devices is generally assumed to be extensive. In this respect, several lightweight block ciphers are designed, of which HIGHT is proposed by Hong et al. at CHES 2006 as a constrained hardware oriented block cipher. HIGHT is shown to be highly convenient for extremely constrained devices such as RFID tags and sensor networks and it became a standard encryption algorithm in South Korea. Impossible differential cryptanalysis is a technique discovered by Biham et al. and is applied to many block ciphers including Skipjack, IDEA, Khufu, Khafre, HIGHT, AES, Serpent, CRYPTON, Twofish, TEA, XTEA and ARIA. The security of HIGHT against impossible differential attacks is investigated both by Hong et al. and Lu: An 18-round impossible differential attack is given in the proposal of HIGHT and Lu improved this result by giving a 25-round impossible differential attack. Moreover, Lu found a 28-round related-key impossible differential attack which is the best known attack on HIGHT. In related-key attacks, the attacker is assumed to know the relation between the keys but not the keys themselves. In this study, we further analyzed the resistance of HIGHT against impossible differential attacks by mounting a new 26-round impossible differential attack and a new 31-round related-key impossible differential attack. Although our results are theoretical in nature, they show new results in HIGHT and reduce its security margin further.

Combined Attacks On Block Ciphers

Oztop, Nese

01 August 2009

Cryptanalytic methods are very important tools in terms of evaluating the security of block ciphers in a more accurate and reliable way. Differential and linear attacks have been the most effective cryptanalysis methods since the early 1990s. However, as the technology developed and more secure ciphers are designed, these fundamental methods started to be not so efficient. In order to analyze the ciphers, new methods should be introduced. One approach is inventing new techniques that are different from the existing ones. Another approach is extending or combining known cryptanalytic methods to analyze the cipher in a different way. This thesis is a survey of the attacks that are generated by combination of existing techniques and their applications on specific block ciphers. Mentioned attacks are namely differential-linear, differential-bilinear, higher order differential-linear, differential-nonlinear, square-nonlinear, impossible differential and boomerang type attacks.

QA Computer Software 76.75-76.765

Propriétés différentielles des permutations et application en cryptographie symétrique / Differential properties of permutations and application to symmetric cryptography

Suder, Valentin

05 November 2014

Les travaux exposés dans cette thèse se situent à l’interface des mathématiques discrètes, des corps finis et de la cryptographie symétrique.Les 'boîtes-S’ sont des fonctions non-linéaires de petites tailles qui constituent souvent la partie de confusion, indispensable, des chiffrements par blocs ou des fonctions de hachages.Dans la première partie de cette thèse, nous nous intéressons à la construction de boîtes-S bijectives résistantes aux attaques différentielle. Nous étudions l’inverse pour la composition des monômes de permutations optimaux vis-à-vis du critère différentiel. Nous explorons ensuite des classes spécifiques de polynômes creux. Enfin, nous construisons des boîtes-S à partir de leurs dérivées discrètes.Dans la deuxième partie, nous portons notre attention sur la cryptanalyse différentielle impossible. Cette cryptanalyse à clairs choisis très performante pour attaquer des chiffrements par blocs itératifs, exploite la connaissance d’une différentielle de probabilité zéro pour écarter les clés candidates. Elle est très technique, et de nombreuses erreurs ont été repérées dans des travaux passés, invalidant certaines attaques. Le but de ces travaux est de formaliser et d’automatiser l’évaluation des complexités d’une telle attaque afin d’unifier et d’optimiser les résultats obtenus. Nous proposons aussi de nouvelles techniques réduisant les complexités cette cryptanalyse. Nous démontrons enfin l’efficacité de notre approche en fournissant les meilleures cryptanalyses différentielles impossibles contre les chiffrements CLEFIA, Camellia, LBlock et Simon. / The work I have carried out in this thesis lie between discrete mathematics, finite fields theory and symmetric cryptography. In block ciphers, as well as in hash functions, SBoxes are small non-linear and necessary functions working as confusion layer.In the first part of this document, we are interesting in the design of bijective SBoxes that have the best resistance to differential attacks. We study the compositional inverse of the so-called Almost Perfect Nonlinear power functions. Then, we extensively study a class of sparse permutation polynomials with low differential uniformity. Finally, we build functions, over finite fields, from their discrete derivatives.In the second part, we realize an automatic study of a certain class of differential attacks: impossible differential cryptanalysis. This known plaintexts attack has been shown to be very efficient against iterative block ciphers. It exploits the knowledge of a differential with probability zero to occur. However this cryptanalysis is very technical and many flaws have been discovered, thus invalidating many attacks realized in the past. Our goal is to formalize, to improve and to automatize the complexity evaluation in order to optimize the results one can obtain. We also propose new techniques that aims at reducing necessary data and time complexities. We finally prove the efficiency of our method by providing some of the best impossible differential cryptanalysis against Feistel oriented block ciphers CLEFIA, Camellia, LBlock and Simon.

Uniformité différentielle

Polynômes de permutation

Inverse

Boîte-S

Chiffrement par bloc

Cryptanalyse différentielle impossible

Impossible differential cryptanalysis

Sboxes

004