generalized feistel networks with optimal diffusion
play

Generalized Feistel Networks with Optimal Diffusion Lo Perrin DTU, - PowerPoint PPT Presentation

Sep 16, 2022 •768 likes •1.31k views

Generalized Feistel Networks with Optimal Diffusion Lo Perrin DTU, Lyngby Inria, Paris Dagstuhl 2018 (seminar-18021) Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion In this talk

  1. Generalized Feistel Networks with Optimal Diffusion Léo Perrin DTU, Lyngby Inria, Paris Dagstuhl 2018 (seminar-18021)

  2. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion In this talk A new type of generalized Feistel Networks Linear layer design Wide block cipher/sponge permutation blueprint Fibonnaci numbers! 1 / 20

  3. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Outline 1 Introduction Observations on GFNs 2 Multi-Rotating Feistel Network (MRFN) 3 Possible Applications 4 Conclusion 5 1 / 20

  4. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion First GFN Source: Generalized Feistel networks , K. Nyberg (1996) 2 / 20

  5. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Basic GFN Source: Generalized Feistel networks revisited , A. Bogdanov, K. Shibutani (2013) 3 / 20

  6. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Improved GFN Source: TWINE: A Lightweight, Versatile Block Cipher , T. Suzaki, K. Minematsu, S. Morioka, and E. Kobayashi 4 / 20

  7. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Diffusion in Generalized Feistel networks How long does it take for each input word to influence each output word? The state consists of 2 b branches. 5 / 20

  8. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Diffusion in Generalized Feistel networks How long does it take for each input word to influence each output word? The state consists of 2 b branches. Nyberg/Type-II GFN: ≈ 2 b rounds 5 / 20

  9. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Diffusion in Generalized Feistel networks How long does it take for each input word to influence each output word? The state consists of 2 b branches. Nyberg/Type-II GFN: TWINE-like GFN: ≈ 2 log 2 ( b ) rounds ≈ 2 b rounds 5 / 20

  10. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion General Vue X i X i X i X i X i X i X i X i 0 1 2 3 4 5 6 7 f ⊕ f ⊕ f ⊕ f ⊕ π Optimal Diffusion The best we can achieve is for X 0 0 to influence ϕ i + 2 branches at round i , where ϕ 0 = 0 , ϕ 1 = 1 , ϕ i + 2 = ϕ i + 1 + ϕ i . 6 / 20

  11. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Diffusion in GFNs b 8 16 32 64 128 .. 2048 Nyberg Type-II/Nyberg 16 32 64 128 256 4096 TWINE-like 6 8 10 12 14 22 Optimal 6 8 9 11 12 18 Number of rounds for full diffusion. 7 / 20

  12. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Can we reach the Fibonacci-based bound? Can we have an easy to implement π ? 8 / 20

  13. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Can we reach the Fibonacci-based bound? Can we have an easy to implement π ? Yes (for both) 8 / 20

  14. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Outline 1 Introduction Observations on GFNs 2 Multi-Rotating Feistel Network (MRFN) 3 Possible Applications 4 Conclusion 5 8 / 20

  15. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion General Structure Number of branches: 2 b Number of rounds: r w -bit permutations f i j ( i < r , j < b ) Sequence s i of rotations of b words. The round i of a MRFN with b = 4 and s i = 1 is: f i 0 f i 1 f i 2 f i 3 9 / 20

  16. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Some Observations Both a Feistel network and a GFN π is very simple (1 word-wise rotation per round) Round function depends on the round index. Interesting case: s i = ϕ i . 10 / 20

  17. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Some Observations Both a Feistel network and a GFN π is very simple (1 word-wise rotation per round) Round function depends on the round index. Interesting case: s i = ϕ i . Fibonacci Case A MRFN with s i = ϕ i has optimal diffusion. 10 / 20

  18. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Fibonacci Case At round 0, X 0 0 has touched the first ϕ 1 = 1 branches of one side. ϕ i + 1 ϕ i X i X i − 1 ϕ i ϕ i + ϕ i + 1 F i ⊕ ϕ i + 2 ϕ i + 1 X i + 1 X i 11 / 20

  19. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Example with 12 branches ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ϕ 0 = 0 ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ϕ 1 = 1 ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ϕ 2 = 1 ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ϕ 3 = 2 ⊕ ⊕ ⊕ ϕ 4 = 3 ⊕ ⊕ ⊕ 12 / 20

