boolean functions s boxes and evolutionary algorithms
play

Boolean Functions, S-Boxes and Evolutionary Algorithms Luca Mariot - PowerPoint PPT Presentation

Jan 09, 2024 •143 likes •555 views

University of Milano-Bicocca Department of Informatics, Systems and Communications Boolean Functions, S-Boxes and Evolutionary Algorithms Luca Mariot luca.mariot@unimib.it De Cifris Athesis Local Seminar Trento December 16, 2019 Summary

  1. University of Milano-Bicocca Department of Informatics, Systems and Communications Boolean Functions, S-Boxes and Evolutionary Algorithms Luca Mariot luca.mariot@unimib.it De Cifris Athesis Local Seminar Trento – December 16, 2019

  2. Summary Part 1: Boolean Functions and S-Boxes Luca Mariot Boolean Functions, S-Boxes and Evolutionary Algorithms

  3. Stream Ciphers: The Combiner Model ◮ a Boolean function f : F n 2 → F 2 combines the outputs of n Linear Feedback Shift Registers (LFSR) [Carlet10] x 1 LFSR 1 x 2 f ( x 1 , x 2 , ··· , x n ) LFSR 2 next bit . . . . . . x n LFSR n ◮ Security of the combiner ⇔ cryptographic properties of f Luca Mariot Boolean Functions, S-Boxes and Evolutionary Algorithms

  4. Block Ciphers: Substitution-Permutation Network Round function of a SPN cipher: PT S 1 S 2 S 3 S 4 S 5 S 6 S 7 S 8 S 9 S 10 π -box � K i CT ◮ S i : F n 2 → F n 2 are S-boxes providing confusion ◮ Security of confusion layer ⇔ cryptographic properties of S i Luca Mariot Boolean Functions, S-Boxes and Evolutionary Algorithms

  5. Boolean Functions - Basic Representations ◮ Truth table: vector Ω f specifying f ( x ) for all x ∈ F 2 ( x 1 , x 2 , x 3 ) 000 100 010 110 001 101 011 111 Ω f 0 1 1 1 1 0 0 0 ◮ Algebraic Normal Form (ANF): Sum (XOR) of products (AND) over the finite field F 2 f ( x 1 , x 2 , x 3 ) = x 1 · x 2 ⊕ x 1 ⊕ x 2 ⊕ x 3 ◮ Walsh Transform: correlation with the linear functions defined as ω · x = ω 1 x 1 ⊕···⊕ ω n x n � ˆ ( − 1 ) f ( x ) ⊕ ω · x F ( ω ) = x ∈ F n 2 Luca Mariot Boolean Functions, S-Boxes and Evolutionary Algorithms

  6. S-boxes – Representation ◮ Substitution Box (S-box, or ( n , m ) -function): a mapping F : F n 2 → F m 2 defined by m coordinate functions f i : F n 2 → F 2 x 1 x 2 x 3 x 4 x 5 x 6 x 7 x 8 ⇓ F : { 0 , 1 } n → { 0 , 1 } m f 1 f 2 f 3 f 4 f 5 f 6 f 1 ⊕ f 3 ⊕ f 5 ◮ Component functions v · F : non-trivial linear combinations of the coordinate functions f i Luca Mariot Boolean Functions, S-Boxes and Evolutionary Algorithms

  7. Design Criteria Several properties to consider for thwarting attacks, e.g.: A Boolean function used in the combiner model should: ◮ be balanced ◮ have high algebraic degree d ◮ have high nonlinearity nl ( F ) ◮ be resilient of high order t A ( n , n ) -function used in the SPN paradigm should ◮ be balanced ( ⇔ bijective) ◮ have high nonlinearity N F ◮ have low differential uniformity δ F Luca Mariot Boolean Functions, S-Boxes and Evolutionary Algorithms

