Abstract
Iterated attacks are comprised of iterating adversaries who can make d plaintext queries, in each iteration to compute a bit, and are trying to distinguish between a random cipher C and the perfect cipher C ∗ based on all bits. Vaudenay showed that a 2d-decorrelated cipher resists to iterated attacks of order d when iterations have almost no common queries. Then, he first asked what the necessary conditions are for a cipher to resist a non-adaptive iterated attack of order d. I.e., whether decorrelation of order 2d − 1 could be sufficient. Secondly, he speculated that repeating a plaintext query in different iterations does not provide any advantage to a non-adaptive distinguisher. We close here these two long-standing open problems negatively. For those questions, we provide two counter-intuitive examples.W e also deal with adaptive iterated adversaries who can make both plaintext and ciphertext queries in which the future queries are dependent on the past queries. We show that decorrelation of order 2d protects against these attacks of order d. We also study the generalization of these distinguishers for iterations making non-binary outcomes. Finally, we measure the resistance against two well-known statistical distinguishers, namely, differential-linear and boomerang distinguishers and show that 4-decorrelation degree protects against these attacks.
Similar content being viewed by others
References
Alon, N., Goldreich, O., Mansour, Y.: Almost k-wise independence versus k-wise independence. Electr. Colloq. Comput. Complex. (ECCC) 9(048) (2002)
Baignères, T., Finiasz, M.: KFC—the krazy feistel cipher. In: Lai, X., Chen, K. (eds.) ASIACRYPT’06, Lecture Notes in Computer Science, vol. 4284. Springer, Berlin (2006)
Baignères, T., Finiasz, M.: Dial C for cipher. In: Biham, E., Youssef, A.M. (eds.) SAC’06, Lecture Notes in Computer Science, vol. 4356, pp 76–95. Springer, Berlin (2007)
Baignères, T., Vaudenay, S.: Proving the security of AES substitution-permutation network. In: Preneel, B., Tavares, S.E. (eds.) SAC’05, Lecture Notes in Computer Science, vol. 3897, pp 65–81. Springer, Berlin (2006)
Bay, A., Mashatan, A., Vaudenay, S.: Resistance against adaptive plaintext-ciphertext iterated distinguishers. In: Galbraith, S.D., Nandi, M. (eds.) INDOCRYPT’12, Lecture Notes in Computer Science, vol. 7668, pp 528–544. Springer, Berlin (2012)
Bay, A., Mashatan, A., Vaudenay, S.: Resistance against iterated attacks by Decorrelation revisited. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO’12, Lecture Notes in Computer Science, vol. 7417, pp 741–757. Springer, Berlin (2012)
Carter, L., Wegman, M.N.: Universal classes of hash functions. J. Comput. Syst. Sci. 18 (2), 143–154 (1979)
Carter, L., Wegman, M.N.: New hash functions and their use in authentication and set equality. J. Comput. Syst. Sci. 22 (3), 265–279 (1981)
Chabaud, F., Vaudenay, S.: Links between differential and linear cryptoanalysis. In: Santis, A.D. (ed.) EUROCRYPT’94, Lecture Notes in Computer Science, vol. 950, pp 356–365. Springer, Berlin (1995)
Cheon, D.H., Lee, S., Lim, J.I., Lee, S.J.: New block cipher DONUT using pairwise perfect decorrelation. In: Roy, B.K., Okamoto, E. (eds.) INDOCRYPT’00, Lecture Notes in Computer Science, vol. 1977, pp 262–270. Springer, Berlin (2000)
Hoeffding, W.: Probability inequalities for sums of bounded random variables. JASA 58, 13–30 (1963)
Langford, S.K., Hellman, M.E.: Differential-linear cryptanalysis. In: Desmedt, Y. (ed.) CRYPTO’94, Lecture Notes in Computer Science, vol. 839, pp 17–25. Springer, Berlin (1994)
Luby, M.: A simple parallel algorithm for the maximal independent set problem. SIAM J. Comput. 15 (4), 1036–1053 (1986)
Luby, M., Rackoff, C.: Pseudo-random permutation generators and cryptographic composition. In: Hartmanis, J. (ed.) STOC’86, pp. 356–363. ACM (1986)
Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17 (2), 373–386 (1988)
Naor, J., Naor, M.: Small-bias probability spaces: efficient constructions and applications. In: Ortiz, H. (ed.) STOC’90, pp. 213–223. ACM (1990)
Nyberg, K.: Perfect nonlinear S-boxes. In: Davies, D.W. (ed.) EUROCRYPT’91, Lecture Notes in Computer Science, vol. 547, pp 378–386. Springer, Berlin (1991)
Poupard, G., Vaudenay, S.: Decorrelated fast cipher: an AES candidate well suited for low cost smart card applications. In: Quisquater, JJ, Schneier, B (eds.) CARDIS’98, Lecture Notes in Computer Science, vol. 1820, pp 254–264. Springer, Berlin (2000)
Vaudenay, S.: Provable security for block ciphers by decorrelation. In: Morvan, M., Meinel, C., Krob, D. (eds.) STACS’98, Lecture Notes in Computer Science, vol. 1373, pp 249–275. Springer, Berlin (1998)
Vaudenay, S.: Feistel ciphers with L2-decorrelation. In: Tavares, S.E., Meijer, H. (eds.) SAC’98, Lecture Notes in Computer Science, vol. 1556, pp 1–14. Springer, Berlin (1999)
Vaudenay, S.: On the Lai-Massey scheme. In: Lam, K.Y., Okamoto, E., Xing, C. (eds.) ASIACRYPT’99, Lecture Notes in Computer Science, vol. 1716, pp 8–19. Springer, Berlin (1999)
Vaudenay, S.: Resistance against general iterated attacks. In: Stern, J. (ed.) EUROCRYPT’99, Lecture Notes in Computer Science, vol. 1592, pp 255–271. Springer, Berlin (1999)
Vaudenay, S.: Adaptive-attack norm for decorrelation and super-pseudorandomness. In: Heys, H.M., Adams, C.M. (eds.) SAC’99, Lecture Notes in Computer Science, vol. 1758, pp 49–61. Springer, Berlin (2000)
Vaudenay, S.: On probable security for conventional cryptography. In: Song, J. (ed.) ICISC’99, Lecture Notes in Computer Science, vol. 1787, pp 1–16. Springer, Berlin (2000)
Vaudenay, S.: Decorrelation: a theory for block cipher security. J. Cryptol. 16 (4), 249–286 (2003)
Wagner, D.: The boomerang attack. In: Knudsen, L.R. (ed.) FSE’99, Lecture Notes in Computer Science, vol. 1636, pp 156–170. Springer, Berlin (1999)
Acknowledgments
This work was supported by the European Commission through the ICT program under contract ICT-2007-216646 ECRYPT II and the National Competence Center in Research on Mobile Information and Communication Systems (NCCR-MICS), a center of the SNF under grant number 5005-67322.
Author information
Authors and Affiliations
Corresponding author
Additional information
Part of the results in this work were published in [5, 6]. In this paper, the study of generalization of adaptive iterated plaintext-ciphertext distinguishers is added; also the resistance against boomerang and differential-linear distinguishers are analyzed by the techniques in Decorrelation Theory.
Rights and permissions
About this article
Cite this article
Bay, A., Mashatan, A. & Vaudenay, S. Revisiting iterated attacks in the context of decorrelation theory. Cryptogr. Commun. 6, 279–311 (2014). https://doi.org/10.1007/s12095-014-0101-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12095-014-0101-x