correlation of quadratic boolean functions cryptanalysis
play

Correlation of Quadratic Boolean Functions: Cryptanalysis of All - PowerPoint PPT Presentation

Aug 23, 2023 •102 likes •659 views

Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Correlation of Quadratic Boolean Functions: Cryptanalysis of All Versions of Full MORUS Siwei Sun Joint work

  1. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Correlation of Quadratic Boolean Functions: Cryptanalysis of All Versions of Full MORUS Siwei Sun Joint work with: Danping Shi Yu Sasaki Chaoyun Li Lei Hu Chinese Academy of Sciences, China NTT Secure Platform Laboratories, Japan imec-COSIC, Dept. Electrical Engineering (ESAT), KU Leuven, Belgium December 14, 2019 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 1 / 38

  2. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Outlines Correlation and Linear Cryptanalysis 1 Correlation of Quadratic Boolean Functions 2 Cryptanalysis of MORUS 3 Conclusion and Discussion 4 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 2 / 38

  3. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Outline Correlation and Linear Cryptanalysis 1 Correlation of Quadratic Boolean Functions 2 Cryptanalysis of MORUS 3 Conclusion and Discussion 4 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 3 / 38

  4. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Correlation Let f : F n 2 → F 2 be a Boolean function with ANF � f ( ① ) = a ✉ ① ✉ , ✉ ∈ F n 2 where ① = ( x 1 , · · · , x n ) , ✉ = ( u 1 , · · · , u n ) , a ✉ ∈ F 2 , and ① ✉ = � n i =1 x u i i . Definition (Correlation) The correlation of an n -variable Boolean function f is cor ( f ) = 1 2 ( − 1) f ( ① ) , and the weight of the correlation is � ① ∈ F n 2 n defined as − log 2 | cor ( f ) | . Pr ( f = 0) = 1 2 + 1 2 cor ( f ) Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 3 / 38

  5. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Linear Cryptanalysis S U S 0 S 1 S k − 1 S k Init F F · · · F F α 0 α 1 α k − 2 α k − 1 α k β − 1 β 0 β 1 β k − 2 β k − 1 γ 0 γ 1 γ k − 1 γ k G G · · · G G λ k − 1 λ 0 λ 1 λ k Z 0 Z 1 Z k − 1 Z k �� k i =0 λ i Z i � Object: max | cor | i =0 λ i Z i is a Boolean function whose variables are bits Note that � k of S 0 . Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 4 / 38

  6. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Definition (Correlation) The correlation of an n -variable Boolean function f is cor ( f ) = 1 2 ( − 1) f ( ① ) , and the weight of the correlation is � ① ∈ F n 2 n defined as − log 2 | cor ( f ) | . Brute force the input Graph-based method [TIM + 18] ... ... Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 5 / 38

  7. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Outline Correlation and Linear Cryptanalysis 1 Correlation of Quadratic Boolean Functions 2 Cryptanalysis of MORUS 3 Conclusion and Discussion 4 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 6 / 38

  8. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Definition (Disjoint Quadratic Boolean Function) A quadratic Boolean function f ( x 1 , · · · , x n ) is disjoint if no variable x i appears in more than one quadratic term. Example x 1 x 2 + x 3 x 4 x 1 x 3 + x 2 x 4 + x 2 + x 5 Counter-Example x 1 x 2 + x 2 x 3 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 6 / 38

  9. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion lemma Let f = x i 1 x i 2 + · · · + x i 2 k − 1 x i 2 k + x j 1 + · · · + x j s be a disjoint quadratic Boolean function. Then the correlation of f is � k t =1 Coe f ( x i 2 t − 1 ) Coe f ( x i 2 t ) · 2 − k  ( − 1) { j 1 , · · · , j s } ⊆ { i 1 , · · · , i 2 k }   0 { j 1 , · · · , j s } � { i 1 , · · · , i 2 k }   where Coe f ( ① ✉ ) denotes the coefficient of the monomial ① ✉ in the ANF of f . Examples | cor ( x 1 x 2 + x 3 x 4 ) | = 2 − 2 | cor ( x 1 x 3 + x 2 x 4 + x 2 + x 5 ) | = 0 | cor ( x 1 x 3 + x 2 x 4 + x 2 + x 3 ) | = 2 − 2 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 7 / 38

  10. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Idea Given a quadratic Boolean function, transform it into a disjoint quadratic Boolean function such that the transformation is correlation invariant (up to a minus sign). Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 8 / 38

  11. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Example f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 9 / 38

  12. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Example f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 9 / 38

  13. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Example f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 2 ( x 1 + x 3 + x 4 ) + x 1 x 5 + x 1 + x 2 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 9 / 38

  14. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Example f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 2 ( x 1 + x 3 + x 4 ) + x 1 x 5 + x 1 + x 2 x 1 ← x 1 + x 3 + x 4 x j ← x j , j � = 1 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 9 / 38

  15. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Example f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 2 ( x 1 + x 3 + x 4 ) + x 1 x 5 + x 1 + x 2 x 1 ← x 1 + x 3 + x 4 x j ← x j , j � = 1 f = x 1 x 2 + x 1 x 5 + x 3 x 5 + x 4 x 5 + x 1 + x 3 + x 4 + x 2 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 9 / 38

  16. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Example f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 2 ( x 1 + x 3 + x 4 ) + x 1 x 5 + x 1 + x 2 x 1 ← x 1 + x 3 + x 4 x j ← x j , j � = 1 f = x 1 x 2 + x 1 x 5 + x 3 x 5 + x 4 x 5 + x 1 + x 3 + x 4 + x 2 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 9 / 38

  17. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Example f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 2 ( x 1 + x 3 + x 4 ) + x 1 x 5 + x 1 + x 2 x 1 ← x 1 + x 3 + x 4 x j ← x j , j � = 1 f = x 1 x 2 + x 1 x 5 + x 3 x 5 + x 4 x 5 + x 1 + x 3 + x 4 + x 2 f = x 1 ( x 2 + x 5 ) + x 3 x 5 + x 4 x 5 + x 1 + x 3 + x 4 + x 2 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 9 / 38

  18. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Example f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 2 ( x 1 + x 3 + x 4 ) + x 1 x 5 + x 1 + x 2 x 1 ← x 1 + x 3 + x 4 x j ← x j , j � = 1 f = x 1 x 2 + x 1 x 5 + x 3 x 5 + x 4 x 5 + x 1 + x 3 + x 4 + x 2 f = x 1 ( x 2 + x 5 ) + x 3 x 5 + x 4 x 5 + x 1 + x 3 + x 4 + x 2 x 2 ← x 2 + x 5 x j ← x j , j � = 2 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 9 / 38

  19. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Example f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 2 ( x 1 + x 3 + x 4 ) + x 1 x 5 + x 1 + x 2 x 1 ← x 1 + x 3 + x 4 x j ← x j , j � = 1 f = x 1 x 2 + x 1 x 5 + x 3 x 5 + x 4 x 5 + x 1 + x 3 + x 4 + x 2 f = x 1 ( x 2 + x 5 ) + x 3 x 5 + x 4 x 5 + x 1 + x 3 + x 4 + x 2 x 2 ← x 2 + x 5 x j ← x j , j � = 2 f = x 1 x 2 + x 3 x 5 + x 4 x 5 + x 1 + x 2 + x 3 + x 4 + x 5 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 9 / 38

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Correlation Immune and Resilient Generalized Boolean Functions Thor Martinsen, PhD Commander, US

Correlation Immune and Resilient Generalized Boolean Functions Thor Martinsen, PhD Commander, US

Correlation Immune and Resilient Generalized Boolean Functions Thor Martinsen, PhD Commander, US Navy Assistant Professor Naval Postgraduate School 3rd International Workshop on Boolean Functions and their Applications June 19, 2018 Loen,

789 views • 31 slides
Generalized Correlation Analysis of Vectorial Boolean Functions Claude Carlet, Khoongming Khoo,

Generalized Correlation Analysis of Vectorial Boolean Functions Claude Carlet, Khoongming Khoo,

Generalized Correlation Analysis of Vectorial Boolean Functions Claude Carlet, Khoongming Khoo, Chu-Wee Lim and Chuan-Wen Loe Introduction Correlation Attack of Vectorial Stream Ciphers In this talk, we shall improve correlation attacks on

547 views • 41 slides
Asymptotic enumeration of correlation-immune functions E. Rodney Canfield Jason Gao Catherine

Asymptotic enumeration of correlation-immune functions E. Rodney Canfield Jason Gao Catherine

Asymptotic enumeration of correlation-immune functions E. Rodney Canfield Jason Gao Catherine Greenhill Brendan D. McKay Robert W. Robinson Correlation-immune functions 1 Correlation-immune functions Suppose we have a secret Boolean function

483 views • 32 slides
Asymptotic enumeration of correlation-immune functions E. Rodney Canfield Jason Gao Catherine

Asymptotic enumeration of correlation-immune functions E. Rodney Canfield Jason Gao Catherine

Asymptotic enumeration of correlation-immune functions E. Rodney Canfield Jason Gao Catherine Greenhill Brendan D. McKay Robert W. Robinson Correlation-immune functions 1 Correlation-immune functions Suppose we have a secret Boolean function

469 views • 31 slides
Correlation-immune Boolean functions and counter-measures to side channel attacks Claude Carlet

Correlation-immune Boolean functions and counter-measures to side channel attacks Claude Carlet

Correlation-immune Boolean functions and counter-measures to side channel attacks Claude Carlet LAGA, Universities of Paris 8 and Paris 13, CNRS, France Work in common with Sylvain Guilley, Telecom Paris Tech, France Outline Correlation

729 views • 39 slides
Low-weight correlation-immune Boolean functions for counter-measures to side channel attacks

Low-weight correlation-immune Boolean functions for counter-measures to side channel attacks

Low-weight correlation-immune Boolean functions for counter-measures to side channel attacks Claude Carlet LAGA, Universities of Paris 8 and Paris 13, CNRS, France and University of Bergen, Norway Work in common with Xi Chen Outline

498 views • 45 slides
Boolean Functions Boolean Expressions Let B = { 0 , 1 } . 1 ... true, 0 ... false Let x 1 , x 2 ,

Boolean Functions Boolean Expressions Let B = { 0 , 1 } . 1 ... true, 0 ... false Let x 1 , x 2 ,

Boolean Functions Boolean Expressions Let B = { 0 , 1 } . 1 ... true, 0 ... false Let x 1 , x 2 , . . . , x n be boolean variables. Boolean Function of Arity n Semantics and Verification 2005 Abstract Syntax for Boolean Expressions ( x ranges

382 views • 4 slides
3.2 Graphing Quadratic Functions The equation of a quadratic relation may be written in several

3.2 Graphing Quadratic Functions The equation of a quadratic relation may be written in several

MPM2D1 U3L2 Graphing Quadratic Functions 3.2 Graphing Quadratic Functions The equation of a quadratic relation may be written in several forms: Factored Form: Standard Form: Vertex Form: Last class, we looked at graphing equations in

195 views • 7 slides
Overview Hash Functions On Building Hash Functions From Multivariate Quadratic Equations

Overview Hash Functions On Building Hash Functions From Multivariate Quadratic Equations

Overview Hash Functions On Building Hash Functions From Multivariate Quadratic Equations Multivariate quadratic equations Olivier Billet, Thomas Peyrin, and Matt Robshaw Hash functions and multivariate quadratic equations Orange Labs

299 views • 3 slides
On S-Box Reverse-Engineering: from Cryptanalysis to the Big APN Problem Lo Perrin DTU, Lyngby

On S-Box Reverse-Engineering: from Cryptanalysis to the Big APN Problem Lo Perrin DTU, Lyngby

On S-Box Reverse-Engineering: from Cryptanalysis to the Big APN Problem Lo Perrin DTU, Lyngby perrin dot leo at gmail 4th of July 2017 Boolean Functions and Their Applications The content of this talk is based on joint works with Biryukov,

1.32k views • 108 slides
Reciprocals of Quadratic Functions MHF4U: Advanced Functions A quadratic function has the form f (

Reciprocals of Quadratic Functions MHF4U: Advanced Functions A quadratic function has the form f (

r a t i o n a l f u n c t i o n s r a t i o n a l f u n c t i o n s Reciprocals of Quadratic Functions MHF4U: Advanced Functions A quadratic function has the form f ( x ) = ax 2 + bx + c in standard form, where a , b and c are real coefficients.

402 views • 3 slides
Key Terms Solve Quadratic Equations by Factoring Application of Zero Product Property Solve

Key Terms Solve Quadratic Equations by Factoring Application of Zero Product Property Solve

Slide 1 / 222 Slide 2 / 222 Algebra II Quadratic Functions 2014-10-14 www.njctl.org Slide 3 / 222 Slide 4 / 222 Table of Contents Key Terms click on the topic to go to that section Explain Characteristics of Quadratic Functions

645 views • 37 slides
Block Cipher Cryptanalysis II: Block Cipher Cryptanalysis II: Linear Cryptanalysis yp y Andrey

Block Cipher Cryptanalysis II: Block Cipher Cryptanalysis II: Linear Cryptanalysis yp y Andrey

Block Cipher Cryptanalysis II: Block Cipher Cryptanalysis II: Linear Cryptanalysis yp y Andrey Bogdanov Andrey Bogdanov K.U.Leuven, ESAT/COSIC Outline Outline Distribution of Correlation Data Complexity Linear Hulls Zero

659 views • 30 slides
d i E Quadratic functions a l l u d Dr. Abdulla Eid b A College of Science . r D

d i E Quadratic functions a l l u d Dr. Abdulla Eid b A College of Science . r D

Section 3.3 d i E Quadratic functions a l l u d Dr. Abdulla Eid b A College of Science . r D MATHS 103: Mathematics for Business I Dr. Abdulla Eid (University of Bahrain) Quadratics 1 / 10 Introduction Recall: A quadratic

349 views • 10 slides
Computing M o bius Transforms of Boolean Functions and Characterising Coincident Boolean

Computing M o bius Transforms of Boolean Functions and Characterising Coincident Boolean

+ + Computing M o bius Transforms of Boolean Functions and Characterising Coincident Boolean Functions Josef Pieprzyk and Xian-Mo Zhang Department of Computing Macquarie University, Australia + 1 + + Outline The M o bius

415 views • 26 slides
Linear Cryptanalysis of Stream Ciphers T-79.514 Special Course on Cryptology Seminar talk Emilia

Linear Cryptanalysis of Stream Ciphers T-79.514 Special Course on Cryptology Seminar talk Emilia

Linear Cryptanalysis of Stream Ciphers T-79.514 Special Course on Cryptology Seminar talk Emilia K asper 1 Overview Basic concept of correlation attacks on stream ciphers A correlation attack on the GSM cipher A5/1 A correlation

256 views • 22 slides
Lecture 1: CS/ECE 3810 Introduction Todays topics: Why computer organization is

Lecture 1: CS/ECE 3810 Introduction Todays topics: Why computer organization is

Lecture 1: CS/ECE 3810 Introduction Todays topics: Why computer organization is important Logistics Modern trends 1 Why Computer Organization 2 Image credits: uber, extremetech, anandtech Why Computer Organization 3 Image

631 views • 24 slides
Graphics and Animation Mobile Application Development in iOS School of EECS Washington State

Graphics and Animation Mobile Application Development in iOS School of EECS Washington State

Graphics and Animation Mobile Application Development in iOS School of EECS Washington State University Instructor: Larry Holder Mobile Application Development in iOS 1 Outline iOS frameworks for graphics and animation Core Graphics

486 views • 45 slides
ACACES 2018 Summer School GPU Architectures: Basic to Advanced Concepts Adwait Jog, Assistant

ACACES 2018 Summer School GPU Architectures: Basic to Advanced Concepts Adwait Jog, Assistant

ACACES 2018 Summer School GPU Architectures: Basic to Advanced Concepts Adwait Jog, Assistant Professor College of William & Mary (http://adwaitjog.github.io/) Course Outline q Lectures 1 and 2: Basics Concepts Basics of GPU

644 views • 53 slides
Semantic Slicing of Software Version Histories Yi Li / U Toronto Julia Rubin / MIT Marsha

Semantic Slicing of Software Version Histories Yi Li / U Toronto Julia Rubin / MIT Marsha

Semantic Slicing of Software Version Histories Yi Li / U Toronto Julia Rubin / MIT Marsha Chechik / U Toronto ASE 2015 / Lincoln, NE Motivation Feb, 2015 release [1.3.8] v1.3.8 make groovy.sandbox.blacklist append-only avoid

864 views • 71 slides
An Elementary Proof of Bertrands Postulate Daniel W. Cranston Virginia Commonwealth University

An Elementary Proof of Bertrands Postulate Daniel W. Cranston Virginia Commonwealth University

An Elementary Proof of Bertrands Postulate Daniel W. Cranston Virginia Commonwealth University Davidson Math Coffee March 25, 2011 Overview Bertrands Postulate For every positive n , there exists a prime p s.t. n < p 2 n .

1.02k views • 71 slides
Parity Edge-Coloring of Graphs Douglas B. West Department of Mathematics University of Illinois

Parity Edge-Coloring of Graphs Douglas B. West Department of Mathematics University of Illinois

Parity Edge-Coloring of Graphs Douglas B. West Department of Mathematics University of Illinois at Urbana-Champaign west@math.uiuc.edu (Joint with David Bunde, Kevin Milans, Hehui Wu) Motivation What graphs embed in a k -dimensional cube?

1.04k views • 86 slides
Heegner Points, Stark-Heegner points, and values of L -series Number Theory Section Talk

Heegner Points, Stark-Heegner points, and values of L -series Number Theory Section Talk

Heegner Points, Stark-Heegner points, and values of L -series Number Theory Section Talk International Congress of Mathematicians August 2006, Madrid. Elliptic Curves E = elliptic curve over a number field F L ( E/F, s ) = its Hasse-Weil L

982 views • 39 slides
Principle of local reflexivity respecting subspaces, and approximation properties given by

Principle of local reflexivity respecting subspaces, and approximation properties given by

Principle of local reflexivity respecting subspaces, and approximation properties given by projections Eve Oja Rafael Pays birthday conference, 2015 PLR was discovered by Lindenstrauss and Rosenthal in 1969. Improved in [JRZ]=Johnson,

524 views • 13 slides

More recommend