extended generalized feistel networks using matrix
play

Extended Generalized Feistel Networks using Matrix Representation - PowerPoint PPT Presentation

Aug 28, 2022 •133 likes •448 views

Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example Extended Generalized Feistel Networks using Matrix Representation Thierry P. Berger 1 , Marine Minier 2 , Gal Thomas 1 1 XLIM

  1. Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example Extended Generalized Feistel Networks using Matrix Representation Thierry P. Berger 1 , Marine Minier 2 , Gaël Thomas 1 1 XLIM (UMR CNRS 7252), Université de Limoges 123 avenue Albert Thomas, 87060 Limoges Cedex thierry.berger@unilim.fr gael.thomas@unilim.fr 2 Université de Lyon, INRIA INSA-Lyon, CITI, F-69621, Villeurbanne marine.minier@insa-lyon.fr SAC 2013, August 15, 2013 This work was partially supported by the French National Agency of Research: ANR-11-INS-011. Thierry P. Berger, Marine Minier, Gaël Thomas Extended Generalized Feistel Networks using Matrix Rep. 1/24

  2. Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example Generalized Feistel Networks Introduced by Zheng, Matsumoto, and Imai at CRYPTO‘89 Splits the message into k ≥ 2 n -bit-long blocks Made of two consecutive layers: round-function layer and block-permutation layer Different flavors of GFNs, according to the round-function layer x 0 x 1 x 2 x 3 x 4 x 5 x 6 x 7 round-function layer F F F F permutation layer y 0 y 1 y 2 y 3 y 4 y 5 y 6 y 7 Pro: fitted for small scale implementation (Block size = Sbox size) Con: "diffusion" between blocks gets poorer as k grows Thierry P. Berger, Marine Minier, Gaël Thomas Extended Generalized Feistel Networks using Matrix Rep. 2/24

  3. Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example The Generalized Feistel Flavors x 0 x 1 x 2 x 3 x 0 x 1 x 2 x 3 x 0 x 1 x 2 x 3 F F F F F F y 0 y 1 y 2 y 3 y 0 y 1 y 2 y 3 y 0 y 1 y 2 y 3 Type-1 (CAST-256, Lesamnta) Type-2 (HIGHT, CLEFIA) Type-3 x 0 x 1 x 2 x 3 x 0 x 1 x 2 x 3 x 0 x 1 x 2 x 3 F F F F y 0 y 1 y 2 y 3 y 0 y 1 y 2 y 3 y 0 y 1 y 2 y 3 Source Heavy (RC2, SHA-1) Target Heavy (MARS) Nyberg’s Thierry P. Berger, Marine Minier, Gaël Thomas Extended Generalized Feistel Networks using Matrix Rep. 3/24

  4. Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example Table of Contents Full Diffusion Delay 1 Matrix of a Feistel Network 2 New Feistel Networks Proposals 3 An Efficient Example 4 Thierry P. Berger, Marine Minier, Gaël Thomas Extended Generalized Feistel Networks using Matrix Rep. 4/24

  5. Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example Full Diffusion Delay F F F F Introduced by Suzaki and Minematsu at FSE‘10 F F F F Minimum number of rounds d + for F F F F every inputs to influence every outputs Depends solely on the structure of the F F F F network, not on the round-functions used F F F F d − : similarly defined when performing F F F F decryption We consider encryption and decryption F F F F important, thus we look at: d = max ( d + , d − ) . F F F F Thierry P. Berger, Marine Minier, Gaël Thomas Extended Generalized Feistel Networks using Matrix Rep. 5/24

  6. Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example Graph Point of View x 6 x 0 x 1 x 2 x 3 x 4 x 5 x 6 x 7 x 5 x 7 F F F F F x 4 x 0 F F F x 3 x 1 y 0 y 1 y 2 y 3 y 4 y 5 y 6 y 7 x 2 Graph of a Feistel Network: obtained by folding outputs onto the corresponding inputs Represents the structure of the Network Full diffusion delay d + : smallest distance such that for all vertices couple ( u , v ) there exists a path of length d + going from u to v Thierry P. Berger, Marine Minier, Gaël Thomas Extended Generalized Feistel Networks using Matrix Rep. 6/24

