Abstract
In this presentation we investigate a new way of protecting block ciphers against classes of attacks (including differential and linear crypt-analysis) which is based on the notion of decorrelation which is fairly connected to Carter-Wegman's notion of universal functions. This defines a simple and friendly combinatorial measurement which enables to quantify the security. We show that we can mix provable protections and heuristic protections. We finally propose two new block ciphers family we call COCONUT and PEANUT, which implement these ideas and achieve quite reasonable performances for real-life applications.
Preview
Unable to display preview. Download preview PDF.
References
E. Biham. A fast new DES implementation in software. In Fast Software Encryption, Haifa, Israel, Lectures Notes in Computer Science 1267, pp. 260–272, Springer-Verlag, 1997.
E. Biham, A. Shamir. Differential cryptanalysis of DES-like cryptosysterns. In Advances in Cryptology CRYPTO'90, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 537, pp. 2–21, Springer-Verlag, 1991.
E. Biham, A. Shamir. Differential cryptanalysis of DES-like cryptosystems. Journal of Cryptology, vol. 4, pp. 3–72, 1991.
E. Biham, A. Shamir. Differential cryptanalysis of the full 16-round DES. In Advances in Cryptology CRYPTO'92, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 740, pp. 487–496, Springer-Verlag, 1993.
E. Biham, A. Shamir. Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993.
F. Chabaud, S. Vaudenay. Links between differential and linear cryptanalysis. In Advances in Cryptology EUROCRYPT'94, Perugia, Italy, Lectures Notes in Computer Science 950, pp. 356–365, Springer-Verlag, 1995.
L. Carter, M. Wegman. Universal closes of hash functions. Journal of Computer and System Sciences, vol. 18, pp. 143–154, 1979.
New directions in cryptography. IEEE Transactions on Information Theory, vol. IT-22, pp. 644–654, 1976.
H. Feistel. Cryptography and computer privacy. Scientific american, vol. 228, pp. 15–23, 1973.
H. Gilbert. Cryptanalyse Statistique des Algorithmes de Chiffrement et Sécurité des Schémas d'Authentification, Thèse de Doctorat de l'Université de Paris 11, 1997.
H. Gilbert, G. Chassé. A statistical attack of the FEAL-8 cryptosystem. In Advances in Cryptology CRYPTO'90, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 537, pp. 22–33, Springer-Verlag, 1991.
S. Halevi, H. Krawczyk. MMH: software message authentication in the Gbit/second rates. In Fast Software Encryption, Haifa, Israel, Lectures Notes in Computer Science 1267, pp. 172–189, Springer-Verlag, 1997.
H. M. Heys, S. E. Tavares. Substitution-Permutation Networks resistant to differential and linear cryptanalysis. Journal of Cryptology, vol. 9, pp. 1–19, 1996.
T. Jakobsen, L. R. Knudsen. The interpolation attack on block ciphers. In Fast Software Encryption, Haifa, Israel, Lectures Notes in Computer Science 1267, pp. 28–40, Springer-Verlag, 1997.
L. R. Knudsen. Block Ciphers — Analysis, Design and Applications, Aarhus University, 1994.
B. R. Kaliski Jr., M. J. B. Robshaw. Linear cryptanalysis using multiple approximations. In Advances in Cryptology CRYPTO'94, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 839, pp. 26–39, Springer-Verlag, 1994.
X. Lai. On the Design and Security of Block Ciphers, ETH Series in Information Processing, vol. 1, Hartung-Gorre Verlag Konstanz, 1992.
X. Lai, J. L. Massey, S. Murphy. Markov ciphers and differential cryptanalysis. In Advances in Cryptology EUROCRYPT'91, Brighton, United Kingdom, Lectures Notes in Computer Science 547, pp. 17–38, Springer-Verlag, 1991.
M. Luby, C. Rackoff. How to construct pseudorandom permutations from pseudorandom functions. SIAM Journal on Computing, vol. 17, pp. 373–386, 1988.
