280 likes | 436 Views
Security Analysis of Block Cipher. 2002. 10. 8 20022057 Park, SangBae. Contents. Introduction of Boolean Function Block Cipher Design Review Cryptanalysis Method &Provable Security Design Issue S-box Design & Diffusion Layer Example of S-box analysis Future Works. Introduction.
E N D
Security Analysis of Block Cipher 2002. 10. 8 20022057 Park, SangBae
Contents • Introduction of Boolean Function • Block Cipher Design Review • Cryptanalysis Method &Provable Security • Design Issue • S-box Design & Diffusion Layer • Example of S-box analysis • Future Works pinnon@lycos.co.kr
Introduction • Boolean Fucntion • Function from GF(2n) to GF(2m) • Generally, when m > 1, Vector-valued Boolean Function (or Vector Boolean Function) • Example • f(x1, x2, x3) = x1 x2 + x2 x3 • Sequence of f(): 00010010 pinnon@lycos.co.kr
Introduction • Block Cipher as Boolean Function • Block Cipher • F: P ⅹ K → C with F(P, K) = C • GF(2128) ⅹ GF(2128) → GF(2128) • Round Function • f: Pi ⅹ Ki → Ci with F(Pi, Ki) = Ci • GF(264) ⅹ GF(264) → GF(264) • S-box • s: Ini ⅹ ki → Outi with F(Ini, ki) = Outi • GF(28) ⅹ GF(28) → GF(28) pinnon@lycos.co.kr
Basic Properties • Representation • The Algebraic Normal Form • Well known representation • ex) x1 x2 + x3 x1 • The Sequence of Given function • Value of given Boolean function • ex) 00010010 • The Walsh-Hadamard Transform • The correlation value to linear functions • ex) 2 0 -2 0 0 2 0 -2 pinnon@lycos.co.kr
Basic Properties • Balancedness • Hamming weight of given sequence • Nonlinear Order • Algebraic Nonlinear Order (Not Robust) • Completeness • Every input bit affect to the outptu bit pinnon@lycos.co.kr
Basic Properties • Nonlinearity • minimum Hamming distance to linear functions • Correlation • autocorrelation • cross correlation • Propagation Criterion (including SAC) • can be guaranteed by high nonlinearity • diffusion property pinnon@lycos.co.kr
Cryptanalysis Methods • Differential Cryptanalysis • Linear Cryptanalysis • Interpolation Attack • Square Attack pinnon@lycos.co.kr
Differential Cryptanalysis • General • The First Attack against full round DES • Using the biased distribution of XOR pairs = Input XOR(Uniform) Uniform Uniform f (S-Box) f (S-Box) Uniform Uniform = Output XOR(Biased) pinnon@lycos.co.kr
Differential Cryptanalysis • Difference Distribution Table • number of pairs satisfying given Input, output XOR Input XOR Output XOR 0x 1x 2x 3x 4x 5x 6x 7x 8x 9x Ax Bx Cx Dx Ex Fx 0x 64 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1x 0 0 0 6 0 2 4 4 0 10 12 4 10 6 2 4 … … 3Fx 4 8 4 2 4 0 2 4 4 2 4 8 8 6 2 2 pinnon@lycos.co.kr
Differential Cryptanalysis • Example of 2 round characteristic P = 00 80 82 00 60 00 00 00x 00 80 82 00x 60 00 00 00x F p = 14/64 0 0 F p = 1 T = 60 00 00 00 00 00 00 00x pinnon@lycos.co.kr
Differential Cryptanalysis • Research Issue • Cryptanalysis • How to find a characteristic with high probability • Cryptography • How to construct secure S-Boxes • Markov Cipher • Boolean Function • Nonlinearity • Propagation criteria • Bent function • Vector-valued Boolean function pinnon@lycos.co.kr
