Skip to main content
SpringerLink
Log in

Revisiting iterated attacks in the context of decorrelation theory

  • Published:
Cryptography and Communications Aims and scope Submit manuscript

Abstract

Iterated attacks are comprised of iterating adversaries who can make d plaintext queries, in each iteration to compute a bit, and are trying to distinguish between a random cipher C and the perfect cipher C based on all bits. Vaudenay showed that a 2d-decorrelated cipher resists to iterated attacks of order d when iterations have almost no common queries. Then, he first asked what the necessary conditions are for a cipher to resist a non-adaptive iterated attack of order d. I.e., whether decorrelation of order 2d − 1 could be sufficient. Secondly, he speculated that repeating a plaintext query in different iterations does not provide any advantage to a non-adaptive distinguisher. We close here these two long-standing open problems negatively. For those questions, we provide two counter-intuitive examples.W e also deal with adaptive iterated adversaries who can make both plaintext and ciphertext queries in which the future queries are dependent on the past queries. We show that decorrelation of order 2d protects against these attacks of order d. We also study the generalization of these distinguishers for iterations making non-binary outcomes. Finally, we measure the resistance against two well-known statistical distinguishers, namely, differential-linear and boomerang distinguishers and show that 4-decorrelation degree protects against these attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

References

  1. Alon, N., Goldreich, O., Mansour, Y.: Almost k-wise independence versus k-wise independence. Electr. Colloq. Comput. Complex. (ECCC) 9(048) (2002)

  2. Baignères, T., Finiasz, M.: KFC—the krazy feistel cipher. In: Lai, X., Chen, K. (eds.) ASIACRYPT’06, Lecture Notes in Computer Science, vol. 4284. Springer, Berlin (2006)

    Google Scholar 

  3. Baignères, T., Finiasz, M.: Dial C for cipher. In: Biham, E., Youssef, A.M. (eds.) SAC’06, Lecture Notes in Computer Science, vol. 4356, pp 76–95. Springer, Berlin (2007)

    Google Scholar 

  4. Baignères, T., Vaudenay, S.: Proving the security of AES substitution-permutation network. In: Preneel, B., Tavares, S.E. (eds.) SAC’05, Lecture Notes in Computer Science, vol. 3897, pp 65–81. Springer, Berlin (2006)

    Google Scholar 

  5. Bay, A., Mashatan, A., Vaudenay, S.: Resistance against adaptive plaintext-ciphertext iterated distinguishers. In: Galbraith, S.D., Nandi, M. (eds.) INDOCRYPT’12, Lecture Notes in Computer Science, vol. 7668, pp 528–544. Springer, Berlin (2012)

    Google Scholar 

  6. Bay, A., Mashatan, A., Vaudenay, S.: Resistance against iterated attacks by Decorrelation revisited. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO’12, Lecture Notes in Computer Science, vol. 7417, pp 741–757. Springer, Berlin (2012)

    Google Scholar 

  7. Carter, L., Wegman, M.N.: Universal classes of hash functions. J. Comput. Syst. Sci. 18 (2), 143–154 (1979)

    Article  MathSciNet  MATH  Google Scholar 

  8. Carter, L., Wegman, M.N.: New hash functions and their use in authentication and set equality. J. Comput. Syst. Sci. 22 (3), 265–279 (1981)

    Article  MathSciNet  MATH  Google Scholar 

  9. Chabaud, F., Vaudenay, S.: Links between differential and linear cryptoanalysis. In: Santis, A.D. (ed.) EUROCRYPT’94, Lecture Notes in Computer Science, vol. 950, pp 356–365. Springer, Berlin (1995)

    Google Scholar 

  10. Cheon, D.H., Lee, S., Lim, J.I., Lee, S.J.: New block cipher DONUT using pairwise perfect decorrelation. In: Roy, B.K., Okamoto, E. (eds.) INDOCRYPT’00, Lecture Notes in Computer Science, vol. 1977, pp 262–270. Springer, Berlin (2000)

    Google Scholar 

  11. Hoeffding, W.: Probability inequalities for sums of bounded random variables. JASA 58, 13–30 (1963)

    Article  MathSciNet  MATH  Google Scholar 

  12. Langford, S.K., Hellman, M.E.: Differential-linear cryptanalysis. In: Desmedt, Y. (ed.) CRYPTO’94, Lecture Notes in Computer Science, vol. 839, pp 17–25. Springer, Berlin (1994)

    Google Scholar 

  13. Luby, M.: A simple parallel algorithm for the maximal independent set problem. SIAM J. Comput. 15 (4), 1036–1053 (1986)

