differential attacks on generalized feistel schemes
play

Differential Attacks on Generalized Feistel Schemes Val erie Nachef - PowerPoint PPT Presentation

May 05, 2023 •426 likes •893 views

Differential Attacks on Generalized Feistel Schemes Val erie Nachef - Emmanuel Volte - Jacques Patarin CANS 2013 20 November 2013 Outline Introduction 1 State of the Art Our Contribution Definition of the schemes Attacks on Type-1

  1. Differential Attacks on Generalized Feistel Schemes Val´ erie Nachef - Emmanuel Volte - Jacques Patarin CANS 2013 20 November 2013

  2. Outline Introduction 1 State of the Art Our Contribution Definition of the schemes Attacks on Type-1 Feistel Schemes 2 Notation The first rounds : Simple Attacks Use of the variance Simulation results and Complexities Examples and Complexities for Type-2, Type-3 and Alternating 3 Schemes Type-2 Feistel Schemes Type-3 Feistel Schemes Alternating Feistel Schemes Conclusion 4

  3. Introduction State of the Art Attacks on Type-1 Feistel Schemes Our Contribution Examples and Complexities for Type-2, Type-3 and Alternating Schemes Definition of the schemes Conclusion Outline 1 Introduction State of the Art Our Contribution Definition of the schemes 2 Attacks on Type-1 Feistel Schemes 3 Examples and Complexities for Type-2, Type-3 and Alternating Schemes 4 Conclusion Val´ erie Nachef - Emmanuel Volte - Jacques Patarin Differential Attacks on Generalized Feistel Schemes

  4. Classical Feistel Schemes Encryption Decryption f 1 f n f 2 f n − 1 f n f 1

  5. Introduction State of the Art Attacks on Type-1 Feistel Schemes Our Contribution Examples and Complexities for Type-2, Type-3 and Alternating Schemes Definition of the schemes Conclusion Generalization of Feistel Schemes Construction of permutations from { 0 , 1 } kn to { 0 , 1 } kn using different kinds of round functions: Contracting Feistel schemes, Expanding Feistel schemes. Type-1, Type-2, Type-3 Feistel schemes. Alternating Feistel schemes. Schemes used in: CAST 256, MARS, RC6, BEAR-LION.... Val´ erie Nachef - Emmanuel Volte - Jacques Patarin Differential Attacks on Generalized Feistel Schemes

  6. Previous Attacks on Generalized Feistel Schemes Different kinds of attacks: Differential Attacks (KPA, CPA-1) on contracting and expanding Feistel Schemes. (Jutla, Patarin, Nachef, Volte, Berbain) Impossible Differential Attacks on Type 1, Type 2, Type-3 Feistel schemes. (Bouillaguet, Dunkelman, Fouque, Leurent, Kim, Hong, Lee, Lim, Sung) Impossible Boomerang Attacks on Type 1, Type 2, Type-3 Feistel schemes. (Choy, Yap)

  7. Our aim Distinguish a random permutation from a permutation generated by the scheme. Determine the number of messages needed to distinguish according to the number of rounds in Known Plaintext Attacks (KPA) and Non Adaptive Chosen Plaintext Attacks (CPA-1). We need to impose conditions on the inputs and on the outputs. Provide the maximal number of rounds reached by the attacks.

  8. Introduction State of the Art Attacks on Type-1 Feistel Schemes Our Contribution Examples and Complexities for Type-2, Type-3 and Alternating Schemes Definition of the schemes Conclusion Differential Attacks versus Impossible Differential Attacks Structure KPA CPA-1 Impossible Differential bijective any k 2 + 2 k − 2 k 2 + k − 1 k 2 + k − 1 k 2 Type-1 Type-2 2 k + 2 2 k + 1 2 k + 1 N/A k + ⌊ k 2 ⌋ + 1 Type-3 k + 1 k + 2 N/A Alternating 3 k 3 k N/A N/A Val´ erie Nachef - Emmanuel Volte - Jacques Patarin Differential Attacks on Generalized Feistel Schemes

  9. Introduction State of the Art Attacks on Type-1 Feistel Schemes Our Contribution Examples and Complexities for Type-2, Type-3 and Alternating Schemes Definition of the schemes Conclusion Type-1 Feistel Schemes: First round n bits I 1 I 2 I 3 I k f 1 Val´ erie Nachef - Emmanuel Volte - Jacques Patarin Differential Attacks on Generalized Feistel Schemes

