making near optimal choices for the design of block
play

Making (near) Optimal Choices for the Design of Block Ciphers - PowerPoint PPT Presentation

Apr 08, 2024 •344 likes •1.29k views

Making (near) Optimal Choices for the Design of Block Ciphers Making (near) Optimal Choices for the Design of Block Ciphers Baptiste Lambin Horst G ortz Institute for IT Security, Ruhr University Bochum 26/02/2020 Baptiste Lambin Making

  1. Making (near) Optimal Choices for the Design of Block Ciphers Making (near) Optimal Choices for the Design of Block Ciphers Baptiste Lambin Horst G¨ ortz Institute for IT Security, Ruhr University Bochum 26/02/2020 Baptiste Lambin Making (near) Optimal Choices for the Design of Block Ciphers 1 / 47

  2. Making (near) Optimal Choices for the Design of Block Ciphers Introduction 1 Efficient Search for Optimal Diffusion Layers of GFNs 2 Variants of the AES Key-Schedule for Better Truncated Differential 3 Bounds Perspectives 4 Baptiste Lambin Making (near) Optimal Choices for the Design of Block Ciphers 2 / 47

  3. Making (near) Optimal Choices for the Design of Block Ciphers Introduction Introduction 1 Efficient Search for Optimal Diffusion Layers of GFNs 2 Variants of the AES Key-Schedule for Better Truncated Differential Bounds 3 4 Perspectives Baptiste Lambin Making (near) Optimal Choices for the Design of Block Ciphers 3 / 47

  4. Making (near) Optimal Choices for the Design of Block Ciphers Introduction Cryptography and Encryption plaintext plaintext Encrypt Decrypt unsecure channel ciphertext ciphertext Baptiste Lambin Making (near) Optimal Choices for the Design of Block Ciphers 4 / 47

  5. Making (near) Optimal Choices for the Design of Block Ciphers Introduction Symmetric Encryption plaintext plaintext E − 1 E key key unsecure channel ciphertext ciphertext Baptiste Lambin Making (near) Optimal Choices for the Design of Block Ciphers 5 / 47

  6. Making (near) Optimal Choices for the Design of Block Ciphers Introduction Symmetric Encryption plaintext plaintext E − 1 E key same key key unsecure channel ciphertext ciphertext Baptiste Lambin Making (near) Optimal Choices for the Design of Block Ciphers 5 / 47

  7. Making (near) Optimal Choices for the Design of Block Ciphers Introduction Block Ciphers k p c E Block Cipher A block cipher is a family of permutations E : F s 2 × F n 2 → F n 2 such that for any k ∈ F s 2 , E k = E ( k , · ) : F n 2 → F n 2 is a permutation. k is called the key s is called the key length n is called the block length Baptiste Lambin Making (near) Optimal Choices for the Design of Block Ciphers 6 / 47

  8. Making (near) Optimal Choices for the Design of Block Ciphers Introduction Distinguishers ⇒ Behavior of the block cipher that a random function does not have. Block cipher Random f f f ( x ) ⊕ f ( x ⊕ 0x13 ) = 0x37 f ( x ) ⊕ f ( x ⊕ 0x13 ) = 0x37 true with probability 2 − ( n − 1) true with probability p p ≫ 2 − ( n − 1) ⇒ we have a distinguisher Baptiste Lambin Making (near) Optimal Choices for the Design of Block Ciphers 7 / 47

  9. Making (near) Optimal Choices for the Design of Block Ciphers Introduction Substitution-Permutation Networks p k 0 S-box layer . . . S S S S Linear layer L k 1 Key-Schedule k . . . S S S S . . . L k r c Baptiste Lambin Making (near) Optimal Choices for the Design of Block Ciphers 8 / 47

  10. Making (near) Optimal Choices for the Design of Block Ciphers Introduction A partial example k : 0111011010101110 . . . Key-Schedule k 0 : 0111011010101110 k 1 : 1011101001011100 k 2 : 0111010100000111 k 3 : 1111111100010110 . . . Baptiste Lambin Making (near) Optimal Choices for the Design of Block Ciphers 9 / 47

  11. Making (near) Optimal Choices for the Design of Block Ciphers Introduction A partial example p = x 0 : 0101 1010 0111 0101 Baptiste Lambin Making (near) Optimal Choices for the Design of Block Ciphers 10 / 47

  12. Making (near) Optimal Choices for the Design of Block Ciphers Introduction A partial example p = x 0 : 0101 1010 0111 0101 0111 0110 1010 1110 : k 0 y 0 : 0010 1100 1101 1011 Baptiste Lambin Making (near) Optimal Choices for the Design of Block Ciphers 10 / 47

  13. Making (near) Optimal Choices for the Design of Block Ciphers Introduction A partial example p = x 0 : 0101 1010 0111 0101 0111 0110 1010 1110 : k 0 y 0 : 0010 1100 1101 1011 S S S S z 0 : 1000 1101 0001 0011 Baptiste Lambin Making (near) Optimal Choices for the Design of Block Ciphers 10 / 47

  14. Making (near) Optimal Choices for the Design of Block Ciphers Introduction A partial example p = x 0 : 0101 1010 0111 0101 0111 0110 1010 1110 : k 0 y 0 : 0010 1100 1101 1011 S S S S z 0 : 1000 1101 0001 0011 L x 1 : 1010 1000 1100 1001 Baptiste Lambin Making (near) Optimal Choices for the Design of Block Ciphers 10 / 47

  15. Making (near) Optimal Choices for the Design of Block Ciphers Introduction A partial example p = x 0 : 0101 1010 0111 0101 0111 0110 1010 1110 : k 0 y 0 : 0010 1100 1101 1011 S S S S z 0 : 1000 1101 0001 0011 L x 1 : 1010 1000 1100 1001 : k 1 1011 1010 0101 1100 y 1 : 0001 0010 1001 0101 . . . Baptiste Lambin Making (near) Optimal Choices for the Design of Block Ciphers 10 / 47

  16. Making (near) Optimal Choices for the Design of Block Ciphers Introduction Feistel Networks p k 0 F Key-Schedule k k r F c Baptiste Lambin Making (near) Optimal Choices for the Design of Block Ciphers 11 / 47

  17. Making (near) Optimal Choices for the Design of Block Ciphers Introduction p k 0 p . . . S S S S k 0 L F KS k k 1 KS k k r . . . S S S S . . F . L c k r c Baptiste Lambin Making (near) Optimal Choices for the Design of Block Ciphers 12 / 47

  18. Making (near) Optimal Choices for the Design of Block Ciphers Introduction Finding Optimal Components Na¨ ıve algorithm : exhaustive search Baptiste Lambin Making (near) Optimal Choices for the Design of Block Ciphers 13 / 47

  19. Making (near) Optimal Choices for the Design of Block Ciphers Introduction Finding Optimal Components Na¨ ıve algorithm : exhaustive search Pros : (Relatively) easy to implement Optimality is easy to prove Baptiste Lambin Making (near) Optimal Choices for the Design of Block Ciphers 13 / 47

  20. Making (near) Optimal Choices for the Design of Block Ciphers Introduction Finding Optimal Components Na¨ ıve algorithm : exhaustive search Pros : (Relatively) easy to implement Optimality is easy to prove Cons (non-exclusive) : The search space can be very large e.g. From 2 52 up to 2 75 in the first part of this presentation Testing one candidate can be expensive e.g. In the second part of this presentation, ”only” 2 44 candidates but testing each of them is expensive Baptiste Lambin Making (near) Optimal Choices for the Design of Block Ciphers 13 / 47

  21. Making (near) Optimal Choices for the Design of Block Ciphers Introduction Tools for Optimization (Mixed) Integer Linear Programming (and some other variants) Constraint Programming Metaheuristics (near optimality) SAT (somewhat) Dedicated algorithms Baptiste Lambin Making (near) Optimal Choices for the Design of Block Ciphers 14 / 47

  22. Making (near) Optimal Choices for the Design of Block Ciphers Introduction Tools for Optimization (Mixed) Integer Linear Programming (and some other variants) Constraint Programming Metaheuristics (near optimality) SAT (somewhat) Dedicated algorithms In this talk : Part 1 : Dedicated algorithm ( ∼ Branch-and-Bound) + efficient testing for the small cases Part 2 : Metaheuristics + Constraint Programming Baptiste Lambin Making (near) Optimal Choices for the Design of Block Ciphers 14 / 47

  23. Making (near) Optimal Choices for the Design of Block Ciphers Efficient Search for Optimal Diffusion Layers of GFNs Introduction 1 Efficient Search for Optimal Diffusion Layers of GFNs 2 Variants of the AES Key-Schedule for Better Truncated Differential Bounds 3 4 Perspectives Baptiste Lambin Making (near) Optimal Choices for the Design of Block Ciphers 15 / 47

