new techniques for trail bounds and application to
play

New techniques for trail bounds and application to differential - PowerPoint PPT Presentation

Nov 27, 2022 •36 likes •476 views

New techniques for trail bounds and application to differential trails in Keccak Silvia Mella 1 , 2 Joan Daemen 1 , 3 Gilles Van Assche 1 1 STMicroelectronics 2 University of Milan 3 Radboud University Fast Software Encryption March 5-8, 2017

  1. New techniques for trail bounds and application to differential trails in Keccak Silvia Mella 1 , 2 Joan Daemen 1 , 3 Gilles Van Assche 1 1 STMicroelectronics 2 University of Milan 3 Radboud University Fast Software Encryption March 5-8, 2017 S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 1 / 31

  2. Outline 1 Introduction 2 Generating trails 3 Scanning space of trails in Keccak - f 4 Experimental results 5 Conclusions S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 2 / 31

  3. Introduction Outline 1 Introduction 2 Generating trails 3 Scanning space of trails in Keccak - f 4 Experimental results 5 Conclusions S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 3 / 31

  4. Introduction Differential trails Differential trails in iterated mappings ◮ Trail: the sequence of differences after each round ◮ DP(Q): fraction of pairs that exhibit q i differences S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 4 / 31

  5. Introduction Differential trails Differential trails and weight w = − log 2 ( DP ) ◮ The weight is the number of binary conditions that a pair must satisfy to exhibit q i differences ◮ If independent conditions and w ( Q ) < b : #pairs( Q ) ≈ 2 b − w ( Q ) S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 5 / 31

  6. Introduction Differential trails Trail extension Given a trail, we can extend it ◮ forward: iterate over all differences R -compatible with q 5 ◮ backward: iterate over all differences R − 1 -compatible with q 1 Extension can be done recursively S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 6 / 31

  7. Introduction Differential trails Trail extension Given a trail, we can extend it ◮ forward: iterate over all differences R -compatible with q 5 ◮ backward: iterate over all differences R − 1 -compatible with q 1 Extension can be done recursively S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 6 / 31

  8. Introduction Differential trails Trail extension Given a trail, we can extend it ◮ forward: iterate over all differences R -compatible with q 5 ◮ backward: iterate over all differences R − 1 -compatible with q 1 Extension can be done recursively S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 6 / 31

  9. Introduction Differential trails Trail extension Given a trail, we can extend it ◮ forward: iterate over all differences R -compatible with q 5 ◮ backward: iterate over all differences R − 1 -compatible with q 1 Extension can be done recursively S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 6 / 31

  10. Introduction Differential trails Trail cores ◮ Minimum reverse weight: w rev ( q 1 ) � min q 0 w ( q 0 , q 1 ) ◮ Can be used to lower bound set of trails ◮ Trail core: set of trails with q 1 , q 2 , . . . in common S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 7 / 31

  11. Introduction Goals of this work Goals of this work ◮ Present general techniques to generate trails ◮ Improve bounds of differential trails in Keccak - f ◮ By extending the space of trails in Keccak - f that can be scanned with given computation resources rounds Keccak - f [200] Keccak - f [400] Keccak - f [800] Keccak - f [1600] 2 8 8 8 8 3 20 this work this work 32 4 46 this work this work this work 5 this work this work this work this work 6 this work this work this work this work S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 8 / 31

  12. Generating trails Outline 1 Introduction 2 Generating trails 3 Scanning space of trails in Keccak - f 4 Experimental results 5 Conclusions S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 9 / 31

  13. Generating trails Second-order approach Generation of n-round trails of weight ≤ T First-order approach � T � Starting from 1-round differentials with weight ≤ n Second-order approach � 2 T � Starting from 2-round trails with weight ≤ n Fact The number of 2-round trails with weight ≤ 2 L is much smaller than the number of 1-round differentials with weight ≤ L . Example: AES AES has more than 10 11 round differentials with weight ≤ 15, but no 2-round trail with weight ≤ 30 S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 10 / 31

  14. Generating trails Tree traversal Generating 2-round trails as tree traversal ◮ 2-round trails are arranged in a tree ◮ Children are generated by adding groups of active bits without removing bits already added ◮ Pruning by lower bounding the weight of a node and its children S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 11 / 31

  15. Scanning space of trails in Keccak - f Outline 1 Introduction 2 Generating trails 3 Scanning space of trails in Keccak - f 4 Experimental results 5 Conclusions S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 12 / 31

  16. Scanning space of trails in Keccak - f Keccak - f Keccak - f Operates on 3D state: Round function with 5 steps: ◮ θ : mixing layer ◮ ρ : inter-slice bit transposition ◮ π : intra-slice bit transposition ◮ χ : non-linear layer state y ◮ ι : round constants z # rounds: 12 + 2 ℓ for width b = 2 ℓ 25 x ◮ 12 rounds in Keccak - f [25] ◮ (5 × 5)-bit slices ◮ 24 rounds in Keccak - f [1600] ◮ 2 ℓ -bit lanes ◮ parameter 0 ≤ ℓ < 7 S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 13 / 31