    Article  MathSciNet  MATH  Google Scholar 

  14. Luby, M., Rackoff, C.: Pseudo-random permutation generators and cryptographic composition. In: Hartmanis, J. (ed.) STOC’86, pp. 356–363. ACM (1986)

  15. Luby, M., Rackoff, C.: How to construct pseudorandom permutations from pseudorandom functions. SIAM J. Comput. 17 (2), 373–386 (1988)

    Article  MathSciNet  MATH  Google Scholar 

  16. Naor, J., Naor, M.: Small-bias probability spaces: efficient constructions and applications. In: Ortiz, H. (ed.) STOC’90, pp. 213–223. ACM (1990)

  17. Nyberg, K.: Perfect nonlinear S-boxes. In: Davies, D.W. (ed.) EUROCRYPT’91, Lecture Notes in Computer Science, vol. 547, pp 378–386. Springer, Berlin (1991)

    Google Scholar 

  18. Poupard, G., Vaudenay, S.: Decorrelated fast cipher: an AES candidate well suited for low cost smart card applications. In: Quisquater, JJ, Schneier, B (eds.) CARDIS’98, Lecture Notes in Computer Science, vol. 1820, pp 254–264. Springer, Berlin (2000)

    Google Scholar 

  19. Vaudenay, S.: Provable security for block ciphers by decorrelation. In: Morvan, M., Meinel, C., Krob, D. (eds.) STACS’98, Lecture Notes in Computer Science, vol. 1373, pp 249–275. Springer, Berlin (1998)

    Google Scholar 

  20. Vaudenay, S.: Feistel ciphers with L2-decorrelation. In: Tavares, S.E., Meijer, H. (eds.) SAC’98, Lecture Notes in Computer Science, vol. 1556, pp 1–14. Springer, Berlin (1999)

    Google Scholar 

  21. Vaudenay, S.: On the Lai-Massey scheme. In: Lam, K.Y., Okamoto, E., Xing, C. (eds.) ASIACRYPT’99, Lecture Notes in Computer Science, vol. 1716, pp 8–19. Springer, Berlin (1999)

    Google Scholar 

  22. Vaudenay, S.: Resistance against general iterated attacks. In: Stern, J. (ed.) EUROCRYPT’99, Lecture Notes in Computer Science, vol. 1592, pp 255–271. Springer, Berlin (1999)

    Google Scholar 

  23. Vaudenay, S.: Adaptive-attack norm for decorrelation and super-pseudorandomness. In: Heys, H.M., Adams, C.M. (eds.) SAC’99, Lecture Notes in Computer Science, vol. 1758, pp 49–61. Springer, Berlin (2000)

    Google Scholar 

  24. Vaudenay, S.: On probable security for conventional cryptography. In: Song, J. (ed.) ICISC’99, Lecture Notes in Computer Science, vol. 1787, pp 1–16. Springer, Berlin (2000)

    Google Scholar 

  25. Vaudenay, S.: Decorrelation: a theory for block cipher security. J. Cryptol. 16 (4), 249–286 (2003)

    Article  MathSciNet  MATH  Google Scholar 

  26. Wagner, D.: The boomerang attack. In: Knudsen, L.R. (ed.) FSE’99, Lecture Notes in Computer Science, vol. 1636, pp 156–170. Springer, Berlin (1999)

    Google Scholar 

Download references

Acknowledgments

This work was supported by the European Commission through the ICT program under contract ICT-2007-216646 ECRYPT II and the National Competence Center in Research on Mobile Information and Communication Systems (NCCR-MICS), a center of the SNF under grant number 5005-67322.

Author information

Authors and Affiliations

  1. École Polytechnique Fédérale de Lausanne, Route Cantonale, 1015, Lausanne, Switzerland

    Aslı Bay & Serge Vaudenay

  2. Security Engineering, Canadian Imperial Bank of Commerce (CIBC), Toronto, Canada

    Atefeh Mashatan

Authors
  1. Aslı Bay
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Atefeh Mashatan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Serge Vaudenay
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Aslı Bay.

Additional information

Part of the results in this work were published in [5, 6]. In this paper, the study of generalization of adaptive iterated plaintext-ciphertext distinguishers is added; also the resistance against boomerang and differential-linear distinguishers are analyzed by the techniques in Decorrelation Theory.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Bay, A., Mashatan, A. & Vaudenay, S. Revisiting iterated attacks in the context of decorrelation theory. Cryptogr. Commun. 6, 279–311 (2014). https://doi.org/10.1007/s12095-014-0101-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12095-014-0101-x

Keywords

Search

Navigation