a characterisation of s box fitness landscapes in
play

A characterisation of S-box fitness landscapes in cryptography - PowerPoint PPT Presentation

Mar 07, 2024 •130 likes •491 views

Introduction Background Experiments Conclusions A characterisation of S-box fitness landscapes in cryptography Domagoj Jakobovic 1 , Stjepan Picek 2 , Marcella Scoczynski 3 , Markus Wagner 4 University of Zagreb, Croatia TU Delft, The

  1. Introduction Background Experiments Conclusions A characterisation of S-box fitness landscapes in cryptography Domagoj Jakobovic 1 , Stjepan Picek 2 , Marcella Scoczynski 3 , Markus Wagner 4 University of Zagreb, Croatia TU Delft, The Netherlands Federal University of Technology, Brazil University of Adelaide, Australia GECCO ’19, Prague, Czech Republic, July 13, 2019 1 / 26

  2. Introduction Background Experiments Conclusions Outline Introduction 1 Background 2 Experiments 3 Conclusions 4 2 / 26

  3. Introduction Background Experiments Conclusions Introduction We rely on secure communication in everyday life Strong cryptographic properties are an absolute requirement of modern communication systems A common choice in secure communication: block ciphers symmetric key cryptography Substitution-Permutation Network (SPN) ciphers use of substitution boxes (S-box) to induce nonlinearity An ( n , m ) S-box is a mapping from n to m Boolean variables Examples: 4 × 4 (PRESENT), 5 × 5 (Keccak), 8 × 8 (AES) 3 / 26

  4. Introduction Background Experiments Conclusions Motivation Objectives Strong S-boxes are necessary in block ciphers to make the whole cipher strong 4 / 26

  5. Introduction Background Experiments Conclusions Motivation Objectives Strong S-boxes are necessary in block ciphers to make the whole cipher strong We need efficient ways to generate S-boxes with good cryptographic properties 4 / 26

  6. Introduction Background Experiments Conclusions Motivation Objectives Strong S-boxes are necessary in block ciphers to make the whole cipher strong We need efficient ways to generate S-boxes with good cryptographic properties Evolutionary algorithms? They do well, for smaller S-box sizes... 4 / 26

  7. Introduction Background Experiments Conclusions Motivation Objectives Strong S-boxes are necessary in block ciphers to make the whole cipher strong We need efficient ways to generate S-boxes with good cryptographic properties Evolutionary algorithms? They do well, for smaller S-box sizes... Even if EAs work (or do not), we do not understand how difficult is this problem and how to solve it better 4 / 26

  8. Introduction Background Experiments Conclusions Motivation Objectives Strong S-boxes are necessary in block ciphers to make the whole cipher strong We need efficient ways to generate S-boxes with good cryptographic properties Evolutionary algorithms? They do well, for smaller S-box sizes... Even if EAs work (or do not), we do not understand how difficult is this problem and how to solve it better We need to understand the fitness landscape to design better search methodologies 4 / 26

  9. Introduction Background Experiments Conclusions Substitution Boxes S-box is a vectorial Boolean function with n input variables and m output values In SPN type ciphers: we consider only bijective functions (each input vector corresponds to a unique output vector) as a consequence: number of inputs is equal to the number of outputs ( n × n ) 5 / 26

  10. Introduction Background Experiments Conclusions Substitution Boxes S-box is a vectorial Boolean function with n input variables and m output values In SPN type ciphers: we consider only bijective functions (each input vector corresponds to a unique output vector) as a consequence: number of inputs is equal to the number of outputs ( n × n ) A suitable representation of a bijective n × n S-box is the permutation encoding on [ 0 , 2 n − 1 ] permutation preserves the bijectivity property Resulting search space: 2 n ! possible solutions 5 / 26

  11. Introduction Background Experiments Conclusions Cryptographic Properties of S-boxes To resist linear cyptanalysis, S-box needs to have a high nonlinearity (among other things) Nonlinearity N F is evaluated using the Walsh-Hadamard transform and is bounded above by N F ≤ 2 n − 1 − 2 n − 1 2 6 / 26

