open problems in the design of cryptographic applications
play

Open problems in the design of cryptographic applications based on - PowerPoint PPT Presentation

Dec 23, 2022 •115 likes •329 views

University of Milano-Bicocca Department of Informatics, Systems and Communications Open problems in the design of cryptographic applications based on Cellular Automata Luca Mariot luca.mariot@disco.unimib.it Delft June 19, 2018 Context

  1. University of Milano-Bicocca Department of Informatics, Systems and Communications Open problems in the design of cryptographic applications based on Cellular Automata Luca Mariot luca.mariot@disco.unimib.it Delft – June 19, 2018

  2. Context (1/2): Cellular Automata ◮ One-dimensional Cellular Automaton (CA): a discrete parallel computation model composed of a finite array of n cells ◮ Each cell updates its state s ∈ { 0 , 1 } by applying a local rule f : { 0 , 1 } d → { 0 , 1 } to itself and the d − 1 cells to its right Example: n = 6, d = 3, f ( s i , s i + 1 , s i + 2 ) = s i ⊕ s i + 1 ⊕ s i + 2 1 0 0 0 0 1 0 0 0 0 0 1 1 1 f ( 1 , 1 , 0 ) = 0 f ( 1 , 0 , 0 ) = 1 1 0 0 1 1 0 0 1 0 0 No Boundary CA – NBCA Periodic Boundary CA – PBCA Luca Mariot Open problems in the design of cryptographic applications based on Cellular Automata

  3. Context (2/2): Cryptography Basic Goal of Cryptography: Enable two parties (Alice and Bob, A and B) to securely communicate over an insecure channel, even in presence of an opponent (Oscar, O) Oscar PT CT CT PT Encryption Decryption Alice Channel Bob K E K D ◮ PT : plaintext ◮ K E : encryption key ◮ CT : ciphertext ◮ K D : decryption key Luca Mariot Open problems in the design of cryptographic applications based on Cellular Automata

  4. CA-based Crypto History: Wolfram’s PRNG ◮ CA-based Pseudorandom Generator (PRG) [W86]: central cell of rule 30 CA used as a stream cipher keystream K K Seed K CA CA Keystream z z z � � PT CT CT PT Encryption Decryption ◮ This CA-based PRNG was later shown to be vulnerable [MS91] Luca Mariot Open problems in the design of cryptographic applications based on Cellular Automata

  5. CA-Based Crypto History: K eccak χ S-box ◮ Local rule: χ ( x 1 , x 2 , x 3 ) = x 1 ⊕ ( 1 ⊕ ( x 2 · x 3 )) (rule 210) ◮ Invertible for every odd size n of the CA [DGV94] ◮ Used as a PBCA with n = 5 in the K eccak specification of SHA-3 standard [BDPV11] Luca Mariot Open problems in the design of cryptographic applications based on Cellular Automata

  6. Research Goal & Motivations Research Goal : Investigate S-boxes F : { 0 , 1 } n → { 0 , 1 } m induced by CA to be used in block ciphers 1 0 0 0 0 1 0 1 ⇓ F : { 0 , 1 } n → { 0 , 1 } m 1 0 0 1 1 0 Why CA, anyway? 1. Security from Complexity : Simple local rules can lead to very complex global behaviour in CA ⇒ useful to provide confusion and diffusion in block ciphers 2. Efficient implementation : Leverage CA parallelism and locality for lightweight cryptography Luca Mariot Open problems in the design of cryptographic applications based on Cellular Automata

  7. Summary State of the art in CA-based S-boxes Luca Mariot Open problems in the design of cryptographic applications based on Cellular Automata

  8. Nonlinearity of Boolean Functions ◮ Boolean function: a mapping f : { 0 , 1 } n → { 0 , 1 } Truth table representation: ( x 1 , x 2 , x 3 ) 000 100 010 110 001 101 011 111 f ( x 1 , x 2 , x 3 ) 0 1 1 1 1 0 0 0 ⇓ Ω f = ( 0 , 1 , 1 , 1 , 1 , 0 , 0 , 0 ) ◮ Nonlinearity of f : minimum Hamming distance of f from the set of all linear functions L ω ( x ) = ω · x = ω 1 x 1 ⊕···⊕ ω n x n : N f = 2 n − 1 − 1 2 ( | W max ( f ) | ) where W max ( f ) is the maximum of the Walsh transform of f : � ( − 1 ) f ( x ) ⊕ ω · x W f ( ω ) = x ∈{ 0 , 1 } n Luca Mariot Open problems in the design of cryptographic applications based on Cellular Automata

  9. Nonlinearity of S-boxes ◮ Substitution Box (S-box): mapping F : { 0 , 1 } n → { 0 , 1 } m ◮ Component functions v · F : { 0 , 1 } n → { 0 , 1 } for v ∈ { 0 , 1 } m : linear combinations of coordinate functions f i : { 0 , 1 } n → { 0 , 1 } x 1 x 2 x 3 x 4 x 5 x 6 x 7 x 8 ⇓ F : { 0 , 1 } n → { 0 , 1 } m f 1 f 2 f 3 f 4 f 5 f 6 f 1 ⊕ f 3 ⊕ f 5 ◮ Nonlinearity of F ⇔ minimum nonlinearity among all its component functions ◮ S-boxes with high nonlinearity allow to resist to linear cryptanalysis attacks Luca Mariot Open problems in the design of cryptographic applications based on Cellular Automata

  10. Upper Bound on Nonlinearity of CA S-Boxes ◮ We proved the following upper bound for S-boxes based on both NBCA and PBCA [MPLD18]: Theorem The nonlinearity of the S-box F of an n-cell NBCA or PBCA with local rule f : { 0 , 1 } d → { 0 , 1 } satisfy N F ≤ 2 n − d · N f ◮ Remark : This explains why adding cells to a CA makes the cryptographic properties of the S-box worse (see e.g. K eccak ) Luca Mariot Open problems in the design of cryptographic applications based on Cellular Automata

  11. Summary Open Problems Luca Mariot Open problems in the design of cryptographic applications based on Cellular Automata

  12. Lower Bounds ◮ Up to now, we only know how good the nonlinearity of a CA-based S-box can be ◮ Necessity to characterize the nonlinearity of CA component functions more precisely for a lower bound ◮ Interesting byproduct: Secondary construction of Boolean functions based on CA Secondary construction : generate a family of (larger) Boolean functions with specific nonlinearity starting from known ones 0 1 1 0 0 0 0 1 1 0 0 1 ↓ f : { 0 , 1 } 5 → { 0 , 1 } ⇒ ↓ f : { 0 , 1 } 7 → { 0 , 1 } 0 1 Original function f : { 0 , 1 } 5 → { 0 , 1 } Extended function f ′ : { 0 , 1 } 7 → { 0 , 1 } Luca Mariot Open problems in the design of cryptographic applications based on Cellular Automata

  13. Plateaued Boolean Functions & CA ◮ f : { 0 , 1 } n → { 0 , 1 } is plateaued iff: ( − 1 ) f ( x ) ⊕ ω · x ∈ {− 2 r , 0 , + 2 r } � W f ( ω ) = x ∈{ 0 , 1 } n ◮ Plateaued functions achieves maximal nonlinearity, and satisfy other interesting crypto properties (e.g., resiliency) ◮ Example: K eccak rule χ is a plateaued function of 3 variables Question : Find plateaued functions via a secondary construction based on cellular automata Luca Mariot Open problems in the design of cryptographic applications based on Cellular Automata

