\`x^2+y_1+z_12^34\`
Advanced Search
Article Contents
Article Contents

Wave-shaped round functions and primitive groups

  • * Corresponding author: Roberto Civino

    * Corresponding author: Roberto Civino 
R. Aragona is member of INdAM-GNSAGA (Italy). R. Civino thankfully acknowledges support by the Department of Mathematics of the University of Trento. R. Aragona, R.Civino, and M. Sala thankfully acknowledge support by MIUR-Italy via PRIN 2015TW9LSR "Group theory and applications".
Abstract Full Text(HTML) Figure(7) / Table(1) Related Papers Cited by
  • Round functions used as building blocks for iterated block ciphers, both in the case of Substitution-Permutation Networks (SPN) and Feistel Networks (FN), are often obtained as the composition of different layers. The bijectivity of any encryption function is guaranteed by the use of invertible layers or by the Feistel structure. In this work a new family of ciphers, called wave ciphers, is introduced. In wave ciphers, round functions feature wave functions, which are vectorial Boolean functions obtained as the composition of non-invertible layers, where the confusion layer enlarges the message which returns to its original size after the diffusion layer is applied. Efficient decryption is guaranteed by the use of wave functions in FNs. It is shown how to avoid that the group generated by the round functions acts imprimitively, a serious flaw for the cipher. The primitivity is a consequence of a more general result, which reduce the problem of proving that a given FN generates a primitive group to proving that an SPN, directly related to the given FN, generates a primitive group. Finally, a concrete instance of real-world size wave cipher is proposed as an example, and its resistance against differential and linear cryptanalyses is also established.

    Mathematics Subject Classification: 20B15, 20B35, 94A60.

    Citation:

    \begin{equation} \\ \end{equation}
  • 加载中
  • Figure 1.  Round function of an SPN and of an FN

    Figure 2.  Wave functions

    Figure 3.  A 4x5 APN S-box

    Figure 4.  Feistel structure of wave ciphers

    Figure 5.  Feistel to SPN reduction

    Figure 6.  An example of 40 × 32 proper diffusion layer with parallel kernel, where each "·" represents 0

    Figure 7.  Diffusion properties of the matrix λ of Fig. 6.

    Table 1.  Difference distribution table of the S-box $\gamma_1$ defined in Section 3.1