  12. Introduction Background Experiments Conclusions Cryptographic Properties of S-boxes To resist linear cyptanalysis, S-box needs to have a high nonlinearity (among other things) Nonlinearity N F is evaluated using the Walsh-Hadamard transform and is bounded above by N F ≤ 2 n − 1 − 2 n − 1 2 n × n 3 × 3 4 × 4 5 × 5 6 × 6 7 × 7 8 ! ≈ 2 15 16 ! ≈ 2 44 32 ! ≈ 2 117 64 ! ≈ 2 296 128 ! ≈ 2 716 Size max N F 2 4 12 24 56 6 / 26

  13. Introduction Background Experiments Conclusions Cryptographic Properties of S-boxes To resist linear cyptanalysis, S-box needs to have a high nonlinearity (among other things) Nonlinearity N F is evaluated using the Walsh-Hadamard transform and is bounded above by N F ≤ 2 n − 1 − 2 n − 1 2 n × n 3 × 3 4 × 4 5 × 5 6 × 6 7 × 7 8 ! ≈ 2 15 16 ! ≈ 2 44 32 ! ≈ 2 117 64 ! ≈ 2 296 128 ! ≈ 2 716 Size max N F 2 4 12 24 56 N F only assumes even positive values! (0, 2, 4 . . . ) Is there a way of obtaining any gradient information...? 6 / 26

  14. Introduction Background Experiments Conclusions Fine-grained Nonlinearity S-box nonlinearity is calculated with regard to its component functions , of which there are 2 n Nonlinearity of an S-box is equal to the smallest nonlinearity of each of its component functions, e.g. N F ( CF ) = { 4 , 2 , 6 , 4 , 2 , 2 , 4 , . . . } Total nonlinearity equals 2 (the lowest value) 7 / 26

  15. Introduction Background Experiments Conclusions Fine-grained Nonlinearity S-box nonlinearity is calculated with regard to its component functions , of which there are 2 n Nonlinearity of an S-box is equal to the smallest nonlinearity of each of its component functions, e.g. N F ( CF ) = { 4 , 2 , 6 , 4 , 2 , 2 , 4 , . . . } Total nonlinearity equals 2 (the lowest value) Grade different S-boxes of the same nonlinearity on the basis of the number of occurrences of the lowest value (the smaller, the better) 7 / 26

  16. Introduction Background Experiments Conclusions Fitness Functions We define two fitness functions, both to maximize nonlinearity: fitness 1: NL = N F 1 fitness 2: NL f = N F + num _ occurrences num _ occurrences : the number of smallest nonlinearity values in all component functions { 4 , 2 , 6 , 4 , 2 , 2 , 4 , . . . } = ⇒ NL = 2 , NL f = 2 . 333 { 4 , 2 , 6 , 4 , 4 , 6 , 4 , . . . } = ⇒ NL = 2 , NL f = 3 The above objective functions define two separate landscapes to analyze 8 / 26

  17. Introduction Background Experiments Conclusions Fitness Landscapes Fitness Landscape Fitness landscape analysis: investigates the dynamics of search techniques using models representation; 9 / 26

  18. Introduction Background Experiments Conclusions Fitness Landscapes Fitness Landscape Fitness landscape analysis: investigates the dynamics of search techniques using models representation; Fitness landscape: A graph G=(N,E) where nodes represent solutions, and edges represent the existence of a neighbourhood relation given a move operator: Defining the neighbourhood matrix for N can be very expensive; Hard to extract useful information about the search landscape from G. 9 / 26

  19. Introduction Background Experiments Conclusions Fitness Landscape Analysis Local Optima Network: A simplified landscape representation... Nodes: Local optima / Basins of attraction; Edges: Connections between the local optima; Two basins of attraction are connected if at least one solution within a basin has a neighbour solution within Figure: A LON example the other basin, given a defined move operator. 10 / 26

