cryptanalysis of print cipher the invariant subspace
play

Cryptanalysis of PRINT CIPHER : The Invariant Subspace Attack - PowerPoint PPT Presentation

Sep 28, 2022 •207 likes •598 views

Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Cryptanalysis of PRINT CIPHER : The Invariant Subspace Attack Gregor Leander, Mohamed Abdelraheem, Huda AlKhzaimi, and Erik Zenner DTU Mathematics

  1. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Cryptanalysis of PRINT CIPHER : The Invariant Subspace Attack Gregor Leander, Mohamed Abdelraheem, Huda AlKhzaimi, and Erik Zenner DTU Mathematics CRYPTO 2011 1 / 24

  2. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Outline Description of PRINT CIPHER 1 The Attack 2 Relation To Truncated Differential Attack 3 Conclusion 4 1 / 24

  3. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Outline Description of PRINT CIPHER 1 The Attack 2 Relation To Truncated Differential Attack 3 Conclusion 4 2 / 24

  4. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Introduction PRINT CIPHER Lightweight SPN block cipher proposed at CHES 2010. Idea: Take advantage of a key. Claim Secure against known attacks. So far: Attacks on reduced-round variants. 3 / 24

  5. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion One round of PRINT CIPHER -48 k 1(48 bits) XOR KEY P xor RC i Round Const p p p p p p p p p p p p p p p p k 2(32 bits) S S S S S S S S S S S S S S S S 48-bits block size, 48 rounds that use the same 80-bit key. Each two bits of k 2 permute 3 state bits in a certain way. Only 4 out of 6 possible permutations are allowed: p : k 2 : 00 01 10 11 Invalid 4 / 24

  6. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Simplify Things In this talk (not in the paper!): A simpler variant of PRINT CIPHER . Block size 24 Fix the permutation key Modified Sbox 5 / 24

  7. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Sbox Property Modified Sbox: S ( 000 ) = 000 S ( 001 ) = 001 S ( 010 ) = 010 S ( 100 ) = 100 Can be written as: S ( 00 ∗ ) = 00 ∗ S ( 0 ∗ 0 ) = 0 ∗ 0 S ( ∗ 00 ) = ∗ 00 Remark The original Sbox fulfils something similar. 6 / 24

  8. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Simplified Version XOR KEY k 1(24 bits) P xor RC i Round Const S S S S S S S S S ( 00 ∗ ) = 00 ∗ S ( 0 ∗ 0 ) = 0 ∗ 0 S ( ∗ 00 ) = ∗ 00 7 / 24

  9. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Outline Description of PRINT CIPHER 1 The Attack 2 Relation To Truncated Differential Attack 3 Conclusion 4 8 / 24

  10. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Let’s Focus XOR KEY S S S S S S S S Invariant Subspace for P Set of highlighted bits is mapped onto itself. 9 / 24

  11. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion What about S An Invariant Subspace alone is not a problem! Question What about the S -layer? For this: we fix some bits in the plaintext in the (XOR)-key ⇒ The attack does not work for all keys. 10 / 24

  12. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Simplified Version XOR KEY S S S S S S S S 11 / 24

  13. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Simplified Version 00 00 00 00 S S S S S S S S 11 / 24

  14. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Simplified Version 00 00 00 00 00 00 00 00 S S S S S S S S 11 / 24

  15. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Simplified Version 00 00 00 00 00 00 00 00 00 00 00 00 S S S S S S S S 11 / 24

  16. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Simplified Version ∗ ∗ ∗∗∗ ∗∗∗ ∗ ∗ ∗∗∗ ∗∗∗ 00 00 00 00 00 00 00 00 00 00 00 00 S S S S S S S S 11 / 24

  17. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Simplified Version ∗ ∗ ∗∗∗ ∗∗∗ ∗ ∗ ∗∗∗ ∗∗∗ 00 00 00 00 ∗ ∗ ∗∗∗ ∗∗∗ ∗ ∗ ∗∗∗ ∗∗∗ 00 00 00 00 00 00 00 00 S S S S S S S S 11 / 24

  18. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Simplified Version ∗ ∗ ∗∗∗ ∗∗∗ ∗ ∗ ∗∗∗ ∗∗∗ 00 00 00 00 ∗ ∗ ∗∗∗ ∗∗∗ ∗ ∗ ∗∗∗ ∗∗∗ 00 00 00 00 xor RC i 00 00 00 00 S S S S S S S S 11 / 24