  8. Bounds and Trade-offs Most of these properties cannot be satisfied simultaneously! Bounds for Boolean functions : ◮ Covering Radius : nl ( f ) ≤ 2 n − 1 − 2 2 − 1 (met by bent functions) n ◮ Siegenthaler : d ≤ n − t − 1 ◮ Tarannikov : nl ( f ) ≤ 2 n − 1 − 2 t + 1 Bounds for S-Boxes : ◮ Covering Radius : N F ≤ 2 n − 1 − 2 n 2 − 1 (met by bent functions) ◮ Sidelnikov-Chabaud-Vaudenay : N F ≤ 2 n − 1 − 2 n − 1 2 (met by AB functions) ◮ Differential Uniformity : δ F ≥ 2 (met by APN functions) Luca Mariot Boolean Functions, S-Boxes and Evolutionary Algorithms

  9. Constructions of good Boolean Functions and S-Boxes ◮ Number of Boolean functions of n variables: 2 2 n n 3 4 5 6 7 8 2 2 n 4 . 3 · 10 9 1 . 8 · 10 19 3 . 4 · 10 38 1 . 2 · 10 77 256 65536 ◮ ⇒ too huge for exhaustive search when n > 5! In practice, one usually resorts to: ◮ Algebraic constructions ( Maiorana-McFarland, Rothaus,... ) [Carlet10] ◮ Combinatorial optimization techniques ◮ Simulated Annealing [Clark04] ◮ Evolutionary Algorithms [Millan98] ◮ Swarm Intelligence [Mariot15b], ... Luca Mariot Boolean Functions, S-Boxes and Evolutionary Algorithms

  10. Summary Part 2: Combinatorial Optimization and Evolutionary Algorithms Luca Mariot Boolean Functions, S-Boxes and Evolutionary Algorithms

  11. Combinatorial Optimization ◮ Combinatorial Optimization Problem: map P : I → S from a set I of problem instances to a family S of solution spaces ◮ S = P ( I ) is a finite set equipped with a fitness function fit : S → R , giving a score to candidate solutions x ∈ S ◮ Optimization goal: find x ∗ ∈ S such that: Minimization: Maximization: x ∗ = argmin x ∈ S { fit ( x ) } x ∗ = argmax x ∈ S { fit ( x ) } ◮ Heuristic optimization algorithm: iteratively tweaks a (set of) candidate solution(s) using fit to drive the search Luca Mariot Boolean Functions, S-Boxes and Evolutionary Algorithms

  12. Hill Climbing and Simulated Annealing ◮ Let d S : S × S → R be a distance over the solution space S , and assume there is a minimum distance d m ∈ R such that d S ( x , x ′ ) ≥ d m for all x , x ′ ∈ S . ◮ Neighborhood of a solution x ∈ S : N ( x ) = { y ∈ S : ∀ z ∈ S d S ( z , x ) ≥ d S ( y , x ) } ◮ Hill Climbing: always choose y in N ( x ) with better fitness ◮ Simulated Annealing: acceptance probability defined as:  1 if f ( x ) < f ( y ) [ f ( x ) > f ( y )] ,    P a =  � � | f ( y ) − f ( x ) | −   T if f ( x ) ≥ f ( y ) [ f ( x ) ≤ f ( y )] e ,   Temperature T updated as T ← α T , where α ∈ ( 0 , 1 ) . Luca Mariot Boolean Functions, S-Boxes and Evolutionary Algorithms

  13. Genetic Algorithms (GA) – Genetic Programming (GP) Optimization algorithms loosely based on evolutionary principles, introduced respectively by J. Holland (1975) and J. Koza (1989) ◮ Work on a coding of the candidate solutions ◮ Evolve in parallel a population of solutions. ◮ Black-box optimization : use only the fitness function to optimize the solutions. ◮ Use Probabilistic operators to evolve the solutions GA Encoding : Typically, an individual is represented with a fixed-length bitstring 0 1 1 1 1 0 0 0 ⇓ f ( x 1 , x 2 , x 3 ) = x 1 · x 2 ⊕ x 1 ⊕ x 2 ⊕ x 3 Luca Mariot Boolean Functions, S-Boxes and Evolutionary Algorithms

  14. Genetic Algorithms (GA) – Genetic Programming (GP) ◮ GP Encoding : an individual is represented by a tree ◮ Terminal nodes: input variables of a program ◮ Internal nodes: operators (e.g. AND, OR, NOT, XOR, ...) f ( x 1 , x 2 , x 3 , x 4 ) = ( x 1 AND x 2 ) OR ( x 3 XOR x 4 ) OR AND XOR x 3 x 1 x 2 x 4 Luca Mariot Boolean Functions, S-Boxes and Evolutionary Algorithms

  15. The EA Loop Crossover Mutation Initialize Fitness Selection Population Evaluation No Output Best Replace Terminate? Solution Yes Luca Mariot Boolean Functions, S-Boxes and Evolutionary Algorithms

  16. Selection Roulette-Wheel Selection (RWS) : the probability of selecting an individual is proportional to its fitness Tournament Selection (TS) : Randomly sample t individuals from the population and select the fittest one. Individual 1 46.6 % 2.0 % 1.3 % Individual 6 5.1 % Individual 5 24.6 % Individual 4 20.4 % Individual 2 Individual 3 Generational Breeding : Draw as many pairs as population size Steady-State Breeding : Select only a single pair Luca Mariot Boolean Functions, S-Boxes and Evolutionary Algorithms

  17. Crossover Idea : Recombine the genes of two parents individuals to create the offspring (Exploitation) GA Example: One-Point Crossover p 1 c 1 0 1 0 1 0 1 1 0 0 1 0 0 1 0 1 1 χ � χ point p 2 c 2 1 0 0 0 1 0 1 1 1 0 0 1 0 1 1 0 GP Example: Subtree Crossover χ point χ point Swap subtrees Luca Mariot Boolean Functions, S-Boxes and Evolutionary Algorithms

  18. Mutation Idea : Introduce new genetic material in the offspring (Exploration) GA Example : Bit-flip mutation ↓ r < p µ 1 0 0 0 1 0 1 1 ⇓ µ 1 0 1 0 1 0 1 1 GP Example : Subtree mutation µ point Generate random subtree Luca Mariot Boolean Functions, S-Boxes and Evolutionary Algorithms

  19. Replacement and Termination ◮ Elitism : keep the best individual from the previous generation ◮ Termination : several criteria such as budget of fitness evaluations, solutions diversity, ... Image credit: https://xkcd.com/720/ Luca Mariot Boolean Functions, S-Boxes and Evolutionary Algorithms

  20. Summary of Contributions Part 3: Evolving Boolean Functions and S-Boxes Luca Mariot Boolean Functions, S-Boxes and Evolutionary Algorithms

  21. Direct Search of Boolean Functions [Millan98] ◮ GA encoding: represent the truth tables as 2 n -bit strings ◮ Fitness function measuring nonlinearity, algebraic degree, and deviation from correlation-immunity ◮ Specialized crossover and mutation operators for preserving balancedness Crossover Idea: Use counters to keep track of the multiplicities of zeros and ones p 1 0 1 0 1 0 1 1 0 χ ⇒ c 1 1 0 0 1 1 0 0 p 2 1 0 0 0 1 0 1 1 count[1] = 4 fill with 0 ◮ GP has better performance than GA with direct search [Picek16] Luca Mariot Boolean Functions, S-Boxes and Evolutionary Algorithms

