general diffusion analysis how to find optimal
play

General Diffusion Analysis: How to Find Optimal Permutations for - PowerPoint PPT Presentation

Aug 30, 2022 •114 likes •810 views

General Diffusion Analysis: How to Find Optimal Permutations for Generalized Type-II Feistel Schemes Victor Cauchois 1 , 2 , Clment Gomez 1 , Gal Thomas 1 1 DGA Maitrise de lInformation, Bruz, France 2 IRMAR, Universit de Rennes 1,

  1. General Diffusion Analysis: How to Find Optimal Permutations for Generalized Type-II Feistel Schemes Victor Cauchois 1 , 2 , Clément Gomez 1 , Gaël Thomas 1 1 DGA Maitrise de l’Information, Bruz, France 2 IRMAR, Université de Rennes 1, Rennes, France Fast Software Encryption — 2019-03-26 — Paris, France Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 1/20

  2. The Feistel Network How to construct a permutation? F Challenging task F Split the problem in half and iterate F DES, Camellia, Simon, . . . Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 2/20

  3. Type-II Generalized Feistel Structure (GFS) F F F F Split into k blocks k / 2 parallel mini-Feistel functions (easier to design) F Then a block-wise permutation π ∈ S k : CLEFIA ( k = 4), Simpara ( k = 4 , 6 , 8), TWINE ( k = 16) Problem: Diffusion needs more rounds Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 3/20

  4. Maximum Diffusion Round (DR) 5 F F F F F F F F F F F F F F F F F F F F F F F F 6 Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 4/20

  5. Maximum Diffusion Round (DR) 5 F F F F F F F F F F F F F F F F F F F F F F F F 6 Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 4/20

  6. Maximum Diffusion Round (DR) 5 F F F F F F F F F F F F F F F F F F F F F F F F 6 Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 4/20

  7. Maximum Diffusion Round (DR) 5 F F F F F F F F F F F F F F F F F F F F F F F F 6 Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 4/20

  8. Maximum Diffusion Round (DR) 5 F F F F F F F F F F F F F F F F F F F F F F F F 6 Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 4/20

  9. Maximum Diffusion Round (DR) 5 F F F F F F F F F F F F F F F F F F F F F F F F 6 Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 4/20

  10. Maximum Diffusion Round (DR) 5 F F F F F F F F F F F F F F F F F F F F F F F F 6 Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 4/20

  11. Maximum Diffusion Round (DR) 5 6 F F F F F F F F F F F F F F F F F F F F F F F F 6 Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 4/20

  12. Maximum Diffusion Round (DR) 5 6 5 F F F F F F F F F F F F F F F F F F F F F F F F 6 Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 4/20

  13. Maximum Diffusion Round (DR) 5 6 5 6 F F F F F F F F F F F F F F F F F F F F F F F F 6 Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 4/20

  14. Maximum Diffusion Round (DR) 5 6 5 6 5 6 5 6 F F F F F F F F F F F F F F F F F F F F F F F F 6 Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 4/20

  15. Maximum Diffusion Round (DR) 5 6 5 6 5 6 5 6 Simple criterion F F F F Depends only on the F F F F permutation π Link with impossible F F F F differential and saturation attacks F F F F Encryption F F F F F F F F 6 Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 4/20

  16. Maximum Diffusion Round (DR) 5 6 5 6 5 6 5 6 Simple criterion F F F F Depends only on the F F F F permutation π Link with impossible F F F F differential and saturation attacks F F F F Encryption F F F F AND Decryption F F F F 6 Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 4/20

  17. Maximum Diffusion Round (DR) 5 6 5 6 5 6 5 6 Simple criterion F F F F Depends only on the F F F F permutation π Link with impossible F F F F differential and saturation attacks F F F F Encryption F F F F AND Decryption F F F F here DR ( π ) = 6 6 5 6 5 6 5 6 5 Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 4/20