  7. Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example Full Diffusion Delay of Generalized Feistel Networks x 0 x 1 x 2 x 3 x 0 x 1 x 2 x 3 x 0 x 1 x 2 x 3 F F F F F F y 0 y 1 y 2 y 3 y 0 y 1 y 2 y 3 y 0 y 1 y 2 y 3 Type-1 (CAST-256, Lesamnta) Type-2 (HIGHT, CLEFIA) Type-3 d = ( k − 1 ) 2 + 1 d = k d = k x 0 x 1 x 2 x 3 x 0 x 1 x 2 x 3 x 0 x 1 x 2 x 3 F F F F y 0 y 1 y 2 y 3 y 0 y 1 y 2 y 3 y 0 y 1 y 2 y 3 Source Heavy (RC2, SHA-1) Target Heavy (MARS) Nyberg’s d = k d = k d = k Thierry P. Berger, Marine Minier, Gaël Thomas Extended Generalized Feistel Networks using Matrix Rep. 7/24

  8. Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example An Improvement of Type-2 x 0 x 1 x 2 x 3 x 4 x 5 x 6 x 7 round-function layer F F F F permutation layer y 0 y 1 y 2 y 3 y 4 y 5 y 6 y 7 Proposed by Suzaki and Minematsu at FSE‘10 Idea: Replace the cyclic shift of the permutation layer by any block-wise permutation Includes Nyberg’s GFNs Full diffusion delay d goes from k to 2 log 2 k for optimum permutations x 0 x 1 x 2 x 3 x 4 x 5 x 6 x 7 F F F F y 0 y 1 y 2 y 3 y 4 y 5 y 6 y 7 Thierry P. Berger, Marine Minier, Gaël Thomas Extended Generalized Feistel Networks using Matrix Rep. 8/24

  9. Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example Improve Type-1, Type-3, Source-Heavy and Target-Heavy? x 0 x 1 x 2 x 3 x 0 x 1 x 2 x 3 x 0 x 1 x 2 x 3 x 0 x 1 x 2 x 3 F F F F F F y 0 y 1 y 2 y 3 y 0 y 1 y 2 y 3 y 0 y 1 y 2 y 3 y 0 y 1 y 2 y 3 Type-1 Type-3 Source Heavy Target Heavy Studied by Yanagihara and Iwata at IEICE Trans. 2013 Same idea as Suzaki and Minematsu: allow any block permutation P Source Heavy and Target-Heavy cannot be improved Full diffusion delay of Type-1 drops from ( k − 1 ) 2 + 1 to k ( k + 2 ) / 2 − 2 No general construction for Type-3 but found permutations with d ≤ 4 for k ≤ 8 Thierry P. Berger, Marine Minier, Gaël Thomas Extended Generalized Feistel Networks using Matrix Rep. 9/24

  10. Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example Matrix of a Feistel Network x 0 x 1 x 2 x 3 x 4 x 5 x 6 x 7 round-function layer F F F F permutation layer y 0 y 1 y 2 y 3 y 4 y 5 y 6 y 7 a GFN is made of a round-function layer and a permutation layer The permutation layer can be represented 1   1 by a permutation matrix P  1    1 P =   1     1    1  1 Thierry P. Berger, Marine Minier, Gaël Thomas Extended Generalized Feistel Networks using Matrix Rep. 10/24

  11. Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example Matrix of a Feistel Network x 0 x 1 x 2 x 3 x 4 x 5 x 6 x 7 round-function layer F F F F permutation layer y 0 y 1 y 2 y 3 y 4 y 5 y 6 y 7 a GFN is made of a round-function layer and a permutation layer The permutation layer can be represented 1   1 by a permutation matrix P  1    1 P =   1 Idea: Represent the round-function layer     1   by a matrix F with:  1  1 an all-one diagonal 1   a parameter F at position ( i , j ) when F 1  1  y P ( i ) = F ( x j ) ⊕ x i   F 1 F =    1    F is a formal parameter merely indicating F 1    1  the presence of a round-function F 1 Matrix of the whole GFN defined as M = P × F Thierry P. Berger, Marine Minier, Gaël Thomas Extended Generalized Feistel Networks using Matrix Rep. 10/24