  22. Spectral Inversion [Clark04] ◮ Applying the Inverse Walsh Transform to a generic spectrum yields a pseudoboolean function f : F n 2 → R S f = ( 0 , − 4 , − 2 , 2 , 2 , 4 , 4 , − 2 ) ⇓ ˆ F − 1 Ω ˆ f = ( 0 , 0 , 0 , − 1 , 0 , − 1 , 2 ) ◮ New objective: minimize the deviation of Walsh spectra which satisfy the desired cryptographic constraints ◮ Heuristic techniques proposed for this optimization problem: ◮ Clark et al. [Clark04]: Simulated Annealing (SA) ◮ Mariot and Leporati [Mariot15a]: Genetic Algorithms (GA) Luca Mariot Boolean Functions, S-Boxes and Evolutionary Algorithms

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Evolutionary Algorithms CS 478 - Evolutionary Algorithms 1 Evolutionary Computation/Algorithms

Evolutionary Algorithms CS 478 - Evolutionary Algorithms 1 Evolutionary Computation/Algorithms

Evolutionary Algorithms CS 478 - Evolutionary Algorithms 1 Evolutionary Computation/Algorithms Genetic Algorithms l Simulate natural evolution of structures via selection and reproduction, based on performance (fitness) l Type of

524 views • 30 slides
Functions on Finite Fields, Boolean Functions, and S-Boxes Gary McGuire Claude Shannon Institute

Functions on Finite Fields, Boolean Functions, and S-Boxes Gary McGuire Claude Shannon Institute

Functions on Finite Fields, Boolean Functions, and S-Boxes Gary McGuire Claude Shannon Institute www.shannoninstitute.ie and School of Mathematical Sciences University College Dublin Ireland 1 July, 2013 Gary McGuire Functions on Finite

566 views • 24 slides
Cryptographic Criteria of Boolean Functions and S-Boxes Luca Mariot luca.mariot@unimib.it Guest

Cryptographic Criteria of Boolean Functions and S-Boxes Luca Mariot luca.mariot@unimib.it Guest

University of Milano-Bicocca Department of Informatics, Systems and Communications Cryptographic Criteria of Boolean Functions and S-Boxes Luca Mariot luca.mariot@unimib.it Guest Lecture for Digital Communication Durham March 18, 2019

581 views • 25 slides
Outline DM812 METAHEURISTICS Lecture 6 Evolutionary Algorithms 1. Evolutionary Algorithms

Outline DM812 METAHEURISTICS Lecture 6 Evolutionary Algorithms 1. Evolutionary Algorithms

Evolutionary Algorithms Outline DM812 METAHEURISTICS Lecture 6 Evolutionary Algorithms 1. Evolutionary Algorithms Marco Chiarandini Department of Mathematics and Computer Science University of Southern Denmark, Odense, Denmark

596 views • 6 slides
Boolean Functions Boolean Expressions Let B = { 0 , 1 } . 1 ... true, 0 ... false Let x 1 , x 2 ,

Boolean Functions Boolean Expressions Let B = { 0 , 1 } . 1 ... true, 0 ... false Let x 1 , x 2 ,

Boolean Functions Boolean Expressions Let B = { 0 , 1 } . 1 ... true, 0 ... false Let x 1 , x 2 , . . . , x n be boolean variables. Boolean Function of Arity n Semantics and Verification 2005 Abstract Syntax for Boolean Expressions ( x ranges

382 views • 4 slides
On APN permutations Marco Calderini University of Trento Boolean Functions and their

On APN permutations Marco Calderini University of Trento Boolean Functions and their

On APN permutations Marco Calderini University of Trento Boolean Functions and their Applications July 3-8, 2017 Cryptographic motivations Some cryptographic primitives, as block ciphers, have components called S-boxes. Often an S-box is a

816 views • 37 slides
Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about

Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about

Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about digital signatures... A Tale of Two Boxes A Tale of Two Boxes Much of today s applied cryptography works with two magic boxes A Tale of Two Boxes

1.37k views • 120 slides
Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about

Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about

Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about digital signatures... A Tale of Two Boxes A Tale of Two Boxes Much of today s applied cryptography works with two magic boxes A Tale of Two Boxes