  18. Previous Works F F F F k DR ( rot ) min DR ( π ) Suzaki and Minematsu, FSE 2010 4 4 4 Focus on even-odd GFS ( S eo k ) 6 6 5 8 8 6 Exhaustive search for k ≤ 16 blocks 10 10 7 12 12 8 Power of two case : generic 14 14 8 construction in DR ( π ) = 2 log 2 k 16 16 8 Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 5/20

  19. Our Contributions k [SM10] this paper 4 4 4 Constructive upper-bound on the 6 5 5 number of even-odd GFS up to 8 6 6 equivalence 10 7 7 12 8 8 Exhaustive search for k ≤ 24 14 8 8 16 8 8 New criterion to reduce search 18 8 space: Collision-free depth 20 9 22 8 Power of two case: new 24 9 permutations based on graph 26 9 coloring 32 10 10 64 12 11 Case of non even-odd permutations 128 14 13 Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 6/20

  20. Equivalence of GFS F F F F Equivalence up to block reindexing Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 7/20

  21. Equivalence of GFS F F F F Equivalence up to block reindexing Permutations of pairs: swap blocks in a pair-wise manner Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 7/20

  22. Equivalence of GFS F F F F Equivalence up to block reindexing Permutations of pairs: swap blocks in a pair-wise manner S p k := { ϕ ∈ S k |∀ i ≤ k 2 − 1 , ϕ ( 2 i ) is even and ϕ ( 2 i + 1 ) = ϕ ( 2 i )+ 1 } Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 7/20

  23. Equivalence of GFS F F F F Equivalence up to block reindexing Permutations of pairs: swap blocks in a pair-wise manner S p k := { ϕ ∈ S k |∀ i ≤ k 2 − 1 , ϕ ( 2 i ) is even and ϕ ( 2 i + 1 ) = ϕ ( 2 i )+ 1 } “Pair-equivalence”: S p k acts on S k by conjugation π 1 ≡ π 2 iff ∃ ϕ ∈ S p k s.t. π 1 = ϕ ◦ π 2 ◦ ϕ − 1 Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 7/20

  24. Number of Even-odd GFS up to Pair-equivalence F F F F  S eo S k / 2 × S k / 2 → (even-odd GFS) k  Bijection:  Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 8/20

  25. Number of Even-odd GFS up to Pair-equivalence F F F F  S eo S k / 2 × S k / 2 → (even-odd GFS) k  Bijection: � π ( 2 i ) = 2 π 1 ( i ) + 1 � ( π 1 , π 2 ) �→ π s.t. � π ( 2 i + 1 ) = 2 π 2 ( i )  � Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 8/20

  26. Number of Even-odd GFS up to Pair-equivalence F F F F  S eo S k / 2 × S k / 2 → (even-odd GFS) k  Bijection: � π ( 2 i ) = 2 π 1 ( i ) + 1 � ( π 1 , π 2 ) �→ π s.t. � π ( 2 i + 1 ) = 2 π 2 ( i )  � ( k / 2 )! 2 ( k / 2 )! ≤ number of classes ≤ Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 8/20

  27. Number of Even-odd GFS up to Pair-equivalence F F F F  S eo S k / 2 × S k / 2 → (even-odd GFS) k  Bijection: � π ( 2 i ) = 2 π 1 ( i ) + 1 � ( π 1 , π 2 ) �→ π s.t. � π ( 2 i + 1 ) = 2 π 2 ( i )  � Idea Only enumerate a single π 1 for each conjugacy class in S k / 2 w.r.t regular conjugation ( k / 2 )! 2 ( k / 2 )! ≤ number of classes ≤ Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 8/20

  28. Number of Even-odd GFS up to Pair-equivalence F F F F  S eo S k / 2 × S k / 2 → (even-odd GFS) k  Bijection: � π ( 2 i ) = 2 π 1 ( i ) + 1 � ( π 1 , π 2 ) �→ π s.t. � π ( 2 i + 1 ) = 2 π 2 ( i )  � Idea Only enumerate a single π 1 for each conjugacy class in S k / 2 w.r.t regular conjugation ( k / 2 )! ≤ number of classes ≤ N k / 2 · ( k / 2 )! Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 8/20

