-
Binary bi-braces and applications to cryptography
Authors:
Roberto Civino,
Valerio Fedele
Abstract:
In a XOR-based alternating block cipher the plaintext is masked by a sequence of layers each performing distinct actions: a highly nonlinear permutation, a linear transformation, and the bitwise key addition. When assessing resistance against classical differential attacks (where differences are computed with respect to XOR), the cryptanalysts must only take into account differential probabilities…
▽ More
In a XOR-based alternating block cipher the plaintext is masked by a sequence of layers each performing distinct actions: a highly nonlinear permutation, a linear transformation, and the bitwise key addition. When assessing resistance against classical differential attacks (where differences are computed with respect to XOR), the cryptanalysts must only take into account differential probabilities introduced by the nonlinear layer, this being the only one whose differential transitions are not deterministic. The temptation of computing differentials with respect to another difference operation runs into the difficulty of understanding how differentials propagate through the XOR-affine levels of the cipher. In this paper we introduce a special family of braces that enable the derivation of a set of differences whose interaction with every layer of an XOR-based alternating block cipher can be understood. We show that such braces can be described also in terms of alternating binary algebras of nilpotency class two. Additionally, we present a method to compute the automorphism group of these structures through an equivalence between bilinear maps. By doing so, we characterise the XOR-linear permutations for which the differential transitions with respect to the new difference are deterministic, facilitating an alternative differential attack.
△ Less
Submitted 14 April, 2024;
originally announced April 2024.
-
Optimal s-boxes against alternative operations and linear propagation
Authors:
Marco Calderini,
Roberto Civino,
Riccardo Invernizzi
Abstract:
Civino et al.~(2019) have shown how some diffusion layers can expose a Substitution-Permutation Network to vulnerability from differential cryptanalysis when employing alternative operations coming from groups isomorphic to the translation group on the message space. In this study, we present a classification of diffusion layers that exhibit linearity in parallel alternative operations for ciphers…
▽ More
Civino et al.~(2019) have shown how some diffusion layers can expose a Substitution-Permutation Network to vulnerability from differential cryptanalysis when employing alternative operations coming from groups isomorphic to the translation group on the message space. In this study, we present a classification of diffusion layers that exhibit linearity in parallel alternative operations for ciphers with 4-bit s-boxes, enabling the possibility of an alternative differential attack simultaneously targeting all the s-boxes within the block. Furthermore, we investigate the differential behaviour with respect to alternative operations for all classes of optimal 4-bit s-boxes, as defined by Leander and Poschmann (2007). Our examination reveals that certain classes contain weak permutations w.r.t. alternative differential attacks, and we leverage these vulnerabilities to execute a series of experiments.
△ Less
Submitted 21 October, 2024; v1 submitted 29 March, 2024;
originally announced March 2024.
-
Differential experiments using parallel alternative operations
Authors:
Marco Calderini,
Roberto Civino,
Riccardo Invernizzi
Abstract:
The use of alternative operations in differential cryptanalysis, or alternative notions of differentials, are lately receiving increasing attention. Recently, Civino et al. managed to design a block cipher which is secure w.r.t. classical differential cryptanalysis performed using XOR-differentials, but weaker with respect to the attack based on an alternative difference operation acting on the fi…
▽ More
The use of alternative operations in differential cryptanalysis, or alternative notions of differentials, are lately receiving increasing attention. Recently, Civino et al. managed to design a block cipher which is secure w.r.t. classical differential cryptanalysis performed using XOR-differentials, but weaker with respect to the attack based on an alternative difference operation acting on the first s-box of the block. We extend this result to parallel alternative operations, i.e. acting on each s-box of the block. First, we recall the mathematical framework needed to define and use such operations. After that, we perform some differential experiments against a toy cipher and compare the effectiveness of the attack w.r.t. the one that uses XOR-differentials.
△ Less
Submitted 9 January, 2024;
originally announced January 2024.
-
A definitely periodic chain in the integral Lie ring of partitions
Authors:
Riccardo Aragona,
Roberto Civino,
Norberto Gavioli
Abstract:
Given an integer $n$, we introduce the integral Lie ring of partitions with bounded maximal part, whose elements are in one-to-one correspondence to integer partitions with parts in $\{1,2,\dots, n-1\}$. Starting from an abelian subring, we recursively define a chain of idealizers and we prove that the sequence of ranks of consecutive terms in the chain is definitely periodic. Moreover, we show th…
▽ More
Given an integer $n$, we introduce the integral Lie ring of partitions with bounded maximal part, whose elements are in one-to-one correspondence to integer partitions with parts in $\{1,2,\dots, n-1\}$. Starting from an abelian subring, we recursively define a chain of idealizers and we prove that the sequence of ranks of consecutive terms in the chain is definitely periodic. Moreover, we show that its growth depends of the partial sum of the partial sum of the sequence counting the number of partitions. This work generalizes our previous recent work on the same topic, devoted to the modular case where partitions were allowed to have a bounded number of repetitions of parts in a ring of coefficients of positive characteristic.
△ Less
Submitted 9 March, 2023;
originally announced March 2023.
-
A modular idealizer chain and unrefinability of partitions with repeated parts
Authors:
Riccardo Aragona,
Roberto Civino,
Norberto Gavioli
Abstract:
Recently Aragona et al. have introduced a chain of normalizers in a Sylow 2-subgroup of Sym(2^n), starting from an elementary abelian regular subgroup. They have shown that the indices of consecutive groups in the chain depend on the number of partitions into distinct parts and have given a description, by means of rigid commutators, of the first n-2 terms in the chain. Moreover, they proved that…
▽ More
Recently Aragona et al. have introduced a chain of normalizers in a Sylow 2-subgroup of Sym(2^n), starting from an elementary abelian regular subgroup. They have shown that the indices of consecutive groups in the chain depend on the number of partitions into distinct parts and have given a description, by means of rigid commutators, of the first n-2 terms in the chain. Moreover, they proved that the (n-1)-th term of the chain is described by means of rigid commutators corresponding to unrefinable partitions into distinct parts. Although the mentioned chain can be defined in a Sylow p-subgroup of Sym(p^n), for p > 2 computing the chain of normalizers becomes a challenging task, in the absence of a suitable notion of rigid commutators. This problem is addressed here from an alternative point of view. We propose a more general framework for the normalizer chain, defining a chain of idealizers in a Lie ring over Z_m whose elements are represented by integer partitions. We show how the corresponding idealizers are generated by subsets of partitions into at most m-1 parts and we conjecture that the idealizer chain grows as the normalizer chain in the symmetric group. As an evidence of this, we establish a correspondence between the two constructions in the case m=2.
△ Less
Submitted 4 August, 2023; v1 submitted 16 January, 2023;
originally announced January 2023.
-
The number of maximal unrefinable partitions
Authors:
Riccardo Aragona,
Lorenzo Campioni,
Roberto Civino
Abstract:
This paper completes the classification of maximal unrefinable partitions, extending a previous work of Aragona et al. devoted only to the case of triangular numbers. We show that the number of maximal unrefinable partitions of an integer coincides with the number of suitable partitions into distinct parts, depending on the distance from the successive triangular number.
This paper completes the classification of maximal unrefinable partitions, extending a previous work of Aragona et al. devoted only to the case of triangular numbers. We show that the number of maximal unrefinable partitions of an integer coincides with the number of suitable partitions into distinct parts, depending on the distance from the successive triangular number.
△ Less
Submitted 9 June, 2022;
originally announced June 2022.