1.68k views • 129 slides
Quantum algorithms for the hidden shift problem of Boolean functions Maris Ozols University of

Quantum algorithms for the hidden shift problem of Boolean functions Maris Ozols University of

Quantum algorithms for the hidden shift problem of Boolean functions Maris Ozols University of Waterloo, IQC and NEC Labs Joint work with: Martin R otteler (NEC Labs) (NEC Labs) J er emie Roland Andrew Childs (University of

1.51k views • 74 slides
Computing M o bius Transforms of Boolean Functions and Characterising Coincident Boolean

Computing M o bius Transforms of Boolean Functions and Characterising Coincident Boolean

+ + Computing M o bius Transforms of Boolean Functions and Characterising Coincident Boolean Functions Josef Pieprzyk and Xian-Mo Zhang Department of Computing Macquarie University, Australia + 1 + + Outline The M o bius

415 views • 26 slides
Graph-Based Graph-Based Algorithms for Algorithms for Boolean Function Boolean Function

Graph-Based Graph-Based Algorithms for Algorithms for Boolean Function Boolean Function

Graph-Based Graph-Based Algorithms for Algorithms for Boolean Function Boolean Function Manipulation Manipulation Introduction Introduction Boolean algebra forms a corner stone of Computer system &amp; Digital design. So, we need

628 views • 23 slides
W4231: Analysis of Algorithms Boolean Formulae 11/23/99 A Boolean formula is an expression that

W4231: Analysis of Algorithms Boolean Formulae 11/23/99 A Boolean formula is an expression that

W4231: Analysis of Algorithms Boolean Formulae 11/23/99 A Boolean formula is an expression that we can build starting from Boolean variables x 1 , . . . , x n , . . . and then using (AND) NP-completeness of 3SAT, Minimum Vertex

230 views • 5 slides
Associative dyadic boolean functions Goals Def: A Boolean function f : { 0 , 1 } 2 { 0 , 1 }

Associative dyadic boolean functions Goals Def: A Boolean function f : { 0 , 1 } 2 { 0 , 1 }

Associative dyadic boolean functions Goals Def: A Boolean function f : { 0 , 1 } 2 { 0 , 1 } is associative if define associative Boolean functions (and classify them). Chapter 3: Trees f ( f ( 1 , 2 ) , 3 ) = f ( 1 , f ( 2 ,

61 views • 5 slides
Evolutionary Algorithms To use evolutionary algorithms your must: Fitness Define your

Evolutionary Algorithms To use evolutionary algorithms your must: Fitness Define your

Evolutionary Algorithms To use evolutionary algorithms your must: Fitness Define your problem Define your genotype Identify your phenotype Define the genotype -&gt; phenotype translation Define crossover and mutation

307 views • 8 slides
Polynomial threshold functions and Boolean threshold circuits Kristoffer Arnsfelt Hansen 1

Polynomial threshold functions and Boolean threshold circuits Kristoffer Arnsfelt Hansen 1

Polynomial threshold functions and Boolean threshold circuits Kristoffer Arnsfelt Hansen 1 Vladimir V. Podolskii 2 1 Aarhus University 2 Steklov Mathematical Institute MFCS 2013 1 / 27 Boolean Threshold Functions Boolean function f : { a , b } n

927 views • 44 slides
Correlation Immune and Resilient Generalized Boolean Functions Thor Martinsen, PhD Commander, US

Correlation Immune and Resilient Generalized Boolean Functions Thor Martinsen, PhD Commander, US

Correlation Immune and Resilient Generalized Boolean Functions Thor Martinsen, PhD Commander, US Navy Assistant Professor Naval Postgraduate School 3rd International Workshop on Boolean Functions and their Applications June 19, 2018 Loen,

789 views • 31 slides
Solving Optimization Problems Debasis Samanta IIT Kharagpur dsamanta@sit.iitkgp.ernet.in