  20. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Implementation b b w VRound function operating on 2 bw bit internal state. 13 / 20

  21. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Implementation b b w 1. copy 13 / 20

  22. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Implementation b b w f i f i f i f i f i f i f i f i f i f i 1 2 3 4 5 6 7 8 9 10 2. parallel layer of f i 2. parallel layer of f i 2. parallel layer of f i 2. parallel layer of f i 2. parallel layer of f i 2. parallel layer of f i 2. parallel layer of f i 2. parallel layer of f i 2. parallel layer of f i 2. parallel layer of f i 13 / 20

  23. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Implementation b b w ≪ s i ≪ s i ≪ s i 3. rotations 3. rotations 3. rotations 13 / 20

  24. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Implementation b b ⊕ w ⊕ ⊕ 4. XOR 4. XOR 4. XOR 13 / 20

  25. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Implementation b b w 5. swap 13 / 20

  26. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Implementation b b w 6. finished! 13 / 20

  27. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Some Observations s i and s i + ( − ℓ ) i mod b are equivalent if gcd ( s i , b ) � 1 for all i , no full diffusion! Importance of the choice of { s i } i ≥ 0 14 / 20

  28. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Security If s i = ϕ i , then full diffusion in ≈ Λ( n ) rounds, where Λ( x ) = i if ϕ i − 1 < x ≤ ϕ i (optimal). If s 2 i = 0 and i 2 i + 1 = 2 i , then full diffusion in ≈ 2 log 2 ( n ) rounds (like TWINE). Both are quickly safe from miss-in-the-middle based impossible differential atacks and MitM! 15 / 20

  29. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Security If s i = ϕ i , then full diffusion in ≈ Λ( n ) rounds, where Λ( x ) = i if ϕ i − 1 < x ≤ ϕ i (optimal). If s 2 i = 0 and i 2 i + 1 = 2 i , then full diffusion in ≈ 2 log 2 ( n ) rounds (like TWINE). Both are quickly safe from miss-in-the-middle based impossible differential atacks and MitM! When s i = ϕ i , bad truncated differential with 2 active S-Boxes/round. 15 / 20

  30. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Security If s i = ϕ i , then full diffusion in ≈ Λ( n ) rounds, where Λ( x ) = i if ϕ i − 1 < x ≤ ϕ i (optimal). If s 2 i = 0 and i 2 i + 1 = 2 i , then full diffusion in ≈ 2 log 2 ( n ) rounds (like TWINE). Both are quickly safe from miss-in-the-middle based impossible differential atacks and MitM! When s i = ϕ i , bad truncated differential with 2 active S-Boxes/round. Open Problem 1 Differential/Linear bound? Open Problem 2 Choice of { s i } i ≥ 0 ? 15 / 20

  31. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Outline 1 Introduction Observations on GFNs 2 Multi-Rotating Feistel Network (MRFN) 3 Possible Applications 4 Conclusion 5 15 / 20

  32. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion GFN-based Linear Layers Use linear { f i } i ≥ 0 ; s i = ϕ i n -bit block divided into 2 b branches of w bits uses: w 2 × b × 2 log 2 ( b ) XORs . 2 � ���� �� ���� � ���� r f i j � ����� �� ����� � f layer 16 / 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

General Diffusion Analysis: How to Find Optimal Permutations for Generalized Type-II Feistel

General Diffusion Analysis: How to Find Optimal Permutations for Generalized Type-II Feistel

General Diffusion Analysis: How to Find Optimal Permutations for Generalized Type-II Feistel Schemes Victor Cauchois 1 , 2 , Clment Gomez 1 , Gal Thomas 1 1 DGA Maitrise de lInformation, Bruz, France 2 IRMAR, Universit de Rennes 1,

810 views • 68 slides
Extended Generalized Feistel Networks using Matrix Representation Thierry P. Berger 1 , Marine

Extended Generalized Feistel Networks using Matrix Representation Thierry P. Berger 1 , Marine

Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example Extended Generalized Feistel Networks using Matrix Representation Thierry P. Berger 1 , Marine Minier 2 , Gal Thomas 1 1 XLIM

448 views • 31 slides
Improved Security Bounds for Generalized Feistel Networks Yaobin Shen 1 Chun Guo 2 Lei Wang 1 1