M. Matsui. Linear cryptanalysis methods for DES cipher. In Advances in Cryptology EURO-CRYPT'93, Lofthus, Norway, Lectures Notes in Computer Science 765, pp. 386–397, Springer-Verlag, 1994.
M. Matsui. The first experimental cryptanalysis of the Data Encryption Standard. In Advances in Cryptology CRYPTO'94, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 839, pp. 1–11, Springer-Verlag, 1994.
M. Matsui. New structure of block ciphers with provable security against differential and linear crypt-analysis. In Fast Software Encryption, Cambridge, United Kingdom, Lectures Notes in Computer Science 1039, pp. 205–218, Springer-Verlag, 1996.
R. Merkle, M. Hellman. Hiding information and signatures in trapdoor knapsacks. IEEE Transactions on Information Theory, vol. IT-24, pp. 525–530, 1978.
S. Murphy, F. Piper, M. Walker, P. Wild. Likehood estimation for block cipher keys. Unpublished.
K. Nyberg. Perfect nonlinear S-boxes. In Advances in Cryptology EUROCRYPT'91, Brighton, United Kingdom, Lectures Notes in Computer Science 547, pp. 378–385, Springer-Verlag, 1991.
K. Nyberg, L. R. Knudsen. Provable security against a differential cryptanalysis. Journal of Cryptology, vol. 8, pp. 27–37, 1995.
J. Patarin. Etude des Générateurs de Permutations Basés sur le Schéma du D.E.S., Thèse de Doctorat de l'Université de Paris 6, 1991.
J. Patarin. In Advances in Cryptology EUROCRYPT'92, Balatonfüred, Hungary, Lectures Notes in Computer Science 658, pp. 256–266, Springer-Verlag, 1993.
J. Patarin. About Feistel schemes with six (or more) rounds. To appear in Fast Software Encryption, 1998.
R. L. Rivest, A. Shamir, L. M. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, vol. 21, pp. 120–126, 1978.
C. E. Shannon. Communication theory of secrecy systems. Bell system technical journal, vol. 28, pp. 656–715, 1949.
A. Shamir. How to photofinish a cryptosystem? Presented at the Rump Session of Crypto'97.
A. Tardy-Corfdir, H. Gilbert. A known plaintext attack of FEAL-4 and FEAL-6. In Advances in Cryptology CRYPTO'91, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 576, pp. 172–181, Springer-Verlag, 1992.
S. Vaudenay. La Sécurité des Primitives Cryptographiques, Thèse de Doctorat de l'Université de Paris 7, Technical Report LIENS-95-10 of the Laboratoire d'Informatique de l'Ecole Normale Supérieure, 1995.
S. Vaudenay. An experiment on DES — Statistical cryptanalysis. In 3rd ACM Conference on Computer and Communications Security, New Delhi, India, pp. 139–147, ACM Press, 1996.
S. Vaudenay. A cheap paradigm for block cipher security strengthening. Technical Report LIENS-97-3. Unpublished.
G. S. Vernam. Cipher printing telegraph systems for secret wire and radio telegraphic communications. Journal of the American Institute of Electrical Engineers, vol. 45, pp. 109–115, 1926.
M. N. Wegman, J. L. Carter. New hash functions and their use in authentication and set equality. Journal of Computer and System Sciences, vol. 22, pp. 265–279, 1981.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1998 Springer-Verlag
About this paper
Cite this paper
Vaudenay, S. (1998). Provable security for block ciphers by decorrelation. In: Morvan, M., Meinel, C., Krob, D. (eds) STACS 98. STACS 1998. Lecture Notes in Computer Science, vol 1373. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0028566
Download citation
DOI: https://doi.org/10.1007/BFb0028566
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-64230-5
Online ISBN: 978-3-540-69705-3
eBook Packages: Springer Book Archive