  17. Scanning space of trails in Keccak - f Keccak - f Keccak - f Operates on 3D state: Round function with 5 steps: ◮ θ : mixing layer ◮ ρ : inter-slice bit transposition ◮ π : intra-slice bit transposition ◮ χ : non-linear layer slice y ◮ ι : round constants z # rounds: 12 + 2 ℓ for width b = 2 ℓ 25 x ◮ 12 rounds in Keccak - f [25] ◮ (5 × 5)-bit slices ◮ 24 rounds in Keccak - f [1600] ◮ 2 ℓ -bit lanes ◮ parameter 0 ≤ ℓ < 7 S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 13 / 31

  18. Scanning space of trails in Keccak - f Keccak - f Keccak - f Operates on 3D state: Round function with 5 steps: ◮ θ : mixing layer ◮ ρ : inter-slice bit transposition ◮ π : intra-slice bit transposition ◮ χ : non-linear layer row y ◮ ι : round constants z # rounds: 12 + 2 ℓ for width b = 2 ℓ 25 x ◮ 12 rounds in Keccak - f [25] ◮ (5 × 5)-bit slices ◮ 24 rounds in Keccak - f [1600] ◮ 2 ℓ -bit lanes ◮ parameter 0 ≤ ℓ < 7 S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 13 / 31

  19. Scanning space of trails in Keccak - f Keccak - f Keccak - f Operates on 3D state: Round function with 5 steps: ◮ θ : mixing layer ◮ ρ : inter-slice bit transposition ◮ π : intra-slice bit transposition ◮ χ : non-linear layer column y ◮ ι : round constants z # rounds: 12 + 2 ℓ for width b = 2 ℓ 25 x ◮ 12 rounds in Keccak - f [25] ◮ (5 × 5)-bit slices ◮ 24 rounds in Keccak - f [1600] ◮ 2 ℓ -bit lanes ◮ parameter 0 ≤ ℓ < 7 S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 13 / 31

  20. Scanning space of trails in Keccak - f Keccak - f Properties of θ + = column parity θ e ff ect combine ◮ The θ map adds a pattern, that depends on the parity, to the state. ◮ Affected columns are complemented ◮ Unaffected columns are not changed S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 14 / 31

  21. Scanning space of trails in Keccak - f Keccak - f The parity Kernel + = column parity θ effect combine ◮ θ acts as the identity if parity is zero ◮ A state with parity zero is in the kernel (or in | K | ) ◮ A state with parity non-zero is outside the kernel (or in | N | ) S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 15 / 31

  22. Scanning space of trails in Keccak - f Trails in Keccak - f Differential trails in Keccak - f Round: linear step λ = π ◦ ρ ◦ θ and non-linear step χ ◮ a i fully determines b i = λ ( a i ) ◮ χ has degree 2: w ( b i − 1 ) independent of a i ◮ Minimum reverse weight: w rev ( a 1 ) � min b 0 w ( b 0 ) S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 16 / 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Trail Bound Techniques in Primitives with Weak Alignment Silvia Mella 1 based on a joint work

Trail Bound Techniques in Primitives with Weak Alignment Silvia Mella 1 based on a joint work

Trail Bound Techniques in Primitives with Weak Alignment Silvia Mella 1 based on a joint work with Joan Daemen 2 and Gilles Van Assche 1 1 STMicroelectronics 2 Radboud University APBC 2018 Outline 1 Differential trails 2 Tree search 3 Bounds in

644 views • 50 slides
Community Engagement and the Ludlam Trail Friends of the Ludlam Trail Tony Garcia , Cofounder +

Community Engagement and the Ludlam Trail Friends of the Ludlam Trail Tony Garcia , Cofounder +

Community Engagement and the Ludlam Trail Friends of the Ludlam Trail Tony Garcia , Cofounder + Chair Ludlam Trail Im a neighbor! Biscayne Trail Ludlam Trail Southern Glades Trail The Underline Amelia Trail South Dade Greenway

563 views • 17 slides
Community Engagement and the Ludlam Trail Friends of the Ludlam Trail Tony Garcia , Cofounder +

Community Engagement and the Ludlam Trail Friends of the Ludlam Trail Tony Garcia , Cofounder +

Community Engagement and the Ludlam Trail Friends of the Ludlam Trail Tony Garcia , Cofounder + Chair Ludlam Trail Im a neighbor! Biscayne Trail Ludlam Trail Southern Glades Trail The Underline Amelia Trail South Dade Greenway

