Advertisement

Rasta: A Cipher with Low ANDdepth and Few ANDs per Bit

  • Christoph Dobraunig
  • Maria Eichlseder
  • Lorenzo Grassi
  • Virginie Lallemand
  • Gregor Leander
  • Eik List
  • Florian Mendel
  • Christian Rechberger
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10991)

Abstract

Recent developments in multi party computation (MPC) and fully homomorphic encryption (FHE) promoted the design and analysis of symmetric cryptographic schemes that minimize multiplications in one way or another. In this paper, we propose with Rastaa design strategy for symmetric encryption that has ANDdepth d and at the same time only needs d ANDs per encrypted bit. Even for very low values of d between 2 and 6 we can give strong evidence that attacks may not exist. This contributes to a better understanding of the limits of what concrete symmetric-key constructions can theoretically achieve with respect to AND-related metrics, and is to the best of our knowledge the first attempt that minimizes both metrics simultaneously. Furthermore, we can give evidence that for choices of d between 4 and 6 the resulting implementation properties may well be competitive by testing our construction in the use-case of removing the large ciphertext-expansion when using the BGV scheme.

Keywords

Symmetric encryption ASASA Homomorphic encryption Multiplicative complexity Multiplicative depth 

Notes

Acknowledgments

This research was supported by H2020 project Prismacloud, grant agreement \(\text {n}^{\circ }\) 644962 and by the Austrian Science Fund (project P26494-N15).

