Showing 1–13 of 13 results for author: Aragona, R

Verification and generation of unrefinable partitions

Authors: Riccardo Aragona, Lorenzo Campioni, Roberto Civino, Massimo Lauria

Abstract: Unrefinable partitions are a subset of partitions into distinct parts which satisfy an additional unrefinability property. More precisely, being an unrefinable partition means that none of the parts can be written as the sum of smaller integers without introducing a repetition. We address the algorithmic aspects of unrefinable partitions, such as testing whether a given partition is unrefinable or… ▽ More Unrefinable partitions are a subset of partitions into distinct parts which satisfy an additional unrefinability property. More precisely, being an unrefinable partition means that none of the parts can be written as the sum of smaller integers without introducing a repetition. We address the algorithmic aspects of unrefinable partitions, such as testing whether a given partition is unrefinable or not and enumerating all the partitions whose sum is a given integer. We design two algorithms to solve the two mentioned problems and we discuss their complexity. △ Less

Submitted 10 January, 2023; v1 submitted 30 December, 2021; originally announced December 2021.

MSC Class: 11P81; 05A17; 05A19

On the primitivity of the AES-128 key-schedule

Authors: Riccardo Aragona, Roberto Civino, Francesca Dalla Volta

Abstract: The key-scheduling algorithm in the AES is the component responsible for selecting from the master key the sequence of round keys to be xor-ed to the partially encrypted state at each iteration. We consider here the group $Γ$ generated by the action of the AES-128 key-scheduling operation, and we prove that the smallest group containing $Γ$ and all the translations of the message space is primitiv… ▽ More The key-scheduling algorithm in the AES is the component responsible for selecting from the master key the sequence of round keys to be xor-ed to the partially encrypted state at each iteration. We consider here the group $Γ$ generated by the action of the AES-128 key-scheduling operation, and we prove that the smallest group containing $Γ$ and all the translations of the message space is primitive. As a consequence, we obtain that no proper and non-trivial subspace can be invariant under its action. △ Less

Submitted 15 February, 2022; v1 submitted 10 March, 2021; originally announced March 2021.

MSC Class: 20B15; 20B35; 94A60

On the primitivity of Lai-Massey schemes

Authors: Riccardo Aragona, Roberto Civino

Abstract: In symmetric cryptography, the round functions used as building blocks for iterated block ciphers are often obtained as the composition of different layers providing confusion and diffusion. The study of the conditions on such layers which make the group generated by the round functions of a block cipher a primitive group has been addressed in the past years, both in the case of Substitution Permu… ▽ More In symmetric cryptography, the round functions used as building blocks for iterated block ciphers are often obtained as the composition of different layers providing confusion and diffusion. The study of the conditions on such layers which make the group generated by the round functions of a block cipher a primitive group has been addressed in the past years, both in the case of Substitution Permutation Networks and Feistel Networks, giving to block cipher designers the receipt to avoid the imprimitivity attack. In this paper a similar study is proposed on the subject of the Lai-Massey scheme, a framework which combines both Substitution Permutation Network and Feistel Network features. Its resistance to the imprimitivity attack is obtained as a consequence of a more general result in which the problem of proving the primitivity of the Lai-Massey scheme is reduced to the simpler one of proving the primitivity of the group generated by the round functions of a strictly related Substitution Permutation Network. △ Less

Submitted 3 November, 2020; originally announced November 2020.