  10. Introduction State of the Art Attacks on Type-1 Feistel Schemes Our Contribution Examples and Complexities for Type-2, Type-3 and Alternating Schemes Definition of the schemes Conclusion Type-2 Feistel Schemes: First round n bits I k I 1 I 2 I 3 I 4 f 1 f 1 f 1 k / 2 1 2 Val´ erie Nachef - Emmanuel Volte - Jacques Patarin Differential Attacks on Generalized Feistel Schemes

  11. Introduction State of the Art Attacks on Type-1 Feistel Schemes Our Contribution Examples and Complexities for Type-2, Type-3 and Alternating Schemes Definition of the schemes Conclusion Type-3 Feistel Schemes: First round n bits I 1 I 2 I 3 I k f 1 f 1 f 1 f 1 k − 1 1 2 3 Val´ erie Nachef - Emmanuel Volte - Jacques Patarin Differential Attacks on Generalized Feistel Schemes

  12. Introduction State of the Art Attacks on Type-1 Feistel Schemes Our Contribution Examples and Complexities for Type-2, Type-3 and Alternating Schemes Definition of the schemes Conclusion Alternating Feistel Schemes: First two rounds kn bits n ( k − 1) n Val´ erie Nachef - Emmanuel Volte - Jacques Patarin Differential Attacks on Generalized Feistel Schemes

  13. Introduction Notation Attacks on Type-1 Feistel Schemes The first rounds : Simple Attacks Examples and Complexities for Type-2, Type-3 and Alternating Schemes Use of the variance Conclusion Simulation results and Complexities Outline Introduction 1 Attacks on Type-1 Feistel Schemes 2 Notation The first rounds : Simple Attacks Use of the variance Simulation results and Complexities Examples and Complexities for Type-2, Type-3 and Alternating 3 Schemes Conclusion 4 Val´ erie Nachef - Emmanuel Volte - Jacques Patarin Differential Attacks on Generalized Feistel Schemes

  14. Introduction Notation Attacks on Type-1 Feistel Schemes The first rounds : Simple Attacks Examples and Complexities for Type-2, Type-3 and Alternating Schemes Use of the variance Conclusion Simulation results and Complexities Notation Input I = [ I 1 , I 2 , . . . , I k ]. → Output S = [ S 1 , S 2 , . . . , S k ] f 1 = first round function { 0 , 1 } n → { 0 , 1 } n Output= [ I 2 ⊕ f (1) ( I 1 ) , I 3 , I 4 , . . . , I k , I 1 ] Let X 1 = I 2 ⊕ f (1) ( I 1 ). X 1 is called an internal variable . Val´ erie Nachef - Emmanuel Volte - Jacques Patarin Differential Attacks on Generalized Feistel Schemes

  15. Introduction Notation Attacks on Type-1 Feistel Schemes The first rounds : Simple Attacks Examples and Complexities for Type-2, Type-3 and Alternating Schemes Use of the variance Conclusion Simulation results and Complexities Internal Variables New Internal Variables X j at round j , where S 1 = X j 1 ≤ r ≤ k − 1 , X r = I r +1 ⊕ f r ( X r − 1 ) X k = I 1 ⊕ f k ( X k − 1 ) ∀ r , r ≥ 1 , ∀ j , 1 ≤ j ≤ k , X rk + j = X ( r − 1) k + j ⊕ f rk + j ( X rk + j − 1 ) Val´ erie Nachef - Emmanuel Volte - Jacques Patarin Differential Attacks on Generalized Feistel Schemes

  16. Introduction Notation Attacks on Type-1 Feistel Schemes The first rounds : Simple Attacks Examples and Complexities for Type-2, Type-3 and Alternating Schemes Use of the variance Conclusion Simulation results and Complexities Differential Notation Plaintext/ciphertext pairs Input variables: [0 , 0 , 0 , ∆ 0 4 , . . . , ∆ 0 k ] KPA: For ( i , j ) , I 1 ( i ) = I 1 ( j ) , I 2 ( i ) = I 2 ( j ) and I 3 ( i ) = I 3 ( j ) CPA-1: I 1 , I 2 , I 3 are given constant values After r rounds Output Variables: [0 , ∆ 0 ℓ , ∆ r 3 , . . . , ∆ r k ] For ( i , j ) , S 1 ( i ) = S 1 ( j ) and S 2 ( i ) ⊕ S 2 ( j ) = I ℓ ( i ) ⊕ I ℓ ( j ) Val´ erie Nachef - Emmanuel Volte - Jacques Patarin Differential Attacks on Generalized Feistel Schemes

  17. Introduction Notation Attacks on Type-1 Feistel Schemes The first rounds : Simple Attacks Examples and Complexities for Type-2, Type-3 and Alternating Schemes Use of the variance Conclusion Simulation results and Complexities Internal Variables and Differential Characteristics Intermediate round r , r ≥ k Output: [ X r , X r − k +1 , X r − k +2 , . . . , X r − 1 ] Condition imposed on this output: [0 , ∆ r 2 , ∆ r 3 , . . . , ∆ r k ] ⇒ for ( i , j ) , X r ( i ) = X r ( j ) Propagation of the differential characteristics: after round r + 1, [∆ r 2 , ∆ r 3 , . . . , ∆ r k , 0] Val´ erie Nachef - Emmanuel Volte - Jacques Patarin Differential Attacks on Generalized Feistel Schemes

  18. Introduction Notation Attacks on Type-1 Feistel Schemes The first rounds : Simple Attacks Examples and Complexities for Type-2, Type-3 and Alternating Schemes Use of the variance Conclusion Simulation results and Complexities Overview of the Attacks Conditions on the inputs and the outputs Conditions on the internal variables ⇒ Propagation of the characteristics Count the number of plaintext/ciphertext pairs satisfying the input and output conditions N perm for a permutation and N scheme for a scheme Compute and compare the expectancies E ( N perm ) and E ( N scheme ) Val´ erie Nachef - Emmanuel Volte - Jacques Patarin Differential Attacks on Generalized Feistel Schemes

  19. CPA-1 on 2 k − 2 rounds with 2 messages ∆ 0 round 0 0 0 ... 0 k ∆ 0 1 0 0 0 ... 0 k . . . ∆ 0 k − 2 0 0 . . . 0 0 k ∆ 0 k − 1 0 0 ... 0 0 k ∆ k ∆ 0 0 0 ... 0 k 1 k ∆ k +1 ∆ 0 ∆ k k + 1 0 0 ... 1 k 1 . . . ∆ 2 k − 2 ∆ 2 k − 4 ∆ 2 k − 3 ∆ 0 ∆ k 2 k − 2 ... 1 1 1 1 k

  20. Introduction Notation Attacks on Type-1 Feistel Schemes The first rounds : Simple Attacks Examples and Complexities for Type-2, Type-3 and Alternating Schemes Use of the variance Conclusion Simulation results and Complexities Details of the Attack Choose 2 distinct messages I (1) and I (2) such that I 1 (1) = I 1 (2) , . . . I k − 1 (1) = I k − 1 (2) With a scheme : Pr [ S 2 (1) ⊕ S 2 (2) = I k (1) ⊕ I k (2)] = 1 With a random permutation: Pr [ S 2 (1) ⊕ S 2 (2) = I k (1) ⊕ I k (2)] = 1 2 n Val´ erie Nachef - Emmanuel Volte - Jacques Patarin Differential Attacks on Generalized Feistel Schemes

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

General Diffusion Analysis: How to Find Optimal Permutations for Generalized Type-II Feistel

General Diffusion Analysis: How to Find Optimal Permutations for Generalized Type-II Feistel

General Diffusion Analysis: How to Find Optimal Permutations for Generalized Type-II Feistel Schemes Victor Cauchois 1 , 2 , Clment Gomez 1 , Gal Thomas 1 1 DGA Maitrise de lInformation, Bruz, France 2 IRMAR, Universit de Rennes 1,

810 views • 68 slides
Extended Generalized Feistel Networks using Matrix Representation Thierry P. Berger 1 , Marine

Extended Generalized Feistel Networks using Matrix Representation Thierry P. Berger 1 , Marine

Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example Extended Generalized Feistel Networks using Matrix Representation Thierry P. Berger 1 , Marine Minier 2 , Gal Thomas 1 1 XLIM

448 views • 31 slides
Generalized Feistel Networks with Optimal Diffusion Lo Perrin DTU, Lyngby Inria, Paris

Generalized Feistel Networks with Optimal Diffusion Lo Perrin DTU, Lyngby Inria, Paris

Generalized Feistel Networks with Optimal Diffusion Lo Perrin DTU, Lyngby Inria, Paris Dagstuhl 2018 (seminar-18021) Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion In this talk

1.31k views • 52 slides
Improved Security Bounds for Generalized Feistel Networks Yaobin Shen 1 Chun Guo 2 Lei Wang 1 1

Improved Security Bounds for Generalized Feistel Networks Yaobin Shen 1 Chun Guo 2 Lei Wang 1 1

Feistel Networks Our Contributions Security Proofs Conclusion Improved Security Bounds for Generalized Feistel Networks Yaobin Shen 1 Chun Guo 2 Lei Wang 1 1 Shanghai Jiao Tong University 2 Shandong University November 13, FSE 2020 Yaobin