References

  1. 1.
    Albrecht, M.R., Bard, G.V., Hart, W.: Algorithm 898: efficient multiplication of dense matrices over GF(2). ACM Trans. Math. Softw. 37(1), 9:1–9:14 (2010)CrossRefGoogle Scholar
  2. 2.
    Albrecht, M., Grassi, L., Rechberger, C., Roy, A., Tiessen, T.: MiMC: efficient encryption and cryptographic hashing with minimal multiplicative complexity. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10031, pp. 191–219. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53887-6_7CrossRefGoogle Scholar
  3. 3.
    Albrecht, M.R., Rechberger, C., Schneider, T., Tiessen, T., Zohner, M.: Ciphers for MPC and FHE. Cryptology ePrint Archive, Report 2016/687 (2016)Google Scholar
  4. 4.
    Albrecht, M.R., Rechberger, C., Schneider, T., Tiessen, T., Zohner, M.: Ciphers for MPC and FHE. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 430–454. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46800-5_17CrossRefGoogle Scholar
  5. 5.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The Keccak reference (version 3.0) (2011). http://keccak.noekeon.org
  6. 6.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak specifications. Submission to NIST (Round 3) (2011). http://keccak.noekeon.org
  7. 7.
    Biere, A.: Lingeling, plingeling and treengeling entering the SAT Competition 2013. In: Balint, A., Belov, A., Heule, M., Järvisalo, M. (eds.) SAT Competition 2013, vol. B-2013-1, pp. 51–52 (2013). http://fmv.jku.at/lingeling/
  8. 8.
    Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. In: Menezes, A.J., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991).  https://doi.org/10.1007/3-540-38424-3_1CrossRefGoogle Scholar
  9. 9.
    Bile, C., Perret, L., Faugère, J.C.: Algebraic cryptanalysis of RASTA. Technical report (2017)Google Scholar
  10. 10.
    Biryukov, A., Bouillaguet, C., Khovratovich, D.: Cryptographic schemes based on the ASASA structure: black-box, white-box, and public-key (extended abstract). In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 63–84. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-45611-8_4CrossRefGoogle Scholar
  11. 11.
    Biryukov, A., Perrin, L.: On reverse-engineering S-Boxes with hidden design criteria or structure. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 116–140. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-47989-6_6CrossRefGoogle Scholar
  12. 12.
    Biryukov, A., Shamir, A.: Structural cryptanalysis of SASAS. J. Cryptol. 23(4), 505–518 (2010)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Blum, A., Kalai, A., Wasserman, H.: Noise-tolerant learning, the parity problem, and the statistical query model. J. ACM 50(4), 506–519 (2003)MathSciNetCrossRefGoogle Scholar
  14. 14.
    Boyar, J., Peralta, R., Pochuev, D.: On the multiplicative complexity of Boolean functions over the basis (cap, +, 1). Theor. Comput. Sci. 235(1), 43–57 (2000)CrossRefGoogle Scholar
  15. 15.
    Brakerski, Z., Gentry, C., Vaikuntanathan, V.: Fully homomorphic encryption without bootstrapping. In: ECCC, vol. 18, p. 111 (2011)Google Scholar
  16. 16.
    Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (Leveled) fully homomorphic encryption without bootstrapping. In: ITCS, pp. 309–325. ACM (2012)Google Scholar
  17. 17.
    Canteaut, A., Carpov, S., Fontaine, C., Lepoint, T., Naya-Plasencia, M., Paillier, P., Sirdey, R.: Stream ciphers: a practical solution for efficient homomorphic-ciphertext compression. In: Peyrin, T. (ed.) FSE 2016. LNCS, vol. 9783, pp. 313–333. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-52993-5_16CrossRefGoogle Scholar
  18. 18.
    Chase, M., Derler, D., Goldfeder, S., Orlandi, C., Ramacher, S., Rechberger, C., Slamanig, D., Zaverucha, G.: Post-quantum zero-knowledge and signatures from symmetric-key primitives. In: CCS, pp. 1825–1842. ACM (2017)Google Scholar
  19. 19.
    Coron, J.-S., Lepoint, T., Tibouchi, M.: Scale-invariant fully homomorphic encryption over the integers. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 311–328. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-54631-0_18CrossRefGoogle Scholar
  20. 20.
    Courtois, N.T.: Fast algebraic attacks on stream ciphers with linear feedback. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 176–194. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-45146-4_11CrossRefGoogle Scholar
  21. 21.
    Courtois, N.T., Meier, W.: Algebraic attacks on stream ciphers with linear feedback. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 345–359. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-39200-9_21CrossRefGoogle Scholar
  22. 22.
    Daemen, J.: Cipher and hash function design - strategies based on linear and differential cryptanalysis. Ph.D. thesis, Katholieke Universiteit Leuven (1995)Google Scholar
  23. 23.
    Cannière, C.: Trivium: a stream cipher construction inspired by block cipher design principles. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 171–186. Springer, Heidelberg (2006).  https://doi.org/10.1007/11836810_13CrossRefGoogle Scholar
  24. 24.
    Dinur, I., Dunkelman, O., Kranz, T., Leander, G.: Decomposing the ASASA block cipher construction. Cryptology ePrint Archive, Report 2015/507 (2015)Google Scholar
  25. 25.
    Dinur, I., Liu, Y., Meier, W., Wang, Q.: Optimized interpolation attacks on LowMC. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 535–560. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48800-3_22CrossRefGoogle Scholar
  26. 26.
    Dinur, I., Shamir, A.: Cube attacks on tweakable black box polynomials. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 278–299. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-01001-9_16CrossRefGoogle Scholar
  27. 27.
    Dobraunig, C., Eichlseder, M., Mendel, F.: Higher-order cryptanalysis of LowMC. In: Kwon, S., Yun, A. (eds.) ICISC 2015. LNCS, vol. 9558, pp. 87–101. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-30840-1_6CrossRefGoogle Scholar
  28. 28.
    Duval, S., Lallemand, V., Rotella, Y.: Cryptanalysis of the FLIP family of stream ciphers. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 457–475. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53018-4_17CrossRefGoogle Scholar
  29. 29.
    Freedman, M.J., Ishai, Y., Pinkas, B., Reingold, O.: Keyword search and oblivious pseudorandom functions. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 303–324. Springer, Heidelberg (2005).  https://doi.org/10.1007/978-3-540-30576-7_17CrossRefGoogle Scholar
  30. 30.
    Gentry, C., Halevi, S., Smart, N.P.: Homomorphic evaluation of the AES circuit. Cryptology ePrint Archive, Report 2012/099Google Scholar
  31. 31.
    Gentry, C., Halevi, S., Smart, N.P.: Homomorphic evaluation of the AES circuit. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 850–867. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32009-5_49CrossRefGoogle Scholar
  32. 32.
    Gilbert, H., Plût, J., Treger, J.: Key-recovery attack on the ASASA cryptosystem with expanding S-Boxes. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 475–490. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-47989-6_23CrossRefGoogle Scholar
  33. 33.
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: STOC, pp. 218–229. ACM (1987)Google Scholar
  34. 34.
    Grassi, L., Rechberger, C., Rotaru, D., Scholl, P., Smart, N.P.: MPC-friendly symmetric key primitives. In: CCS, pp. 430–443. ACM (2016)Google Scholar
  35. 35.
    Grosso, V., Leurent, G., Standaert, F.-X., Varıcı, K.: LS-Designs: bitslice encryption for efficient masked software implementations. In: Cid, C., Rechberger, C. (eds.) FSE 2014. LNCS, vol. 8540, pp. 18–37. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46706-0_2CrossRefzbMATHGoogle Scholar
  36. 36.
    Halevi, S., Shoup, V.: Design and implementation of a homomorphic-encryption library (2013). https://github.com/shaih/HElib/
  37. 37.
    Halevi, S., Shoup, V.: Algorithms in HElib. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 554–571. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-44371-2_31CrossRefzbMATHGoogle Scholar
  38. 38.
    Hazay, C., Lindell, Y.: Efficient protocols for set intersection and pattern matching with security against malicious and covert adversaries. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 155–175. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-78524-8_10CrossRefGoogle Scholar
  39. 39.
    Joux, A., Vitse, V.: A crossbred algorithm for solving Boolean polynomial systems. Cryptology ePrint Archive, Report 2017/372Google Scholar
  40. 40.
    Knudsen, L., Wagner, D.: Integral cryptanalysis. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 112–127. Springer, Heidelberg (2002).  https://doi.org/10.1007/3-540-45661-9_9CrossRefGoogle Scholar
  41. 41.
    Lai, X.: Higher order derivatives and differential cryptanalysis. In: Communications and Cryptography: Two Sides of One Tapestry, pp. 227–233. Kluwer Academic Publishers (1994)CrossRefGoogle Scholar
  42. 42.
    Laur, S., Talviste, R., Willemson, J.: From oblivious AES to efficient and secure database join in the multiparty setting. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 84–101. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38980-1_6CrossRefzbMATHGoogle Scholar
  43. 43.
    Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994).  https://doi.org/10.1007/3-540-48285-7_33CrossRefGoogle Scholar
  44. 44.
    Méaux, P., Journault, A., Standaert, F.-X., Carlet, C.: Towards stream ciphers for efficient FHE with low-noise ciphertexts. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 311–343. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49890-3_13CrossRefGoogle Scholar
  45. 45.
    Minaud, B., Derbez, P., Fouque, P.-A., Karpman, P.: Key-recovery attacks on ASASA. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 3–27. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48800-3_1CrossRefGoogle Scholar
  46. 46.
    National Institute of Standards and Technology: FIPS PUB 202: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions. U.S. Department of Commerce, August 2015Google Scholar
  47. 47.
    Nielsen, J.B., Nordholt, P.S., Orlandi, C., Burra, S.S.: A new approach to practical active-secure two-party computation. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 681–700. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-32009-5_40CrossRefGoogle Scholar
  48. 48.
    Raddum, H.: Personal Communication (2017)Google Scholar
  49. 49.
    Randall, D.: Efficient generation of random nonsingular matrices. Random Struct. Algorithms 4(1), 111–118 (1993)MathSciNetCrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  • Christoph Dobraunig
    • 1
  • Maria Eichlseder
    • 1
  • Lorenzo Grassi
    • 1
  • Virginie Lallemand
    • 2
  • Gregor Leander
    • 2
  • Eik List
    • 3
  • Florian Mendel
    • 4
  • Christian Rechberger
    • 1
  1. 1.Graz University of TechnologyGrazAustria
  2. 2.Horst Görtz Institute for IT SecurityRuhr-Universität BochumBochumGermany
  3. 3.Bauhaus-Universität WeimarWeimarGermany
  4. 4.Infineon Technologies AGNeubibergGermany

Personalised recommendations