Abstract
In this paper, we propose a novel technique, called multi-output filtering model, to study the non-randomness property of a cryptographic algorithm such as message authentication codes and block ciphers. A multi-output filtering model consists of a linear feedback shift register and a multi-output filtering function. Our contribution in this paper is twofold. First, we propose an attack technique under IND-CPA using the multi-output filtering model. By introducing a distinguishing function, we theoretically determine the success rate of this attack. In particular, we construct a distinguishing function based on the distribution of the linear complexity of component sequences, and apply it on studying \({\textsf {TUAK}}\)’s \(f_1\) algorithm, \( {\textsf {AES} }\), \( {\textsf {KASUMI} }\), \( {\textsf {PRESENT} }\) and PRINTcipher. We demonstrate that the success rate of the attack on \( {\textsf {KASUMI} }\) and \( {\textsf {PRESENT} }\) is non-negligible, but \(f_1\) and \( {\textsf {AES} }\) are resistant to this attack. Second, we study the distribution of the cryptographic properties of component functions of a random primitive in the multi-output filtering model. Our experiments show some non-randomness in the distribution of algebraic degree and nonlinearity for \( {\textsf {KASUMI} }\).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Aumasson, J.-P., Meier, W.: Zero-sum distinguishers for deduced Keccak-\(f\) and for the core functions of Luffa and Hamsi. In: Presented at the Rump Session of CHES 2009 (2009)
Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among notions of security for public-key encryption schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998). doi:10.1007/BFb0055718
Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption: analysis of the DES modes of operation. In: Proceedings of the 38th Symposium on Foundations of Computer Science. IEEE (1997)
Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: The Keccak reference. (2011). http://keccak.noekeon.org/Keccak-reference-3.0.pdf
Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74735-2_31
Boura, C., Canteaut, A.: Zero-sum distinguishers for iterated permutations and application to Keccak-f and Hamsi-256. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 1–17. Springer, Heidelberg (2011). doi:10.1007/978-3-642-19574-7_1
Carlet, C.: Boolean functions for cryptography and error correcting codes. In: Crama, Y., Hammer, P.L. (eds.) The Monography Boolean Models and Methods in Mathematics, Computer Science, and Engineering, pp. 257–397. Cambridge University Press (2010)
Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer, New York (2002)
Daemen, J., Assche, G.: Differential propagation analysis of keccak. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 422–441. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34047-5_24
Dinur, I., Shamir, A.: Cube attacks on tweakable black box polynomials. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 278–299. Springer, Heidelberg (2009). doi:10.1007/978-3-642-01001-9_16
Dinur, I., Dunkelman, O., Shamir, A.: New attacks on Keccak-224 and Keccak-256. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 442–461. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34047-5_25
Dinur, I., Dunkelman, O., Shamir, A.: Collision attacks on up to 5 rounds of SHA-3 using generalized internal differentials. Cryptology ePrint Archive, Report 2012/627. (2012). http://eprint.iacr.org/
Duc, A., Guo, J., Peyrin, T., Wei, L.: Unaligned rebound attack: application to Keccak. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 402–421. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34047-5_23
Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28, 270–299 (1984)
Golomb, S.W., Gong, G.: Signal Design for Good Correlation - for Wireless Communication, Cryptography and Radar. Cambridge Press (2005)
Gong, G., Mandal, K., Tan, Y., Wu, T.: Security assessment of TUAK algorithm set. CACR Technical Report, University of Waterloo (2014)
Key, E.L.: An analysis of the structure and complexity of nonlinear binary sequence generators. IEEE Trans. Inf. Theory 22, 732–736 (1976)