Provable Security • Main Idea • Approach in the view of differential • Provable Security against DC and LC • KN-Cipher • Lars R. Knudsen, Kaisa Nyberg • Round Function : g(x) = x3 in GF(233) • MISTY • Mitsuru Matsui • Recursive Structure • Modified Feistel Network pinnon@lycos.co.kr
Provable Security • Characteristic • Fixed Path P a1 b1 p1 F b2 a2 p2 p = pi F b3 a3 p3 F T pinnon@lycos.co.kr
Provable Security • Differential • Consider all possible path P a1i b1i p1i F b2j a2j p2j p = (p1i p2j p2j) F b3k a3k p3k F T pinnon@lycos.co.kr
Provable Security • Recursive Structure of MISTY1 32 32 16 16 9 7 FI S9 FO FI S7 FO S7 FI FO pinnon@lycos.co.kr
Practical Security • The Wide Trail Strategy • Design the round transformation in such a way that only trails with many S-boxes occur • Maximize the number of Active S-boxes • Branch Number B(f) = minx0(wh(x) + wh(f(x))) • SQUARE • following the Wide Trail Strategy • MDS (Maximal Distance Separable) code • Maximum Branch number • Self-reciprocal structure pinnon@lycos.co.kr
Recent Block Ciphers • CAST Diffusion Effects • 8 32 S-box << S1 S2 S3 S4 pinnon@lycos.co.kr
Recent Block Ciphers • CRYPTON SEED Diffusion Transform pinnon@lycos.co.kr
Recent Block Ciphers • E2 Round Function (SPS-Structure) Round key S P Round key S pinnon@lycos.co.kr
S-box Construction • Simulation • DES • Combination of Boolean Function • CAST • Vector-valued Boolean Function • KN-Cipher, SEED, AES • Small Feistel Network • MISTY, Crypton pinnon@lycos.co.kr
Diffusion Layer • Perfect S-box cannot guarantee the security of round function • 8 32 S-box • Wide Trail Strategy (using a MDS code) • SPS Structure pinnon@lycos.co.kr
Project Progress • Boolean function analysis library • Three Representation • sequence • algebraic normal form • Walsh-Hadamard • Hamming Weight • Nonlinearity • Autocorrelation • Review recent block cipher algorithm and cryptanalysis methods pinnon@lycos.co.kr
Project Progress • DES S-box (S1) • The first bit • Algebraic Normal Form 1 + x1 + x2 + x1 x2 x3 + x4 + x3 x4 + x1 x3 x4 + x2 x3 x4 + x5 + x4 x5 + x3 x4 x5 + x6 + x2 x6 + x3 x6 + x1 x3 x6 + x2 x4 x6 + x3 x4 x6 + x1 x3 x4 x6 + x2 x3 x4 x6 + x1 x2 x5 x6 + x3 x5 x6 + x1 x3 x5 x6 + x2 x3 x5 x6 + x4 x5 x6 + x1 x2 x4 x5 x6 + x3 x4 x5 x6 + x1 x3 x4 x5 x6 • Nonlinearity : 18 • Hamming Weight : 32 • Sequence : 1 0 0 1 1 0 0 0 0 1 1 0 1 1 1 0 0 1 1 0 0 1 1 1 0 1 1 0 0 0 0 1 0 1 0 1 1 1 1 0 1 0 0 1 0 0 1 0 1 0 1 1 1 0 0 1 0 1 1 0 0 0 0 1 pinnon@lycos.co.kr
Project Progress • DES S-box (S1) • The first bit • W-H Sequence : 0 0 4 4 -4 4 0 8 -8 0 -4 -12 4 4 8 -8 0 -8 -12 -4 4 20 8 -24 8 8 -4 -4 -4 4 0 8 0 0 -4 12 4 -4 0 8 8 0 4 -4 -4 -4 -8 -8 0 -8 -4 -12 -4 -4 8 8 8 -8 4 -28 -12 -4 0 -8 • Autocorrelation : 64 -32 -24 24 0 0 -8 8 0 -8 0 -16 -24 24 8 -16 -32 24 8 -8 0 0 8 0 -8 0 0 16 24 -24 -16 8 0 0 8 -16 -24 32 16 -16 24 -16 -8 8 -8 8 -8 0 0 0 -8 16 24 -32 -16 16 -32 24 16 -16 0 0 16 -8 pinnon@lycos.co.kr
Future Works • Security analysis of block ciphers consisting of Boolean function of low algebraic order • Implement S-box Analysis Tools using current library pinnon@lycos.co.kr
QnA pinnon@lycos.co.kr