correlation of quadratic boolean functions cryptanalysis
play

Correlation of Quadratic Boolean Functions: Cryptanalysis of All - PowerPoint PPT Presentation

Aug 23, 2023 •102 likes •659 views

Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Correlation of Quadratic Boolean Functions: Cryptanalysis of All Versions of Full MORUS Siwei Sun Joint work

  1. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Correlation of Quadratic Boolean Functions: Cryptanalysis of All Versions of Full MORUS Siwei Sun Joint work with: Danping Shi Yu Sasaki Chaoyun Li Lei Hu Chinese Academy of Sciences, China NTT Secure Platform Laboratories, Japan imec-COSIC, Dept. Electrical Engineering (ESAT), KU Leuven, Belgium December 14, 2019 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 1 / 38

  2. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Outlines Correlation and Linear Cryptanalysis 1 Correlation of Quadratic Boolean Functions 2 Cryptanalysis of MORUS 3 Conclusion and Discussion 4 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 2 / 38

  3. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Outline Correlation and Linear Cryptanalysis 1 Correlation of Quadratic Boolean Functions 2 Cryptanalysis of MORUS 3 Conclusion and Discussion 4 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 3 / 38

  4. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Correlation Let f : F n 2 → F 2 be a Boolean function with ANF � f ( ① ) = a ✉ ① ✉ , ✉ ∈ F n 2 where ① = ( x 1 , · · · , x n ) , ✉ = ( u 1 , · · · , u n ) , a ✉ ∈ F 2 , and ① ✉ = � n i =1 x u i i . Definition (Correlation) The correlation of an n -variable Boolean function f is cor ( f ) = 1 2 ( − 1) f ( ① ) , and the weight of the correlation is � ① ∈ F n 2 n defined as − log 2 | cor ( f ) | . Pr ( f = 0) = 1 2 + 1 2 cor ( f ) Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 3 / 38

  5. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Linear Cryptanalysis S U S 0 S 1 S k − 1 S k Init F F · · · F F α 0 α 1 α k − 2 α k − 1 α k β − 1 β 0 β 1 β k − 2 β k − 1 γ 0 γ 1 γ k − 1 γ k G G · · · G G λ k − 1 λ 0 λ 1 λ k Z 0 Z 1 Z k − 1 Z k �� k i =0 λ i Z i � Object: max | cor | i =0 λ i Z i is a Boolean function whose variables are bits Note that � k of S 0 . Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 4 / 38

  6. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Definition (Correlation) The correlation of an n -variable Boolean function f is cor ( f ) = 1 2 ( − 1) f ( ① ) , and the weight of the correlation is � ① ∈ F n 2 n defined as − log 2 | cor ( f ) | . Brute force the input Graph-based method [TIM + 18] ... ... Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 5 / 38

  7. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Outline Correlation and Linear Cryptanalysis 1 Correlation of Quadratic Boolean Functions 2 Cryptanalysis of MORUS 3 Conclusion and Discussion 4 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 6 / 38

  8. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Definition (Disjoint Quadratic Boolean Function) A quadratic Boolean function f ( x 1 , · · · , x n ) is disjoint if no variable x i appears in more than one quadratic term. Example x 1 x 2 + x 3 x 4 x 1 x 3 + x 2 x 4 + x 2 + x 5 Counter-Example x 1 x 2 + x 2 x 3 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 6 / 38

  9. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion lemma Let f = x i 1 x i 2 + · · · + x i 2 k − 1 x i 2 k + x j 1 + · · · + x j s be a disjoint quadratic Boolean function. Then the correlation of f is � k t =1 Coe f ( x i 2 t − 1 ) Coe f ( x i 2 t ) · 2 − k  ( − 1) { j 1 , · · · , j s } ⊆ { i 1 , · · · , i 2 k }   0 { j 1 , · · · , j s } � { i 1 , · · · , i 2 k }   where Coe f ( ① ✉ ) denotes the coefficient of the monomial ① ✉ in the ANF of f . Examples | cor ( x 1 x 2 + x 3 x 4 ) | = 2 − 2 | cor ( x 1 x 3 + x 2 x 4 + x 2 + x 5 ) | = 0 | cor ( x 1 x 3 + x 2 x 4 + x 2 + x 3 ) | = 2 − 2 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 7 / 38

  10. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Idea Given a quadratic Boolean function, transform it into a disjoint quadratic Boolean function such that the transformation is correlation invariant (up to a minus sign). Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 8 / 38

  11. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Example f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 9 / 38

  12. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Example f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 9 / 38

  13. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Example f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 2 ( x 1 + x 3 + x 4 ) + x 1 x 5 + x 1 + x 2 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 9 / 38

  14. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Example f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 2 ( x 1 + x 3 + x 4 ) + x 1 x 5 + x 1 + x 2 x 1 ← x 1 + x 3 + x 4 x j ← x j , j � = 1 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 9 / 38

  15. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Example f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 2 ( x 1 + x 3 + x 4 ) + x 1 x 5 + x 1 + x 2 x 1 ← x 1 + x 3 + x 4 x j ← x j , j � = 1 f = x 1 x 2 + x 1 x 5 + x 3 x 5 + x 4 x 5 + x 1 + x 3 + x 4 + x 2 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 9 / 38

