Advertisement

Analyzing Permutations for AES-like Ciphers: Understanding ShiftRows

  • Christof Beierle
  • Philipp Jovanovic
  • Martin M. Lauridsen
  • Gregor Leander
  • Christian Rechberger
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9048)

Abstract

Designing block ciphers and hash functions in a manner that resemble the AES in many aspects has been very popular since Rijndael was adopted as the Advanced Encryption Standard. However, in sharp contrast to the MixColumns operation, the security implications of the way the state is permuted by the operation resembling ShiftRows has never been studied in depth.

Here, we provide the first structured study of the influence of ShiftRows-like operations, or more generally, word-wise permutations, in AES-like ciphers with respect to diffusion properties and resistance towards differential- and linear attacks. After formalizing the concept of guaranteed trail weights, we show a range of equivalence results for permutation layers in this context. We prove that the trail weight analysis when using arbitrary word-wise permutations, with rotations as a special case, reduces to a consideration of a specific normal form. Using a mixed-integer linear programming approach, we obtain optimal parameters for a wide range of AES-like ciphers, and show improvements on parameters for Rijndael-\(192\), Rijndael-\(256\), PRIMATEs-\(80\) and Prøst-\(128\). As a separate result, we show for specific cases of the state geometry that a seemingly optimal bound on the trail weight can be obtained using cyclic rotations only for the permutation layer, i.e. in a very implementation friendly way.

Keywords

AES AES-like Differential cryptanalysis Linear cryptanalysis Diffusion Optimization Mixed-integer linear programming 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Andreeva, E., Bilgin, B., Bogdanov, A., Luykx, A., Mendel, F., Mennink, B., Mouha, N., Wang, Q., Yasuda, K.: PRIMATEs. CAESAR Proposal (2014). http://competitions.cr.yp.to/round1/primatesv1.pdf
  2. 2.
    Asratian, A.S., Denley, T.M.J., Häggkvist, R.: Bipartite Graphs and Their Applications. Cambridge Tracts in Mathematics. Cambridge University Press (1998)Google Scholar
  3. 3.
    Barreto, P.S.L.M., Rijmen, V.: The ANUBIS Block Cipher. NESSIE submission (2000). http://www.larc.usp.br/pbarreto/AnubisPage.html
  4. 4.
    Beierle, C., Jovanovic, P., Lauridsen, M.M., Leander, G., Rechberger, C.: Source code for experimental results (2015). https://github.com/mmeh/understanding-shiftrows
  5. 5.
    Benadjila, R., Billet, O., Gilbert, H., Macario-Rat, G., Peyrin, T., Robshaw, M., Seurin, Y.: SHA-3 Proposal: ECHO (2010). http://crypto.rd.francetelecom.com/ECHO/
  6. 6.
    Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991) Google Scholar
  7. 7.
    Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer (1993)Google Scholar
  8. 8.
    Biryukov, A., Khovratovich, D.: PAEQ. CAESAR Proposal (2014). http://competitions.cr.yp.to/round1/paeqv1.pdf
  9. 9.
    Borghoff, J., Canteaut, A., Güneysu, T., Kavun, E.B., Knezevic, M., Knudsen, L.R., Leander, G., Nikov, V., Paar, C., Rechberger, C., Rombouts, P., Thomsen, S.S., Yalçın, T.: PRINCE – a low-latency block cipher for pervasive computing applications. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 208–225. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  10. 10.
    Daemen, J., Knudsen, L.R., Rijmen, V.: The block cipher SQUARE. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–165. Springer, Heidelberg (1997) CrossRefGoogle Scholar
  11. 11.
    Daemen, J., Rijmen, V.: AES Proposal: Rjindael (1998). http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf
  12. 12.
    Daemen, J., Rijmen, V.: The wide trail design strategy. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, p. 222. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  13. 13.
    Fleischmann, E., Forler, C., Gorski, M., Lucks, S.: Twister – a framework for secure and fast hash functions. In: Bao, F., Li, H., Wang, G. (eds.) ISPEC 2009. LNCS, vol. 5451, pp. 257–273. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  14. 14.
    Gauravaram, P., Knudsen, L.R., Matusiewicz, K., Mendel, F., Rechberger, C., Schläffer, M., Thomsen, S.S.: Grøstl - a SHA-3 Candidate (2011). http://www.groestl.info/
  15. 15.
    Guo, J., Peyrin, T., Poschmann, A.: The PHOTON family of lightweight hash functions. In: Rogaway, P. (ed.) Advances in Cryptology – CRYPTO 2011. LNCS, vol. 6841, pp. 222–239. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  16. 16.
    Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.: The LED block cipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 326–341. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  17. 17.
  18. 18.
    Indesteege, S., Andreeva, E., De Cannière, C., Dunkelman, O., Käper, E., Nikova, S., Preneel, B., Tischhauser, E.: The LANE hash function. Submission to NIST (2008). http://www.cosic.esat.kuleuven.be/publications/article-1181.pdf
  19. 19.
    Nakahara Jr., J.: 3D: a three-dimensional block cipher. In: Franklin, M.K., Hui, L.C.K., Wong, D.S. (eds.) CANS 2008. LNCS, vol. 5339, pp. 252–267. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  20. 20.
    Kavun, E.B., Lauridsen, M.M., Leander, G., Rechberger, C., Schwabe, P., Yalçn, T.: Prøst. CAESAR Proposal (2014). http://proest.compute.dtu.dk
  21. 21.
    Lim, C.H., Korkishko, T.: mCrypton – a lightweight block cipher for security of low-cost RFID tags and sensors. In: Song, J.-S., Kwon, T., Yung, M. (eds.) WISA 2005. LNCS, vol. 3786, pp. 243–258. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  22. 22.
    MacWilliams, F.J., Sloane, N.J.A.: The Theory of Error-Correcting Codes. North-Holland Publishing Company, 2nd edn. (1978)Google Scholar
  23. 23.
    Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994) CrossRefGoogle Scholar
  24. 24.
    Mouha, N., Wang, Q., Gu, D., Preneel, B.: Differential and linear cryptanalysis using mixed-integer linear programming. In: Wu, C.-K., Yung, M., Lin, D. (eds.) Inscrypt 2011. LNCS, vol. 7537, pp. 57–76. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  25. 25.
    Markku-Juhani, O.: Saarinen. STRIBOBr 1. CAESAR Proposal (2014). http://competitions.cr.yp.to/round1/stribobr1.pdf
  26. 26.
    Shannon, C.: Communication Theory of Secrecy Systems. Bell System Technical Journal 28, 656–715 (1949)CrossRefMATHMathSciNetGoogle Scholar
  27. 27.
    Dominic, J.A.: Welsh. Codes and cryptography. Clarendon Press (1988)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Christof Beierle
    • 1
  • Philipp Jovanovic
    • 2
  • Martin M. Lauridsen
    • 3
  • Gregor Leander
    • 1
  • Christian Rechberger
    • 3
  1. 1.Horst Görtz Institute for IT SecurityRuhr-Universität BochumBochumGermany
  2. 2.Fakultät für Informatik und MathematikUniversität PassauPassauGermany
  3. 3.DTU ComputeTechnical University of DenmarkLyngbyDenmark

Personalised recommendations