exponential s boxes a link between the s boxes of belt
play

Exponential S-Boxes: a Link Between the S-Boxes of BelT and - PowerPoint PPT Presentation

Jan 31, 2023 •553 likes •1.14k views

Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog Lo Perrin 1 , Aleksei Udovenko 1 1 SnT, University of Luxembourg https://www.cryptolux.org March 6, 2017 Fast Sofware Encryption 2017 Introduction S-Box Design

  1. Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog Léo Perrin 1 , Aleksei Udovenko 1 1 SnT, University of Luxembourg https://www.cryptolux.org March 6, 2017 Fast Sofware Encryption 2017

  2. Introduction S-Box Design Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 1 / 22

  3. Introduction S-Box Design Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 1 / 22

  4. Introduction S-Box Design AES → ← Whirlpool ← Scream Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 1 / 22

  5. Introduction S-Box Reverse-Engineering ? Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 2 / 22

  6. Introduction Results on Kuznyechik/Streebog π Feistel-like Exponential-like Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 3 / 22

  7. Introduction Results on Kuznyechik/Streebog π Feistel-like Exponential-like Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 3 / 22

  8. Talk Outline Outline 1 Introduction 2 Reminder About π A Detour Through Belarus 3 New Decompositions of π 4 Conclusion 5 Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 4 / 22

  9. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion Plan Introduction 1 Reminder About π 2 Previous Decomposition of π How Was It Found? A Detour Through Belarus 3 4 New Decompositions of π 5 Conclusion Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 4 / 22

  10. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion A First Decomposition of π α From Eurocrypt’16 ⊙ I α , ω : linear 8-bit permutations ν 0 ν 1 ν 0 , ν 1 , σ : 4-bit permutations ϕ : 4-bit function ( ϕ ( x ) � 0) ⊙ ϕ I multiplicative inverse in F 16 σ ⊙ multiplication in F 16 ω Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 5 / 22

  11. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion How was it found? Decomposition Procedure Overview 1 Identify paterns in LAT; Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 6 / 22

  12. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion How was it found? Decomposition Procedure Overview µ 1 Identify paterns in LAT; 2 Deduce linear layers µ , η such that T π is decomposed as in right picture; U η Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 6 / 22

  13. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion How was it found? Decomposition Procedure Overview µ 1 Identify paterns in LAT; 2 Deduce linear layers µ , η such that T π is decomposed as in right picture; U 3 Decompose U , T ; η Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 6 / 22

  14. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion How was it found? Decomposition Procedure Overview µ 1 Identify paterns in LAT; 2 Deduce linear layers µ , η such that T π is decomposed as in right picture; U 3 Decompose U , T ; 4 Put it all together. η Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 6 / 22

  15. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion Pollock to the Rescue Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 7 / 22

  16. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion Pollock to the Rescue Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 7 / 22

  17. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion What the Lines Mean ✸✵ ✷✺ ❱❛r✐❛♥❝❡ ✷✵ ✶✺ ✶✵ ✺ ✵ ✺✵ ✶✵✵ ✶✺✵ ✷✵✵ ✷✺✵ ❈♦❧✉♠♥ ✐♥❞❡① Variance of the absolute value of the coefficients in each column of the LAT of π . Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 8 / 22

  18. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion Plan Introduction 1 Reminder About π 2 A Detour Through Belarus 3 Qick Overview of BelT Paterns in the LAT of H The Actual Structure of H New Decompositions of π 4 Conclusion 5 Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 8 / 22

  19. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion Round Function of BelT a c b d K 7 i − 6 K 7 i − 5 G 5 G 21 ⊕ ⊕ ⊞ ⊞ K 7 i − 4 G 13 H K 7 i − 3 ⊟ ⊞ ⊞ G 21 H ≪ r ⊕ K 7 i − 2 ⊞ ⊟ G 13 ⊞ ⊞ H i K 7 i − 1 K 7 i G 21 ⊕ ⊕ G 5 ⊞ ⊞ H The 32-bit function G r . The round function of BelT. Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 9 / 22

  20. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion Properties of H DDT LAT max(DDT) = 8 Algebraic degree 7 (all max(LAT) = 26 coordinates) P [ random ] ≤ 2 − 122 Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 10 / 22

  21. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion Structure of H (1/3) Is H structured? Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 11 / 22

  22. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion Structure of H (1/3) Is H structured? Yes! Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 11 / 22

  23. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion LAT Row Variance ✸✵ ✷✺ ❱❛r✐❛♥❝❡ ✷✵ ✶✺ ✶✵ ✺ ✵ ✺✵ ✶✵✵ ✶✺✵ ✷✵✵ ✷✺✵ ▲✐♥❡ ✐♥❞❡① Variance of the absolute value of the coefficients in each row of the LAT of H . Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 12 / 22

  24. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion The Actual Structure The BelT S-Box Construction (translated) The look-up tables of the S-Box coordinate functions were chosen as different segments of length 255 of different linear recurrences defined by the irreducible polynomial p ( λ ) : p ( λ ) = λ 8 + λ 6 + λ 5 + λ 2 + 1 . Additionally, a zero element was inserted in a fixed position of each segment. 1 http://eprint.iacr.org/2004/024 Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 13 / 22

  25. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion The Actual Structure The BelT S-Box Construction (translated) The look-up tables of the S-Box coordinate functions were chosen as different segments of length 255 of different linear recurrences defined by the irreducible polynomial p ( λ ) : p ( λ ) = λ 8 + λ 6 + λ 5 + λ 2 + 1 . Additionally, a zero element was inserted in a fixed position of each segment. Equivalent Pseudo-Exponential Representation S : = [ w i , i < z ] + [ 0 ] + [ w i , z ≤ i ] Exponential (case z = 0) studied in [AA04] 1 1 http://eprint.iacr.org/2004/024 Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 13 / 22

  26. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion Properties of (Pseudo-)Exponentials Exponential ( z = 0) Pseudo-Exponential ( z � 0) � Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 14 / 22

  27. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion Properties of (Pseudo-)Exponentials Exponential ( z = 0) Pseudo-Exponential ( z � 0) � “Exponential” definition inconsistent in literature... z = 0? z = 255? Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 14 / 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

BOXES BOXES PRESENTATION POP-UP GIFT CARD BOXES Boxes are made from recycled board. IMPRINT ME!

BOXES BOXES PRESENTATION POP-UP GIFT CARD BOXES Boxes are made from recycled board. IMPRINT ME!

BOXES BOXES PRESENTATION POP-UP GIFT CARD BOXES Boxes are made from recycled board. IMPRINT ME! Custom minimum 500. U.S. Patent #8.47 Standard hot stamping costs do not apply. Call for quote. *Lime Ice and Pearl Pillows cannot be hot

440 views • 4 slides
Interaction guidelines Dr. Karim Bouzoubaa Outline Control devices buttons, check boxes,

Interaction guidelines Dr. Karim Bouzoubaa Outline Control devices buttons, check boxes,

Interaction guidelines Dr. Karim Bouzoubaa Outline Control devices buttons, check boxes, list boxes, sliders, Forms Dialog boxes Menus Messages Color Icons and tool bars Metaphors On-line help Browsing

402 views • 26 slides
Long-term population monitoring of American Kestrels in Saskatchewan, using nest boxes. Jared

Long-term population monitoring of American Kestrels in Saskatchewan, using nest boxes. Jared

Long-term population monitoring of American Kestrels in Saskatchewan, using nest boxes. Jared Clarke @jaredclarke5 Getting started 2007 put up 2 boxes around Regina both were occupied! 2008 put up 14 boxes 8 were

734 views • 17 slides
Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about

Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about

Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about digital signatures... A Tale of Two Boxes A Tale of Two Boxes Much of today s applied cryptography works with two magic boxes A Tale of Two Boxes

1.37k views • 120 slides
Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about

Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about

Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about digital signatures... A Tale of Two Boxes A Tale of Two Boxes Much of today s applied cryptography works with two magic boxes A Tale of Two Boxes

1.68k views • 129 slides
Can you put the balls in boxes so that no box has more than one ball? Where do these go? No. You

Can you put the balls in boxes so that no box has more than one ball? Where do these go? No. You

Warmup Annoucements: PA2 due tonight Can you put the balls in boxes so that no box has more than one ball? Where do these go? No. You cannot put more things in than there are positions. Mathematicians call this the &quot;pigeonhole

376 views • 12 slides
Noodles/Mash in boxes 110g BIG LUNCH Noodles with chicken: Boxes per carton: Mashed potatoes with

