Abstract
In this work, we tackle the problem of estimating the security of iterated symmetric ciphers in an efficient manner, with tests that do not require a deep analysis of the internal structure of the cipher. This is particularly useful during the design phase of these ciphers, especially for quickly testing several combinations of possible parameters defining several cipher design variants.
We consider a popular statistical test that allows us to determine the probability of flipping each cipher output bit, given a small variation in the input of the cipher. From these probabilities, one can compute three measurable metrics related to the well-known full diffusion, avalanche and strict avalanche criteria.
This highly parallelizable testing process scales linearly with the number of samples, i.e., cipher inputs, to be evaluated and the number of design variants to be tested. But, the number of design variants might grow exponentially with respect to some parameters.
The high cost of Central Processing Unit (CPU)s makes them a bad candidate for this kind of parallelization. As a main contribution, we propose a framework, ACE-HoT, to parallelize the testing process using multi-Graphics Processing Units (GPUs). Our implementation does not perform any intermediate CPU-GPU data transfers.
The diffusion and avalanche criteria can be seen as an application of discrete first-order derivatives. As a secondary contribution, we generalize these criteria to their high-order version. Our generalization requires an exponentially larger number of samples, in order to compute sufficiently accurate probabilities. As a case study, we apply ACE-HoT on most of the finalists of the National Institute of Standards and Technologies (NIST) lightweight standardization process, with a special focus on the winner ASCON.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
We can provide the source code to the reviewers if requested.
- 2.
A certain threshold has to be fixed.
- 3.
We recall that we report on the minimum value of each metric. This is why all metrics are monotonically non-decreasing.
References
Authors, V.: CAESAR: competition for authenticated encryption: security, applicability, and robustness (2014). https://competitions.cr.yp.to/caesar.html. Accessed 14 Apr 2022
g Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials. In: Advances in Cryptology-EUROCRYPT’99: International Conference on the Theory and Application of Cryptographic Techniques Prague, Czech Republic, 2–6 May 1999 Proceedings 18, pp. 12–23. Springer, Heidelber (1999). https://doi.org/10.1007/3-540-48910-x_2
Carlet, C., Crama, Y., Hammer, P.L.: Vectorial boolean functions for cryptography. In: Crama, Y., Hammer, P.L. (eds.) Boolean Models and Methods in Mathematics, Computer Science, and Engineering, pp. 398–470. Cambridge University Press, Cambridge (2010). https://doi.org/10.1017/cbo9780511780448.012
Corp., N.: Dynamic parallelism in CUDA (2012). https://goo.gl/KhEhve
Daemen, J., Hoffert, S., Assche, G.V., Keer, R.V.: The design of Xoodoo and Xoofff. IACR Trans. Symm. Cryptol. 2018(4), 1–38 (2018). https://doi.org/10.13154/tosc.v2018.i4.1-38
Dobraunig, C., Eichlseder, M., Mendel, F., Schläffer, M.: Ascon v1.2 submission to nist. Technical report, NIST (2021). https://ascon.iaik.tugraz.at/files/asconv12-nist.pdf
Fedus, W., Zoph, B., Shazeer, N.: Switch transformers: scaling to trillion parameter models with simple and efficient sparsity. J. Mach. Learn. Res. 23, 120:1–120:39 (2022)
Feistel, H.: Cryptography and computer privacy. Sci. Am. 228(5), 15–23 (1973)
Forrié, R.: The strict avalanche criterion: spectral properties of boolean functions and an extended definition. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 450–468. Springer, New York (1990). https://doi.org/10.1007/0-387-34799-2_31