  19. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Simplified Version ∗ ∗ ∗∗∗ ∗∗∗ ∗ ∗ ∗∗∗ ∗∗∗ 00 00 00 00 ∗ ∗ ∗∗∗ ∗∗∗ ∗ ∗ ∗∗∗ ∗∗∗ 00 00 00 00 xor RC i ∗ ∗ ∗∗∗ ∗∗∗ ∗ ∗ ∗∗∗ ∗∗∗ 00 00 00 00 S S S S S S S S 11 / 24

  20. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Simplified Version ∗ ∗ ∗∗∗ ∗∗∗ ∗ ∗ ∗∗∗ ∗∗∗ 00 00 00 00 ∗ ∗ ∗∗∗ ∗∗∗ ∗ ∗ ∗∗∗ ∗∗∗ 00 00 00 00 xor RC i ∗ ∗ ∗∗∗ ∗∗∗ ∗ ∗ ∗∗∗ ∗∗∗ 00 00 00 00 S S S S S S S S S ( 00 ∗ ) = 00 ∗ S ( 0 ∗ 0 ) = 0 ∗ 0 S ( ∗ 00 ) = ∗ 00 11 / 24

  21. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Simplified Version ∗ ∗ ∗∗∗ ∗∗∗ ∗ ∗ ∗∗∗ ∗∗∗ 00 00 00 00 ∗ ∗ ∗∗∗ ∗∗∗ ∗ ∗ ∗∗∗ ∗∗∗ 00 00 00 00 xor RC i ∗ ∗ ∗∗∗ ∗∗∗ ∗ ∗ ∗∗∗ ∗∗∗ 00 00 00 00 S S S S S S S S ∗ ∗ ∗∗∗ ∗∗∗ ∗ ∗ ∗∗∗ ∗∗∗ 00 00 00 00 S ( 00 ∗ ) = 00 ∗ S ( 0 ∗ 0 ) = 0 ∗ 0 S ( ∗ 00 ) = ∗ 00 11 / 24

  22. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Simplified Version ∗ ∗ ∗∗∗ ∗∗∗ ∗ ∗ ∗∗∗ ∗∗∗ 00 00 00 00 ∗ ∗ ∗∗∗ ∗∗∗ ∗ ∗ ∗∗∗ ∗∗∗ 00 00 00 00 = xor RC i ∗ ∗ ∗∗∗ ∗∗∗ ∗ ∗ ∗∗∗ ∗∗∗ 00 00 00 00 S S S S S S S S ∗ ∗ ∗∗∗ ∗∗∗ ∗ ∗ ∗∗∗ ∗∗∗ 00 00 00 00 S ( 00 ∗ ) = 00 ∗ S ( 0 ∗ 0 ) = 0 ∗ 0 S ( ∗ 00 ) = ∗ 00 11 / 24

  23. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion An Iterative One-Round Distinguisher If certain key bits are zero: Distinguisher Zero bits in the plaintext ⇒ zero bits in the ciphertext. Some Remarks: Round-constant does not help Works for the whole cipher Let’s look at PRINT CIPHER -48 12 / 24

  24. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion The Attack on PRINT CIPHER -48 00 10 00 10 00 10 00 10 ∗ ∗ ∗∗∗ ∗∗∗ ∗ ∗ ∗∗∗ ∗∗∗ ∗ ∗ ∗∗∗ ∗∗∗ ∗ ∗ ∗∗∗ ∗∗∗ 01 01 01 01 ∗ ∗ 11 ∗∗∗ ∗∗∗ ∗ ∗ 11 ∗∗∗ ∗∗∗ ∗ ∗ 11 ∗∗∗ ∗∗∗ ∗ ∗ 11 ∗∗∗ ∗∗∗ = xor RC i 00 11 00 11 00 11 00 11 ∗ ∗ ∗∗∗ ∗∗∗ ∗ ∗ ∗∗∗ ∗∗∗ ∗ ∗ ∗∗∗ ∗∗∗ ∗ ∗ ∗∗∗ ∗∗∗ S S S S S S S S S S S S S S S S 00 10 00 10 00 10 00 10 ∗ ∗ ∗∗∗ ∗∗∗ ∗ ∗ ∗∗∗ ∗∗∗ ∗ ∗ ∗∗∗ ∗∗∗ ∗ ∗ ∗∗∗ ∗∗∗ S ( 00 ∗ ) = 00 ∗ S ( 1 ∗ 0 ) = 1 ∗ 1 S ( ∗ 11 ) = ∗ 10 13 / 24

