-
Binary bi-braces and applications to cryptography
Authors:
Roberto Civino,
Valerio Fedele
Abstract:
In a XOR-based alternating block cipher the plaintext is masked by a sequence of layers each performing distinct actions: a highly nonlinear permutation, a linear transformation, and the bitwise key addition. When assessing resistance against classical differential attacks (where differences are computed with respect to XOR), the cryptanalysts must only take into account differential probabilities…
▽ More
In a XOR-based alternating block cipher the plaintext is masked by a sequence of layers each performing distinct actions: a highly nonlinear permutation, a linear transformation, and the bitwise key addition. When assessing resistance against classical differential attacks (where differences are computed with respect to XOR), the cryptanalysts must only take into account differential probabilities introduced by the nonlinear layer, this being the only one whose differential transitions are not deterministic. The temptation of computing differentials with respect to another difference operation runs into the difficulty of understanding how differentials propagate through the XOR-affine levels of the cipher. In this paper we introduce a special family of braces that enable the derivation of a set of differences whose interaction with every layer of an XOR-based alternating block cipher can be understood. We show that such braces can be described also in terms of alternating binary algebras of nilpotency class two. Additionally, we present a method to compute the automorphism group of these structures through an equivalence between bilinear maps. By doing so, we characterise the XOR-linear permutations for which the differential transitions with respect to the new difference are deterministic, facilitating an alternative differential attack.
△ Less
Submitted 14 April, 2024;
originally announced April 2024.
-
Optimal s-boxes against alternative operations and linear propagation
Authors:
Marco Calderini,
Roberto Civino,
Riccardo Invernizzi
Abstract:
Civino et al.~(2019) have shown how some diffusion layers can expose a Substitution-Permutation Network to vulnerability from differential cryptanalysis when employing alternative operations coming from groups isomorphic to the translation group on the message space. In this study, we present a classification of diffusion layers that exhibit linearity in parallel alternative operations for ciphers…
▽ More
Civino et al.~(2019) have shown how some diffusion layers can expose a Substitution-Permutation Network to vulnerability from differential cryptanalysis when employing alternative operations coming from groups isomorphic to the translation group on the message space. In this study, we present a classification of diffusion layers that exhibit linearity in parallel alternative operations for ciphers with 4-bit s-boxes, enabling the possibility of an alternative differential attack simultaneously targeting all the s-boxes within the block. Furthermore, we investigate the differential behaviour with respect to alternative operations for all classes of optimal 4-bit s-boxes, as defined by Leander and Poschmann (2007). Our examination reveals that certain classes contain weak permutations w.r.t. alternative differential attacks, and we leverage these vulnerabilities to execute a series of experiments.
△ Less
Submitted 21 October, 2024; v1 submitted 29 March, 2024;
originally announced March 2024.
-
Differential experiments using parallel alternative operations
Authors:
Marco Calderini,
Roberto Civino,
Riccardo Invernizzi
Abstract:
The use of alternative operations in differential cryptanalysis, or alternative notions of differentials, are lately receiving increasing attention. Recently, Civino et al. managed to design a block cipher which is secure w.r.t. classical differential cryptanalysis performed using XOR-differentials, but weaker with respect to the attack based on an alternative difference operation acting on the fi…
▽ More
The use of alternative operations in differential cryptanalysis, or alternative notions of differentials, are lately receiving increasing attention. Recently, Civino et al. managed to design a block cipher which is secure w.r.t. classical differential cryptanalysis performed using XOR-differentials, but weaker with respect to the attack based on an alternative difference operation acting on the first s-box of the block. We extend this result to parallel alternative operations, i.e. acting on each s-box of the block. First, we recall the mathematical framework needed to define and use such operations. After that, we perform some differential experiments against a toy cipher and compare the effectiveness of the attack w.r.t. the one that uses XOR-differentials.
△ Less
Submitted 9 January, 2024;
originally announced January 2024.
-
Verification and generation of unrefinable partitions
Authors:
Riccardo Aragona,
Lorenzo Campioni,
Roberto Civino,
Massimo Lauria
Abstract:
Unrefinable partitions are a subset of partitions into distinct parts which satisfy an additional unrefinability property. More precisely, being an unrefinable partition means that none of the parts can be written as the sum of smaller integers without introducing a repetition. We address the algorithmic aspects of unrefinable partitions, such as testing whether a given partition is unrefinable or…
▽ More
Unrefinable partitions are a subset of partitions into distinct parts which satisfy an additional unrefinability property. More precisely, being an unrefinable partition means that none of the parts can be written as the sum of smaller integers without introducing a repetition. We address the algorithmic aspects of unrefinable partitions, such as testing whether a given partition is unrefinable or not and enumerating all the partitions whose sum is a given integer. We design two algorithms to solve the two mentioned problems and we discuss their complexity.
△ Less
Submitted 10 January, 2023; v1 submitted 30 December, 2021;
originally announced December 2021.
-
On the primitivity of the AES-128 key-schedule
Authors:
Riccardo Aragona,
Roberto Civino,
Francesca Dalla Volta
Abstract:
The key-scheduling algorithm in the AES is the component responsible for selecting from the master key the sequence of round keys to be xor-ed to the partially encrypted state at each iteration. We consider here the group $Γ$ generated by the action of the AES-128 key-scheduling operation, and we prove that the smallest group containing $Γ$ and all the translations of the message space is primitiv…
▽ More
The key-scheduling algorithm in the AES is the component responsible for selecting from the master key the sequence of round keys to be xor-ed to the partially encrypted state at each iteration. We consider here the group $Γ$ generated by the action of the AES-128 key-scheduling operation, and we prove that the smallest group containing $Γ$ and all the translations of the message space is primitive. As a consequence, we obtain that no proper and non-trivial subspace can be invariant under its action.
△ Less
Submitted 15 February, 2022; v1 submitted 10 March, 2021;
originally announced March 2021.
-
On the primitivity of Lai-Massey schemes
Authors:
Riccardo Aragona,
Roberto Civino
Abstract:
In symmetric cryptography, the round functions used as building blocks for iterated block ciphers are often obtained as the composition of different layers providing confusion and diffusion. The study of the conditions on such layers which make the group generated by the round functions of a block cipher a primitive group has been addressed in the past years, both in the case of Substitution Permu…
▽ More
In symmetric cryptography, the round functions used as building blocks for iterated block ciphers are often obtained as the composition of different layers providing confusion and diffusion. The study of the conditions on such layers which make the group generated by the round functions of a block cipher a primitive group has been addressed in the past years, both in the case of Substitution Permutation Networks and Feistel Networks, giving to block cipher designers the receipt to avoid the imprimitivity attack. In this paper a similar study is proposed on the subject of the Lai-Massey scheme, a framework which combines both Substitution Permutation Network and Feistel Network features. Its resistance to the imprimitivity attack is obtained as a consequence of a more general result in which the problem of proving the primitivity of the Lai-Massey scheme is reduced to the simpler one of proving the primitivity of the group generated by the round functions of a strictly related Substitution Permutation Network.
△ Less
Submitted 3 November, 2020;
originally announced November 2020.
-
An Authenticated Key Scheme over Elliptic Curves for Topological Networks
Authors:
Riccardo Aragona,
Roberto Civino,
Norberto Gavioli,
Marco Pugliese
Abstract:
Nodes of sensor networks may be resource-constrained devices, often having a limited lifetime, making sensor networks remarkably dynamic environments. Managing a cryptographic protocol on such setups may require a disproportionate effort when it comes to update the secret parameters of new nodes that enter the network in place of dismantled sensors. For this reason, the designers of schemes for se…
▽ More
Nodes of sensor networks may be resource-constrained devices, often having a limited lifetime, making sensor networks remarkably dynamic environments. Managing a cryptographic protocol on such setups may require a disproportionate effort when it comes to update the secret parameters of new nodes that enter the network in place of dismantled sensors. For this reason, the designers of schemes for sensor network are always concerned with the need of scalable and adaptable solutions. In this work, we present a novel elliptic-curve based solution, derived from the previously released cryptographic protocol TAKS, which addresses this issue. We give a formal description of the scheme, built on a two-dimensional vector space over a prime field and over elliptic curves, where node topology is more relevant than node identity, allowing a dynamic handling of the network and reducing the cost of network updates. We also study some security concerns and their relation to the related discrete logarithm problem over elliptic curves.
△ Less
Submitted 12 June, 2020; v1 submitted 3 June, 2020;
originally announced June 2020.
-
Some group-theoretical results on Feistel Networks in a long-key scenario
Authors:
Riccardo Aragona,
Marco Calderini,
Roberto Civino
Abstract:
The study of the trapdoors that can be hidden in a block cipher is and has always been a high-interest topic in symmetric cryptography. In this paper we focus on Feistel-network-like ciphers in a classical long-key scenario and we investigate some conditions which make such a construction immune to the partition-based attack introduced recently by Bannier et al.