    0x 1x 2x 3x 4x 5x 6x 7x 8x 9x Ax Bx Cx Dx Ex Fx 10x 11x 12x 13x 14x 15x 16x 17x 18x 19x 1Ax 1Bx 1Cx 1Dx 1Ex 1Fx
    0x 16 $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $
    1x $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 2 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ 2 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2
    2x $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ 2 $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $
    3x $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ 2 $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2
    4x $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 2 $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ 2 2 $\cdot $ $\cdot $
    5x $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ 2 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 2 $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2
    6x $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ 2 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ 2
    7x $\cdot $ $\cdot $ $\cdot $ 2 2 $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ 2 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $
    8x $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 2 $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ 2 $\cdot $ $\cdot $ 2
    9x $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 2 $\cdot $ $\cdot $ 2 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2
    Ax $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ 2 $\cdot $ 2 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $
    Bx $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 2 $\cdot $ 2 $\cdot $ 2 $\cdot $
    Cx $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 2 $\cdot $ $\cdot $ 2 $\cdot $ 2 $\cdot $ $\cdot $ 2 $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $
    Dx $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ 2 2 $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $
    Ex $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 2 $\cdot $ 2 $\cdot $ 2 $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ 2
    Fx $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ 2 2 2 $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ 2 $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $ $\cdot $
     | Show Table
    DownLoad: CSV
  • [1] C. Adams, The CAST-128 encryption algorithm, 1997, Available from: http://buildbot.tools.ietf.org/html/rfc2144.
    [2] R. J. Anderson, E. Biham and L. R. Knudsen, SERPENT: A new block cipher proposal, Fast Software Encryption, Lecture Notes in Comput. Sci., 1372 (1998), 222-238.
    [3] K. Aoki, T. Ichikawa, M. Kanda, M. Matsui, S. Moriai, J. Nakajima and T. Tokita, Camellia: A 128-bit block cipher suitable for multiple platforms-design and analysis, Selected Areas in Cryptography, Lecture Notes in Comput. Sci., 2012 (2000), 39-56. doi: 10.1007/3-540-44983-3_4.
    [4] R. Aragona, M. Calderini, A. Tortora and M. Tota, Primitivity of PRESENT and other lightweight ciphers, J. Algebra Appl., 17 (2018), 1850115 (16 pages). doi: 10.1142/S0219498818501153.
    [5] R. AragonaA. CarantiF. Dalla Volta and M. Sala, On the group generated by the round functions of translation based ciphers over arbitrary fields, Finite Fields Appl., 25 (2014), 293-305.  doi: 10.1016/j.ffa.2013.10.005.
    [6] R. AragonaA. Caranti and M. Sala, The group generated by the round functions of a GOSTlike cipher, Ann. Mat. Pura Appl., 196 (2017), 1-17.  doi: 10.1007/s10231-016-0559-6.
    [7] A. Bannier, N. Bodin and E. Filiol, Partition-Based Trapdoor Ciphers, IACR Cryptology ePrint Archive, 2016, Available from: http://eprint.iacr.org/2016/493.
    [8] E. Biham and A. Shamir, Differential cryptanalysis of DES-like cryptosystems, J. Cryptology, 4 (1991), 3-72.  doi: 10.1007/BF00630563.
    [9] A. Bogdanov, L. R. Knudsen, G. Leander, C. Paar, A. Poschmann, M. J. B. Robshaw, Y. Seurin and C. Vikkelsoe, PRESENT: An ultra-lightweight block cipher, CHES '07, Lecture Notes in Comput. Sci., 4727 (2007), 450-466.
    [10] K. A. BrowningJ. F. DillonM. T. McQuistan and A. J. Wolfe, An APN permutation in dimension six, Finite Fields: theory and applications, 518 (2010), 33-42.  doi: 10.1090/conm/518/10194.
    [11] M. Calderini, A note on some algebraic trapdoors for block ciphers, Adv. Math. Commun., 12 (2018), 515-524.  doi: 10.3934/amc.2018030.
    [12] M. Calderini and M. Sala, Elementary abelian regular subgroups as hidden sums for cryptographic trapdoors, preprint, arXiv: 1702.00581.