Improved Security Bounds for Generalized Feistel Networks Yaobin Shen 1 Chun Guo 2 Lei Wang 1 1

Feistel Networks Our Contributions Security Proofs Conclusion Improved Security Bounds for Generalized Feistel Networks Yaobin Shen 1 Chun Guo 2 Lei Wang 1 1 Shanghai Jiao Tong University 2 Shandong University November 13, FSE 2020 Yaobin

407 views • 22 slides
Differential Attacks on Generalized Feistel Schemes Val erie Nachef - Emmanuel Volte - Jacques

Differential Attacks on Generalized Feistel Schemes Val erie Nachef - Emmanuel Volte - Jacques

Differential Attacks on Generalized Feistel Schemes Val erie Nachef - Emmanuel Volte - Jacques Patarin CANS 2013 20 November 2013 Outline Introduction 1 State of the Art Our Contribution Definition of the schemes Attacks on Type-1

893 views • 45 slides
Optimal multiple stopping time problems of jumps diffusion processes Im` ene BEN LATIFA

Optimal multiple stopping time problems of jumps diffusion processes Im` ene BEN LATIFA

Motivation Problem formulation Swing options in the jump diffusion model Viscosity solution Further research Optimal multiple stopping time problems of jumps diffusion processes Im` ene BEN LATIFA ENIT-LAMSIN New advances in Backward SDEs

346 views • 30 slides
Information Diffusion on Social Networks SMART Summer School 2017 Sylvain Lamprier LIP6 - UPMC

Information Diffusion on Social Networks SMART Summer School 2017 Sylvain Lamprier LIP6 - UPMC

Information Diffusion on Social Networks SMART Summer School 2017 Sylvain Lamprier LIP6 - UPMC MLIA Team 1 / 78 Information Diffusion 1 Diffusion on Networks Tasks Challenges Diffusion Models The Independent Cascade Model 2 Learning

994 views • 78 slides
Optimal Supply Networks Introduction Optimal branching Complex Networks, Course 295A, Spring,

Optimal Supply Networks Introduction Optimal branching Complex Networks, Course 295A, Spring,

Supply Networks Optimal Supply Networks Introduction Optimal branching Complex Networks, Course 295A, Spring, 2008 Murray meets Tokunaga Single Source History Reframing the question Minimal volume calculation Prof. Peter Dodds Blood

1.06k views • 76 slides
Numerical experiments with a level-set tracking algorithm for generalized diffusion equations

Numerical experiments with a level-set tracking algorithm for generalized diffusion equations

Numerical experiments with a level-set tracking algorithm for generalized diffusion equations Jacob Cheverie and Leandro Fosque Mentor: Marianne Korten Department of Mathematics Kansas State University July 22 nd , 2014 Math REU funded by NSF

618 views • 31 slides
Core Models of Complex Networks Principles of Complex Systems Generalized random networks

Core Models of Complex Networks Principles of Complex Systems Generalized random networks

Core Models of Complex Networks Core Models of Complex Networks Principles of Complex Systems Generalized random networks CSYS/MATH 300, Spring, 2013 | #SpringPoCS2013 Small-world networks Main story Generalized affiliation networks

2.16k views • 99 slides
An Empirical Study of Optimization for Maximizing Diffusion in Networks Kiyan Ahmadizadeh

An Empirical Study of Optimization for Maximizing Diffusion in Networks Kiyan Ahmadizadeh

An Empirical Study of Optimization for Maximizing Diffusion in Networks Kiyan Ahmadizadeh Bistra Dilkina, Carla P. Gomes, Ashish Sabharwal Cornell University Institute for Computational Sustainability Diffusion in Networks: Cascades Our

725 views • 55 slides
A generalized MBO diffusion generated method for constrained harmonic maps Braxton Osting

A generalized MBO diffusion generated method for constrained harmonic maps Braxton Osting

A generalized MBO diffusion generated method for constrained harmonic maps Braxton Osting University of Utah February 10, 2018 Inverse Problems and Machine Learning Based on joint work with Dong Wang and Ryan Viertel 1/ 28 Motion by mean

579 views • 28 slides
Diffusion of epicenter of earthquake aftershock, Omoris law, and generalized continuous-time

Diffusion of epicenter of earthquake aftershock, Omoris law, and generalized continuous-time