  20. Introduction Background Experiments Conclusions Local Search To build a LON, we employ a greedy deterministic hill climber The algorithm relies on a given neighbourhood N ( . ) 1: s ← initial solution 2: while there is an improvement do s ∗ = s 3: for each s ∗∗ in N ( s ) do 4: if F ( s ∗∗ ) > F ( s ∗ ) then 5: s ∗ ← s ∗∗ 6: 7: end if end for 8: s = s ∗ 9: 10: end while 11 / 26

  21. Introduction Background Experiments Conclusions Neighbourhood Structure Individuals are permutation vectors of size 2 n We consider two neighbourhoods: SWAP (toggle): exchange two elements in the permutation INVERT: invert the order of elements between two points Neighbourhood size - the same for both operators: 2 n ( 2 n − 1 ) 2 e.g. in case of 7 × 7 S-box, there are 8127 neighbours 12 / 26

  22. Introduction Background Experiments Conclusions LON Building The same local search is performed starting from a set of initial solutions (ideally, a whole search space) All the local optima and their basins of attraction (sets of solutions) are recorded The second phase: build connections between LO’s basins of attraction If any solution from one basin is a neighbour to any solution in the second basin, a connection is formed Repeat for every pair of basins (local optima) 13 / 26

  23. Introduction Background Experiments Conclusions Experiments S-box experiment variants S-box size (3 × 3 and larger); fitness function: NL or NL f ; neighbourhood type (swap, invert); number of samples (unique initial solutions). 14 / 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

2. Two typical geometries of fitness landscapes Fitness landscape analysis for understanding and

2. Two typical geometries of fitness landscapes Fitness landscape analysis for understanding and

Multimodal fitness landscape Rugged fitness landscapes Neutral fitness landscapes Neutral Networks 2. Two typical geometries of fitness landscapes Fitness landscape analysis for understanding and designing local search heuristics S

615 views • 57 slides
Statistical mechanics of fitness landscapes Joachim Krug Institute for Theoretical Physics,

Statistical mechanics of fitness landscapes Joachim Krug Institute for Theoretical Physics,

Statistical mechanics of fitness landscapes Joachim Krug Institute for Theoretical Physics, University of Cologne & Jasper Franke, Johannes Neidhart, Stefan Nowak, Benjamin Schmiegelt, Ivan Szendro Advances in Nonequilibrium Statistical

380 views • 35 slides
Error thresholds on realistic fitness landscapes Peter Schuster Institut fr Theoretische

Error thresholds on realistic fitness landscapes Peter Schuster Institut fr Theoretische

Error thresholds on realistic fitness landscapes Peter Schuster Institut fr Theoretische Chemie, Universitt Wien, Austria and The Santa Fe Institute, Santa Fe, New Mexico, USA Evolutionary Dynamics: Mutation, Selection, and the Origin of

1.02k views • 77 slides
Quasispecies, virus evolution, and lethal mutagenesis on realistic fitness landscapes Peter

Quasispecies, virus evolution, and lethal mutagenesis on realistic fitness landscapes Peter

Quasispecies, virus evolution, and lethal mutagenesis on realistic fitness landscapes Peter Schuster Institut fr Theoretische Chemie, Universitt Wien, Austria and The Santa Fe Institute, Santa Fe, New Mexico, USA Seminar Lecture

1.15k views • 88 slides
Eigens Evolutionary Model, Two-Valued Fitness Landscapes, and Isometry Groups Acting on Finite

Eigens Evolutionary Model, Two-Valued Fitness Landscapes, and Isometry Groups Acting on Finite

Eigens Evolutionary Model, Two-Valued Fitness Landscapes, and Isometry Groups Acting on Finite Metric Spaces Artem Novozhilov Department of Mathematics North Dakota State University Colloquium, Fargo, North Dakota, USA September 8, 2015

569 views • 38 slides
Waste characterisation, determining the energy potential of waste 25 November 2015 by Prof Suzan

Waste characterisation, determining the energy potential of waste 25 November 2015 by Prof Suzan

Waste characterisation, determining the energy potential of waste 25 November 2015 by Prof Suzan Oelofse Research Group Leader: Waste for Development Competency Area: Solutions for a Green Economy 1 WtE should consider Fitness for purpose

