Abstract
Iterated attacks are comprised of iterating adversaries who can make d plaintext queries, in each iteration to compute a bit, and are trying to distinguish between a random cipher C and the ideal random cipher \(C^*\) based on all bits. In EUROCRYPT ’99, Vaudenay showed that a 2d-decorrelated cipher resists to iterated attacks of order d when iterations make almost no common queries. Then, he first asked what the necessary conditions are for a cipher to resist a non-adaptive iterated attack of order d. Secondly, he speculated that repeating a plaintext query in different iterations does not provide any advantage to a non-adaptive distinguisher. We close here these two long-standing open problems.
We show that, in order to resist non-adaptive iterated attacks of order d, decorrelation of order \(2d-1\) is not sufficient. We do this by providing a counterexample consisting of a cipher decorrelated to the order \(2d-1\) and a successful non-adaptive iterated attack of order d against it.
Moreover, we prove that the aforementioned claim is wrong by showing that a higher probability of having a common query between different iterations can translate to a high advantage of the adversary in distinguishing C from \(C^*\). We provide a counterintuitive example consisting of a cipher decorrelated to the order 2d which can be broken by an iterated attack of order 1 having a high probability of common queries.
This work was supported in part by the European Commission through the ICT program under contract ICT-2007-216646 ECRYPT II.
This work was supported by the National Competence Center in Research on Mobile Information and Communication Systems (NCCR-MICS), a center of the SNF under grant number 5005-67322.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Alon, N., Goldreich, O., Mansour, Y.: Almost k-wise independence versus k-wise independence. Electronic Colloquium on Computational Complexity (ECCC) 9(048) (2002)
Baignères, T., Finiasz, M.: Dial \({\sf C}\) for Cipher. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 76–95. Springer, Heidelberg (2007)
Baignères, T., Finiasz, M.: \(\sf {KFC}\) - The Krazy Feistel Cipher. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 380–395. Springer, Heidelberg (2006)
Baignères, T., Vaudenay, S.: Proving the Security of AES Substitution-Permutation Network. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 65–81. Springer, Heidelberg (2006)
Chabaud, F., Vaudenay, S.: Links between Differential and Linear Cryptanalysis. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 356–365. Springer, Heidelberg (1995)
Carter, L., Wegman, M.N.: Universal Classes of Hash Functions. Journal of Computer and System Sciences 18(2), 143–154 (1979)
Carter, L., Wegman, M.N.: New Hash Functions and Their Use in Authentication and Set Equality. Journal of Computer and System Sciences 22(3), 265–279 (1981)
Hoeffding, W.: Probability Inequalities For Sums of Bounded Random Variables (1962)
Luby, M., Rackoff, C.: How to Construct Pseudo-random Permutations from Pseudo-random Functions. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, p. 447. Springer, Heidelberg (1986)
Luby, M., Rackoff, C.: Pseudo-random Permutation Generators and Cryptographic Composition. In: Hartmanis, J. (ed.) STOC, pp. 356–363. ACM (1986)
Luby, M.: A Simple Parallel Alogarithm for the Maxial Independent Set Problem. SIAM J. Comput. 15(4), 1036–1053 (1986)
Naor, J., Naor, M.: Small-bias probability spaces: Efficient constructions and applications. In: Ortiz, H. (ed.) STOC, pp. 213–223. ACM (1990)
Nyberg, K.: Perfect Nonlinear S-Boxes. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 378–386. Springer, Heidelberg (1991)
Poupard, G., Vaudenay, S.: Decorrelated Fast Cipher: An AES Candidate Well Suited for Low Cost Smart Card applications. In: Quisquater, J.-J., Schneier, B. (eds.) CARDIS 1998. LNCS, vol. 1820, pp. 254–264. Springer, Heidelberg (2000)
Vaudenay, S.: Feistel Ciphers with L\({_2}\)-Decorrelation. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 1–14. Springer, Heidelberg (1999)
Vaudenay, S.: Provable Security for Block Ciphers by Decorrelation. In: Morvan, M., Meinel, C., Krob, D. (eds.) STACS 1998. LNCS, vol. 1373, pp. 249–275. Springer, Heidelberg (1998)
Vaudenay, S.: On Probable Security for Conventional Cryptography. In: Song, J.S. (ed.) ICISC 1999. LNCS, vol. 1787, pp. 1–16. Springer, Heidelberg (2000)
Vaudenay, S.: Resistance Against General Iterated Attacks. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 255–271. Springer, Heidelberg (1999)
Vaudenay, S.: Adaptive-Attack Norm for Decorrelation and Super-Pseudorandomness. In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758, pp. 49–61. Springer, Heidelberg (2000)
Vaudenay, S.: Decorrelation: A Theory for Block Cipher Security. J. Cryptology 16(4), 249–286 (2003)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 International Association for Cryptologic Research 2012
About this paper
Cite this paper
Bay, A., Mashatan, A., Vaudenay, S. (2012). Resistance against Iterated Attacks by Decorrelation Revisited. In: Safavi-Naini, R., Canetti, R. (eds) Advances in Cryptology – CRYPTO 2012. CRYPTO 2012. Lecture Notes in Computer Science, vol 7417. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32009-5_43
Download citation
DOI: https://doi.org/10.1007/978-3-642-32009-5_43
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32008-8
Online ISBN: 978-3-642-32009-5
eBook Packages: Computer ScienceComputer Science (R0)