  29. Number of Even-odd GFS up to Pair-equivalence F F F F  S eo S k / 2 × S k / 2 → (even-odd GFS) k  Bijection: � π ( 2 i ) = 2 π 1 ( i ) + 1 � ( π 1 , π 2 ) �→ π s.t. � π ( 2 i + 1 ) = 2 π 2 ( i )  � Idea Only enumerate a single π 1 for each conjugacy class in S k / 2 w.r.t regular conjugation ( k / 2 )! ≤ number of classes ≤ N k / 2 · ( k / 2 )! Number of conjugacy class in S k / 2 : N k / 2 = O ( e π √ k / 3 ) Optimal Permutations for Generalized Type-II Feistel Schemes Cauchois, Gomez, Thomas FSE 2019-03-26 8/20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Optimal multiple stopping time problems of jumps diffusion processes Im` ene BEN LATIFA

Optimal multiple stopping time problems of jumps diffusion processes Im` ene BEN LATIFA

Motivation Problem formulation Swing options in the jump diffusion model Viscosity solution Further research Optimal multiple stopping time problems of jumps diffusion processes Im` ene BEN LATIFA ENIT-LAMSIN New advances in Backward SDEs

346 views • 30 slides
31/10/2019 Diffusion General Note. Atomic diffusion is a process whereby the random

31/10/2019 Diffusion General Note. Atomic diffusion is a process whereby the random

31/10/2019 Diffusion General Note. Atomic diffusion is a process whereby the random thermally-activated hopping of Diffusion is a flux of matter in which the atoms or molecules of a certain atoms in a solid results in the net transport of

560 views • 28 slides
Parallelizing Union-Find in Constraint Handling Rules Using Confluence Analysis Thom Fr

Parallelizing Union-Find in Constraint Handling Rules Using Confluence Analysis Thom Fr

Introduction Basic Union-Find Optimal Union-Find Conclusion Parallelizing Union-Find in Constraint Handling Rules Using Confluence Analysis Thom Fr uhwirth Faculty of Computer Science University of Ulm, Germany

770 views • 40 slides
USING DATA TO FIND THE OPTIMAL MIX OF RETAIL LOCATIONS AND RESOURCES INTRODUCTION Education

USING DATA TO FIND THE OPTIMAL MIX OF RETAIL LOCATIONS AND RESOURCES INTRODUCTION Education

USING DATA TO FIND THE OPTIMAL MIX OF RETAIL LOCATIONS AND RESOURCES INTRODUCTION Education BS CS, Georgia Tech 2009 Theory and Machine Learning MS CS, Georgia Tech 2011 Heavy Tail Network Analysis Work Institute of

462 views • 20 slides
Blockchains Beyond Bitcoin: Notations Towards Optimal Level of Analysis of the Problem Let Us

Blockchains Beyond Bitcoin: Notations Towards Optimal Level of Analysis of the Problem Let Us

How Financial . . . Limitations of the . . . Blockchain as an . . . Formulation of the . . . Blockchains Beyond Bitcoin: Notations Towards Optimal Level of Analysis of the Problem Let Us Find the . . . Decentralization in Storing

298 views • 14 slides
Generalized Feistel Networks with Optimal Diffusion Lo Perrin DTU, Lyngby Inria, Paris

Generalized Feistel Networks with Optimal Diffusion Lo Perrin DTU, Lyngby Inria, Paris

Generalized Feistel Networks with Optimal Diffusion Lo Perrin DTU, Lyngby Inria, Paris Dagstuhl 2018 (seminar-18021) Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion In this talk

1.31k views • 52 slides
Multiscale Analysis and Diffusion Semigroups With Applications Karamatou Yacoubou Djima Advisor:

Multiscale Analysis and Diffusion Semigroups With Applications Karamatou Yacoubou Djima Advisor:

Introduction Composite Diffusion Frames An application of Laplacian Eigenmaps to Retinal Imaging Conclusion Multiscale Analysis and Diffusion Semigroups With Applications Karamatou Yacoubou Djima Advisor: Wojciech Czaja Norbert Wiener Center

531 views • 39 slides
Image analysis Biomedical images are analyzed in order to get information of interest with a non

Image analysis Biomedical images are analyzed in order to get information of interest with a non

Lesson 10 University of Bergamo Engineering and Management for Health FOR CHRONIC DISEASES MEDICAL SUPPORT SYSTEMS LESSON 10 Bioimaging analysis: estimation of diffusion parameters from Diffusion-Weighted Magnetic Resonance Imaging (for the

343 views • 12 slides
Analysis of the controllability of space-time fractional diffusion and super diffusion equations

Analysis of the controllability of space-time fractional diffusion and super diffusion equations

Objectives of the talk Space-time fractional order operators Controllability results for space-time fractional PDEs A new notion of boundary control Open problems Analysis of the controllability of space-time fractional diffusion and super

1.06k views • 62 slides
NIST Workshop: High Throughput Analysis of Multicomponent Multiphase Diffusion Data March

NIST Workshop: High Throughput Analysis of Multicomponent Multiphase Diffusion Data March

NIST Workshop: High Throughput Analysis of Multicomponent Multiphase Diffusion Data March 27-28, 2003 Carelyn Campbell & Bill Boettinger Metallurgy Division Introductory Remarks Why a Workshop on Diffusion? Consensus of NIST

448 views • 24 slides
The method of viscosity solutions for analysis of singular diffusion problems appearing in

The method of viscosity solutions for analysis of singular diffusion problems appearing in

Mathematics for Nonlinear Phenomena: Analysis and Computation Sapporo, August 2015 The method of viscosity solutions for analysis of singular diffusion problems appearing in crystal growth problems Piotr Rybka Joint project with Y.Giga,

773 views • 36 slides
Cyril Bachelard OLZ AG Optimal Portfolios and Where to Find Them Hint: Somewhere inside a

Cyril Bachelard OLZ AG Optimal Portfolios and Where to Find Them Hint: Somewhere inside a

Cyril Bachelard OLZ AG Optimal Portfolios and Where to Find Them Hint: Somewhere inside a High-Dimensional Convex Polytope Agenda 1. Introduction 2. Dear Investor, Whats Your Objective? 3. Dear Audience, Remember Geometry? 4. Dear

748 views • 39 slides
Simulating Neurodegeneration through Longitudinal Population Analysis of Structural and Diffusion

Simulating Neurodegeneration through Longitudinal Population Analysis of Structural and Diffusion

Outline Background Simulating neurodegneration through longitudinal population analysis Simulating Neurodegeneration through Longitudinal Population Analysis of Structural and Diffusion Weighted MRI Data Modat et al. MICCAI 2014 Bishesh

720 views • 26 slides
A general mechanism of diffusion in Hamiltonian Systems DYNAMICAL SYSTEMS: FROM GEOMETRY TO

A general mechanism of diffusion in Hamiltonian Systems DYNAMICAL SYSTEMS: FROM GEOMETRY TO

A general mechanism of diffusion in Hamiltonian Systems DYNAMICAL SYSTEMS: FROM GEOMETRY TO MECHANICS Marian Gidea 1 Rafael de la Llave 2 and Tere Seara 3 1 Yeshiva University, New York 2 Georgia Institute of Technology, Atlanta 3 Universitat

508 views • 34 slides
Finite Volume Methods: the steady convection-diffusion equation G. Manzini 1 1 IMATI - CNR, Pavia

Finite Volume Methods: the steady convection-diffusion equation G. Manzini 1 1 IMATI - CNR, Pavia

Finite Volume Methods: the steady convection-diffusion equation G. Manzini 1 1 IMATI - CNR, Pavia Padova 16/4/2007 R 2 , The reference problem Steady convected-dominated diffusion-transport problems are ruled by the following equation: Find

680 views • 54 slides
Questions about Exercise 2? Lecture: Natural diffusion Introduction to the

Questions about Exercise 2? Lecture: Natural diffusion Introduction to the

Class overview today - November 12, 2018 Questions about Exercise 2? Lecture: Natural diffusion Introduction to the diffusion process Mathematical description of diffusion Hillslope diffusion processes Exercise 3:

688 views • 55 slides
Kinematics: Solving Sequences Manipulators & DH parameters P P y 1 y 1 x 1 x 1 Many

Kinematics: Solving Sequences Manipulators & DH parameters P P y 1 y 1 x 1 x 1 Many

Kinematics: Solving Sequences Manipulators & DH parameters P P y 1 y 1 x 1 x 1 Many slides, graphics, and ideas adapted (with thanks!) from: Siegwart, Nourbakhsh and Scaramuzza, Autonomous Mobile Robots Renata Melamud, An

632 views • 46 slides
Exercise 7: Two-Steps Method Exercise 7: Two Steps Method FLUKA Advanced Course Exercise 7 -

Exercise 7: Two-Steps Method Exercise 7: Two Steps Method FLUKA Advanced Course Exercise 7 -

Exercise 7: Two-Steps Method Exercise 7: Two Steps Method FLUKA Advanced Course Exercise 7 - Layout Exercise 7 Goal Evaluate the contribution to the energy deposition in a Beam Loss Monitor (BLM) from direct losses inside a quadrupole,

195 views • 5 slides
ECE590-03 Enterprise Storage Architecture Fall 2017 Failures in hard disks and SSDs Tyler

ECE590-03 Enterprise Storage Architecture Fall 2017 Failures in hard disks and SSDs Tyler

ECE590-03 Enterprise Storage Architecture Fall 2017 Failures in hard disks and SSDs Tyler Bletsch Duke University Slides include material from Vince Freeh (NCSU), some material adapted from Hard-Disk Drives: The Good, the Bad, and the Ugly

611 views • 19 slides
Revenue Maximization from PEDL trips using Network analysis and Geospatial mapping PEDL by

Revenue Maximization from PEDL trips using Network analysis and Geospatial mapping PEDL by

Revenue Maximization from PEDL trips using Network analysis and Geospatial mapping PEDL by Zoomcar 1. Understanding Pedl 2. Journey till Now 3. Challenges faced 4. Fleet optimization to maximize Trips per Agenda cycle through

495 views • 25 slides
C CSE 351, Winter 2012 Monday, February 27, 12 Why do we teach you C? C closely matches how

C CSE 351, Winter 2012 Monday, February 27, 12 Why do we teach you C? C closely matches how

C CSE 351, Winter 2012 Monday, February 27, 12 Why do we teach you C? C closely matches how computers really work No hidden runtime Can trust the compiler (sort of, more on this later) Helps you understand how

1.06k views • 74 slides
Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer!

Transport Layer (TCP/UDP) Where we are in the Course Moving on up to the Transport Layer! Application Transport Network Link Physical CSE 461 University of Washington 2 Recall Transport layer provides end-to-end connectivity across

1.96k views • 165 slides
What is a density surface model? Why model abundance spatially? Use non-designed surveys Use

What is a density surface model? Why model abundance spatially? Use non-designed surveys Use

What is a density surface model? Why model abundance spatially? Use non-designed surveys Use environmental information Maps Back to Horvitz-Thompson estimation Horvitz-Thompson-like estimators Rescale the (flat) density and extrapolate n

387 views • 37 slides
Image Segmentation Machine Learning Study Group Presented by Yaochen Xie Jan 25, 2018 Outline

Image Segmentation Machine Learning Study Group Presented by Yaochen Xie Jan 25, 2018 Outline

Image Segmentation Machine Learning Study Group Presented by Yaochen Xie Jan 25, 2018 Outline Overview Three Levels of Segmentation Basic Segmentation Semantic Segmentation (FCN, DeepLab) Instance Segmentation (Mask-RCNN)

449 views • 28 slides

More recommend