  24. Making (near) Optimal Choices for the Design of Block Ciphers Efficient Search for Optimal Diffusion Layers of GFNs Generalized Feistel Network F key F key F key F key 0 1 k − 2 k − 1 π State composed of 2 k blocks k Feistels in parallel followed by a permutation π Easier to design but slower diffusion Baptiste Lambin Making (near) Optimal Choices for the Design of Block Ciphers 16 / 47

  25. Making (near) Optimal Choices for the Design of Block Ciphers Efficient Search for Optimal Diffusion Layers of GFNs Generalized Feistel Network S S S S π State composed of 2 k blocks k Feistels in parallel followed by a permutation π Easier to design but slower diffusion In this work, the key and the definition of the F-functions don’t matter Baptiste Lambin Making (near) Optimal Choices for the Design of Block Ciphers 16 / 47

  26. Making (near) Optimal Choices for the Design of Block Ciphers Efficient Search for Optimal Diffusion Layers of GFNs Diffusion Round S S S S S S S S S S S S S S S S S S S S S S S S Baptiste Lambin Making (near) Optimal Choices for the Design of Block Ciphers 17 / 47

  27. Making (near) Optimal Choices for the Design of Block Ciphers Efficient Search for Optimal Diffusion Layers of GFNs Diffusion Round S S S S S S S S S S S S S S S S S S S S S S S S Baptiste Lambin Making (near) Optimal Choices for the Design of Block Ciphers 17 / 47

  28. Making (near) Optimal Choices for the Design of Block Ciphers Efficient Search for Optimal Diffusion Layers of GFNs Diffusion Round S S S S S S S S S S S S S S S S S S S S S S S S Baptiste Lambin Making (near) Optimal Choices for the Design of Block Ciphers 17 / 47

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Making Ma ng the the Ri Righ ght Choices Choices Presen esentati tion on Title Title Helping

Making Ma ng the the Ri Righ ght Choices Choices Presen esentati tion on Title Title Helping

Making Ma ng the the Ri Righ ght Choices Choices Presen esentati tion on Title Title Helping Customers and Partners to Design and Implement a Future Ready Laboratory Com Compan pany Profile ofile Desi Designi gning and and Commi

400 views • 22 slides
GUI Design Making the Right Choices Causes: 1.Lack of graphical representation of your

GUI Design Making the Right Choices Causes: 1.Lack of graphical representation of your

Advanced Herd Management - Implementation, Visualization and User Interfaces Outline GUI Design Making the Right Choices Case Examples: Implementation, Visualization and SimHerd User Interfaces FarmOnline Advanced Herd

333 views • 6 slides
On the Lightweight Design Choices for Diffusion Layer of Block Ciphers SUMANTA SARKAR TCS

On the Lightweight Design Choices for Diffusion Layer of Block Ciphers SUMANTA SARKAR TCS

On the Lightweight Design Choices for Diffusion Layer of Block Ciphers SUMANTA SARKAR TCS Innovation Labs December 11, 2017 SUMANTA SARKAR Lightweight Cryptography Internet of Things / Connected Cars Internet of things (IoT): Network of

786 views • 45 slides
Automatic Algorithm Configuration Design choices and parameters everywhere Todays

Automatic Algorithm Configuration Design choices and parameters everywhere Todays

HEURISTIC OPTIMIZATION Automatic Algorithm Configuration Design choices and parameters everywhere Todays high-performance optimizers involve a large number of design choices and parameter settings I exact solvers I design choices include

458 views • 15 slides
Making th the Rig ight Ch Choices Presentation n Tit Title Helping Customers and Partners to

Making th the Rig ight Ch Choices Presentation n Tit Title Helping Customers and Partners to

Making th the Rig ight Ch Choices Presentation n Tit Title Helping Customers and Partners to Design and Implement Future Ready Laboratory Co Comp mpany Prof ofile Desi signi ning ng and d Commissi ssion oning ng La Lab b since

286 views • 10 slides
Islington Eating Well Together: Making Healthy Choices the Easy Choices London Flagship Food

Islington Eating Well Together: Making Healthy Choices the Easy Choices London Flagship Food

Islington Eating Well Together: Making Healthy Choices the Easy Choices London Flagship Food Boroughs June 2014 Self-sufficiency Partnerships Replicable Building a Healthy Childrens Choices Fair Commitment Start Islington Eating Well

119 views • 10 slides
Optimal designs and root systems Peter J. Cameron p.j.cameron@qmul.ac.uk British Combinatorial

Optimal designs and root systems Peter J. Cameron p.j.cameron@qmul.ac.uk British Combinatorial

Optimal designs and root systems Peter J. Cameron p.j.cameron@qmul.ac.uk British Combinatorial Conference 13 July 2007 Block designs A block design consists of a set of v points and a set of blocks, each block a k -set of points. Block designs

463 views • 30 slides
Deborah Streatfield Founder, MyBigCareer GCSE Choice making the best option choices and

Deborah Streatfield Founder, MyBigCareer GCSE Choice making the best option choices and

Deborah Streatfield Founder, MyBigCareer GCSE Choice making the best option choices and motivational speaker. 13+ Choices important choices and journeys and other qualifications.15+ Alternative Pathways to careers and world of

294 views • 5 slides
Optimal Slack-Driven Block Shaping Algorithm in Fixed-Outline Floorplanning Jackey Z. Yan Chris

Optimal Slack-Driven Block Shaping Algorithm in Fixed-Outline Floorplanning Jackey Z. Yan Chris

Optimal Slack-Driven Block Shaping Algorithm in Fixed-Outline Floorplanning Jackey Z. Yan Chris Chu Placement Tech. Group Department of ECE Cadence Design Systems Iowa State University San Jose, CA 95134, U.S.A. Ames, IA 50010, U.S.A. 1 A

680 views • 31 slides
Making choices in multi-dimensional parameter spaces PhD thesis defence Steven Bergner Model

Making choices in multi-dimensional parameter spaces PhD thesis defence Steven Bergner Model

Making choices in multi-dimensional parameter spaces PhD thesis defence Steven Bergner Model adjustment at different levels User-driven experimentation: Use cases for paraglide Criteria optimization: Lighting design Theoretical

1.98k views • 143 slides
A Mathematical Solution to Power Optimal Pipeline Design Power Optimal Pipeline Design by

A Mathematical Solution to Power Optimal Pipeline Design Power Optimal Pipeline Design by

A Mathematical Solution to Power Optimal Pipeline Design Power Optimal Pipeline Design by Utilizing Soft Edge Flip Flops M. Ghasemazar, B. Amelifard, M. Pedram University of Southern California Department of Electrical Engineering August 11,

320 views • 19 slides
Climate change stakeholder workshop 21 May 2012 Making the right choices Climate change

Climate change stakeholder workshop 21 May 2012 Making the right choices Climate change

Making the right choices Climate change stakeholder workshop 21 May 2012 Making the right choices Climate change stakeholder workshop Dr Tony Ballance Director, Strategy and Regulation 21 May 2012 Today is part of a programme of

1.04k views • 73 slides
Differentiating the Signal from the Noise Towards Optimal Choices of Transient Follow-up BETHANY

Differentiating the Signal from the Noise Towards Optimal Choices of Transient Follow-up BETHANY

Differentiating the Signal from the Noise Towards Optimal Choices of Transient Follow-up BETHANY SUTER MENTORS: ALEX URBAN, MICHAEL COUGHLIN Background GW170817 first binary neutron star merger witnessed by LIGO GW170817 was

458 views • 23 slides
Advanced Block Cipher Design My crazy boss asked me to design a new block cipher. Whats next?

Advanced Block Cipher Design My crazy boss asked me to design a new block cipher. Whats next?

Advanced Block Cipher Design My crazy boss asked me to design a new block cipher. Whats next? Pascal Junod University of Applied Sciences Western Switzerland Pascal Junod -- Advanced Block Cipher Design 1 ECRYPT II Summer School - May

914 views • 56 slides
AN INTRODUCTION TO OPTIMAL DESIGN G. Allaire, Ecole Polytechnique Optimal design of structures

AN INTRODUCTION TO OPTIMAL DESIGN G. Allaire, Ecole Polytechnique Optimal design of structures

1 OPTIMAL DESIGN OF STRUCTURES (MAP 562) G. ALLAIRE January 4th, 2017 Department of Applied Mathematics, Ecole Polytechnique CHAPTER I AN INTRODUCTION TO OPTIMAL DESIGN G. Allaire, Ecole Polytechnique Optimal design of structures 2 A FEW

531 views • 30 slides
How Julia Goes Fast Leah Hanson Main Points 1. Design choices make Julia fast. 2. Design and

How Julia Goes Fast Leah Hanson Main Points 1. Design choices make Julia fast. 2. Design and

How Julia Goes Fast Leah Hanson Main Points 1. Design choices make Julia fast. 2. Design and implementation choices work together. 3. You should try using Julia. 1. What problem is Julia solving? 2. What design choices does that lead to? 3.