Hetherington, T.H., Lubeznov, M., Shah, D., Aamodt, T.M.: Edge: event-driven gpu execution. In: 2019 28th International Conference on Parallel Architectures and Compilation Techniques (PACT), pp. 337–353. IEEE Computer Society, Los Alamitos (2019). https://doi.org/10.1109/PACT.2019.00034
Kam, J.B., Davida, G.I.: Structured design of substitution-permutation encryption networks. IEEE Trans. Comput. 28(10), 747–753 (1979)
Kim, J., Hur, S., Lee, E., Lee, S., Kim, J.: Nlp-fast: a fast, scalable, and flexible system to accelerate large-scale heterogeneous nlp models. In: 2021 30th International Conference on Parallel Architectures and Compilation Techniques (PACT), pp. 75–89. IEEE Computer Society, Los Alamitos (2021). https://doi.org/10.1109/PACT52795.2021.00013
Kim, Y., Yeom, Y.: Accelerated implementation for testing IID assumption of NIST SP 800–90B using GPU. PeerJ Comput. Sci. 7, e404 (2021)
Kirk, D.B., Hwu, W.M.W.: Programming Massively Parallel Processors: A Hands-on Approach, 3rd edn. Morgan Kaufmann Publishers Inc., San Francisco (2016)
Knudsen, L.R.: Truncated and higher order differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196–211. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-60590-8_16
Lai, X.: Higher order derivatives and differential cryptanalysis. In: Communications and Cryptography, pp. 227–233. Springer, Heidelberg (1994). https://doi.org/10.1007/978-1-4615-2694-0_23
Liu, G., Wang, S., Bao, Y.: Seer: a time prediction model for CNNs from GPU kernel’s view. In: 2021 30th International Conference on Parallel Architectures and Compilation Techniques (PACT), pp. 173–185. IEEE Computer Society, Los Alamitos (2021). https://doi.org/10.1109/PACT52795.2021.00020
Mark, H.: CUDA Pro Tip: Write Flexible Kernels with Grid-Stride Loops (2013)
NIST: SHA-3 Competition (2007). https://csrc.nist.gov/projects/hash-functions/sha-3-project. Accessed 14 Apr 2022
NIST: Lightweight Cryptography Standardization Process (2018). https://csrc.nist.gov/Projects/lightweight-cryptography. Accessed 14 Apr 2022
Preneel, B., Robshaw, M., Johansson, T., Bosselaers, A.: eSTREAM: the ECRYPT Stream Cipher Project (2005). https://www.ecrypt.eu.org/stream/. Accessed 14 Apr 2022
Rohit, R., Sarkar, S.: Diving deep into the weak keys of round reduced Ascon. In: IACR Transactions on Symmetric Cryptology, pp. 74–99 (2021)
Rukhin, A., Soto, J., Nechvatal, J., Smid, M., Barker, E.: A statistical test suite for random and pseudorandom number generators for cryptographic applications. Technical report, Booz-allen and hamilton inc mclean va (2001)
Smid, M., Foti, J.: Development of the advanced encryption standard (2021). https://doi.org/10.6028/jres.126.024. https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=931014
Stevens, M., Bursztein, E., Karpman, P., Albertini, A., Markov, Y.: The first collision for full SHA-1. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 570–596. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_19
Webster, A., Tavares, S.E.: On the design of s-boxes. In: Conference on the theory and Application of Cryptographic Techniques, pp. 523–534. Springer, Linz (1985). https://doi.org/10.1007/3-540-39799-x_41
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Bellini, E., Grados, J., Rachidi, M., Satpute, N., Daemen, J., El Hirch, S. (2023). ACE-HoT: Accelerating an Extreme Amount of Symmetric Cipher Evaluations for (High-order) Avalanche Tests. In: Aly, A., Tibouchi, M. (eds) Progress in Cryptology – LATINCRYPT 2023. LATINCRYPT 2023. Lecture Notes in Computer Science, vol 14168. Springer, Cham. https://doi.org/10.1007/978-3-031-44469-2_2
Download citation
DOI: https://doi.org/10.1007/978-3-031-44469-2_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-44468-5
Online ISBN: 978-3-031-44469-2
eBook Packages: Computer ScienceComputer Science (R0)