Noodles/Mash in boxes 110g BIG LUNCH Noodles with chicken: Boxes per carton: Mashed potatoes with

Instant food products of Russian manufacturer Noodles/Mash in boxes 110g BIG LUNCH Noodles with chicken: Boxes per carton: Mashed potatoes with chicken 24 Inside the box: Inside the box: a sachet with meat preserves a meat preserves

511 views • 20 slides
Typically represent objects by bounding boxes. People have tried Goal rotated bounding boxes

Typically represent objects by bounding boxes. People have tried Goal rotated bounding boxes

Lecture 6: Introduction to Detection Jonathan Krause Fei-Fei Li, Jonathan Krause Lecture 6 - 1 Typically represent objects by bounding boxes. People have tried Goal rotated bounding boxes before. Locate objects in images Fei-Fei Li,

515 views • 24 slides
EMC KIT BOXES COVERS 4 EMC KIT BOXES Frequency Range 5 FOCUS ON HCC Kit Box 6

EMC KIT BOXES COVERS 4 EMC KIT BOXES Frequency Range 5 FOCUS ON HCC Kit Box 6

EMC KIT BOXES COVERS 4 EMC KIT BOXES Frequency Range 5 FOCUS ON HCC Kit Box 6 FOCUS ON NCC Kit Box 7 NCC STANDARD FERRITE CHOKES NCC Vs Ferrite CMC 8 STANDARD FERRITE CHOKES NCC NCC Vs Ferrite CMC 9 EMI KIT BOXES

400 views • 11 slides
C O M P A N Y P R O F I L E The main product ...are switchboard boxes for : 1) railway vehicles

C O M P A N Y P R O F I L E The main product ...are switchboard boxes for : 1) railway vehicles

The Koramex deals with welding construction and production of switchboard boxes. Koramex a.s. is supplier of machine parts and units for important companies in the Czech republic and abroad. Our company aims to realize orders in high quality,

216 views • 8 slides
Black Boxes Boxes: : Making Making Ends Ends Meet Meet Black in Data Driven Driven

Black Boxes Boxes: : Making Making Ends Ends Meet Meet Black in Data Driven Driven

Black Boxes Boxes: : Making Making Ends Ends Meet Meet Black in Data Driven Driven Networking Networking in Data Sasu Tarkoma Helsinki University of Technology and Helsinki Institute for Information Technology Dirk Trossen BT Research

296 views • 8 slides
Faster Ray y Tracing Using Adaptive Grids Krzysztof S. Klimaszewski Thomas W. Sederberg

Faster Ray y Tracing Using Adaptive Grids Krzysztof S. Klimaszewski Thomas W. Sederberg

Faster Ray y Tracing Using Adaptive Grids Krzysztof S. Klimaszewski Thomas W. Sederberg Preprocess ssing Steps FOR all object surround object with bounding box FOR all bounding boxes merge boxes FOR all remaining bounding boxes apply

250 views • 8 slides
Mazda Systems Presentation Mazda Quote Fill in information from the drop down boxes. When

Mazda Systems Presentation Mazda Quote Fill in information from the drop down boxes. When

Mazda Systems Presentation Mazda Quote Fill in information from the drop down boxes. When field is in light yellow its optional. Fill in information from client and use drop down boxes to select correct information where necessary.

292 views • 25 slides
International Containerboard Conference Whats going to happen to all of those boxes?

International Containerboard Conference Whats going to happen to all of those boxes?

International Containerboard Conference Whats going to happen to all of those boxes? Rachel Kenyon Fibre Box Association (FBA) 1 E ver y c ouple of weeks Can you give me the data that shows the spike in box shipments due to e

478 views • 19 slides
Dynamic Collision Detection using Oriented Bounding Boxes David Eberly Magic Software 6006

Dynamic Collision Detection using Oriented Bounding Boxes David Eberly Magic Software 6006

Dynamic Collision Detection using Oriented Bounding Boxes David Eberly Magic Software 6006 Meadow Run Court Chapel Hill, NC 27516 eberly@magic-software.com 1 Contents 1 Introduction 4 2 Oriented Bounding Boxes 6 2.1 Separation of OBBs