Knudsen, L., Leander, G., Poschmann, A., Robshaw, M.J.B.: PRINTcipher: a block cipher for IC-printing. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 16–32. Springer, Heidelberg (2010). doi:10.1007/978-3-642-15031-9_2
Leander, G., Abdelraheem, M.A., AlKhzaimi, H., Zenner, E.: A cryptanalysis of PRINTcipher: the invariant subspace attack. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 206–221. Springer, Heidelberg (2011). doi:10.1007/978-3-642-22792-9_12
Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994). doi:10.1007/3-540-48285-7_33
Meidl, W., Niederreiter, H.: On the expected value of the linear complexity and the \(k\)-error linear complexity of periodic sequences. IEEE Trans. Inf. Theory 48(11), 2817–2825 (2002)
Morawiecki, P., Pieprzyk, J., Srebrny, M., Straus, M.: Preimage attacks on the round-reduced Keccak with the aid of differential cryptanalysis, Cryptology ePrint Archive, Report 2013/561 (2013). http://eprint.iacr.org/
Morawiecki, P., Pieprzyk, J., Srebrny, M.: Rotational cryptanalysis of round-reduced KECCAK, Cryptology ePrint Archive, Report 2012/546. (2012). http://eprint.iacr.org/
Naya-Plasencia, M., Röck, A., Meier, W.: Practical analysis of reduced-round Keccak. In: Bernstein, D.J., Chatterjee, S. (eds.) INDOCRYPT 2011. LNCS, vol. 7107, pp. 236–254. Springer, Heidelberg (2011). doi:10.1007/978-3-642-25578-6_18
NIST, the SHA-3 competition (2007–2012). http://csrc.nist.gov/groups/ST/hash/sha-3/index.html
Olejar, D., Stanek, M.: On cryptographic properties of random Boolean functions. J. Univers. Comput. Sci. 4(8), 705–717 (1998)
Rueppel, R.A.: Analysis and Design of Stream Ciphers. Springer, Berlin (1986)
Todo, Y.: Integral cryptanalysis on full MISTY1. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 413–432. Springer, Heidelberg (2015). doi:10.1007/978-3-662-47989-6_20
Wu, T., Tan, Y., Mandal, K., Gong, G.: On the multi-output filtering model and its applications. CACR Technical Report, CACR 2017-01, University of Waterloo (2017). http://cacr.uwaterloo.ca/
3rd generation partnership project, Technical specification group services, system aspects, 3G security, specification of the 3Gpp. confidentiality, integrity algorithms; Document 2: KASUMI specification, V. 3.1.1 (2001)
Specification of the TUAK algorithm set: a second example algorithm set for the 3Gpp. authentication and key generation functions \(f_1, f_1^*, f_2, f_3, f_4, f_5 \text{and} f_5^*\), SP-130602, ETSI/SAGE, 13 Dec 2013. http://www.3gpp.org/ftp/tsg_sa/TSG_SA/TSGS_62/ftp-TdocsByTdoc_SP-62.htm
Acknowledgement
The authors would like to thank the reviewers of the C2SI-Carlet 2017 conference for their insightful comments to improving the quality of the paper. The authors sincerely thank Reviewer 3 for pointing out an error in Corollary 1 and also mentioning a connection between Statistical test 1 and the saturation attack.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Appendix
A Appendix
We describe the slope of the linear complexity distribution of \(f_1\) and \( {\textsf {AES} }\), \( {\textsf {KASUMI} }\) and \( {\textsf {PRESENT} }\). The slope in Table 6 is the average slope over \(10^8\) samples. The column “Slope (L)” contains the slopes computed from the LFSR input, and the column “Slope (R)” contains the slopes computed from the random input. The last column shows the absolute value of the difference between “Slope(L)” and “Slope(R)”. We can see the “Difference” of \( {\textsf {KASUMI} }\) and \( {\textsf {PRESENT} }\) are much greater than \(f_1\) and \( {\textsf {AES} }\).
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Wu, T., Tan, Y., Mandal, K., Gong, G. (2017). On the Multi-output Filtering Model and Its Applications. In: El Hajji, S., Nitaj, A., Souidi, E. (eds) Codes, Cryptology and Information Security. C2SI 2017. Lecture Notes in Computer Science(), vol 10194. Springer, Cham. https://doi.org/10.1007/978-3-319-55589-8_18
Download citation
DOI: https://doi.org/10.1007/978-3-319-55589-8_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-55588-1
Online ISBN: 978-3-319-55589-8
eBook Packages: Computer ScienceComputer Science (R0)