Skip to main content
SpringerLink
Log in

On the Multi-output Filtering Model and Its Applications

  • Conference paper
  • First Online:
Codes, Cryptology and Information Security (C2SI 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10194))

  • 956 Accesses

Abstract

In this paper, we propose a novel technique, called multi-output filtering model, to study the non-randomness property of a cryptographic algorithm such as message authentication codes and block ciphers. A multi-output filtering model consists of a linear feedback shift register and a multi-output filtering function. Our contribution in this paper is twofold. First, we propose an attack technique under IND-CPA using the multi-output filtering model. By introducing a distinguishing function, we theoretically determine the success rate of this attack. In particular, we construct a distinguishing function based on the distribution of the linear complexity of component sequences, and apply it on studying \({\textsf {TUAK}}\)’s \(f_1\) algorithm, \( {\textsf {AES} }\), \( {\textsf {KASUMI} }\), \( {\textsf {PRESENT} }\) and PRINTcipher. We demonstrate that the success rate of the attack on \( {\textsf {KASUMI} }\) and \( {\textsf {PRESENT} }\) is non-negligible, but \(f_1\) and \( {\textsf {AES} }\) are resistant to this attack. Second, we study the distribution of the cryptographic properties of component functions of a random primitive in the multi-output filtering model. Our experiments show some non-randomness in the distribution of algebraic degree and nonlinearity for \( {\textsf {KASUMI} }\).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Aumasson, J.-P., Meier, W.: Zero-sum distinguishers for deduced Keccak-\(f\) and for the core functions of Luffa and Hamsi. In: Presented at the Rump Session of CHES 2009 (2009)

    Google Scholar 

  2. Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among notions of security for public-key encryption schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998). doi:10.1007/BFb0055718

    Chapter  Google Scholar 

  3. Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption: analysis of the DES modes of operation. In: Proceedings of the 38th Symposium on Foundations of Computer Science. IEEE (1997)

    Google Scholar 

  4. Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: The Keccak reference. (2011). http://keccak.noekeon.org/Keccak-reference-3.0.pdf

  5. Bogdanov, A., Knudsen, L.R., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y., Vikkelsoe, C.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74735-2_31

    Chapter  Google Scholar 

  6. Boura, C., Canteaut, A.: Zero-sum distinguishers for iterated permutations and application to Keccak-f and Hamsi-256. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 1–17. Springer, Heidelberg (2011). doi:10.1007/978-3-642-19574-7_1

    Chapter  Google Scholar 

  7. Carlet, C.: Boolean functions for cryptography and error correcting codes. In: Crama, Y., Hammer, P.L. (eds.) The Monography Boolean Models and Methods in Mathematics, Computer Science, and Engineering, pp. 257–397. Cambridge University Press (2010)

    Google Scholar 

  8. Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer, New York (2002)

    Book  MATH  Google Scholar 

  9. Daemen, J., Assche, G.: Differential propagation analysis of keccak. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 422–441. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34047-5_24

    Chapter  Google Scholar 

  10. Dinur, I., Shamir, A.: Cube attacks on tweakable black box polynomials. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 278–299. Springer, Heidelberg (2009). doi:10.1007/978-3-642-01001-9_16

    Chapter  Google Scholar 

  11. Dinur, I., Dunkelman, O., Shamir, A.: New attacks on Keccak-224 and Keccak-256. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 442–461. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34047-5_25

    Chapter  Google Scholar 

  12. Dinur, I., Dunkelman, O., Shamir, A.: Collision attacks on up to 5 rounds of SHA-3 using generalized internal differentials. Cryptology ePrint Archive, Report 2012/627. (2012). http://eprint.iacr.org/

  13. Duc, A., Guo, J., Peyrin, T., Wei, L.: Unaligned rebound attack: application to Keccak. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 402–421. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34047-5_23

    Chapter  Google Scholar 

  14. Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28, 270–299 (1984)

    Article  MathSciNet  MATH  Google Scholar 

  15. Golomb, S.W., Gong, G.: Signal Design for Good Correlation - for Wireless Communication, Cryptography and Radar. Cambridge Press (2005)

    Google Scholar 

  16. Gong, G., Mandal, K., Tan, Y., Wu, T.: Security assessment of TUAK algorithm set. CACR Technical Report, University of Waterloo (2014)

    Google Scholar 

  17. Key, E.L.: An analysis of the structure and complexity of nonlinear binary sequence generators. IEEE Trans. Inf. Theory 22, 732–736 (1976)

    Article  MATH  Google Scholar 

  18. Knudsen, L., Leander, G., Poschmann, A., Robshaw, M.J.B.: PRINTcipher: a block cipher for IC-printing. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 16–32. Springer, Heidelberg (2010). doi:10.1007/978-3-642-15031-9_2

    Chapter  Google Scholar 

  19. Leander, G., Abdelraheem, M.A., AlKhzaimi, H., Zenner, E.: A cryptanalysis of PRINTcipher: the invariant subspace attack. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 206–221. Springer, Heidelberg (2011). doi:10.1007/978-3-642-22792-9_12