838 views • 48 slides
PROPOSAL FOR NEW EXTERIOR WINDOW DETAILS, AWNINGS &amp; WINDOW BOXES 137 WEST 11TH STREET

PROPOSAL FOR NEW EXTERIOR WINDOW DETAILS, AWNINGS &amp; WINDOW BOXES 137 WEST 11TH STREET

PROPOSAL FOR NEW EXTERIOR WINDOW DETAILS, AWNINGS &amp; WINDOW BOXES 137 WEST 11TH STREET PRESENTATION TO: LANDMARKS PRESERVATION COMMISSION 29 OCTOBER, 2019 AWNINGS &amp; WINDOW BOXES 137 W. 11TH STREET NEW YORK, NY LPC BOARD PRESENTATION

404 views • 5 slides
Visual elements and graphics Horizontal rules in HTML Borders and padding in CSS

Visual elements and graphics Horizontal rules in HTML Borders and padding in CSS

CS125 Spring 2014 Interim Visual elements and graphics Horizontal rules in HTML Borders and padding in CSS Graphics Picture formats The HTML img tag Image links Background images Image maps Accessibility and

507 views • 17 slides
Link Ranking group Archives Unleashed 4.0 Gregory Wiedeman (University at Albany, SUNY)

Link Ranking group Archives Unleashed 4.0 Gregory Wiedeman (University at Albany, SUNY)

Link Ranking group Archives Unleashed 4.0 Gregory Wiedeman (University at Albany, SUNY) Mindaugas Vidmantas (The British Library) Peter Webster (Independent Scholar &amp; Consultant) Kees Teszelszky (National Library of the Netherlands)

399 views • 9 slides
CS429: Computer Organization and Architecture Linking I &amp; II Dr. Bill Young Department of

CS429: Computer Organization and Architecture Linking I &amp; II Dr. Bill Young Department of

CS429: Computer Organization and Architecture Linking I &amp; II Dr. Bill Young Department of Computer Sciences University of Texas at Austin Last updated: April 5, 2018 at 09:23 CS429 Slideset 23: 1 Linking I A Simplistic Translation Scheme

935 views • 20 slides
Advanced GATE Embedded Track II, Module 8 Second GATE Training Course May 2010 Advanced GATE

Advanced GATE Embedded Track II, Module 8 Second GATE Training Course May 2010 Advanced GATE

GATE and UIMA GATE in Web Applications GATE and Groovy Advanced GATE Embedded Track II, Module 8 Second GATE Training Course May 2010 Advanced GATE Embedded 1 / 81 GATE and UIMA GATE in Web Applications GATE and Groovy Outline GATE and

1.42k views • 111 slides
Branch Out of Your Comfort Zone with Twig Templates Larry Walangitan @larrywalangitan

Branch Out of Your Comfort Zone with Twig Templates Larry Walangitan @larrywalangitan

Branch Out of Your Comfort Zone with Twig Templates Larry Walangitan @larrywalangitan http://chromatichq.com @ChromaticHQ PHPTemplate Twig PHPTemplate vs Twig PHPTemplate vs Twig // node.tpl.php &lt;?php if (!$page): ?&gt; &lt;h2&lt;?php

975 views • 61 slides
CSE443 Compilers Dr. Carl Alphonce alphonce@buffalo.edu 343 Davis Hall Phases of a compiler

CSE443 Compilers Dr. Carl Alphonce alphonce@buffalo.edu 343 Davis Hall Phases of a compiler

CSE443 Compilers Dr. Carl Alphonce alphonce@buffalo.edu 343 Davis Hall Phases of a compiler Target machine code generation Figure 1.6, page 5 of text 7.2.3 Calling Sequence What happens during a function call? actual parameters

805 views • 35 slides
CCR Photos placed in horizontal position with even amount of white space between photos and

CCR Photos placed in horizontal position with even amount of white space between photos and

CCR Photos placed in horizontal position with even amount of white space between photos and header Center for Computing Research Comparing global link arrangements for Dragonfly networks Has7ngs,

867 views • 50 slides
Cross-Site Scripting (XSS) Professor Larry Heimann Web Application Security Information Systems

Cross-Site Scripting (XSS) Professor Larry Heimann Web Application Security Information Systems

Cross-Site Scripting (XSS) Professor Larry Heimann Web Application Security Information Systems Browser same origin policy Key security principle: a web browser permits scripts contained in a first web page to access data in a second web page,

1.12k views • 25 slides

More recommend