cryptographic properties and applications of bipermutive
play

Cryptographic Properties and Applications of Bipermutive Cellular - PowerPoint PPT Presentation

Dec 31, 2023 •261 likes •826 views

Cryptographic Properties and Applications of Bipermutive Cellular Automata Luca Mariot Dipartimento di Informatica, Sistemistica e Comunicazione, Universit degli Studi Milano - Bicocca, l.mariot@campus.unimib.it Nice, April 16, 2014 Luca

  1. Cryptographic Properties and Applications of Bipermutive Cellular Automata Luca Mariot Dipartimento di Informatica, Sistemistica e Comunicazione, Università degli Studi Milano - Bicocca, l.mariot@campus.unimib.it Nice, April 16, 2014 Luca Mariot Cryptographic Properties and Applications of Bipermutive Cellular Automata

  2. Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments Outline Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments Luca Mariot Cryptographic Properties and Applications of Bipermutive Cellular Automata

  3. Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments Outline Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments Luca Mariot Cryptographic Properties and Applications of Bipermutive Cellular Automata

  4. Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments One-Dimensional Cellular Automata Definition A finite boolean one-dimensional cellular automaton (CA) is a triple � n , r , f � where n ∈ N is the number of cells, r ∈ N is the radius and f : F 2 r + 1 → F 2 is a boolean function specifying the CA local rule. 2 ◮ During a single time step, a cell i updates its boolean state c i in parallel by computing f ( c i − r , ··· , c i , ··· , c i + r ) ◮ Periodic CA: Each cell updates its state, and the array of n cells is seen as a ring, with the first cell following the last one ◮ No Boundary CA: only the central cells i ∈ { r + 1 , ··· , n − r } update their states; the array shrinks by 2 r cells at each time step Luca Mariot Cryptographic Properties and Applications of Bipermutive Cellular Automata

  5. Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments Cryptographic Pseudorandom Numbers Generators ◮ Cryptography heavily relies upon the use of pseudorandom numbers, especially in the context of Vernam-like stream ciphers ◮ Cellular Automata provide an interesting framework to design Cryptographic PRNGs, for two reasons: ◮ Some CAs show a chaotic dynamic behaviour, which can be exploited to make cryptanalysis harder. ◮ CAs are massively parallel systems, and can be efficiently implemented in hardware (FPGA, etc.) ◮ The first CA-based cryptographic PRNG dates back to [Wolfram, 1986] Luca Mariot Cryptographic Properties and Applications of Bipermutive Cellular Automata

  6. Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments Wolfram’s PRNG ◮ Main idea: sample the trace of a particular cell in a CA equipped with the elementary rule 30 (radius r = 1) as a pseudorandom sequence, using a random initial configuration as seed Example with 16 cells CA, 8 th cell sampled. Wolfram suggested to use a CA having at least n = 127 cells ◮ Pseudorandom quality of the generated sequences assessed only by means of statistical tests Luca Mariot Cryptographic Properties and Applications of Bipermutive Cellular Automata

  7. Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments Statistical Tests and Cryptographic Properties ◮ Statistical testing is a necessary but not sufficient condition to verify the cryptographic robustness of a PRNG ◮ A failed test can be used to discard a bad generator: the null hypothesis H 0 “The generated numbers are random” is rejected ◮ On the other hand, a passed test cannot be used to prove the security of a generator ◮ There are several properties that a boolean function used in a cryptographic PRNG should satisfy, in order to resist to specific attacks Luca Mariot Cryptographic Properties and Applications of Bipermutive Cellular Automata

  8. Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments Mathematical Transforms of Boolean Functions Some cryptographic properties of a boolean function f : F m 2 → F 2 can be characterized through the following discrete transforms: ◮ Walsh transform: f ( x ) · ( − 1 ) ω · x , ∀ ω ∈ F m F ( ω ) = ∑ ˆ ˆ 2 x ∈ F m 2 ◮ Autocorrelation function: r ( s ) = ∑ ˆ f ( x ) · ˆ f ( x ⊕ s ) , ∀ s ∈ F m ˆ 2 x ∈ F m 2 where ˆ f ( x ) = ( − 1 ) f ( x ) , ˆ f ( x ⊕ s ) = ( − 1 ) f ( x ⊕ s ) and ω · x denotes the usual dot product on F m 2 between ω and x Luca Mariot Cryptographic Properties and Applications of Bipermutive Cellular Automata

  9. Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments Cryptographic Properties of Boolean Functions (1/2) Some important cryptographic properties for a boolean function f : ◮ Balancedness: The counterimages f − 1 ( 0 ) and f − 1 ( 1 ) have the same cardinality, 2 m − 1 . This is verified if and only if ˆ F ( 0 ) = 0 ◮ Algebraic Degree: The degree of the Algebraic Normal Form of f should be as high as possible. A boolean function with degree 1 is called affine or linear ◮ Nonlinearity: The Hamming distance of f from the set of affine functions should be as high as possible. It is computed as Nl ( f ) = 2 − 1 ( 2 m − W max ( f )) , where W max ( f ) is the maximum absolute value of ˆ F ( ω ) for all ω ∈ F m 2 Luca Mariot Cryptographic Properties and Applications of Bipermutive Cellular Automata

  10. Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments Cryptographic Properties of Boolean Functions (2/2) ◮ Resiliency: f is k -resilient if by fixing at most k variables the resulting restrictions are all balanced. This is verified if and only if ˆ F ( ω ) = 0 for all ω having Hamming weight at most k . ◮ Strict Avalanche Criterion: f satisfies the SAC if, by complementing a single input variable, the probability that the output changes is 1 / 2. ◮ Propagation Criterion: f satisfies PC ( l ) if for all vectors s ∈ F m 2 having Hamming weight at most l it results that ˆ r ( s ) = 0. The Strict Avalanche Criterion corresponds to PC ( 1 ) ◮ Absence of Linear Structures: there should be no nonzero vector s ∈ F m 2 such that f ( x ) f ( x ⊕ s ) is constant. This condition is r ( s ) | � = 2 m verified if and only if | ˆ Luca Mariot Cryptographic Properties and Applications of Bipermutive Cellular Automata

  11. Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments Cryptographic Properties of Elementary CA Rules ◮ The elementary rule 30 used by Wolfram is both balanced and nonlinear, but it is not 1-resilient. ◮ More generally, [Martin, 2008] showed that there are no elementary rules which are both nonlinear and 1-resilient ◮ CA-based PRNGs using nonlinear elementary rules are thus vulnerable to correlation attacks ◮ Consequence: necessity to explore the sets of rules having radii r > 1 to find good trade-offs between cryptographic properties and pseudorandom quality of the generated sequences Luca Mariot Cryptographic Properties and Applications of Bipermutive Cellular Automata

  12. Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments Outline Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments Luca Mariot Cryptographic Properties and Applications of Bipermutive Cellular Automata

  13. Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments Permutive and Bipermutive Functions Notation: by ( x , ˜ x { i } ) we denote the vector x , x i ,..., x m − 1 ) ∈ F m ( x , ˜ x { i } ) = ( x 1 ,..., x i − 1 , ˜ 2 , where x ∈ F m − 1 and ˜ x ∈ F 2 . 2 Definition 2 → F 2 is i -permutive if, for all x ∈ F m − 1 A boolean function f : F m , it 2 results that f ( x , 0 { i } ) � = f ( x , 1 { i } ) . Function f is called: ◮ leftmost (rightmost) permutive if it is 1-permutive ( m -permutive) ◮ bipermutive if it is both leftmost and rightmost permutive Luca Mariot Cryptographic Properties and Applications of Bipermutive Cellular Automata

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Symbolic verification of cryptographic protocols using Tamarin Part 3 : Security Properties and

Symbolic verification of cryptographic protocols using Tamarin Part 3 : Security Properties and

Symbolic verification of cryptographic protocols using Tamarin Part 3 : Security Properties and Algorithmic Verification David Basin ETH Zurich Summer School on Verification Technology, Systems & Applications Nancy France August 2018

1.23k views • 78 slides
Analysing privacy-type properties in cryptographic protocols Stphanie Delaune Univ Rennes,

Analysing privacy-type properties in cryptographic protocols Stphanie Delaune Univ Rennes,

Analysing privacy-type properties in cryptographic protocols Stphanie Delaune Univ Rennes, CNRS, IRISA, France Thursday, July 12th, 2018 Cryptographic protocols everywhere ! Cryptographic protocols small programs designed to secure

849 views • 80 slides
Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified Cryptographic Web Applications in WASM May. 22 st , 2019 1 / 22 in WebAssembly Jonathan Protzenko Microsoft Research Benjamin Beurdouche INRIA

1.5k views • 57 slides
Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Pascal LAFOURCADE

Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Pascal LAFOURCADE

Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Pascal LAFOURCADE , Vanessa Terrade & Sylvain Vigier Universit e Joseph