427 views • 14 slides
Socioeconomic valuation of cultural landscapes landscapes Assoc. Prof. Indr Graulevi i

Socioeconomic valuation of cultural landscapes landscapes Assoc. Prof. Indr Graulevi i

WORKSHOP: Methodology of valorisation: territories, identities and local heritage Socioeconomic valuation of cultural landscapes landscapes

810 views • 78 slides
FORMATION AND CHARACTERISATION OF FORMATION AND CHARACTERISATION OF NANOSTRUCTURED

FORMATION AND CHARACTERISATION OF FORMATION AND CHARACTERISATION OF NANOSTRUCTURED

FORMATION AND CHARACTERISATION OF FORMATION AND CHARACTERISATION OF NANOSTRUCTURED METASTABLE ALLOYS NANOSTRUCTURED METASTABLE ALLOYS Viorel Pop Faculty of Physics, Babes-Bolyai University, 3400 Cluj-Napoca, Romania Nanocrystalline

640 views • 49 slides
Sentinel Landscapes Sentinel Landscapes are working or natural lands important to the Nations

Sentinel Landscapes Sentinel Landscapes are working or natural lands important to the Nations

Sentinel Landscapes Sentinel Landscapes are working or natural lands important to the Nations defense mission places where preserving the working and rural character of key landscapes strengthens farms, ranches, and forests economically;

307 views • 11 slides
1 A review of fitness Fitness has two components: 1. Viability; an individuals ability to

1 A review of fitness Fitness has two components: 1. Viability; an individuals ability to

Functional divergence 1: FFTNS and Shifting balance theory There is no conflict between neutralists and selectionists on the role of natural selection: Natural selection is the only explanation for adaptation 1 A review of fitness Fitness has

500 views • 27 slides
FOOD FITNESS MINDSET www.staceygreenside.org ABOUT ME Wife and mother Formerly worked

FOOD FITNESS MINDSET www.staceygreenside.org ABOUT ME Wife and mother Formerly worked

FOOD FITNESS MINDSET www.staceygreenside.org ABOUT ME Wife and mother Formerly worked in corporate America for 16 years Full time fitness instructor and online food/fitness mentor Licensed to teach dance fitness, PiYo,

288 views • 13 slides
W3: Individual Fitness Fitness Exercise Testing Pyschology Exercise Benchmark Sociology

W3: Individual Fitness Fitness Exercise Testing Pyschology Exercise Benchmark Sociology

W3: Individual Fitness Fitness Exercise Testing Pyschology Exercise Benchmark Sociology Asessments Healthy Fitness Zone AGENDA A1. Introduction to Fitness A2. Immediate Effects of Exercise A3. PE & Safety A4. Healthy Fitness Zone

1.03k views • 55 slides
1. Basis of fitness landscape Fitness landscape analysis for understanding and designing local

1. Basis of fitness landscape Fitness landscape analysis for understanding and designing local

Optimisation Origin and definition of fitness landscape Position and goal 1. Basis of fitness landscape Fitness landscape analysis for understanding and designing local search heuristics S ebastien Verel LISIC - Universit e du Littoral

558 views • 44 slides
Operation Fitness Personalized Health and Fitness Presented by Bishop-Lyons Entertainment

Operation Fitness Personalized Health and Fitness Presented by Bishop-Lyons Entertainment

Operation Fitness Personalized Health and Fitness Presented by Bishop-Lyons Entertainment Empower people to get in shape by customizing nutrition, health and fitness programs using technology and multiple distribution platforms and venues.