The study of the trapdoors that can be hidden in a block cipher is and has always been a high-interest topic in symmetric cryptography. In this paper we focus on Feistel-network-like ciphers in a classical long-key scenario and we investigate some conditions which make such a construction immune to the partition-based attack introduced recently by Bannier et al.
△ Less
Submitted 5 May, 2020; v1 submitted 13 December, 2019;
originally announced December 2019.
-
Regular subgroups with large intersection
Authors:
Riccardo Aragona,
Roberto Civino,
Norberto Gavioli,
Carlo Maria Scoppola
Abstract:
In this paper we study the relationships between the elementary abelian regular subgroups and the Sylow $2$-subgroups of their normalisers in the symmetric group $\mathrm{Sym}(\mathbb{F}_2^n)$, in view of the interest that they have recently raised for their applications in symmetric cryptography.
In this paper we study the relationships between the elementary abelian regular subgroups and the Sylow $2$-subgroups of their normalisers in the symmetric group $\mathrm{Sym}(\mathbb{F}_2^n)$, in view of the interest that they have recently raised for their applications in symmetric cryptography.
△ Less
Submitted 30 November, 2018; v1 submitted 14 November, 2018;
originally announced November 2018.
-
Wave-Shaped Round Functions and Primitive Groups
Authors:
Riccardo Aragona,
Marco Calderini,
Roberto Civino,
Massimiliano Sala,
Ilaria Zappatore
Abstract:
Round functions used as building blocks for iterated block ciphers, both in the case of Substitution-Permutation Networks and Feistel Networks, are often obtained as the composition of different layers which provide confusion and diffusion, and key additions. The bijectivity of any encryption function, crucial in order to make the decryption possible, is guaranteed by the use of invertible layers…
▽ More
Round functions used as building blocks for iterated block ciphers, both in the case of Substitution-Permutation Networks and Feistel Networks, are often obtained as the composition of different layers which provide confusion and diffusion, and key additions. The bijectivity of any encryption function, crucial in order to make the decryption possible, is guaranteed by the use of invertible layers or by the Feistel structure. In this work a new family of ciphers, called wave ciphers, is introduced. In wave ciphers, round functions feature wave functions, which are vectorial Boolean functions obtained as the composition of non-invertible layers, where the confusion layer enlarges the message which returns to its original size after the diffusion layer is applied. This is motivated by the fact that relaxing the requirement that all the layers are invertible allows to consider more functions which are optimal with regard to non-linearity. In particular it allows to consider injective APN S-boxes. In order to guarantee efficient decryption we propose to use wave functions in Feistel Networks. With regard to security, the immunity from some group-theoretical attacks is investigated. In particular, it is shown how to avoid that the group generated by the round functions acts imprimitively, which represent a serious flaw for the cipher.
△ Less
Submitted 21 September, 2018; v1 submitted 29 August, 2017;
originally announced August 2017.
-
On the Equivalence of Two Security Notions for Hierarchical Key Assignment Schemes in the Unconditional Setting
Authors:
Massimo Cafaro,
Roberto Civino,
Barbara Masucci
Abstract:
The access control problem in a hierarchy can be solved by using a hierarchical key assignment scheme, where each class is assigned an encryption key and some private information. A formal security analysis for hierarchical key assignment schemes has been traditionally considered in two different settings, i.e., the unconditionally secure and the computationally secure setting, and with respect to…
▽ More
The access control problem in a hierarchy can be solved by using a hierarchical key assignment scheme, where each class is assigned an encryption key and some private information. A formal security analysis for hierarchical key assignment schemes has been traditionally considered in two different settings, i.e., the unconditionally secure and the computationally secure setting, and with respect to two different notions: security against key recovery (KR-security) and security with respect to key indistinguishability (KI-security), with the latter notion being cryptographically stronger. Recently, Freire, Paterson and Poettering proposed strong key indistinguishability (SKI-security) as a new security notion in the computationally secure setting, arguing that SKI-security is strictly stronger than KI-security in such a setting. In this paper we consider the unconditionally secure setting for hierarchical key assignment schemes. In such a setting the security of the schemes is not based on specific unproven computational assumptions, i.e., it relies on the theoretical impossibility of breaking them, despite the computational power of an adversary coalition. We prove that, in this setting, SKI-security is not stronger than KI-security, i.e., the two notions are fully equivalent from an information-theoretic point of view.
△ Less
Submitted 15 May, 2014; v1 submitted 21 February, 2014;
originally announced February 2014.