-
Verification and generation of unrefinable partitions
Authors:
Riccardo Aragona,
Lorenzo Campioni,
Roberto Civino,
Massimo Lauria
Abstract:
Unrefinable partitions are a subset of partitions into distinct parts which satisfy an additional unrefinability property. More precisely, being an unrefinable partition means that none of the parts can be written as the sum of smaller integers without introducing a repetition. We address the algorithmic aspects of unrefinable partitions, such as testing whether a given partition is unrefinable or…
▽ More
Unrefinable partitions are a subset of partitions into distinct parts which satisfy an additional unrefinability property. More precisely, being an unrefinable partition means that none of the parts can be written as the sum of smaller integers without introducing a repetition. We address the algorithmic aspects of unrefinable partitions, such as testing whether a given partition is unrefinable or not and enumerating all the partitions whose sum is a given integer. We design two algorithms to solve the two mentioned problems and we discuss their complexity.
△ Less
Submitted 10 January, 2023; v1 submitted 30 December, 2021;
originally announced December 2021.
-
On the maximal part in unrefinable partitions of triangular numbers
Authors:
Riccardo Aragona,
Lorenzo Campioni,
Roberto Civino,
Massimo Lauria
Abstract:
A partition into distinct parts is refinable if one of its parts $a$ can be replaced by two different integers which do not belong to the partition and whose sum is $a$, and it is unrefinable otherwise. Clearly, the condition of being unrefinable imposes on the partition a non-trivial limitation on the size of the largest part and on the possible distributions of the parts. We prove a…
▽ More
A partition into distinct parts is refinable if one of its parts $a$ can be replaced by two different integers which do not belong to the partition and whose sum is $a$, and it is unrefinable otherwise. Clearly, the condition of being unrefinable imposes on the partition a non-trivial limitation on the size of the largest part and on the possible distributions of the parts. We prove a $O(n^{1/2})$-upper bound for the largest part in an unrefinable partition of $n$, and we call maximal those which reach the bound. We show a complete classification of maximal unrefinable partitions for triangular numbers, proving that if $n$ is even there exists only one maximal unrefinable partition of $n(n+1)/2$, and that if $n$ is odd the number of such partitions equals the number of partitions of $\lceil n/2\rceil$ into distinct parts. In the second case, an explicit bijection is provided.
△ Less
Submitted 23 May, 2022; v1 submitted 22 November, 2021;
originally announced November 2021.
-
Unrefinable partitions into distinct parts in a normalizer chain
Authors:
Riccardo Aragona,
Roberto Civino,
Norberto Gavioli,
Carlo Maria Scoppola
Abstract:
In a recent paper on a study of the Sylow 2-subgroups of the symmetric group with 2^n elements it has been show that the growth of the first (n-2) consecutive indices of a certain normalizer chain is linked to the sequence of partitions of integers into distinct parts. Unrefinable partitions into distinct parts are those in which no part x can be replaced with integers whose sum is x obtaining a n…
▽ More
In a recent paper on a study of the Sylow 2-subgroups of the symmetric group with 2^n elements it has been show that the growth of the first (n-2) consecutive indices of a certain normalizer chain is linked to the sequence of partitions of integers into distinct parts. Unrefinable partitions into distinct parts are those in which no part x can be replaced with integers whose sum is x obtaining a new partition into distinct parts. We prove here that the (n-1)-th index of the previously mentioned chain is related to the number of unrefinable partitions into distinct parts satisfying a condition on the minimal excludant.
△ Less
Submitted 9 July, 2021;
originally announced July 2021.
-
On the primitivity of the AES-128 key-schedule
Authors:
Riccardo Aragona,
Roberto Civino,
Francesca Dalla Volta
Abstract:
The key-scheduling algorithm in the AES is the component responsible for selecting from the master key the sequence of round keys to be xor-ed to the partially encrypted state at each iteration. We consider here the group $Γ$ generated by the action of the AES-128 key-scheduling operation, and we prove that the smallest group containing $Γ$ and all the translations of the message space is primitiv…
▽ More
The key-scheduling algorithm in the AES is the component responsible for selecting from the master key the sequence of round keys to be xor-ed to the partially encrypted state at each iteration. We consider here the group $Γ$ generated by the action of the AES-128 key-scheduling operation, and we prove that the smallest group containing $Γ$ and all the translations of the message space is primitive. As a consequence, we obtain that no proper and non-trivial subspace can be invariant under its action.
△ Less
Submitted 15 February, 2022; v1 submitted 10 March, 2021;
originally announced March 2021.
-
On the primitivity of Lai-Massey schemes
Authors:
Riccardo Aragona,
Roberto Civino
Abstract:
In symmetric cryptography, the round functions used as building blocks for iterated block ciphers are often obtained as the composition of different layers providing confusion and diffusion. The study of the conditions on such layers which make the group generated by the round functions of a block cipher a primitive group has been addressed in the past years, both in the case of Substitution Permu…
▽ More
In symmetric cryptography, the round functions used as building blocks for iterated block ciphers are often obtained as the composition of different layers providing confusion and diffusion. The study of the conditions on such layers which make the group generated by the round functions of a block cipher a primitive group has been addressed in the past years, both in the case of Substitution Permutation Networks and Feistel Networks, giving to block cipher designers the receipt to avoid the imprimitivity attack. In this paper a similar study is proposed on the subject of the Lai-Massey scheme, a framework which combines both Substitution Permutation Network and Feistel Network features. Its resistance to the imprimitivity attack is obtained as a consequence of a more general result in which the problem of proving the primitivity of the Lai-Massey scheme is reduced to the simpler one of proving the primitivity of the group generated by the round functions of a strictly related Substitution Permutation Network.
△ Less
Submitted 3 November, 2020;
originally announced November 2020.
-
Rigid commutators and a normalizer chain
Authors:
Riccardo Aragona,
Roberto Civino,
Norberto Gavioli,
Carlo Maria Scoppola
Abstract:
The novel notion of rigid commutators is introduced to determine the sequence of the logarithms of the indices of a certain normalizer chain in the Sylow 2-subgroup of the symmetric group on 2^n letters. The terms of this sequence are proved to be those of the partial sums of the partitions of an integer into at least two distinct parts, that relates to a famous Euler's partition theorem.
The novel notion of rigid commutators is introduced to determine the sequence of the logarithms of the indices of a certain normalizer chain in the Sylow 2-subgroup of the symmetric group on 2^n letters. The terms of this sequence are proved to be those of the partial sums of the partitions of an integer into at least two distinct parts, that relates to a famous Euler's partition theorem.
△ Less
Submitted 3 October, 2020; v1 submitted 23 September, 2020;
originally announced September 2020.
-
A Chain of Normalizers in the Sylow $2$-subgroups of the symmetric group on $2^n$ letters
Authors:
Riccardo Aragona,
Roberto Civino,
Norberto Gavioli,
Carlo Maria Scoppola
Abstract:
On the basis of an initial interest in symmetric cryptography, in the present work we study a chain of subgroups. Starting from a Sylow $2$-subgroup of AGL(2,n), each term of the chain is defined as the normalizer of the previous one in the symmetric group on $2^n$ letters. Partial results and computational experiments lead us to conjecture that, for large values of $n$, the index of a normalizer…
▽ More
On the basis of an initial interest in symmetric cryptography, in the present work we study a chain of subgroups. Starting from a Sylow $2$-subgroup of AGL(2,n), each term of the chain is defined as the normalizer of the previous one in the symmetric group on $2^n$ letters. Partial results and computational experiments lead us to conjecture that, for large values of $n$, the index of a normalizer in the consecutive one does not depend on $n$. Indeed, there is a strong evidence that the sequence of the logarithms of such indices is the one of the partial sums of the numbers of partitions into at least two distinct parts.
△ Less
Submitted 31 August, 2020;
originally announced August 2020.
-
Some group-theoretical results on Feistel Networks in a long-key scenario
Authors:
Riccardo Aragona,
Marco Calderini,
Roberto Civino
Abstract:
The study of the trapdoors that can be hidden in a block cipher is and has always been a high-interest topic in symmetric cryptography. In this paper we focus on Feistel-network-like ciphers in a classical long-key scenario and we investigate some conditions which make such a construction immune to the partition-based attack introduced recently by Bannier et al.
The study of the trapdoors that can be hidden in a block cipher is and has always been a high-interest topic in symmetric cryptography. In this paper we focus on Feistel-network-like ciphers in a classical long-key scenario and we investigate some conditions which make such a construction immune to the partition-based attack introduced recently by Bannier et al.
△ Less
Submitted 5 May, 2020; v1 submitted 13 December, 2019;
originally announced December 2019.
-
Regular subgroups with large intersection
Authors:
Riccardo Aragona,
Roberto Civino,
Norberto Gavioli,
Carlo Maria Scoppola
Abstract:
In this paper we study the relationships between the elementary abelian regular subgroups and the Sylow $2$-subgroups of their normalisers in the symmetric group $\mathrm{Sym}(\mathbb{F}_2^n)$, in view of the interest that they have recently raised for their applications in symmetric cryptography.
In this paper we study the relationships between the elementary abelian regular subgroups and the Sylow $2$-subgroups of their normalisers in the symmetric group $\mathrm{Sym}(\mathbb{F}_2^n)$, in view of the interest that they have recently raised for their applications in symmetric cryptography.
△ Less
Submitted 30 November, 2018; v1 submitted 14 November, 2018;
originally announced November 2018.
-
Wave-Shaped Round Functions and Primitive Groups
Authors:
Riccardo Aragona,
Marco Calderini,
Roberto Civino,
Massimiliano Sala,
Ilaria Zappatore
Abstract:
Round functions used as building blocks for iterated block ciphers, both in the case of Substitution-Permutation Networks and Feistel Networks, are often obtained as the composition of different layers which provide confusion and diffusion, and key additions. The bijectivity of any encryption function, crucial in order to make the decryption possible, is guaranteed by the use of invertible layers…
▽ More
Round functions used as building blocks for iterated block ciphers, both in the case of Substitution-Permutation Networks and Feistel Networks, are often obtained as the composition of different layers which provide confusion and diffusion, and key additions. The bijectivity of any encryption function, crucial in order to make the decryption possible, is guaranteed by the use of invertible layers or by the Feistel structure. In this work a new family of ciphers, called wave ciphers, is introduced. In wave ciphers, round functions feature wave functions, which are vectorial Boolean functions obtained as the composition of non-invertible layers, where the confusion layer enlarges the message which returns to its original size after the diffusion layer is applied. This is motivated by the fact that relaxing the requirement that all the layers are invertible allows to consider more functions which are optimal with regard to non-linearity. In particular it allows to consider injective APN S-boxes. In order to guarantee efficient decryption we propose to use wave functions in Feistel Networks. With regard to security, the immunity from some group-theoretical attacks is investigated. In particular, it is shown how to avoid that the group generated by the round functions acts imprimitively, which represent a serious flaw for the cipher.
△ Less
Submitted 21 September, 2018; v1 submitted 29 August, 2017;
originally announced August 2017.
-
On properties of translation groups in the affine general linear group with applications to cryptography
Authors:
Marco Calderini,
Roberto Civino,
Massimiliano Sala
Abstract:
The affine general linear group acting on a vector space over a prime field is a well-understood mathematical object. Its elementary abelian regular subgroups have recently drawn attention in applied mathematics thanks to their use in cryptography as a way to hide or detect weaknesses inside block ciphers. This paper is focused on building a convenient representation of their elements which suits…
▽ More
The affine general linear group acting on a vector space over a prime field is a well-understood mathematical object. Its elementary abelian regular subgroups have recently drawn attention in applied mathematics thanks to their use in cryptography as a way to hide or detect weaknesses inside block ciphers. This paper is focused on building a convenient representation of their elements which suits better the purposes of the cryptanalyst. Several combinatorial counting formulas and a classification of their conjugacy classes are given as well.
△ Less
Submitted 20 November, 2020; v1 submitted 2 February, 2017;
originally announced February 2017.