  25. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion PRINT CIPHER -48 Attack Summary Prob 1 distinguisher for full cipher 2 50 out of 2 80 keys weak. Similar for PRINT CIPHER -96 Abstraction: R ( U ⊕ d ) = U ⊕ c If k ∈ U ⊕ ( d ⊕ c ) R k ( U ⊕ d ) = U ⊕ d Thus an invariant subspace 14 / 24

  26. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Outline Description of PRINT CIPHER 1 The Attack 2 Relation To Truncated Differential Attack 3 Conclusion 4 15 / 24

  27. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion The Probability of A Characteristic Given a r -round differential characteristic p p p → α → · · · → α α Theorem Given independent round keys the average probability is p r Hypothesis of Stochastic Equivalence All keys behave similarly. 16 / 24

  28. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Two Round Characteristics K R R α α α A := { x | R ( x ) ⊕ R ( x ⊕ α ) = α } “ A is the set of good pairs” Two Rounds, fixed Key Probability of the characteristic for a key K : | ( R ( A ) ⊕ K ) � A | 2 n 17 / 24

  29. Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Two Rounds, fixed Key K R R α α α Good Pairs: A := { x | R ( x ) ⊕ R ( x ⊕ α ) = α } Probability (scaled): | ( R ( A ) ⊕ K ) � A | A R(A) +K 18 / 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Differential Cryptanalysis of Round-Reduced PRINT CIPHER : Computing Roots of Permutations

Differential Cryptanalysis of Round-Reduced PRINT CIPHER : Computing Roots of Permutations

Description of PRINT CIPHER Differential Cryptanalysis Computing roots of permutations Summary Differential Cryptanalysis of Round-Reduced PRINT CIPHER : Computing Roots of Permutations Mohamed Abdelraheem, Gregor Leander and Erik Zenner DTU

639 views • 21 slides
A Generic Approach to Invariant Subspace Attacks Cryptanalysis of Robin, iSCREAM and Zorro Gregor

A Generic Approach to Invariant Subspace Attacks Cryptanalysis of Robin, iSCREAM and Zorro Gregor

A Generic Approach to Invariant Subspace Attacks Cryptanalysis of Robin, iSCREAM and Zorro Gregor Leander 1 , Brice Minaud 2 , Sondre Rnjom 3 1 Ruhr-Universitt Bochum, Germany 2 ANSSI and Universit Rennes 1, France 3 Nasjonal

590 views • 42 slides
Block Cipher Cryptanalysis II: Block Cipher Cryptanalysis II: Linear Cryptanalysis yp y Andrey

Block Cipher Cryptanalysis II: Block Cipher Cryptanalysis II: Linear Cryptanalysis yp y Andrey

Block Cipher Cryptanalysis II: Block Cipher Cryptanalysis II: Linear Cryptanalysis yp y Andrey Bogdanov Andrey Bogdanov K.U.Leuven, ESAT/COSIC Outline Outline Distribution of Correlation Data Complexity Linear Hulls Zero

659 views • 30 slides
Statistics in Cryptanalysis Subhabrata Samajder Indian Statistical Institute, Kolkata 24 th May,

Statistics in Cryptanalysis Subhabrata Samajder Indian Statistical Institute, Kolkata 24 th May,

Statistics in Cryptanalysis Subhabrata Samajder Indian Statistical Institute, Kolkata 24 th May, 2017 0/35 Cryptanalysis of Affine Cipher Outline Cryptanalysis of Affine Cipher 1 Hypothesis Testing 2 Linear Cryptanalysis 3 0/35

1.52k views • 110 slides
/ 33 1 Cryptanalysis of Reduced round SKINNY Block Cipher Outline A brief description of

/ 33 1 Cryptanalysis of Reduced round SKINNY Block Cipher Outline A brief description of

/ 33 1 Cryptanalysis of Reduced round SKINNY Block Cipher Outline A brief description of SKINNY Zero-Correlation Linear Cryptanalysis of SKINNY MILP model for SKINNY64 cipher Using MILP in Impossible differential

420 views • 31 slides
Cryptanalysis of the Kindle Cipher Conclusion Ciphertext only key-recovery Known-plaintext

Cryptanalysis of the Kindle Cipher Conclusion Ciphertext only key-recovery Known-plaintext

1 / 22 Introduction SAC 2012 Cryptanalysis of the Kindle Cipher A. Biryukov, G. Leurent, A. Roy (uni.lu) Cryptanalysis of the Kindle Cipher Conclusion Ciphertext only key-recovery Known-plaintext key-recovery PC1 . . . . . . .