MSC Class: 20B15; 20B35; 94A60

Journal ref: Mediterranean Journal of Mathematics, 2021, 18(4), 165

An Authenticated Key Scheme over Elliptic Curves for Topological Networks

Authors: Riccardo Aragona, Roberto Civino, Norberto Gavioli, Marco Pugliese

Abstract: Nodes of sensor networks may be resource-constrained devices, often having a limited lifetime, making sensor networks remarkably dynamic environments. Managing a cryptographic protocol on such setups may require a disproportionate effort when it comes to update the secret parameters of new nodes that enter the network in place of dismantled sensors. For this reason, the designers of schemes for se… ▽ More Nodes of sensor networks may be resource-constrained devices, often having a limited lifetime, making sensor networks remarkably dynamic environments. Managing a cryptographic protocol on such setups may require a disproportionate effort when it comes to update the secret parameters of new nodes that enter the network in place of dismantled sensors. For this reason, the designers of schemes for sensor network are always concerned with the need of scalable and adaptable solutions. In this work, we present a novel elliptic-curve based solution, derived from the previously released cryptographic protocol TAKS, which addresses this issue. We give a formal description of the scheme, built on a two-dimensional vector space over a prime field and over elliptic curves, where node topology is more relevant than node identity, allowing a dynamic handling of the network and reducing the cost of network updates. We also study some security concerns and their relation to the related discrete logarithm problem over elliptic curves. △ Less

Submitted 12 June, 2020; v1 submitted 3 June, 2020; originally announced June 2020.

MSC Class: 94A60; 94A62; 94C15

Some group-theoretical results on Feistel Networks in a long-key scenario

Authors: Riccardo Aragona, Marco Calderini, Roberto Civino

Abstract: The study of the trapdoors that can be hidden in a block cipher is and has always been a high-interest topic in symmetric cryptography. In this paper we focus on Feistel-network-like ciphers in a classical long-key scenario and we investigate some conditions which make such a construction immune to the partition-based attack introduced recently by Bannier et al. The study of the trapdoors that can be hidden in a block cipher is and has always been a high-interest topic in symmetric cryptography. In this paper we focus on Feistel-network-like ciphers in a classical long-key scenario and we investigate some conditions which make such a construction immune to the partition-based attack introduced recently by Bannier et al. △ Less

Submitted 5 May, 2020; v1 submitted 13 December, 2019; originally announced December 2019.

Comments: Accepted for publication in Advances in Mathematics of Communications

MSC Class: Primary: 94A60; 20B05; Secondary: 20B35

Journal ref: Advances in Mathematics of Communications, 2020, 14(4), pp. 727-743

Entropy and Compression: A simple proof of an inequality of Khinchin-Ornstein-Shields

Authors: Riccardo Aragona, Francesca Marzi, Filippo Mignosi, Matteo Spezialetti

Abstract: This paper concerns the folklore statement that ``entropy is a lower bound for compression''. More precisely we derive from the entropy theorem a simple proof of a pointwise inequality firstly stated by Ornstein and Shields and which is the almost-sure version of an average inequality firstly stated by Khinchin in 1953. We further give an elementary proof of original Khinchin inequality that can b… ▽ More This paper concerns the folklore statement that ``entropy is a lower bound for compression''. More precisely we derive from the entropy theorem a simple proof of a pointwise inequality firstly stated by Ornstein and Shields and which is the almost-sure version of an average inequality firstly stated by Khinchin in 1953. We further give an elementary proof of original Khinchin inequality that can be used as an exercise for Information Theory students and we conclude by giving historical and technical notes of such inequality. △ Less

Submitted 22 April, 2020; v1 submitted 10 July, 2019; originally announced July 2019.

Comments: Compared to version 1, in version 2 we added a simpler proof than the one given by Shields of a more general theorem (Theorem 4, pg. 7) presented by Ornstein and Shields. Consequently we also modified the title of the paper. In version 3 we have reordered the sections of the paper, simplified the proof of Theorem 4 (now Theorem 3) and significantly reduced the proof of Theorem 3 (now Theorem 4)

MSC Class: 94A15; 94A17

Journal ref: Problems of Information Transmission, Vo.l 56 No. 1, 2020. A view-only published version here: https://rdcu.be/b3Cco

Regular subgroups with large intersection

Authors: Riccardo Aragona, Roberto Civino, Norberto Gavioli, Carlo Maria Scoppola

Abstract: In this paper we study the relationships between the elementary abelian regular subgroups and the Sylow $2$-subgroups of their normalisers in the symmetric group $\mathrm{Sym}(\mathbb{F}_2^n)$, in view of the interest that they have recently raised for their applications in symmetric cryptography. In this paper we study the relationships between the elementary abelian regular subgroups and the Sylow $2$-subgroups of their normalisers in the symmetric group $\mathrm{Sym}(\mathbb{F}_2^n)$, in view of the interest that they have recently raised for their applications in symmetric cryptography. △ Less

Submitted 30 November, 2018; v1 submitted 14 November, 2018; originally announced November 2018.

MSC Class: 20B35; 20D20; 94A60

Journal ref: Annali di Matematica Pura ed Applicata (1923 -), Vol. 198 No. 6, 2019

Type-Preserving Matrices and Security of Block Ciphers

Authors: Riccardo Aragona, Alessio Meneghetti

Abstract: We provide a new property, called Non-Type-Preserving, for a mixing layer which guarantees protection against algebraic attacks based on the imprimitivity of the group generated by the round functions. Our main result is to present necessary and sufficient conditions on the structure of the binary matrix associated to the mixing layer, so that it has this property. Then we show how several familie… ▽ More We provide a new property, called Non-Type-Preserving, for a mixing layer which guarantees protection against algebraic attacks based on the imprimitivity of the group generated by the round functions. Our main result is to present necessary and sufficient conditions on the structure of the binary matrix associated to the mixing layer, so that it has this property. Then we show how several families of linear maps are Non-Type-Preserving, including the mixing layers of AES, GOST and PRESENT. Finally we prove that the group generated by the round functions of an SPN cipher with addition modulo a power of 2 as key mixing function is primitive if its mixing layer satisfies this property. Moreover we generalise the definition of a GOST-like cipher using a Non-Type-Preserving matrix as mixing layer and we show, under the only assumption of invertibility of the S-Boxes, that the corresponding group is primitive. △ Less

Submitted 30 November, 2018; v1 submitted 2 March, 2018; originally announced March 2018.

MSC Class: 20B15; 20B35; 94A60

Journal ref: Advances in Mathematics of Communications, Vol. 13 No. 2, May 2019

Wave-Shaped Round Functions and Primitive Groups

Authors: Riccardo Aragona, Marco Calderini, Roberto Civino, Massimiliano Sala, Ilaria Zappatore

Abstract: Round functions used as building blocks for iterated block ciphers, both in the case of Substitution-Permutation Networks and Feistel Networks, are often obtained as the composition of different layers which provide confusion and diffusion, and key additions. The bijectivity of any encryption function, crucial in order to make the decryption possible, is guaranteed by the use of invertible layers… ▽ More Round functions used as building blocks for iterated block ciphers, both in the case of Substitution-Permutation Networks and Feistel Networks, are often obtained as the composition of different layers which provide confusion and diffusion, and key additions. The bijectivity of any encryption function, crucial in order to make the decryption possible, is guaranteed by the use of invertible layers or by the Feistel structure. In this work a new family of ciphers, called wave ciphers, is introduced. In wave ciphers, round functions feature wave functions, which are vectorial Boolean functions obtained as the composition of non-invertible layers, where the confusion layer enlarges the message which returns to its original size after the diffusion layer is applied. This is motivated by the fact that relaxing the requirement that all the layers are invertible allows to consider more functions which are optimal with regard to non-linearity. In particular it allows to consider injective APN S-boxes. In order to guarantee efficient decryption we propose to use wave functions in Feistel Networks. With regard to security, the immunity from some group-theoretical attacks is investigated. In particular, it is shown how to avoid that the group generated by the round functions acts imprimitively, which represent a serious flaw for the cipher. △ Less

Submitted 21 September, 2018; v1 submitted 29 August, 2017; originally announced August 2017.

MSC Class: 20B15; 20B35; 94A60

Journal ref: Advances in Mathematics of Communications, Vol. 13 No. 1, February 2019

On the primitivity of PRESENT and other lightweight ciphers

Authors: Riccardo Aragona, Marco Calderini, Antonio Tortora, Maria Tota

Abstract: We provide two sufficient conditions to guarantee that the round functions of a translation based cipher generate a primitive group. Furthermore, under the same hypotheses, and assuming that a round of the cipher is strongly proper and consists of m-bit S-Boxes, with m = 3; 4 or 5, we prove that such a group is the alternating group. As an immediate consequence, we deduce that the round functions… ▽ More We provide two sufficient conditions to guarantee that the round functions of a translation based cipher generate a primitive group. Furthermore, under the same hypotheses, and assuming that a round of the cipher is strongly proper and consists of m-bit S-Boxes, with m = 3; 4 or 5, we prove that such a group is the alternating group. As an immediate consequence, we deduce that the round functions of some lightweight translation based ciphers, such as the PRESENT cipher, generate the alternating group. △ Less

Submitted 8 June, 2017; v1 submitted 4 November, 2016; originally announced November 2016.