  14. Component Functions ◮ We focused on the following component function of a n -cell NBCA F with local rule f : { 0 , 1 } d → { 0 , 1 } : m m � � 1 · F = f i ( x 1 , ··· , x n ) = f ( x i , ··· , x i + d − 1 ) i = 1 i = 1 ◮ In other words, we take the component which XORs all coordinate functions of the CA: x 1 x 2 x 3 x 4 x 5 x 6 x 7 x 8 ⇓ F : { 0 , 1 } n → { 0 , 1 } m f 1 f 2 f 3 f 4 f 5 f 6 � 1 · F Luca Mariot Open problems in the design of cryptographic applications based on Cellular Automata

  15. Preliminary Observations Table : Nonlinearities and numbers of plateaued local rules of d = 3 variables whose 1 · F components are plateaued with index r = ⌈ n + 1 2 ⌉ n Nl ( 1 · F ) #RULES 3 2 112 4 4 48 5 12 112 6 24 80 7 56 96 8 112 80 9 240 96 10 480 64 11 992 96 Remark : plateauedness of local rule is not a sufficient condition for plateauedness of 1 · F Luca Mariot Open problems in the design of cryptographic applications based on Cellular Automata

  16. Hypothesis Formulation and Testing ◮ Conjecture : for a certain subset of plateaued local rules of index r = ⌈ d + 1 2 ⌉ , the component 1 · F of the n -cell NBCA is plateaued with index r = ⌈ n + 1 2 ⌉ ◮ Question : how to characterize such subset? ◮ Up to d = 5, the conjecture can be exhaustively checked (since there are 2 2 d d -variable Boolean functions) ◮ for d > 5, there is the necessity to use heuristic methods – such as Genetic Programming (GP) Luca Mariot Open problems in the design of cryptographic applications based on Cellular Automata

  17. Genetic Programming (GP) ◮ Optimization method inspired by evolutionary principles, introduced by Koza [K93] ◮ Each candidate solution (individual) is represented by a tree ◮ Terminal nodes: input variables ◮ Internal nodes: Boolean operators (AND, OR, NOT, XOR, ...) ◮ New solutions are created through genetic operators like tree crossover and subtree mutation applied to a population of candidate solutions ◮ Optimization is performed by evaluating the new candidate solutions wrt a fitness function Luca Mariot Open problems in the design of cryptographic applications based on Cellular Automata

  18. GP Tree Encoding – Example f ( x 1 , x 2 , x 3 , x 4 ) = ( x 1 AND x 2 ) OR ( x 3 XOR x 4 ) OR AND XOR x 1 x 2 x 3 x 4 Luca Mariot Open problems in the design of cryptographic applications based on Cellular Automata

  19. Wrapping up – The Roadmap A possible way to go to solve this conjecture: 1. Apply exhaustive search up to d = 5 to construct the subset of plateaued local rules yielding plateaued 1 · F CA components 2. Formulate a hypothesis on the mathematical structure of this subset 3. Apply GP to test this hypothesis on local rules with d > 5 4. If GP finds a counterexample, then reformulate the structure of the subset and go back to 3. Otherwise, attempt to formally prove the conjecture Further extension : Use this method to investigate construction of bent functions Luca Mariot Open problems in the design of cryptographic applications based on Cellular Automata

  20. Summary Thank you! Luca Mariot Open problems in the design of cryptographic applications based on Cellular Automata

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

How to prevent cryptographic pitfalls by design February 3, 2019 How to prevent cryptographic

How to prevent cryptographic pitfalls by design February 3, 2019 How to prevent cryptographic

Department of Informatics Security and Privacy Maximilian Blochberger How to prevent cryptographic pitfalls by design February 3, 2019 How to prevent cryptographic pitfalls by design Goal Raise awareness of cryptographic misuse Disclaimer

910 views • 29 slides
COSIC A Framework for Cryptographic Problems from Linear Algebra NutMiC, Paris, June 25, 2019 1 /

COSIC A Framework for Cryptographic Problems from Linear Algebra NutMiC, Paris, June 25, 2019 1 /

