Abstract
To improve the security of iterated block ciphers, the resistance against linear cryptanalysis has been formulated in terms of provable security which suggests the use of highly nonlinear functions as round functions. Here, we show that some properties of such functions enable to find a new upper bound for the degree of the product of its Boolean components. Such an improvement holds when all values occurring in the Walsh spectrum of the round function are divisible by a high power of 2. This result leads to a higher order differential attack on any 5-round Feistel ciphers using an almost bent substitution function. We also show that the use of such a function is precisely the origin of the weakness of a reduced version of MISTY1 reported in [23, 1].
Chapter PDF
References
S. Babbage and L. Frisch. On MISTY1 Higher Order Differential Cryptanalysis. In Proceedings of ICISC 2000, number 2015 in Lecture Notes in Computer Science, pages 22–36. Springer-Verlag, 2000.
A. Canteaut, P. Charpin, and H. Dobbertin. A new characterization of almost bent functions. In Fast Software Encryption 99, number 1636 in Lecture Notes in Computer Science, pages 186–200. Springer-Verlag, 1999.
A. Canteaut and M. Videau. Weakness of block ciphers using highly nonlinear confusion functions. Research Report 4367, INRIA, February 2002. Available on http://www.inria.fr/rrrt/rr-4367.html.
C. Carlet. Two new classes of bent functions. In Advances in Cryptology-EUROCRYPT’93, number 765 in Lecture Notes in Computer Science, pages 77–101. Springer-Verlag, 1994.
C. Carlet, P. Charpin, and V. Zinoviev. Codes, bent functions and permutations suitable for DES-like cryptosystems. Designs, Codes and Cryptography, 15:125–156, 1998.
F. Chabaud and S. Vaudenay. Links between differential and linear cryptanalysis. In A. De Santis, editor, Advances in Cryptology-EUROCRYPT’94, number 950 in Lecture Notes in Computer Science, pages 356–365. Springer-Verlag, 1995.
T. Cusick and H. Dobbertin. Some new 3-valued crosscorrelation functions of binary m-sequences. IEEE Transactions on Information Theory, 42:1238–1240, 1996.
H. Dobbertin. One-to-one highly nonlinear power functions on GF(2n). Appl. Algebra Engrg. Comm. Comput., 9(2):139–152, 1998.
R. Gold. Maximal recursive sequences with 3-valued recursive crosscorrelation functions. IEEE Transactions on Information Theory, 14:154–156, 1968.
T. Jakobsen and L.R. Knudsen. The interpolation attack on block ciphers. In Fast Software Encryption 97, number 1267 in Lecture Notes in Computer Science, pages 28–40. Springer-Verlag, 1997.
T. Kasami. The weight enumerators for several classes of subcodes of the second order binary Reed-Muller codes. Information and Control, 18:369–394, 1971.
L. R. Knudsen. Truncated and higher order differentials. In Fast Software Encryption-Second International Workshop, number 1008 in Lecture Notes in Computer Science, pages 196–211. Springer-Verlag, 1995.
G. Lachaud and J. Wolfmann. The weights of the orthogonal of the extended quadratic binary Goppa codes. IEEE Transactions on Information Theory, 36(3):686–692, 1990.
X. Lai. Higher order derivatives and differential cryptanalysis. In Proc. “Symposium on Communication, Coding and Cryptography”, in honor of J. L. Massey on the occasion of his 60’th birthday, 1994.
F.J. MacWilliams and N.J.A. Sloane. The Theory of Error-Correcting Codes. North-Holland, 1977.
M. Matsui. Linear cryptanalysis method for DES cipher. In Advances in Cryptology-EUROCRYPT’93, number 765 in Lecture Notes in Computer Science, pages 386–397. Springer-Verlag, 1993.
M. Matsui. The first experimental cryptanalysis of the Data Encryption Standard. In Advances in Cryptology-CRYPTO’94, number 839 in Lecture Notes in Computer Science. Springer-Verlag, 1995.
M. Matsui. New Block Encryption Algorithm MISTY. In Fast Software Encryption 97, number 1267 in Lecture Notes in Computer Science, pages 54–68. Springer-Verlag, 1997.
R.J. McEliece. Weight congruence for p-ary cyclic codes. Discrete Mathematics, 3:177–192, 1972.
K. Nyberg. Differentially uniform mappings for cryptography. In Advances in Cryptology-EUROCRYPT’93, number 765 in Lecture Notes in Computer Science, pages 55–64. Springer-Verlag, 1993.
K. Nyberg. On the construction of highly nonlinear permutations, In Advances in Cryptology-EUROCRYPT’92, number 658 in Lecture Notes in Computer Science, pages 92–98. Springer-Verlag, 1993.
K. Nyberg and L.R. Knudsen. Provable security against differential cryptanalysis. In Advances in Cryptology-CRYPTO’92, number 740 in Lecture Notes in Computer Science, pages 566–574. Springer-Verlag, 1993.
H. Tanaka, K. Hisamatsu, and T. Kaneko. Strength of MISTY1 without FL function for Higher Order Differential Attack. In Applied Algebra, Algebraic Algorithms and Error-Correcting Codes, number 1719 in Lecture Notes in Computer Science, pages 221–230. Springer-Verlag, 1999.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Canteaut, A., Videau, M. (2002). Degree of Composition of Highly Nonlinear Functions and Applications to Higher Order Differential Cryptanalysis. In: Knudsen, L.R. (eds) Advances in Cryptology — EUROCRYPT 2002. EUROCRYPT 2002. Lecture Notes in Computer Science, vol 2332. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-46035-7_34
Download citation
DOI: https://doi.org/10.1007/3-540-46035-7_34
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43553-2
Online ISBN: 978-3-540-46035-0
eBook Packages: Springer Book Archive