Algebraic cryptanalysis of block ciphers using Groebner bases

نویسنده

  • Andrey Pyshkin
چکیده

This thesis investigates the application of Gröbner bases to cryptanalysis of block ciphers. The basic for the application is an algorithm for solving systems of polynomial equations via Gröbner basis computation. In our case, polynomial equations describe the key recovery problem for block ciphers, i.e., the solution of these systems corresponds to the value of the secret key. First we demonstrate that Gröbner basis technique can be successfully used to break block ciphers, if the algebraic structure of these ciphers is relatively simple. To show this, we construct two families of block ciphers that satisfy this condition. However, our ciphers are not trivial, they have a reasonable block and key size as well as an acceptable number of rounds. Moreover, using suitable parameters we achieve good resistance of these ciphers against differential and linear cryptanalysis. At the same time, we design our ciphers so that the key recovery problem for each of them can be described by a system of simple polynomial equations. In addition, parameters of the ciphers can be varied independently. This makes the constructed families suitable for analysis of algebraic attacks. To study the vulnerable of such ciphers against Gröbner basis attack, we have performed experiments using the computer algebra system Magma. Results of these experiments are given and analyzed. Also, for a subset of these ciphers we present an efficient method to construct zero-dimensional Gröbner bases w.r.t. a degree-reverse lexicographical term order without a polynomial reduction. This reduces the key recovery problem to the problem of Gröbner basis conversion. Using known complexity bounds for the last problem, we estimate the maximum resistance of these ciphers against Gröbner basis attacks. We show that our method can be also applied to the AES block cipher. In the thesis we describe the AES key recovery problem in the form of a total-degree Gröbner basis, explain how this Gröbner basis can be obtained, and study the cryptanalytic significance of this result. Next, we investigate the semi-regularity of several polynomial representations for iterated block ciphers. We demonstrate that the constructed Gröbner basis for the AES is semi-regular. Then we prove that polynomial systems that are similar to the BES quadratic equations are not semi-regular as well as the AES systems of quadratic equations over GF(2) are not semiregular over GF(2). Finally, we propose a new method of side-channel cryptanalysis algebraic collision attacks and explain it by the example of the AES. The method is based on the standard power analysis technique, which is applied to derive an additional information from an implementation of a cryptosystem. In our case, this information is about generalized internal collisions occurring

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A new method for accelerating impossible differential cryptanalysis and its application on LBlock

Impossible differential cryptanalysis, the extension of differential cryptanalysis, is one of the most efficient attacks against block ciphers. This cryptanalysis method has been applied to most of the block ciphers and has shown significant results. Using structures, key schedule considerations, early abort, and pre-computation are some common methods to reduce complexities of this attack. In ...

متن کامل

The Inverse S-Box, Non-linear Polynomial Relations and Cryptanalysis of Block Ciphers

This paper is motivated by the design of AES. We consider a broader question of cryptanalysis of block ciphers having very good non-linearity and diffusion. Can we expect anyway, to attacks such ciphers, clearly designed to render hopeless the main classical attacks ? Recently a lot of attention have been drawn to the existence of multivariate algebraic relations for AES (and other) S-boxes. Th...

متن کامل

Algebraic Precomputations in Differential Cryptanalysis

Algebraic cryptanalysis is a general tool which permits one to assess the security of a wide range of cryptographic schemes. Algebraic techniques have been successfully applied against a number of multivariate schemes and stream ciphers. Yet, their feasibility against block ciphers remains the source of much speculation. At FSE 2009 Albrecht and Cid proposed to combine differential cryptanalysi...

متن کامل

Impossible Differential Cryptanalysis of Reduced-Round Midori64 Block Cipher (Extended Version)

Impossible differential attack is a well-known mean to examine robustness of block ciphers. Using impossible differ- ential cryptanalysis, we analyze security of a family of lightweight block ciphers, named Midori, that are designed considering low energy consumption. Midori state size can be either 64 bits for Midori64 or 128 bits for Midori128; however, both vers...

متن کامل

How Fast can be Algebraic Attacks on Block Ciphers?

Abstract. In this paper we give a specification of a new block cipher that can be called the Courtois Toy Cipher (CTC). It is quite simple, and yet very much like any other known block cipher. If the parameters are large enough, it should evidently be secure against all known attack methods.However, we are not proposing a new method for encrypting sensitive data, but rather a research tool that...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2008