556 views • 29 slides
Block Cipher Cryptanalysis: An Overview Subhabrata Samajder Indian Statistical Institute, Kolkata

Block Cipher Cryptanalysis: An Overview Subhabrata Samajder Indian Statistical Institute, Kolkata

Block Cipher Cryptanalysis: An Overview Subhabrata Samajder Indian Statistical Institute, Kolkata 17 th May, 2017 0/52 Iterated Block Cipher Outline Iterated Block Cipher 1 S-Boxes 2 A Basic Substitution Permutation Network 3 Linear

1.58k views • 113 slides
Subspace Trail Cryptanalysis and its Applications to AES Lorenzo Grassi, Christian Rechberger and

Subspace Trail Cryptanalysis and its Applications to AES Lorenzo Grassi, Christian Rechberger and

Subspace Trail Cryptanalysis and its Applications to AES Lorenzo Grassi, Christian Rechberger and Sondre Rnjom March, 2017 www.iaik.tugraz.at Introduction In the case of AES, several alternative representations (algebraic representation [

627 views • 52 slides
Block Cipher Cryptanalysis: Basic and Advanced Techniques I

Block Cipher Cryptanalysis: Basic and Advanced Techniques I

Block Cipher Cryptanalysis: Basic and Advanced Techniques I & II Andrey Bogdanov KU Leuven, ESAT/COSIC Outline I. Block Ciphers II.

1.03k views • 79 slides
Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY

Intro to Cryptography Definitions Cryptography Cryptanalysis Cryptology CRYPTOGRAPHY Plaintext Cyphertext More definitions block cipher stream cipher hash function shared key public key digital signature

383 views • 16 slides
An Improved Cryptanalysis of Lightweight Stream Cipher Grain-v1 Miodrag J. Mihaljevi 1 , Nishant

An Improved Cryptanalysis of Lightweight Stream Cipher Grain-v1 Miodrag J. Mihaljevi 1 , Nishant

An Improved Cryptanalysis of Lightweight Stream Cipher Grain-v1 Miodrag J. Mihaljevi 1 , Nishant Sinha 2 , Sugata Gangopadhyay 2 , Subhamoy Maitra 3 , Goutam Paul 3 and Kanta Matsuura 4 1 Mathematical Institute, Serbian Academy of Sciences and

809 views • 49 slides
A Methodology for Differential-Linear Cryptanalysis and Its Applications Jiqiang Lu Presenter:

A Methodology for Differential-Linear Cryptanalysis and Its Applications Jiqiang Lu Presenter:

1. Preliminaries 2. Differential-Linear Cryptanalysis: Previous and Our Methodologies 3. Application to 13 Rounds of the DES Block Cipher 4. Application to 10 Rounds of the CTC2 Block Cipher 5. Application to 12 Rounds of the Serpent Block

1.18k views • 25 slides
A Projected Preconditioned Conjugate Gradient algorithm for computing a large invariant subspace

A Projected Preconditioned Conjugate Gradient algorithm for computing a large invariant subspace

A Projected Preconditioned Conjugate Gradient algorithm for computing a large invariant subspace of a Hermitian matrix Eugene Vecharynski Lawrence Berkeley National Laboratory joint work with Chao Yang (LBNL) and John E.Pask (LLNL) Scientific

1.02k views • 52 slides
DARXplorer a Toolbox for Cryptanalysis and Cipher Designers Dennis Hoppe Bauhaus-University

DARXplorer a Toolbox for Cryptanalysis and Cipher Designers Dennis Hoppe Bauhaus-University

DARXplorer a Toolbox for Cryptanalysis and Cipher Designers Dennis Hoppe Bauhaus-University Weimar 22nd April 2009 Dennis Hoppe (BUW) DARXplorer 22nd April 2009 1 / 31 Agenda 1 Introduction to Hash Functions 2 The ThreeFish Block Cipher 3