    Chapter  Google Scholar 

  20. Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994). doi:10.1007/3-540-48285-7_33

    Chapter  Google Scholar 

  21. Meidl, W., Niederreiter, H.: On the expected value of the linear complexity and the \(k\)-error linear complexity of periodic sequences. IEEE Trans. Inf. Theory 48(11), 2817–2825 (2002)

    Article  MathSciNet  MATH  Google Scholar 

  22. Morawiecki, P., Pieprzyk, J., Srebrny, M., Straus, M.: Preimage attacks on the round-reduced Keccak with the aid of differential cryptanalysis, Cryptology ePrint Archive, Report 2013/561 (2013). http://eprint.iacr.org/

  23. Morawiecki, P., Pieprzyk, J., Srebrny, M.: Rotational cryptanalysis of round-reduced KECCAK, Cryptology ePrint Archive, Report 2012/546. (2012). http://eprint.iacr.org/

  24. Naya-Plasencia, M., Röck, A., Meier, W.: Practical analysis of reduced-round Keccak. In: Bernstein, D.J., Chatterjee, S. (eds.) INDOCRYPT 2011. LNCS, vol. 7107, pp. 236–254. Springer, Heidelberg (2011). doi:10.1007/978-3-642-25578-6_18

    Chapter  Google Scholar 

  25. NIST, the SHA-3 competition (2007–2012). http://csrc.nist.gov/groups/ST/hash/sha-3/index.html

  26. Olejar, D., Stanek, M.: On cryptographic properties of random Boolean functions. J. Univers. Comput. Sci. 4(8), 705–717 (1998)

    MathSciNet  MATH  Google Scholar 

  27. Rueppel, R.A.: Analysis and Design of Stream Ciphers. Springer, Berlin (1986)

    Book  MATH  Google Scholar 

  28. Todo, Y.: Integral cryptanalysis on full MISTY1. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 413–432. Springer, Heidelberg (2015). doi:10.1007/978-3-662-47989-6_20

    Chapter  Google Scholar 

  29. Wu, T., Tan, Y., Mandal, K., Gong, G.: On the multi-output filtering model and its applications. CACR Technical Report, CACR 2017-01, University of Waterloo (2017). http://cacr.uwaterloo.ca/

  30. 3rd generation partnership project, Technical specification group services, system aspects, 3G security, specification of the 3Gpp. confidentiality, integrity algorithms; Document 2: KASUMI specification, V. 3.1.1 (2001)

    Google Scholar 

  31. Specification of the TUAK algorithm set: a second example algorithm set for the 3Gpp. authentication and key generation functions \(f_1, f_1^*, f_2, f_3, f_4, f_5 \text{and} f_5^*\), SP-130602, ETSI/SAGE, 13 Dec 2013. http://www.3gpp.org/ftp/tsg_sa/TSG_SA/TSGS_62/ftp-TdocsByTdoc_SP-62.htm

Download references

Acknowledgement

The authors would like to thank the reviewers of the C2SI-Carlet 2017 conference for their insightful comments to improving the quality of the paper. The authors sincerely thank Reviewer 3 for pointing out an error in Corollary 1 and also mentioning a connection between Statistical test 1 and the saturation attack.

Author information

Authors and Affiliations

  1. Department of Electrical and Computer Engineering, University of Waterloo, Waterloo, Ontario, N2L 3G1, Canada

    Teng Wu, Yin Tan, Kalikinkar Mandal & Guang Gong

Authors
  1. Teng Wu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yin Tan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kalikinkar Mandal
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Guang Gong
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kalikinkar Mandal .

Editor information

Editors and Affiliations

  1. University of Mohammed V, Rabat, Morocco

    Said El Hajji

  2. University of Caen, Caen, France

    Abderrahmane Nitaj

  3. University of Mohammed V, Rabat, Morocco

    El Mamoun Souidi

A Appendix

A Appendix

We describe the slope of the linear complexity distribution of \(f_1\) and \( {\textsf {AES} }\), \( {\textsf {KASUMI} }\) and \( {\textsf {PRESENT} }\). The slope in Table 6 is the average slope over \(10^8\) samples. The column “Slope (L)” contains the slopes computed from the LFSR input, and the column “Slope (R)” contains the slopes computed from the random input. The last column shows the absolute value of the difference between “Slope(L)” and “Slope(R)”. We can see the “Difference” of \( {\textsf {KASUMI} }\) and \( {\textsf {PRESENT} }\) are much greater than \(f_1\) and \( {\textsf {AES} }\).

Table 6. The slope of \(f_1\), \( {\textsf {AES} }\), \( {\textsf {KASUMI} }\) and \( {\textsf {PRESENT} }\) on average
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Wu, T., Tan, Y., Mandal, K., Gong, G. (2017). On the Multi-output Filtering Model and Its Applications. In: El Hajji, S., Nitaj, A., Souidi, E. (eds) Codes, Cryptology and Information Security. C2SI 2017. Lecture Notes in Computer Science(), vol 10194. Springer, Cham. https://doi.org/10.1007/978-3-319-55589-8_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-55589-8_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-55588-1

  • Online ISBN: 978-3-319-55589-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation