TEA analysis using genetic programming Karel Kub cek, - - PowerPoint PPT Presentation

tea analysis using genetic programming
SMART_READER_LITE
LIVE PREVIEW

TEA analysis using genetic programming Karel Kub cek, - - PowerPoint PPT Presentation

Dec 01, 2023 146 likes •288 views

TEA analysis using genetic programming Karel Kub cek, karel-kubicek@mail.muni.cz Faculty of Informatics, Masaryk University December 3, 2015 1 / 13 Motivation Cipher output should look like random data but it is completely

slide-1
SLIDE 1

TEA analysis using genetic programming

Karel Kub´ ıˇ cek, karel-kubicek@mail.muni.cz Faculty of Informatics, Masaryk University December 3, 2015

1 / 13

slide-2
SLIDE 2

Motivation

Cipher output should look like random data

but it is completely deterministic

If we can distinguish between cipher output and truly random data, cipher is not considered to be secure

used as one of the test for AES candidate

Randomness testing can be automatized

to save expensive time of skilled cryptanalyst

2 / 13

slide-3
SLIDE 3

Common way of randomness testing – statistical batteries

Common criteria:

for example monobit test

From pros to cons:

quick interpret but may be hard to design

Closed set of tests

there exist nonrandom data, s.t. pass tests

3 / 13

slide-4
SLIDE 4

Tiny Encryption Algorithm

Simple structure Blocks of 64 bits, 128 bits key Feistel network, 32 rounds Currently weak (related-key attack)

4 / 13

slide-5
SLIDE 5

Tiny Encryption Algorithm

Simple structure Blocks of 64 bits, 128 bits key Feistel network, 32 rounds Currently weak (related-key attack) Why to test TEA?

used by other teams ([HSIR02], [HI04], [Hu+10]) with same idea as benchmark

they evolved a mask to restrict the input

4 / 13

slide-6
SLIDE 6

EACirc – software-emulated electronic circuit

We want to create tests automatically

IN IN 1 IN 2 IN 3 IN 4 IN 5 IN 6 IN 7 AND 8 AND 133 CYCR 22 CYCR 106 CYCR 155 CYCR 121 CONS 110 ROTR 46 CYCR 17 NOT 72 ROTL 246 CYCL 66 NAND 61 NOR 216 CYCR 63 ROTL 231 ROTL 39 NOR 226 CYCR 229 NOP 59 BSLC 150 NOP 181 CYCR 60 NAND 202 NOT 252 CYCL 75 NOP 1 NOT 130 XOR 104 XOR 23 CYCL 188 XOR 19 CYCR 252 OUT

5 / 13

slide-7
SLIDE 7

EACirc – process

Generate 2 sets of test vectors

1 output of the cipher 2 truly random data – QRNG (from physical source)

let the distinguisher choose, which vector is random and which is nonrandom fitness is

#correct quesses #test vectors count

6 / 13

slide-8
SLIDE 8

Results – Plaintext mode: counter

Plaintext: counter incremented by one for each test vector EACirc1a nodes without shifts and rotations EACirc1b shifts and rotations enabled Rounds NIST STS Dieharder EACirc1a EACirc1b 1 1/162 0/20 100 100 2 1/162 0/20 100 100 3 27/188 1.5/20 100 100 4 183/188 6.0/20 (5.0) 100 5 188/188 16.5/20 (3.0) (5.3) Expected 188/188 20/20 (5.0) (5.0)

7 / 13

slide-9
SLIDE 9

Results – Plaintext mode: strict avalanche criterion

Plaintext: vector with two almost identical parts (first is random) differing only in a single bit Rounds NIST STS Dieharder EACirc2 1 29/188 2.5/20 100 2 67/188 2.5/20 100 3 (186)/188 7.0/20 100 4 (187)/188 8.5/20 100 5 (188)/188 16.0/20 (4.5)

8 / 13

slide-10
SLIDE 10

Results – interpretation

4 rounds TEA distinguisher (fitness 99%) for counter plaintext

IN IN 1 IN 2 IN 3 IN 4 IN 5 IN 6 IN 7 AND 8 AND 133 CYCR 22 CYCR 106 CYCR 155 CYCR 121 CONS 110 ROTR 46 CYCR 17 NOT 72 ROTL 246 CYCL 66 NAND 61 NOR 216 CYCR 63 ROTL 231 ROTL 39 NOR 226 CYCR 229 NOP 59 BSLC 150 NOP 181 CYCR 60 NAND 202 NOT 252 CYCL 75 NOP 1 NOT 130 XOR 104 XOR 23 CYCL 188 XOR 19 CYCR 252 OUT

9 / 13

slide-11
SLIDE 11

Results – interpretation

4 rounds TEA distinguisher (fitness 99%) for SAC plaintext

IN IN 1 IN 2 IN 3 IN 4 IN 5 IN 6 IN 7 IN 8 IN 9 IN 10 IN 11 IN 12 IN 13 IN 14 IN 15 OR 108 CONS 124 BSLC 163 NOT 168 CONS 155 BSLC 213 NOT 205 NAND 200 CYCR 170 AND 65 ROTL 241 CYCL 112 NAND 157 OR 161 ROTR 78 XOR 116 NOT 100 AND 251 XOR 194 BSLC 237 NOT 111 OR 183 BSLC 98 ROTL 100 NOT 182 ROTR 146 NAND 204 NAND 33 OR 255 ROTR 127 ROTR 100 XOR 156 NOT 112 OUT

10 / 13

slide-12
SLIDE 12

Future plans

Better analysis of defects in data. ”Give us your data” website

11 / 13

slide-13
SLIDE 13

Questions Questions?

Full version of MKB paper on http://crcs.cz/papers/mkb2015

12 / 13

slide-14
SLIDE 14

Bibliography

  • J. C. Hern´

andez and P. Isasi, “Finding Efficient Distinguishers for Cryptographic Mappings, with an Application to the Block Cipher TEA”, Computational Intelligence, vol. 20, no. 3, pp. 517–525, 2004.

  • J. C. Hern´

andez, J. M. Sierra, P. Isasi, and

  • A. Ribagorda, “Genetic Cryptoanalysis of Two Rounds

TEA”, in Computational Science—ICCS 2002, Springer, 2002, pp. 1024–1031.

  • W. Hu et al., “Cryptanalysis of TEA Using

Quantum-Inspired Genetic Algorithms”, Journal of Software Engineering and Applications, vol. 3, no. 01,

  • p. 50, 2010.

13 / 13