Advertisement

An Improved Affine Equivalence Algorithm for Random Permutations

  • Itai Dinur
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10820)

Abstract

In this paper we study the affine equivalence problem, where given two functions \(\varvec{F},\varvec{G}: \{0,1\}^n \rightarrow \{0,1\}^n\), the goal is to determine whether there exist invertible affine transformations \(A_1,A_2\) over \(GF(2)^n\) such that \(\varvec{G} = A_2 \circ \varvec{F} \circ A_1\). Algorithms for this problem have several well-known applications in the design and analysis of Sboxes, cryptanalysis of white-box ciphers and breaking a generalized Even-Mansour scheme.

We describe a new algorithm for the affine equivalence problem and focus on the variant where \(\varvec{F},\varvec{G}\) are permutations over n-bit words, as it has the widest applicability. The complexity of our algorithm is about \(n^3 2^n\) bit operations with very high probability whenever \(\varvec{F}\) (or \(\varvec{G})\) is a random permutation. This improves upon the best known algorithms for this problem (published by Biryukov et al. at EUROCRYPT 2003), where the first algorithm has time complexity of \(n^3 2^{2n}\) and the second has time complexity of about \(n^3 2^{3n/2}\) and roughly the same memory complexity.

Our algorithm is based on a new structure (called a rank table) which is used to analyze particular algebraic properties of a function that remain invariant under invertible affine transformations. Besides its standard application in our new algorithm, the rank table is of independent interest and we discuss several of its additional potential applications.

Keywords

Affine equivalence problem Block cipher Even-Mansour cipher Cryptanalysis Rank table 

References

  1. 1.
    Adams, C.M.: Constructing symmetric ciphers using the CAST design procedure. Des. Codes Cryptogr. 12(3), 283–316 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Biryukov, A., Bouillaguet, C., Khovratovich, D.: Cryptographic schemes based on the ASASA structure: black-box, white-box, and public-key (extended abstract). In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 63–84. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-45611-8_4Google Scholar
  3. 3.
    Biryukov, A., De Cannière, C., Braeken, A., Preneel, B.: A toolbox for cryptanalysis: linear and affine equivalence algorithms. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 33–50. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-39200-9_3CrossRefGoogle Scholar
  4. 4.
    Biryukov, A., Perrin, L.: On reverse-engineering S-boxes with hidden design criteria or structure. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 116–140. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-47989-6_6CrossRefGoogle Scholar
  5. 5.
    Bouillaguet, C., Fouque, P.-A., Véber, A.: Graph-theoretic algorithms for the “Isomorphism of Polynomials” problem. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 211–227. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38348-9_13CrossRefGoogle Scholar
  6. 6.
    Brinkmann, M., Leander, G.: On the classification of APN functions up to dimension five. Des. Codes Cryptogr. 49(1–3), 273–288 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Canteaut, A., Roué, J.: On the behaviors of affine equivalent sboxes regarding differential and linear attacks. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 45–74. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46800-5_3Google Scholar
  8. 8.
    Daemen, J.: Limitations of the Even-Mansour construction. In: Imai, H., Rivest, R.L., Matsumoto, T. (eds.) ASIACRYPT 1991. LNCS, vol. 739, pp. 495–498. Springer, Heidelberg (1993).  https://doi.org/10.1007/3-540-57332-1_46CrossRefGoogle Scholar
  9. 9.
    Dinur, I.: An improved affine equivalence algorithm for random permutations. IACR Cryptology ePrint Archive 2018, p. 115 (2018)Google Scholar
  10. 10.
    Dinur, I., Dunkelman, O., Kranz, T., Leander, G.: Decomposing the asasa block cipher construction. IACR Cryptology ePrint Archive 2015, p. 507 (2015)Google Scholar
  11. 11.
    Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. J. Cryptol. 10(3), 151–162 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Joux, A.: Algorithmic Cryptanalysis. Chapman & Hall, London (2009)CrossRefzbMATHGoogle Scholar
  13. 13.
    Kolchin, V.F.: Random Graphs. Cambridge University Press, Cambridge (1999)zbMATHGoogle Scholar
  14. 14.
    Leander, G., Poschmann, A.: On the classification of 4 bit S-boxes. In: Carlet, C., Sunar, B. (eds.) WAIFI 2007. LNCS, vol. 4547, pp. 159–176. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-73074-3_13CrossRefGoogle Scholar
  15. 15.
    Michiels, W., Gorissen, P., Hollmann, H.D.L.: Cryptanalysis of a generic class of white-box implementations. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 414–428. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-04159-4_27CrossRefGoogle Scholar
  16. 16.
    Minaud, B., Derbez, P., Fouque, P.-A., Karpman, P.: Key-recovery attacks on ASASA. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9453, pp. 3–27. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48800-3_1CrossRefGoogle Scholar
  17. 17.
    Patarin, J.: Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): two new families of asymmetric algorithms. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 33–48. Springer, Heidelberg (1996).  https://doi.org/10.1007/3-540-68339-9_4CrossRefGoogle Scholar
  18. 18.
    Patarin, J., Goubin, L., Courtois, N.: Improved algorithms for isomorphisms of polynomials. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 184–200. Springer, Heidelberg (1998).  https://doi.org/10.1007/BFb0054126CrossRefGoogle Scholar
  19. 19.
    Wang, Q., Liu, Z., Varıcı, K., Sasaki, Y., Rijmen, V., Todo, Y.: Cryptanalysis of reduced-round SIMON32 and SIMON48. In: Meier, W., Mukhopadhyay, D. (eds.) INDOCRYPT 2014. LNCS, vol. 8885, pp. 143–160. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-13039-2_9Google Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  1. 1.Department of Computer ScienceBen-Gurion UniversityBeershebaIsrael

Personalised recommendations