A Framework for Cryptographic Problems from Linear Algebra Carl Bootland , Wouter Castryck, Alan Szepieniec and Frederik Vercauteren Dept. of Electrical Engineering, COSIC KU Leuven COSIC A Framework for Cryptographic Problems from Linear

731 views • 48 slides
Open Problems for Polynomials over Finite Fields and Applications 1 Daniel Panario School of

Open Problems for Polynomials over Finite Fields and Applications 1 Daniel Panario School of

Introduction Prescribed Coefficients Low Weight Polynomials Potpourri of Open Problems Conclusions Open Problems for Polynomials over Finite Fields and Applications 1 Daniel Panario School of Mathematics and Statistics Carleton University

954 views • 52 slides
Design Patterns Applications Programming What is design patterns? The design patterns are

Design Patterns Applications Programming What is design patterns? The design patterns are

10/26/2011 G52APR Design Patterns Applications Programming What is design patterns? The design patterns are language- Design Patterns 1 independent strategies for solving common object-oriented design problems. Jiawei Li (Michael)

316 views • 8 slides
Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified Cryptographic Web Applications in WASM May. 22 st , 2019 1 / 22 in WebAssembly Jonathan Protzenko Microsoft Research Benjamin Beurdouche INRIA

1.5k views • 57 slides
Introduction to the Design and Title of Presentation Cryptanalysis of Cryptographic Hash

Introduction to the Design and Title of Presentation Cryptanalysis of Cryptographic Hash

Introduction to the Design and Title of Presentation Cryptanalysis of Cryptographic Hash Functions Bart Preneel KU Leuven - COS IC firstname.lastname@ esat.kuleuven.be Design and S ecurity of Cryptographic Functions, Algorithms and Devices

982 views • 67 slides
Cryptographic applications of codes in rank metric Pierre Loidreau CELAr and Universit e de

Cryptographic applications of codes in rank metric Pierre Loidreau CELAr and Universit e de

Cryptographic applications of codes in rank metric Cryptographic applications of codes in rank metric Pierre Loidreau CELAr and Universit e de Rennes Pierre.Loidreau@m4x.org June 16th, 2009 Cryptographic applications of codes in rank

498 views • 33 slides
FPGA security Nele Mentens nele.mentens@kuleuven.be Design and security of cryptographic

FPGA security Nele Mentens nele.mentens@kuleuven.be Design and security of cryptographic

FPGA security Nele Mentens nele.mentens@kuleuven.be Design and security of cryptographic algorithms and devices for real-world applications June 1-6, 2014, ibenik , Croatia Outline Introduction FPGA vs. ASIC FPGA application

443 views • 17 slides
Finite Fields, Applications and Open Problems Daniel Panario School of Mathematics and Statistics

Finite Fields, Applications and Open Problems Daniel Panario School of Mathematics and Statistics

Differential map PN and APN functions Permutation polynomials Iteration of Functions Random sequences Finite Fields, Applications and Open Problems Daniel Panario School of Mathematics and Statistics Carleton University

826 views • 80 slides
Cryptographic Reductions: Classification and Applications to Ideal Models Paul Baecher

Cryptographic Reductions: Classification and Applications to Ideal Models Paul Baecher

Cryptographic Reductions: Classification and Applications to Ideal Models Paul Baecher Cryptographic Reductions: Classification and Applications to Ideal Models Paul Baecher Three Ways to Argue for Cryptographic Security Cryptanalysis

933 views • 75 slides
Some of my Favourite Open Problems in the Equational Logic of Processes Luca Aceto ICE-TCS,

Some of my Favourite Open Problems in the Equational Logic of Processes Luca Aceto ICE-TCS,

Introduction The General Setting A menagerie of open problems Call to arms Some of my Favourite Open Problems in the Equational Logic of Processes Luca Aceto ICE-TCS, School of Computer Science, Reykjavik University Open Problems in

713 views • 35 slides
Arithmetic operators on GF ( 2 m ) for cryptographic applications: performance - power