407 views • 22 slides
Chosen-Key Distinguishers on 12-Round Feistel-SP and 11-Round Collision Attacks on Its Hashing

Chosen-Key Distinguishers on 12-Round Feistel-SP and 11-Round Collision Attacks on Its Hashing

Chosen-Key Distinguishers on 12-Round Feistel-SP and 11-Round Collision Attacks on Its Hashing Modes Xiaoyang Dong and Xiaoyun Wang Shandong University, Tsinghua University FSE 2017 Tokyo, Japan Outline 2 Secret-key and Open-key Models u

526 views • 24 slides
differential schemes and differential algebraic varieties Dmitry Trushin Department of

differential schemes and differential algebraic varieties Dmitry Trushin Department of

differential schemes and differential algebraic varieties Dmitry Trushin Department of Mechanics and Mathematics Moscow State University October 2010 Dmitry Trushin () Differential schemes October, 2010 1 / 21 Contents The differential

894 views • 63 slides
Generic Attacks on Feistel Ciphers With Internal Permutations Joana Treger, Jacques Patarin

Generic Attacks on Feistel Ciphers With Internal Permutations Joana Treger, Jacques Patarin

Generic Attacks on Feistel Ciphers With Internal Permutations Joana Treger, Jacques Patarin PRiSM, Universit e de Versailles 2008-11-27 Joana Treger, Jacques Patarin (PRiSM, Universit Generic Attacks on Feistel Ciphers With Internal

1.04k views • 52 slides
An extension of the MoreauJean scheme based on the generalized schemes for the numerical

An extension of the MoreauJean scheme based on the generalized schemes for the numerical

An extension of the MoreauJean scheme based on the generalized schemes for the numerical time integration of flexible dynamical systems with contact and An extension of the MoreauJean scheme based on the generalized schemes for

1.16k views • 87 slides
HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume

HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume

HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately,

363 views • 12 slides
Differential Privacy (Part III) Approximate (or ( , ))-differential privacy

Differential Privacy (Part III) Approximate (or ( , ))-differential privacy

Differential Privacy (Part III) Approximate (or ( , ))-differential privacy Generalized definition of differential privacy allowing for a (supposedly small) additive factor Used in a variety of applications A query mechanism M is (

1.27k views • 43 slides
Error Inhibiting Schemes for Differential Equations Adi Ditkowski Department of Applied

Error Inhibiting Schemes for Differential Equations Adi Ditkowski Department of Applied

Outline Introduction Preliminary example Ordinary Differential Equations. Examples The Heat Equations Postprocessing Error Inhibiting Schemes for Differential Equations Adi Ditkowski Department of Applied Mathematics Tel Aviv

969 views • 61 slides
High Order Error Inhibiting Schemes for Differential Equations Adi Ditkowski Department of

High Order Error Inhibiting Schemes for Differential Equations Adi Ditkowski Department of

Outline Introduction Ordinary Differential Equations. Examples The Heat Equations Postprocessing Summary High Order Error Inhibiting Schemes for Differential Equations Adi Ditkowski Department of Applied Mathematics Tel Aviv University

911 views • 54 slides
Combined Attacks from Boomerangs to Sandwiches and Differential-Linear Orr Dunkelman

Combined Attacks from Boomerangs to Sandwiches and Differential-Linear Orr Dunkelman

Introduction Boomerang Diff-Lin Summary Combined Attacks from Boomerangs to Sandwiches and Differential-Linear Orr Dunkelman Department of Computer Science, University of Haifa June 5th, 2014 Orr Dunkelman Combined Attacks 1/ 36

656 views • 36 slides
Differential Detection Schemes for M -ary DPSK Elham Torabi Wireless Communications Course

Differential Detection Schemes for M -ary DPSK Elham Torabi Wireless Communications Course

Differential Detection Schemes for M -ary DPSK Elham Torabi Wireless Communications Course Project April 2006 Department of Electrical & Computer Engineering The University of British Columbia elhamt@ece.ubc.ca Outline 2 1. Overview 2.