Comments: to appear on Journal of Algebra and its Applications

MSC Class: 20B15; 20B35; 94A60

Journal ref: Journal of Algebra and its Applications, Vol. 17, No. 6, 2018

Several Proofs of Security for a Tokenization Algorithm

Authors: Riccardo Longo, Massimiliano Sala, Riccardo Aragona

Abstract: In this paper we propose a tokenization algorithm of Reversible Hybrid type, as defined in PCI DSS guidelines for designing a tokenization solution, based on a block cipher with a secret key and (possibly public) additional input. We provide some formal proofs of security for it, which imply our algorithm satisfies the most significant security requirements described in PCI DSS tokenization guidel… ▽ More In this paper we propose a tokenization algorithm of Reversible Hybrid type, as defined in PCI DSS guidelines for designing a tokenization solution, based on a block cipher with a secret key and (possibly public) additional input. We provide some formal proofs of security for it, which imply our algorithm satisfies the most significant security requirements described in PCI DSS tokenization guidelines. Finally, we give an instantiation with concrete cryptographic primitives and fixed length of the PAN, and we analyze its efficiency and security. △ Less

Submitted 1 February, 2017; v1 submitted 1 September, 2016; originally announced September 2016.

Comments: to appear in Applicable Algebra in Engineering, Communication and Computing

MSC Class: 94A60

Journal ref: Applicable Algebra in Engineering, Communication and Computing, Vol. 28, No. 5, 2017

A proof of security for a key-policy RS-ABE scheme

Authors: Federico Giacon, Riccardo Aragona, Massimiliano Sala

Abstract: A revocable-storage attribute-based encryption (RS-ABE) scheme is an encryption scheme which extends attribute-based encryption by intro- ducing user revocation. A key-policy RS-ABE scheme links each key to an access structure. We propose a new key-policy RS-ABE scheme whose security we prove in term of indistinguishability under a chosen-plaintext attack (IND-CPA). A revocable-storage attribute-based encryption (RS-ABE) scheme is an encryption scheme which extends attribute-based encryption by intro- ducing user revocation. A key-policy RS-ABE scheme links each key to an access structure. We propose a new key-policy RS-ABE scheme whose security we prove in term of indistinguishability under a chosen-plaintext attack (IND-CPA). △ Less

Submitted 21 March, 2016; originally announced March 2016.

MSC Class: 11T71

Journal ref: JP Journal of Algebra, Number Theory and Applications, Vol. 40, No. 1, 2018

On weak differential uniformity of vectorial Boolean functions as a cryptographic criterion

Authors: R. Aragona, M. Calderini, D. Maccauro, M. Sala

Abstract: We study the relation among some security parameters for vectorial Boolean functions which prevent attacks on the related block cipher. We focus our study on a recently-introduced security criterion, called weak differential uniformity, which prevents the existence of an undetectable trapdoor based on imprimitive group action. We present some properties of functions with low weak differential unif… ▽ More We study the relation among some security parameters for vectorial Boolean functions which prevent attacks on the related block cipher. We focus our study on a recently-introduced security criterion, called weak differential uniformity, which prevents the existence of an undetectable trapdoor based on imprimitive group action. We present some properties of functions with low weak differential uniformity, especially for the case of power functions and 4-bit S-Boxes. △ Less

Submitted 15 January, 2016; v1 submitted 31 March, 2014; originally announced March 2014.

Comments: to appear in Applicable Algebra in Engineering, Communication and Computing

Journal ref: AAECC 27 (5), 359-372 (2016)