Solving Optimization Problems Debasis Samanta IIT Kharagpur dsamanta@sit.iitkgp.ernet.in

Solving Optimization Problems Debasis Samanta IIT Kharagpur dsamanta@sit.iitkgp.ernet.in 06.03.2018 Debasis Samanta (IIT Kharagpur) Soft Computing Applications (IT60108) 06.03.2018 1 / 22 Introduction to Solving Optimization Problems

717 views • 46 slides
CS 188: Artificial Intelligence Constraint Satisfaction Problems II Instructors: Dan Klein and

CS 188: Artificial Intelligence Constraint Satisfaction Problems II Instructors: Dan Klein and

CS 188: Artificial Intelligence Constraint Satisfaction Problems II Instructors: Dan Klein and Pieter Abbeel University of California, Berkeley [These slides were created by Dan Klein and Pieter Abbeel for CS188 Intro to AI at UC Berkeley. All

222 views • 19 slides
Binary-Coded Genetic Algorithm Lecture 22 ME EN 575 Andrew Ning aning@byu.edu Outline

Binary-Coded Genetic Algorithm Lecture 22 ME EN 575 Andrew Ning aning@byu.edu Outline

Binary-Coded Genetic Algorithm Lecture 22 ME EN 575 Andrew Ning aning@byu.edu Outline Overview Binary-Coded GA Overview Genetic algorithms (GAs) are based on three main concepts: Algorithm Important differences from our past algorithms:

475 views • 10 slides
t rt

t rt

tr t tr rr rr

347 views • 21 slides
Scaling Populations of a Genetic Algorithm for Job Shop Scheduling Problems using MapReduce

Scaling Populations of a Genetic Algorithm for Job Shop Scheduling Problems using MapReduce

Scaling Populations of a Genetic Algorithm for Job Shop Scheduling Problems using MapReduce Di-Wei Huang and Jimmy Lin University of Maryland 12/01/2010 MAPRED'2010 1 Introduction Genetic algorithms (GA) Alternative methods for

1.04k views • 23 slides
Sloppy and Genetic Algorithms for Low-Emittance Tuning at CESR Ivan Bazarov, William Bergan,

Sloppy and Genetic Algorithms for Low-Emittance Tuning at CESR Ivan Bazarov, William Bergan,

Sloppy and Genetic Algorithms for Low-Emittance Tuning at CESR Ivan Bazarov, William Bergan, Cameron Duncan, Acknowledgements: David Rubin, Jim Sethna DOE DE-SC0013571 Cornell University CESR Sloppy Models Problem Statement Minimize one

1.11k views • 96 slides
Uni.lu HPC School 2019 PS10b: Python II (Advanced) Parallel Machine learning and Evolutionary

Uni.lu HPC School 2019 PS10b: Python II (Advanced) Parallel Machine learning and Evolutionary

Uni.lu HPC School 2019 PS10b: Python II (Advanced) Parallel Machine learning and Evolutionary Computation Uni.lu High Performance Computing (HPC) Team E. Kieffer University of Luxembourg (UL), Luxembourg http://hpc.uni.lu E. Kieffer &amp;

246 views • 13 slides
PROBABILISTIC ANALYSIS OF THE ( 1 + 1 )-EVOLUTIONARY ALGORITHM Hsien-Kuei Hwang (joint with Alois

PROBABILISTIC ANALYSIS OF THE ( 1 + 1 )-EVOLUTIONARY ALGORITHM Hsien-Kuei Hwang (joint with Alois

PROBABILISTIC ANALYSIS OF THE ( 1 + 1 )-EVOLUTIONARY ALGORITHM Hsien-Kuei Hwang (joint with Alois Panholzer, Nicolas Rolin, Tsung-Hsi Tsai, Wei-Mei Chen ) October 13, 2017 1/59 MIT: EVOLUTONARY COMPUTATION 2/59 WE ARE ALWAYS SEARCHING &amp;

904 views • 67 slides

More recommend