516 views • 20 slides
Techniques to lower bound extension complexity Thomas Rothvoss UW Seattle Known lower bounds on

Techniques to lower bound extension complexity Thomas Rothvoss UW Seattle Known lower bounds on

Techniques to lower bound extension complexity Thomas Rothvoss UW Seattle Known lower bounds on extended formulation Kaibel, Razborovs Inform. SA Weltge symmetry arg. theory + Fourier COR/ yes yes yes ? TSP [KW13]

1.25k views • 108 slides
I NTENT ? Are you looking to build a trail or challenge? Do you have a trail

I NTENT ? Are you looking to build a trail or challenge? Do you have a trail

P OSITIONING YOUR T RAIL TO MAXIMIZE THE ECONOMIC IMPACT Michelle Clement Director of Destination Development Projects, ROOST I NTENT ? Are you looking to build a trail or challenge? Do you have a trail you want to

433 views • 17 slides
Conditional Lower Bounds for Failed Literals and Related Techniques Matti Jrvisalo Janne H.

Conditional Lower Bounds for Failed Literals and Related Techniques Matti Jrvisalo Janne H.

Conditional Lower Bounds for Failed Literals and Related Techniques Matti Jrvisalo Janne H. Korhonen* University of Helsinki, Department of Computer Science, and Helsinki Institute for Information Technology HIIT 1.

886 views • 39 slides
(Supplement of Page 5) Four techniques for finding lower bounds. (1) Comparison tree. (2) A

(Supplement of Page 5) Four techniques for finding lower bounds. (1) Comparison tree. (2) A

(Supplement of Page 5) Four techniques for finding lower bounds. (1) Comparison tree. (2) A particular problem instance. (3) State transition. (4) Problem reduction. (Supplement of Page 7) The progress of any comparison-based searching algorithm

355 views • 3 slides
Fast gradient descent for drifting least squares regression: Non-asymptotic bounds and application

Fast gradient descent for drifting least squares regression: Non-asymptotic bounds and application

Fast gradient descent for drifting least squares regression: Non-asymptotic bounds and application to bandits Prashanth L A Joint work with Nathaniel Korda and R emi Munos INRIA Lille - Team SequeL MLRG - Oxford University

1.42k views • 73 slides
Formal Language Techniques for Space Lower Bounds Philipp Kuinke February 23, 2018 Contained in

Formal Language Techniques for Space Lower Bounds Philipp Kuinke February 23, 2018 Contained in

Formal Language Techniques for Space Lower Bounds Philipp Kuinke February 23, 2018 Contained in S anchez Villaamils Phd Thesis 2017 Treewidth

1.01k views • 56 slides
Sentiers Chelsea Trails 1 1. Chelsea Community Trail 2. Notch/Mine Road Bike Lanes 3.

Sentiers Chelsea Trails 1 1. Chelsea Community Trail 2. Notch/Mine Road Bike Lanes 3.

Sentiers Chelsea Trails 1 1. Chelsea Community Trail 2. Notch/Mine Road Bike Lanes 3. Chelsea Park Trail Building 4. Des Pommiers Trail Bridge 5. Proposed Trail Connection Between Centre Village &amp; Gatineau/Ottawa Trail Networks 6.

392 views • 24 slides
Corridor C was removed due to the fact that there is an existing regional trail extremely

Corridor C was removed due to the fact that there is an existing regional trail extremely

Bruce Vento Regional Trail Corridor Search 2018 ` Bruce Vento Regional Trail Bruce Vento Regional Trail - Master Planning Summary Otter Bruce Vento Trail Extension Project - ) * 61 General Information: Lake Fish Lake Bald Eagle -

230 views • 3 slides
OF WILDLIFE Division of Law Enforcement Trail Cameras June 2013 Trail Cameras SD card

OF WILDLIFE Division of Law Enforcement Trail Cameras June 2013 Trail Cameras SD card

NEVADA DEPARTMENT OF WILDLIFE Division of Law Enforcement Trail Cameras June 2013 Trail Cameras SD card Remote uplink to computer Walmart $50.00 The Wildgame Innovations Crush 8 Cellular Trail Camera sends pictures wirelessly via

233 views • 20 slides
Application of molecular techniques in Virology Suzan D Pas medical molecular microbiologist 1

Application of molecular techniques in Virology Suzan D Pas medical molecular microbiologist 1

Application of molecular techniques in Virology Suzan D Pas medical molecular microbiologist 1 Viroscience lab, Erasmus MC, Rotterdam, the Netherlands Molecular techniques in virus diagnostics Qualitative and quantitative (RT-)PCRs

561 views • 37 slides
Uniform bounds for positive random functionals with application to density estimation Oleg Lepski

Uniform bounds for positive random functionals with application to density estimation Oleg Lepski