Arithmetic operators on GF ( 2 m ) for cryptographic applications: performance - power

Introduction Arithmetic in GF ( 2 m ) Summary - results, comments, future prospects Arithmetic operators on GF ( 2 m ) for cryptographic applications: performance - power consumption - security tradeoffs Danuta Pamua 17th December 2012

695 views • 32 slides
Finite Fields, Applications and Open Problems Daniel Panario School of Mathematics and Statistics

Finite Fields, Applications and Open Problems Daniel Panario School of Mathematics and Statistics

Finite Fields Combinatorial Objects Latin Squares and Sudoku Costas Arrays OAs, CAs and OOAs Finite Fields, Applications and Open Problems Daniel Panario School of Mathematics and Statistics Carleton University daniel@math.carleton.ca

1.18k views • 117 slides
Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in

Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in

Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in the Quantum Era (SPS G5448) February 5th, 2020 Christian Colombo Mark Vella Cryptographic Protocols Design Proofs to validate design against

467 views • 20 slides
WoLA19: Open Problems July, 2019 Abstract Some questions suggested during the Open Problems

WoLA19: Open Problems July, 2019 Abstract Some questions suggested during the Open Problems

WoLA19: Open Problems July, 2019 Abstract Some questions suggested during the Open Problems session of the 3 rd Workshop on Local Algorithms (WoLA), held in July 2019 at ETH, Zurich. Non-Adaptive Group Testing Suggested by Oliver Gebhard. In

55 views • 4 slides
CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools Cryptographic Tools Cryptographic algorithms important element in security services Review various types of elements symmetric encryption secure

1.27k views • 23 slides
Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

. . . . . . Permutation-based encryption, authentication and authenticated encryption Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint work with DIAC 2012, Stockholm, July 6 Guido Bertoni 1 ,

739 views • 49 slides
Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction to cryptographic protocols communication (various security goals) Bruno Blanchet use cryptographic primitives (e.g. encryption, hash function,

451 views • 14 slides
Block Ciphers - The Basics Lars R. Knudsen Spring 2011 L.R. Knudsen Block Ciphers - The Basics

Block Ciphers - The Basics Lars R. Knudsen Spring 2011 L.R. Knudsen Block Ciphers - The Basics

Intro Attack on iterated ciphers Differential cryptanalysis Linear cryptanalysis Block Ciphers - The Basics Lars R. Knudsen Spring 2011 L.R. Knudsen Block Ciphers - The Basics Intro Attack on iterated ciphers Differential cryptanalysis

1.27k views • 77 slides
More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 4 Page 1 CS 236 Online Outline Desirable characteristics of ciphers Stream and block ciphers Cryptographic modes Uses of

475 views • 29 slides
s rtr s

s rtr s

s rtr s t tts 1 1 , 2 r

798 views • 66 slides
s Jrmy Jean - Ivica Nikoli Thomas Peyrin - Yannick Seurin NTU (Singapore)

s Jrmy Jean - Ivica Nikoli Thomas Peyrin - Yannick Seurin NTU (Singapore)

s Jrmy Jean - Ivica Nikoli Thomas Peyrin - Yannick Seurin NTU (Singapore) and ANSSI (France) DIAC 2016 Nagoya, Japan - September 27, 2016

714 views • 28 slides
r rtss t P

r rtss t P

r rtss t P r r rtsst rs r

770 views • 43 slides
On the Design and Use of Lightweight Cryptography for Cyber-Physical Systems Hirotaka Yoshida 1 1

On the Design and Use of Lightweight Cryptography for Cyber-Physical Systems Hirotaka Yoshida 1 1

On the Design and Use of Lightweight Cryptography for Cyber-Physical Systems Hirotaka Yoshida 1 1 AIST, Japan Kolkata, India (16 November 2018) 1 / 38 Table of contents 1 Introduction 2 Lightweight Crypto Stack for Circuit/RAM Size Requirement

670 views • 38 slides

More recommend