1.01k views • 49 slides
Randomness Properties of Cryptographic Hash Functions Micah A. Thornton Southern Methodist

Randomness Properties of Cryptographic Hash Functions Micah A. Thornton Southern Methodist

Introduction Methodology Results Conclusions Randomness Properties of Cryptographic Hash Functions Micah A. Thornton Southern Methodist University Bobby B. Lyle School of Engineering August 8, 2017 Micah A. Thornton Randomness Properties of

886 views • 40 slides
Cryptographic applications of codes in rank metric Pierre Loidreau CELAr and Universit e de

Cryptographic applications of codes in rank metric Pierre Loidreau CELAr and Universit e de

Cryptographic applications of codes in rank metric Cryptographic applications of codes in rank metric Pierre Loidreau CELAr and Universit e de Rennes Pierre.Loidreau@m4x.org June 16th, 2009 Cryptographic applications of codes in rank

498 views • 33 slides
Cryptographic Reductions: Classification and Applications to Ideal Models Paul Baecher

Cryptographic Reductions: Classification and Applications to Ideal Models Paul Baecher

Cryptographic Reductions: Classification and Applications to Ideal Models Paul Baecher Cryptographic Reductions: Classification and Applications to Ideal Models Paul Baecher Three Ways to Argue for Cryptographic Security Cryptanalysis

933 views • 75 slides
Arithmetic operators on GF ( 2 m ) for cryptographic applications: performance - power

Arithmetic operators on GF ( 2 m ) for cryptographic applications: performance - power

Introduction Arithmetic in GF ( 2 m ) Summary - results, comments, future prospects Arithmetic operators on GF ( 2 m ) for cryptographic applications: performance - power consumption - security tradeoffs Danuta Pamua 17th December 2012

695 views • 32 slides
Optimal Cryptographic Functions Lilya Budaghyan Selmer Center University of Bergen Norway

Optimal Cryptographic Functions Lilya Budaghyan Selmer Center University of Bergen Norway

Preliminaries Equivalence Relations of Functions APN Polynomial Constructions, Their Applications and Properties Optimal Cryptographic Functions Lilya Budaghyan Selmer Center University of Bergen Norway Finse Winter School 2019 May 10, 2019

1.41k views • 79 slides
Enumerating Orthogonal Latin Squares Generated by Bipermutive CA Luca Mariot 1 , 2 , Enrico

Enumerating Orthogonal Latin Squares Generated by Bipermutive CA Luca Mariot 1 , 2 , Enrico

Enumerating Orthogonal Latin Squares Generated by Bipermutive CA Luca Mariot 1 , 2 , Enrico Formenti 2 , Alberto Leporati 1 1 Dipartimento di Informatica, Sistemistica e Comunicazione (DISCo) Universit degli Studi Milano - Bicocca 2 Laboratoire

380 views • 21 slides
On the Periods of Spatially Periodic Preimages in Linear Bipermutive CA Automata 2015 - June 8-10

On the Periods of Spatially Periodic Preimages in Linear Bipermutive CA Automata 2015 - June 8-10

On the Periods of Spatially Periodic Preimages in Linear Bipermutive CA Automata 2015 - June 8-10 - Turku Luca Mariot, Alberto Leporati Dipartimento di Informatica, Sistemistica e Comunicazione Universit degli Studi Milano - Bicocca

372 views • 22 slides
Theoretical Background on Cryptographic Primitives Bogdan Groza This material intends to be a

Theoretical Background on Cryptographic Primitives Bogdan Groza This material intends to be a

Theoretical Background on Cryptographic Primitives Bogdan Groza This material intends to be a brief introduction to symmetric and asymmetric cryptographic primitives, pointing out some relevant design principles and security properties.

532 views • 26 slides
Sharing Secrets by Computing Preimages of Bipermutive CA ACRI 2014 - September 22-25 - Krakow

Sharing Secrets by Computing Preimages of Bipermutive CA ACRI 2014 - September 22-25 - Krakow

Sharing Secrets by Computing Preimages of Bipermutive CA ACRI 2014 - September 22-25 - Krakow Luca Mariot, Alberto Leporati Dipartimento di Informatica, Sistemistica e Comunicazione Universit degli Studi Milano - Bicocca

654 views • 38 slides
CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools Cryptographic Tools Cryptographic algorithms important element in security services Review various types of elements symmetric encryption secure

1.27k views • 23 slides
Cryptographic Tools for Privacy, Compliance & Efficiency in Blockchain Applications Fernando

Cryptographic Tools for Privacy, Compliance & Efficiency in Blockchain Applications Fernando

Cryptographic Tools for Privacy, Compliance & Efficiency in Blockchain Applications Fernando Krell, PhD Columbia U. Lead Cryptography Engineer, Findora Public-Ledgers/Blockchains R 1:... R 2:... R 3:... R 4:... ... Append only Database

359 views • 34 slides
Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim Kobeissi PROSECCO: Pro gramming Sec urely with C rypt o graphy. Team at INRIA Paris specializing in applied cryptography and formal verification.

357 views • 14 slides
Security Hands-on @ Pavilion Automate Security Operations with Phantom & Splunk Splunk |

Security Hands-on @ Pavilion Automate Security Operations with Phantom & Splunk Splunk |

Security Hands-on @ Pavilion Automate Security Operations with Phantom & Splunk Splunk | Security Markets September 26 | Washington, DC The Leader in Security Automation & Orchestration Phantom Community Growing Larger Each Day

450 views • 8 slides
Overview of the Development and Discussion on Evolving Safeguards Implementation Jill N. Cooley

Overview of the Development and Discussion on Evolving Safeguards Implementation Jill N. Cooley

Overview of the Development and Discussion on Evolving Safeguards Implementation Jill N. Cooley Department of Safeguards IAEA International Atomic Energy Agency Contents Key Developments in Safeguards Implementation for the State as a

663 views • 17 slides
A Canadian Perspective on the IAEAs State-level Concept Presented by Patrick Burton Senior

A Canadian Perspective on the IAEAs State-level Concept Presented by Patrick Burton Senior

IAEA Symposium on International Safeguards: Linking Strategy, Implementation and People Vienna, October 20-24, 2014 A Canadian Perspective on the IAEAs State-level Concept Presented by Patrick Burton Senior Safeguards Advisor Canadian

736 views • 24 slides
Even Faster: How Rugged DevOps & SW Supply Chains Attack Developer Waste Josh Corman

Even Faster: How Rugged DevOps & SW Supply Chains Attack Developer Waste Josh Corman

Even Faster: How Rugged DevOps & SW Supply Chains Attack Developer Waste Josh Corman @joshcorman @joshcorman Conclusions / Apply! Idea: A full embrace of Deming is a SW Supply Chain: Fewer/Better Suppliers Highest Quality Supply

832 views • 64 slides
Lecture 10: Req. Eng. Wrap-Up / . Requirements Engineering with scenarios . . Documents

Lecture 10: Req. Eng. Wrap-Up / . Requirements Engineering with scenarios . . Documents

Topic Area Requirements Engineering: Content Content VL 6 Introduction LSCs: Automaton Construction Requirements Specification Excursion: Symbolic Bchi Automata Softwaretechnik / Software-Engineering Desired Properties

322 views • 10 slides
GOLD/SILVER/PLATINUM BARS & COINS RSBL 0.5 Gram 999 Purity Platinum Bar/Coin More Details

GOLD/SILVER/PLATINUM BARS & COINS RSBL 0.5 Gram 999 Purity Platinum Bar/Coin More Details

GOLD/SILVER/PLATINUM BARS & COINS RSBL 0.5 Gram 999 Purity Platinum Bar/Coin More Details RSBL 0.5 Gram 999 Purity Platinum Bar/Coin More Details RSBL 0.5 Gram 999 Purity Platinum Bar/Coin More Details RSBL 1 Gram 999 Purity Platinum

618 views • 12 slides
CTDB database vacuuming for geniuses Amitay Isaacs amitay@samba.org Samba Team IBM (Australia

CTDB database vacuuming for geniuses Amitay Isaacs amitay@samba.org Samba Team IBM (Australia

CTDB database vacuuming for geniuses Amitay Isaacs amitay@samba.org Samba Team IBM (Australia Development Labs, Linux Technology Center) Amitay Isaacs CTDB database vacuuming for geniuses CTDB Project Motivation: Support for clustered Samba

1.59k views • 116 slides
Michael Goldberg University of Cincinnati AMS National Meeting, Baltimore, MD. January 18, 2014.

Michael Goldberg University of Cincinnati AMS National Meeting, Baltimore, MD. January 18, 2014.

Bochner-Riesz Estimates for Functions with Vanishing Fourier Transform Michael Goldberg University of Cincinnati AMS National Meeting, Baltimore, MD. January 18, 2014. Support provided by Simons Foundation grant #281057. Motivation: When does

680 views • 16 slides

More recommend