  12. Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example Type-2 Feistel Network and its corresponding Matrix x 6 x 5 x 7 x 0 x 1 x 2 x 3 x 4 x 5 x 6 x 7 F F F F F F x 4 x 0 x 3 x 1 F y 0 y 1 y 2 y 3 y 4 y 5 y 6 y 7 F x 2 F 1 1 1       1 1 F 1 F 1 1 1             1 1 F 1       M = P = F =  F 1   1   1        1 1 F 1        F 1   1   1  1 1 F 1 M is the adjacency matrix of the graph associated to the GFN d + is the smallest integer such that M d + has no zero coefficient Thierry P. Berger, Marine Minier, Gaël Thomas Extended Generalized Feistel Networks using Matrix Rep. 11/24

  13. Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example Properties we require from GFNs GFNs transforms round-functions into a permutation, hence decryption mode matrix M − 1 should not contain any “ F − 1 ” ⇒ det ( M ) = ± 1. → verified for all classical GFNs GFNs are quasi-involutive: encryption/decryption is the same process up to using direct/inverse permutation layer P . → verified for all classical GFNs except Type-3 x 0 x 1 x 2 x 3 x 4 x 5 x 6 x 7 F F F F F F F y 0 y 1 y 2 y 3 y 4 y 5 y 6 y 7 Thierry P. Berger, Marine Minier, Gaël Thomas Extended Generalized Feistel Networks using Matrix Rep. 12/24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Generalized Feistel Networks with Optimal Diffusion Lo Perrin DTU, Lyngby Inria, Paris

Generalized Feistel Networks with Optimal Diffusion Lo Perrin DTU, Lyngby Inria, Paris

Generalized Feistel Networks with Optimal Diffusion Lo Perrin DTU, Lyngby Inria, Paris Dagstuhl 2018 (seminar-18021) Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion In this talk

1.31k views • 52 slides
Improved Security Bounds for Generalized Feistel Networks Yaobin Shen 1 Chun Guo 2 Lei Wang 1 1

Improved Security Bounds for Generalized Feistel Networks Yaobin Shen 1 Chun Guo 2 Lei Wang 1 1

Feistel Networks Our Contributions Security Proofs Conclusion Improved Security Bounds for Generalized Feistel Networks Yaobin Shen 1 Chun Guo 2 Lei Wang 1 1 Shanghai Jiao Tong University 2 Shandong University November 13, FSE 2020 Yaobin

407 views • 22 slides
General Diffusion Analysis: How to Find Optimal Permutations for Generalized Type-II Feistel

General Diffusion Analysis: How to Find Optimal Permutations for Generalized Type-II Feistel

General Diffusion Analysis: How to Find Optimal Permutations for Generalized Type-II Feistel Schemes Victor Cauchois 1 , 2 , Clment Gomez 1 , Gal Thomas 1 1 DGA Maitrise de lInformation, Bruz, France 2 IRMAR, Universit de Rennes 1,

810 views • 68 slides
Differential Attacks on Generalized Feistel Schemes Val erie Nachef - Emmanuel Volte - Jacques

Differential Attacks on Generalized Feistel Schemes Val erie Nachef - Emmanuel Volte - Jacques

Differential Attacks on Generalized Feistel Schemes Val erie Nachef - Emmanuel Volte - Jacques Patarin CANS 2013 20 November 2013 Outline Introduction 1 State of the Art Our Contribution Definition of the schemes Attacks on Type-1

893 views • 45 slides
Core Models of Complex Networks Principles of Complex Systems Generalized random networks

Core Models of Complex Networks Principles of Complex Systems Generalized random networks

Core Models of Complex Networks Core Models of Complex Networks Principles of Complex Systems Generalized random networks CSYS/MATH 300, Spring, 2013 | #SpringPoCS2013 Small-world networks Main story Generalized affiliation networks

2.16k views • 99 slides
This reduces to a generalized eigenvalue problem, i.e. to finding generalized eigenvectors of

This reduces to a generalized eigenvalue problem, i.e. to finding generalized eigenvectors of

This reduces to a generalized eigenvalue problem, i.e. to finding generalized eigenvectors of the following form, with the lowest eigenvalues: Ly Dy This technique is called Laplacian Eigenmaps since the matrix L is

464 views • 27 slides
Generalized method of moments for an extended Gamma process Zeina Al Masry, Sophie Mercier,

Generalized method of moments for an extended Gamma process Zeina Al Masry, Sophie Mercier,

Generalized method of moments for an extended Gamma process Zeina Al Masry, Sophie Mercier, Ghislain Verdier Laboratoire de Mathmatiques et de leurs Applications Pau UMR CNRS 5142 Universit de Pau et des Pays de lAdour, Pau, France

835 views • 29 slides
The Kronig-Penney model extended to arbitrary potentials via numerical matrix mechanics Robert

The Kronig-Penney model extended to arbitrary potentials via numerical matrix mechanics Robert

The Kronig-Penney model extended to arbitrary potentials via numerical matrix mechanics Robert Pavelich, Frank Marsiglio University of Alberta June 15, 2015 Marsiglio (2009) introduced a matrix diagonalization method for solving 1D potentials

1.1k views • 29 slides
Extended and generalized weight enumerators Relinde Jurrius Ruud Pellikaan Eindhoven University

Extended and generalized weight enumerators Relinde Jurrius Ruud Pellikaan Eindhoven University

Extended and generalized weight enumerators Relinde Jurrius Ruud Pellikaan Eindhoven University of Technology, The Netherlands International Workshop on Coding and Cryptography, 2009 1/23 Outline Previous work Codes, weights and weight

484 views • 32 slides
This reduces to a generalized eigenvalue problem, i.e. to finding generalized eigenvectors of

This reduces to a generalized eigenvalue problem, i.e. to finding generalized eigenvectors of

This reduces to a generalized eigenvalue problem, i.e. to finding generalized eigenvectors of the following form, with the lowest eigenvalues: Ly Dy This technique is called Laplacian Eigenmaps since the matrix L is called

324 views • 20 slides
Generalized Matrix Factorizations as a Unifying Framework for Pattern Set Mining Complexity

Generalized Matrix Factorizations as a Unifying Framework for Pattern Set Mining Complexity

Generalized Matrix Factorizations as a Unifying Framework for Pattern Set Mining Complexity Beyond Blocks Pauli Miettinen 10 September 2015 Community detection A B C ( ) 1 1 1 0 1 A 2 1 1 1 0 1 1 3 A B C B ( ) ( ) 2

301 views • 18 slides
Generalized MPLS Signaling draft-ietf-mpls-generalized-signaling-05.txt

Generalized MPLS Signaling draft-ietf-mpls-generalized-signaling-05.txt

Generalized MPLS Signaling draft-ietf-mpls-generalized-signaling-05.txt draft-ietf-mpls-generalized-cr-ldp-04.txt draft-ietf-mpls-generalized-rsvp-te-04.txt Authors Authors Peter Ashwood-Smith (Nortel Networks Corp.) Ayan Banerjee

386 views • 7 slides
Integrable discrete-time dynamics, generalized exclusion processes and "fused" matrix

Integrable discrete-time dynamics, generalized exclusion processes and "fused" matrix

Physical motivations and framework Integrable discrete-time dynamics Generalized exclusion processes Integrable discrete-time dynamics, generalized exclusion processes and "fused" matrix ansatz Matthieu VANICAT University of

1.41k views • 124 slides
A D.C. Programming Approach to the Sparse Generalized Eigenvalue Problem Bharath K.

A D.C. Programming Approach to the Sparse Generalized Eigenvalue Problem Bharath K.

A D.C. Programming Approach to the Sparse Generalized Eigenvalue Problem Bharath K. Sriperumbudur, David A. Torres and Gert R. G. Lanckriet University of California, San Diego OPT 2009 Generalized Eigenvalue Problem Given a matrix pair, ( A , B

340 views • 19 slides
Matrix Product States for frustrated spin chains, lattices with an extended Hilbert space and

Matrix Product States for frustrated spin chains, lattices with an extended Hilbert space and

Matrix Product States for frustrated spin chains, lattices with an extended Hilbert space and constrained models in 1D Natalia Chepiga Swiss National Science Foundation University of Amsterdam, The Netherlands 23 July 2019 Natalia Chepiga

1.91k views • 143 slides
Generalized Single Phase Z-Source Matrix Converter S. H. Hosseini J. Nabati A.Mirlou Faculty

Generalized Single Phase Z-Source Matrix Converter S. H. Hosseini J. Nabati A.Mirlou Faculty

1 Generalized Single Phase Z-Source Matrix Converter S. H. Hosseini J. Nabati A.Mirlou Faculty of Electrical and Computer Engineering University of Tabriz, Tabriz, Iran IEEE 2011 Electrical Power and Energy Conference 2

1.23k views • 27 slides
My Social Media Life commonsense.org/education Shareable with attribution for noncommercial use.

My Social Media Life commonsense.org/education Shareable with attribution for noncommercial use.

Show teens using phones, but not Use pause and think illustration, talking thought bubbles DIGITAL CITIZENSHIP | GRADE 7 My Social Media Life commonsense.org/education Shareable with attribution for noncommercial use. Remixing is permitted.

290 views • 13 slides
Does someone in your household have a life-altering medical condition? Grant Criteria Do I

Does someone in your household have a life-altering medical condition? Grant Criteria Do I

Does someone in your household have a life-altering medical condition? Grant Criteria Do I qualify? #1. 5+ years service to the floor covering industry #2. Financial crisis #3. Household member with a life- altering or catastrophic medical

157 views • 5 slides
What did the researcher do? What did the researcher find? What does this mean for my

What did the researcher do? What did the researcher find? What does this mean for my

Research to Real Life What did the researcher do? What did the researcher find? What does this mean for my Applications of Recent Research classroom? for Elementary General Music Heather Nelson Shouldice, PhD Eastern Michigan

638 views • 5 slides
Soul of a New Machine Jeff Chase Duke University

Soul of a New Machine Jeff Chase Duke University

Soul of a New Machine Jeff Chase Duke University Getting to Dune We want to talk about Dune But lets be sure we have the basics well in hand! The basics: architectural foundations of

1.03k views • 69 slides
A Modular Framework for Building Variable-Input- Length Tweakable Ciphers Thomas Shrimpton and

A Modular Framework for Building Variable-Input- Length Tweakable Ciphers Thomas Shrimpton and

A Modular Framework for Building Variable-Input- Length Tweakable Ciphers Thomas Shrimpton and Seth Terashima Portland State University Motivation: Full Disk Encryption File System Virtual Disk (Exposes plaintexts) FDE Physical Disk

1.24k views • 59 slides
Equivariant geometry of Banach spaces and topological groups Christian Rosendal, University of

Equivariant geometry of Banach spaces and topological groups Christian Rosendal, University of

Equivariant geometry of Banach spaces and topological groups Christian Rosendal, University of Illinois at Chicago Toposym, Prague, July 2016 Christian Rosendal Equivariant geometry Toposym, July 2016 1 / 25 Coarse geometry A uniform

1.08k views • 105 slides
DLAP online Seminar

DLAP online Seminar

DLAP online Seminar Zoom Webinar, 2020.07.09

689 views • 27 slides
Collective Neutrino Oscillations in SNe Huaiyu Duan University of New Mexico Outline

Collective Neutrino Oscillations in SNe Huaiyu Duan University of New Mexico Outline

Collective Neutrino Oscillations in SNe Huaiyu Duan University of New Mexico Outline Introduction Numerical models and results Recent progress and challenges Summary Standard Model I II III mass $ 0 # 2.4 MeV 1.27 GeV

872 views • 43 slides

More recommend