368 views • 22 slides
On the generalized Emden-Fowler differential equations Zuzana Do sl a Joint research with

On the generalized Emden-Fowler differential equations Zuzana Do sl a Joint research with

Historical survey Coexistence problem Existence of intermediate solutions On the generalized Emden-Fowler differential equations Zuzana Do sl a Joint research with Mauro Marini Topological and Variational Methods for ODEs Dedicated to

1.49k views • 28 slides
Differential-Linear Attacks against the Stream Cipher Phelix Hongjun Wu and Bart Preneel

Differential-Linear Attacks against the Stream Cipher Phelix Hongjun Wu and Bart Preneel

Differential-Linear Attacks against the Stream Cipher Phelix Hongjun Wu and Bart Preneel Katholieke Universiteit Leuven ESAT/COSIC Overview 1. Introduction to Helix and Phelix 2. Description of Phelix 3. Differential propagation of

790 views • 28 slides
PIP- II Cryogenics Arkadiy Klebaner, Anindya Chakravarty, and Tejas Rane PIP-II Machine Advisory

PIP- II Cryogenics Arkadiy Klebaner, Anindya Chakravarty, and Tejas Rane PIP-II Machine Advisory

PIP- II Cryogenics Arkadiy Klebaner, Anindya Chakravarty, and Tejas Rane PIP-II Machine Advisory Committee Meeting 10-12 April 2017 Outline System overview Scope of work Requirements Technical choices Summary 2 A. Klebaner

771 views • 26 slides
Functionalization of PU foams Functionalization of PU foams via inor via inorganic and or ganic

Functionalization of PU foams Functionalization of PU foams via inor via inorganic and or ganic

Functionalization of PU foams Functionalization of PU foams via inor via inorganic and or ganic and organic coatings ganic coatings to improve cell and tissue interactions to impr ove cell and tissue interactions Titolo presentazione

673 views • 21 slides
Control Frequency Adaptation via Action Persistence in Batch Reinforcement Learning Alberto Maria

Control Frequency Adaptation via Action Persistence in Batch Reinforcement Learning Alberto Maria

Control Frequency Adaptation via Action Persistence in Batch Reinforcement Learning Alberto Maria Metelli Flavio Mazzolini Lorenzo Bisi Luca Sabbioni Marcello Restelli July 2020 Thirty-seventh International Conference on Machine Learning 1

936 views • 57 slides
Sliding-Block Back Analysis of Earthquake-Induced Slides Article December 2000 DOI:

Sliding-Block Back Analysis of Earthquake-Induced Slides Article December 2000 DOI:

See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/274764204 Sliding-Block Back Analysis of Earthquake-Induced Slides Article December 2000 DOI: 10.3208/sandf.40.6_61 CITATIONS READS

198 views • 16 slides
Alexandru Suciu Northeastern University Session on the Geometry and Topology of Differentiable

Alexandru Suciu Northeastern University Session on the Geometry and Topology of Differentiable

T OPOLOGY OF COMPLEX ARRANGEMENTS Alexandru Suciu Northeastern University Session on the Geometry and Topology of Differentiable Manifolds and Algebraic Varieties The Eighth Congress of Romanian Mathematicians Ia si, Romania, June 30, 2015

510 views • 23 slides
Gas Electron Multiplier (GEM) Status of the GEM/DHCAL project Seongtae Park University of Texas

Gas Electron Multiplier (GEM) Status of the GEM/DHCAL project Seongtae Park University of Texas

1 Gas Electron Multiplier (GEM) Status of the GEM/DHCAL project Seongtae Park University of Texas at Arlington, USA LCWS12 University of Texas at Arlington, USA 22~26 October 2012 HEP/UTA LCWS12 2 Outline 1. Introduction to GEM based

884 views • 20 slides
SIMULATOR International Centre for Theoretical Physics Trieste 6 th 10 th November 2017

SIMULATOR International Centre for Theoretical Physics Trieste 6 th 10 th November 2017

P hysics and Technology of Water-Cooled Reactors through the use of PC-based Simulators INTRODUCTION TO ADVANCED PASSIVE PWR SIMULATOR International Centre for Theoretical Physics Trieste 6 th 10 th November 2017 FUNDAMENTALS TO

1.5k views • 114 slides
WELCOME @Paul_BarnesACCA @WeAreMAP_ WeAreMAP.co.uk 3 BUILD A DATA-DRIVEN HYBRID AGENCY

WELCOME @Paul_BarnesACCA @WeAreMAP_ WeAreMAP.co.uk 3 BUILD A DATA-DRIVEN HYBRID AGENCY

WELCOME @Paul_BarnesACCA @WeAreMAP_ WeAreMAP.co.uk 3 BUILD A DATA-DRIVEN HYBRID AGENCY MINIMAL Presentation WeAreMAP.co.uk 4 ITS ABOUT GETTING IT WORKING. NOT THE TECHNOLOGY. WeAreMAP.co.uk 5 GET THE DATA RIGHT FIRST. THEN,

422 views • 28 slides

More recommend