972 views • 74 slides
Studying the gluon and charm content of the deuteron Nodoka Yamanaka (IPN Orsay) In

Studying the gluon and charm content of the deuteron Nodoka Yamanaka (IPN Orsay) In

3mm JSPS16-17_01_.indd 1 2016/12/01 8:36:38 Studying the gluon and charm content of the deuteron Nodoka Yamanaka (IPN Orsay) In collaboration with 2018/05/15 S. J. Brodsky (SLAC), K. Y.-J. Chiu (SLAC),

561 views • 21 slides
Real-rooted h -polynomials Katharina Jochemko TU Wien Einstein Workshop on Lattice

Real-rooted h -polynomials Katharina Jochemko TU Wien Einstein Workshop on Lattice

Real-rooted h -polynomials Katharina Jochemko TU Wien Einstein Workshop on Lattice Polytopes, December 15, 2016 Unimodality and real-rootedness Let a 0 ,..., a d 0 be real numbers. Unimodality a 0 a i a d for

663 views • 37 slides
Simplicial acyclic models Michael Barr Math & Stats, McGill University Dedicated to the

Simplicial acyclic models Michael Barr Math & Stats, McGill University Dedicated to the

Simplicial acyclic models Michael Barr Math & Stats, McGill University Dedicated to the memory of Charles Wells Abstract In 1974 Kleisli published a paper on acyclic models for semi-simplicial complexes (also known as face complexes). This

1.01k views • 29 slides
NuSpIn Nuclear Spectroscopy Instrumentation Network the network for the gamma-spectroscopy and

NuSpIn Nuclear Spectroscopy Instrumentation Network the network for the gamma-spectroscopy and

NuSpIn Nuclear Spectroscopy Instrumentation Network the network for the gamma-spectroscopy and complementary-instrumentation community Promotion and Coordination of scientific and technological activities for frontline research Exchange of

830 views • 18 slides
Regularity Properties of Critical Invariant Circles of Twist Maps Nikola P. Petrov, University of

Regularity Properties of Critical Invariant Circles of Twist Maps Nikola P. Petrov, University of

Regularity Properties of Critical Invariant Circles of Twist Maps Nikola P. Petrov, University of Oklahoma Arturo Olvera, IIMAS-UNAM November 28, 2008 Global Stability of Mechanical Systems Two degree of freedom Hamiltonian System (2DFHS):

1.56k views • 101 slides
New classes of generalized bent functions Bimal Mandal Department of Mathematics Indian

New classes of generalized bent functions Bimal Mandal Department of Mathematics Indian

New classes of generalized bent functions Bimal Mandal Department of Mathematics Indian Institute of Technology Roorkee Roorkee, India This is a joint work with Pantelimon St anic a and Sugata Gangopadhyay Boolean Functions and Their

404 views • 28 slides
ROOTS, SCHOTTKY SEMIGROUPS, AND A PROOF OF BANDTS CONJECTURE DANNY CALEGARI, SARAH KOCH, AND

ROOTS, SCHOTTKY SEMIGROUPS, AND A PROOF OF BANDTS CONJECTURE DANNY CALEGARI, SARAH KOCH, AND

ROOTS, SCHOTTKY SEMIGROUPS, AND A PROOF OF BANDTS CONJECTURE DANNY CALEGARI, SARAH KOCH, AND ALDEN WALKER Abstract. In 1985, Barnsley and Harrington defined a Mandelbrot Set M for pairs of similarities this is the set of complex

847 views • 66 slides
Symmetrization of some quasi-Banach function spaces Pawe Kolwicz Institute of Mathematics

Symmetrization of some quasi-Banach function spaces Pawe Kolwicz Institute of Mathematics

Symmetrization of some quasi-Banach function spaces Pawe Kolwicz Institute of Mathematics Pozna n University of Technology POLAND PAWE DOMA NSKI MEMORIAL CONFERENCE B edlewo 1.07-7.07.2018 Pawe Kolwicz Pozna n ()

722 views • 55 slides

More recommend