564 views • 34 slides
THE REAL FITNESS F I T N E S S M A N A G E M E N T A N D T R A I N I

THE REAL FITNESS F I T N E S S M A N A G E M E N T A N D T R A I N I

THEREALFITNESSUAE@GMAIL.COM THE REAL FITNESS F I T N E S S M A N A G E M E N T A N D T R A I N I N G START 01 Who Are We ? The Real Fitness is owned by Nabil Benhamouda ex-professional rugby player in French

174 views • 13 slides
Fitness + In-Memory Computing = Getting ahead of the game Craig Gresbrink Solutions Architect

Fitness + In-Memory Computing = Getting ahead of the game Craig Gresbrink Solutions Architect

Fitness + In-Memory Computing = Getting ahead of the game Craig Gresbrink Solutions Architect 24 Hour Fitness Who are we? 24 Hour Fitness is a leading fitness industry pioneer with more than 400 clubs across the United States. 24 Hour Fitness

355 views • 23 slides
Observables of the non-equilibrium phase transition Boris Tom a sik Univerzita Mateja Bela,

Observables of the non-equilibrium phase transition Boris Tom a sik Univerzita Mateja Bela,

Observables of the non-equilibrium phase transition Boris Tom a sik Univerzita Mateja Bela, Bansk a Bystrica, Slovakia and Cesk e vysok e u cen technick e, FNSPE, Praha, Czech Republic boris.tomasik@umb.sk CBM

398 views • 28 slides
Impact of Duration on Active Video testing Saba Ahsan Department of

Impact of Duration on Active Video testing Saba Ahsan Department of

Impact of Duration on Active Video testing Saba Ahsan Department of Communica5ons and Networking Aalto University Varun Singh (callstat.io), Jrg OG ( Technische

617 views • 20 slides
Power laws in linguistic typology Gerhard J ager gerhard.jaeger@uni-tuebingen.de March 12,

Power laws in linguistic typology Gerhard J ager gerhard.jaeger@uni-tuebingen.de March 12,

Power laws in linguistic typology Gerhard J ager gerhard.jaeger@uni-tuebingen.de March 12, 2010 11th Szklarska Poreba Workshop 1/41 The World Color Survey started by Paul Kay and co-workers; traces back to Berlin & Kay 1969

589 views • 41 slides
Tracking efficiency at the LHCb experiment Alexander Shires IC HEP 1 st Year PhD Alexander

Tracking efficiency at the LHCb experiment Alexander Shires IC HEP 1 st Year PhD Alexander

Tracking efficiency at the LHCb experiment Alexander Shires IC HEP 1 st Year PhD Alexander Shires - IC HEP First Year 02/03/2010 1 PhD Talk Outline LHCb Physics overview The LHCb detector Vertex locator RICH Trigger

311 views • 15 slides
Study of W Events at the CMS with 7 TeV LHC data Devdatta Majumder Tata Institute of

Study of W Events at the CMS with 7 TeV LHC data Devdatta Majumder Tata Institute of

Study of W Events at the CMS with 7 TeV LHC data Devdatta Majumder Tata Institute of Fundamental Research, Mumbai for the CMS Collaboration Outline Selecting W events Estimating the cross section of W process DHEP, TIFR

453 views • 20 slides
rdlocrand : Inference in RD Designs Under Local Randomization Matias Cattaneo University of

rdlocrand : Inference in RD Designs Under Local Randomization Matias Cattaneo University of

rdlocrand : Inference in RD Designs Under Local Randomization Matias Cattaneo University of Michigan Roc o Titiunik Gonzalo Vazquez-Bare University of Michigan University of Michigan https://sites.google.com/site/rdpackages Stata

323 views • 19 slides
Modelling interactions in complex systems an air navigation service provider focussed approach

Modelling interactions in complex systems an air navigation service provider focussed approach

www.DLR.de/fl Chart 1 SESAR Innovation Days | Madrid, November 2014 Modelling interactions in complex systems an air navigation service provider focussed approach SESAR Innovation Days Universidad Politcnica de Madrid November 26,

492 views • 19 slides
Quantification of emissions from methane sources in Indianapolis using an aircraft-based platform

Quantification of emissions from methane sources in Indianapolis using an aircraft-based platform

Quantification of emissions from methane sources in Indianapolis using an aircraft-based platform Maria Obiminda Cambaliza 1 , Paul Shepson 1 , Brian Stirm 1 , Colm Sweeney 2,3 , Jocelyn Turnbull 2,3 , Anna Karion 2 , Ken Davis 4 , Thomas Lauvaux

640 views • 22 slides

More recommend