Uniform bounds for positive random functionals with application to density estimation Oleg Lepski Laboratoire dAnalyse, Topologie et Probabilit es Universit e de Provence Congr` es SMAI 2011, May 23 - May 27, Guidel Oleg Lepski

680 views • 43 slides
MARKETING A WATER TRAIL Weekend for Rivers Conference 2011 Now that you have your trail

MARKETING A WATER TRAIL Weekend for Rivers Conference 2011 Now that you have your trail

MARKETING A WATER TRAIL Weekend for Rivers Conference 2011 Now that you have your trail developed, whats next Market ~ Promote ~ Communicate! 1. Ideas on how you can utilize existing tourism infrastructures 2. Resources that exist to

212 views • 17 slides
Ashokan Rail Trail Project U.C. Trail &amp; Rail Advisory Committee November 2, 2017

Ashokan Rail Trail Project U.C. Trail &amp; Rail Advisory Committee November 2, 2017

Ashokan Rail Trail Project U.C. Trail &amp; Rail Advisory Committee November 2, 2017 Presentation by Chris White, Deputy Director of Planning Ashokan Rail Trail Project Pending Legislative Resolutions Resolution No. 421: Negative Declaration

546 views • 32 slides
Extending SDDP-style Algorithms for Multistage Stochastic Programming Dave Morton Industrial

Extending SDDP-style Algorithms for Multistage Stochastic Programming Dave Morton Industrial

Extending SDDP-style Algorithms for Multistage Stochastic Programming Dave Morton Industrial Engineering &amp; Management Sciences Northwestern University Joint work with: Oscar Dowson, Daniel Duque, and Bernardo Pagnoncelli Collaborators

634 views • 32 slides
The MIPS instruction set architecture The MIPS has a 32 bit architecture, with 32 bit

The MIPS instruction set architecture The MIPS has a 32 bit architecture, with 32 bit

The MIPS instruction set architecture The MIPS has a 32 bit architecture, with 32 bit instructions, a 32 bit data word, and 32 bit addresses. It has 32 addressable internal registers requiring a 5 bit register ad- dress. Register 0 always has

940 views • 72 slides
Using Formal Concept Analysis to Acquire Knowledge about Verbs Ingrid Falk 124 Claire Gardent 34

Using Formal Concept Analysis to Acquire Knowledge about Verbs Ingrid Falk 124 Claire Gardent 34

Acquiring Knowledge about Verbs using FCA Using Formal Concept Analysis to Acquire Knowledge about Verbs Ingrid Falk 124 Claire Gardent 34 Alejandra Lorenzo 34 1 INRIA Nancy Grand Est 2 Lorraine University, Nancy, France 3 CNRS 4 LORIA Concept

750 views • 36 slides
Row polymorphism 1/ 25 Record operations 2. Extend a record with a field ( extend ) 3. Access the

Row polymorphism 1/ 25 Record operations 2. Extend a record with a field ( extend ) 3. Access the

Row polymorphism 1/ 25 Record operations 2. Extend a record with a field ( extend ) 3. Access the contents of a field ( access ) 2/ 25 1. An empty record ( empty ) Presence variables : : . : . : . :

486 views • 31 slides
3. Convex functions basic properties and examples operations that preserve convexity

3. Convex functions basic properties and examples operations that preserve convexity

Convex Optimization Boyd &amp; Vandenberghe 3. Convex functions basic properties and examples operations that preserve convexity the conjugate function quasiconvex functions log-concave and log-convex functions convexity

337 views • 31 slides
Multiple graphs and composable queries in Cypher for Apache Spark Max Kieling openCypher

Multiple graphs and composable queries in Cypher for Apache Spark Max Kieling openCypher

Multiple graphs and composable queries in Cypher for Apache Spark Max Kieling openCypher Implementers Meeting V Berlin, March 2019 Outline Cypher for Apache Spark (CAPS) overview Motivation Architecture Multiple Graphs

826 views • 33 slides
Typesafe Extensible Functional Objects J o n a t h a n I m m a n u e l B r a c

Typesafe Extensible Functional Objects J o n a t h a n I m m a n u e l B r a c

Typesafe Extensible Functional Objects J o n a t h a n I m m a n u e l B r a c h t h u s e r U n i v e r s i t y o f Ma r b u r g , G e r m a n y j o n a t h a n @ b - s t u d

312 views • 17 slides
Opinion Integration Through Opinion Integration Through Semi supervised Topic Modeling

Opinion Integration Through Opinion Integration Through Semi supervised Topic Modeling

Opinion Integration Through Opinion Integration Through Semi supervised Topic Modeling supervised Topic Modeling Semi Yue Lu and Chengxiang Zhai University of Illinois at Urbana Champaign 1 Why Opinion Integration? Why Opinion

523 views • 30 slides

More recommend