    [13] M. CalderiniI. Villa and M. Sala, A note on APN permutations in even dimension, Finite Fields Appl., 46 (2017), 1-16.  doi: 10.1016/j.ffa.2017.02.001.
    [14] P. J. Cameron, Permutation Groups, London Mathematical Society Student Texts, 45, Cambridge University Press, Cambridge, 1999. doi: 10.1017/CBO9780511623677.
    [15] A. CanteautS. Duval and L. Perrin, A generalisation of Dillon's APN permutation with the best known differential and nonlinear properties for all fields of size 24k+2, IEEE Trans. Inform. Theory, 63 (2017), 7575-7591.  doi: 10.1109/TIT.2017.2676807.
    [16] A. Canteaut and M. Naya-Plasencia, Structural weaknesses of permutations with low differential uniformity and generalized crooked functions, Finite Fields: Theory and Applications Selected Papers from the 9th International Conference Finite Fields and Applications, Contemporary Mathematics, 518 (2010), 55-71. doi: 10.1090/conm/518/10196.
    [17] A. CarantiF. Dalla Volta and M. Sala, An application of the O'Nan-Scott theorem to the group generated by the round functions of an AES-like cipher, Des. Codes Cryptogr., 52 (2009), 293-301.  doi: 10.1007/s10623-009-9283-1.
    [18] A. CarantiF. Dalla Volta and M. Sala, On some block ciphers and imprimitive groups, Appl. Algebra Engrg. Comm. Comput., 20 (2009), 339-350.  doi: 10.1007/s00200-009-0100-x.
    [19] D. Coppersmith and E. Grossman, Generators for certain alternating groups with applications to cryptography, SIAM J. Appl. Math., 29 (1975), 624-627.  doi: 10.1137/0129051.
    [20] J. Daemen and V. Rijmen, The design of Rijndael: AES - the Advanced Encryption Standard, Information Security and Cryptography, Springer-Verlag, Berlin, 2002. doi: 10.1007/978-3-662-04722-4.
    [21] V. Dolmatov, GOST 28147-89: encryption, decryption, and message authentication code (MAC) algorithms, technical report, 2010. Available at http://tools.ietf.org/html/rfc5830.
    [22] Federal information processing standards publication, Data Encryption Standard and Others, National Bureau of Standards, US Department of Commerce, 1977.
    [23] E. Goursat, Sur les substitutions orthogonales et les divisions régulières de l'espace, Ann. Sci. École Norm. Sup., 6 (1889), 9-102.  doi: 10.24033/asens.317.
    [24] X.-D. Hou, Affinity of permutations of $\mathbb{F}_{2}^{n}$, Discrete Appl. Math., 154 (2006), 313-325.  doi: 10.1016/j.dam.2005.03.022.
    [25] Jr. B. S. KaliskiR. L. Rivest and A. T. Sherman, Is the Data Encryption Standard a group? (Results of cycling experiments on DES), J. Cryptology, 1 (1988), 3-36.  doi: 10.1007/BF00206323.
    [26] M. Matsui, Linear Cryptanalysis Method for DES Cipher, Advances in cryptology - EUROCRYPT '93, Lecture Notes in Comput. Sci., 765 (1994), 386-397.
    [27] K. Nyberg, Differentially uniform mappings for cryptography, Advances in cryptology - EUROCRYPT '93, Lecture Notes in Comput. Sci., 765 (1994), 55-64. doi: 10.1007/3-540-48285-7_6.
    [28] K. G. Paterson, Imprimitive permutation groups and trapdoors in iterated block ciphers, Fast Software Encryption, Lecture Notes in Comput. Sci., 1636 (1999), 201-214.
    [29] J. Petrillo, Goursat's other theorem, The College Mathematics Journal, 40 (2009), 119-124. 
    [30] G. Piret, T. Roche and C. Carlet, PICARO-a block cipher allowing efficient higher-order sidechannel resistance, Applied Cryptography and Network Security-ACNS2012, Lecture Notes in Comput. Sci., 7341 (2012), 311-328.
    [31] C. E. Shannon, Communication theory of secrecy systems, Bell System Tech., 28 (1949), 656-715.  doi: 10.1002/j.1538-7305.1949.tb00928.x.
    [32] R. Sparr and R. Wernsdorf, Group theoretic properties of Rijndael-like ciphers, Discrete Appl. Math., 156 (2008), 3139-3149.  doi: 10.1016/j.dam.2007.12.011.
    [33] R. Wernsdorf, The round functions of RIJNDAEL generate the alternating group, Fast Software Encryption, Lecture Notes in Comput. Sci., 2365 (2002), 143-148.
    [34] R. Wernsdorf, The one-round functions of the DES generate the alternating group, Advances in Cryptology-EUROCRYPT '92, Lecture Notes in Comput. Sci., 658 (1993), 99-112. doi: 10.1007/3-540-47555-9_9.
    [35] R. Wernsdorf, The round functions of SERPENT generate the alternating group, 2000. Available from: http://csrc.nist.gov/archive/aes/round2/comments/20000512-rwernsdorf.pdf.
  • 加载中

Figures(7)

Tables(1)

SHARE

Article Metrics

HTML views(1217) PDF downloads(395) Cited by(0)

Access History

Catalog

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return