Diffusion of epicenter of earthquake aftershock, Omoris law, and generalized continuous-time random walk models [Helmstetter &amp; Sornette, 2002b] 2017.5.29 So Ozawa (ERI, Hatano Lab, M1) 2017/5/29 Seismogenesis Seminar 1 In these

703 views • 37 slides
Diffusion in Social Networks with Competing Products Krzysztof R. Apt (so not Krzystof and

Diffusion in Social Networks with Competing Products Krzysztof R. Apt (so not Krzystof and

Diffusion in Social Networks with Competing Products Krzysztof R. Apt (so not Krzystof and definitely not Krystof) CWI, Amsterdam, the Netherlands , University of Amsterdam based on joint work with E. Markakis Diffusion in Social Networks with

383 views • 22 slides
Media Diffusion: Cascading Behavior in Networks Epidemic Spread Influence Maximization 1

Media Diffusion: Cascading Behavior in Networks Epidemic Spread Influence Maximization 1

Online Social Networks and Media Diffusion: Cascading Behavior in Networks Epidemic Spread Influence Maximization 1 Introduction Diffusion: process by which a piece of information is spread and reaches individuals through interactions

1.84k views • 134 slides
Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the

Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the

Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the Netherlands , University of Amsterdam based on joint work with E. Markakis Athens University of Economics and Business Diffusion in Social Networks with

569 views • 37 slides
Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the

Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the

Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the Netherlands , University of Amsterdam based on joint work with E. Markakis Athens University of Economics and Business Diffusion in Social Networks with

462 views • 28 slides
My Social Media Life commonsense.org/education Shareable with attribution for noncommercial use.

My Social Media Life commonsense.org/education Shareable with attribution for noncommercial use.

Show teens using phones, but not Use pause and think illustration, talking thought bubbles DIGITAL CITIZENSHIP | GRADE 7 My Social Media Life commonsense.org/education Shareable with attribution for noncommercial use. Remixing is permitted.

290 views • 13 slides
Does someone in your household have a life-altering medical condition? Grant Criteria Do I

Does someone in your household have a life-altering medical condition? Grant Criteria Do I

Does someone in your household have a life-altering medical condition? Grant Criteria Do I qualify? #1. 5+ years service to the floor covering industry #2. Financial crisis #3. Household member with a life- altering or catastrophic medical

157 views • 5 slides
What did the researcher do? What did the researcher find? What does this mean for my

What did the researcher do? What did the researcher find? What does this mean for my

Research to Real Life What did the researcher do? What did the researcher find? What does this mean for my Applications of Recent Research classroom? for Elementary General Music Heather Nelson Shouldice, PhD Eastern Michigan

638 views • 5 slides
Verses in through our knowledge of him who called us by his own glory and goodness. Through

Verses in through our knowledge of him who called us by his own glory and goodness. Through

The God Life Part 2: &quot;Living The Good Life 04.15.12 Scripture: Luke 12:13-31 / 2 Peter 1:5 NIV Intro: We have begun a new sermon series! Living The Good Life. We started last week and we learned one basic truth that will be the

304 views • 3 slides
Soul of a New Machine Jeff Chase Duke University

Soul of a New Machine Jeff Chase Duke University

Soul of a New Machine Jeff Chase Duke University Getting to Dune We want to talk about Dune But lets be sure we have the basics well in hand! The basics: architectural foundations of

1.03k views • 69 slides
A Modular Framework for Building Variable-Input- Length Tweakable Ciphers Thomas Shrimpton and

A Modular Framework for Building Variable-Input- Length Tweakable Ciphers Thomas Shrimpton and

A Modular Framework for Building Variable-Input- Length Tweakable Ciphers Thomas Shrimpton and Seth Terashima Portland State University Motivation: Full Disk Encryption File System Virtual Disk (Exposes plaintexts) FDE Physical Disk

1.24k views • 59 slides
Equivariant geometry of Banach spaces and topological groups Christian Rosendal, University of

Equivariant geometry of Banach spaces and topological groups Christian Rosendal, University of

Equivariant geometry of Banach spaces and topological groups Christian Rosendal, University of Illinois at Chicago Toposym, Prague, July 2016 Christian Rosendal Equivariant geometry Toposym, July 2016 1 / 25 Coarse geometry A uniform

1.08k views • 105 slides
DLAP online Seminar

DLAP online Seminar

DLAP online Seminar Zoom Webinar, 2020.07.09

689 views • 27 slides

More recommend