757 views • 42 slides
Invariant Subspace Computation in Scientific Computing: Gramian Based Model Order Reduction

Invariant Subspace Computation in Scientific Computing: Gramian Based Model Order Reduction

Invariant Subspace Computation in Scientific Computing: Gramian Based Model Order Reduction RANMEP 2008 D.C. Sorensen M. Heinkenschloss, A.C. Antoulas , M. Shah and K. Sun Support: NSF and AFOSR NCTS Taiwan, Jan 2008 SVD Type

739 views • 54 slides
A z k -invariant subspace without the wandering property Daniel Seco Universidad Carlos III de

A z k -invariant subspace without the wandering property Daniel Seco Universidad Carlos III de

A z k -invariant subspace without the wandering property Daniel Seco Universidad Carlos III de Madrid and Instituto de Ciencias Matemticas Workshop on Banach spaces and Banach lattices, ICMAT 12 th September 2019 Seco (UC3M/ICMAT) Wandering

676 views • 56 slides
An Ontology Based Anomaly Detection System for Vehicular Communications Quentin Ricard, Philippe

An Ontology Based Anomaly Detection System for Vehicular Communications Quentin Ricard, Philippe

An Ontology Based Anomaly Detection System for Vehicular Communications Quentin Ricard, Philippe Owezarski qricard@laas.fr owe@laas.fr ERTS - 2020 10th European Congress on Embedded Real Time Software and Systems January 29, 2020 Laboratoire

1.32k views • 22 slides
in Law Enforcem ent Workshop, 21-22 June 2012, JRC I spra, Italy Abstracts 1 . - Research

in Law Enforcem ent Workshop, 21-22 June 2012, JRC I spra, Italy Abstracts 1 . - Research

Open Source I ntelligence Tools in Law Enforcem ent Workshop, 21-22 June 2012, JRC I spra, Italy Abstracts 1 . - Research Manager, W est Midlands Police Counter Terrorism Unit, United Kingdom Open source intelligence - a practitioners

237 views • 3 slides
Get your message across Presentation - Module 4 How to advocate and engage with policy makers

Get your message across Presentation - Module 4 How to advocate and engage with policy makers

YouthMetre - Training Materials Get your message across Presentation - Module 4 How to advocate and engage with policy makers Introduction Media informs the citizens and shape public opinions agenda setting, opinion leaders.

647 views • 10 slides
Types and Static Semantic Analysis Stephen A. Edwards Columbia University Fall 2012 Part I

Types and Static Semantic Analysis Stephen A. Edwards Columbia University Fall 2012 Part I

Types and Static Semantic Analysis Stephen A. Edwards Columbia University Fall 2012 Part I Types Data Types What is a type? A restriction on the possible interpretations of a segment of memory or other program construct. Useful for two

606 views • 47 slides
Intelligent Information Retrieval and Presentation with Multimedia Databases Article January

Intelligent Information Retrieval and Presentation with Multimedia Databases Article January

See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/240053042 Intelligent Information Retrieval and Presentation with Multimedia Databases Article January 2003 CITATION READS 1 103 6

421 views • 6 slides
Hypermedia Presentation Adaptation on the Semantic Web Conference Paper May 2002 DOI:

Hypermedia Presentation Adaptation on the Semantic Web Conference Paper May 2002 DOI:

See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/221135987 Hypermedia Presentation Adaptation on the Semantic Web Conference Paper May 2002 DOI: 10.1007/3-540-47952-X_15 Source:

330 views • 11 slides
Sport rt Data ta Ce Cent nter er Joost N. Kok, Leiden Centre of Data Science Discover r the

Sport rt Data ta Ce Cent nter er Joost N. Kok, Leiden Centre of Data Science Discover r the

Sport rt Data ta Ce Cent nter er Joost N. Kok, Leiden Centre of Data Science Discover r the world at Leiden Univers rsity ty Dut utch ch res esearc earch h age gend nda Value of Sports Performance More people, more

297 views • 19 slides
www.focus-africa.co.za

www.focus-africa.co.za

S EMANTICA A N ET C ENTRIC A PPROACH TO A NALYSIS A N O VERVIEW AND C OMPARISON OF THE S EMANTICA A NALYSIS S OFTWARE P LATFORM B ACKGROUND Focus Africa is a private risk management company, providing risk management services to multinational

347 views • 31 slides

More recommend