  16. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Example f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 2 ( x 1 + x 3 + x 4 ) + x 1 x 5 + x 1 + x 2 x 1 ← x 1 + x 3 + x 4 x j ← x j , j � = 1 f = x 1 x 2 + x 1 x 5 + x 3 x 5 + x 4 x 5 + x 1 + x 3 + x 4 + x 2 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 9 / 38

  17. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Example f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 2 ( x 1 + x 3 + x 4 ) + x 1 x 5 + x 1 + x 2 x 1 ← x 1 + x 3 + x 4 x j ← x j , j � = 1 f = x 1 x 2 + x 1 x 5 + x 3 x 5 + x 4 x 5 + x 1 + x 3 + x 4 + x 2 f = x 1 ( x 2 + x 5 ) + x 3 x 5 + x 4 x 5 + x 1 + x 3 + x 4 + x 2 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 9 / 38

  18. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Example f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 2 ( x 1 + x 3 + x 4 ) + x 1 x 5 + x 1 + x 2 x 1 ← x 1 + x 3 + x 4 x j ← x j , j � = 1 f = x 1 x 2 + x 1 x 5 + x 3 x 5 + x 4 x 5 + x 1 + x 3 + x 4 + x 2 f = x 1 ( x 2 + x 5 ) + x 3 x 5 + x 4 x 5 + x 1 + x 3 + x 4 + x 2 x 2 ← x 2 + x 5 x j ← x j , j � = 2 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 9 / 38

  19. Correlation and Linear Cryptanalysis Correlation of Quadratic Boolean Functions Cryptanalysis of MORUS Conclusion and Discussion Example f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 1 x 2 + x 1 x 5 + x 2 x 3 + x 2 x 4 + x 1 + x 2 f = x 2 ( x 1 + x 3 + x 4 ) + x 1 x 5 + x 1 + x 2 x 1 ← x 1 + x 3 + x 4 x j ← x j , j � = 1 f = x 1 x 2 + x 1 x 5 + x 3 x 5 + x 4 x 5 + x 1 + x 3 + x 4 + x 2 f = x 1 ( x 2 + x 5 ) + x 3 x 5 + x 4 x 5 + x 1 + x 3 + x 4 + x 2 x 2 ← x 2 + x 5 x j ← x j , j � = 2 f = x 1 x 2 + x 3 x 5 + x 4 x 5 + x 1 + x 2 + x 3 + x 4 + x 5 Siwei Sun et. al. Cryptanalysis of All Versions of Full MORUS 9 / 38

Recommend

Correlation Immune and Resilient Generalized Boolean Functions Thor Martinsen, PhD Commander, US

Correlation Immune and Resilient Generalized Boolean Functions Thor Martinsen, PhD Commander, US

Correlation Immune and Resilient Generalized Boolean Functions Thor Martinsen, PhD Commander, US Navy Assistant Professor Naval Postgraduate School 3rd International Workshop on Boolean Functions and their Applications June 19, 2018 Loen,

789 views • 31 slides
Generalized Correlation Analysis of Vectorial Boolean Functions Claude Carlet, Khoongming Khoo,

Generalized Correlation Analysis of Vectorial Boolean Functions Claude Carlet, Khoongming Khoo,

Generalized Correlation Analysis of Vectorial Boolean Functions Claude Carlet, Khoongming Khoo, Chu-Wee Lim and Chuan-Wen Loe Introduction Correlation Attack of Vectorial Stream Ciphers In this talk, we shall improve correlation attacks on

547 views • 41 slides
Asymptotic enumeration of correlation-immune functions E. Rodney Canfield Jason Gao Catherine

Asymptotic enumeration of correlation-immune functions E. Rodney Canfield Jason Gao Catherine

Asymptotic enumeration of correlation-immune functions E. Rodney Canfield Jason Gao Catherine Greenhill Brendan D. McKay Robert W. Robinson Correlation-immune functions 1 Correlation-immune functions Suppose we have a secret Boolean function

483 views • 32 slides
Asymptotic enumeration of correlation-immune functions E. Rodney Canfield Jason Gao Catherine

Asymptotic enumeration of correlation-immune functions E. Rodney Canfield Jason Gao Catherine

Asymptotic enumeration of correlation-immune functions E. Rodney Canfield Jason Gao Catherine Greenhill Brendan D. McKay Robert W. Robinson Correlation-immune functions 1 Correlation-immune functions Suppose we have a secret Boolean function

469 views • 31 slides
Correlation-immune Boolean functions and counter-measures to side channel attacks Claude Carlet

Correlation-immune Boolean functions and counter-measures to side channel attacks Claude Carlet

Correlation-immune Boolean functions and counter-measures to side channel attacks Claude Carlet LAGA, Universities of Paris 8 and Paris 13, CNRS, France Work in common with Sylvain Guilley, Telecom Paris Tech, France Outline Correlation

729 views • 39 slides
Low-weight correlation-immune Boolean functions for counter-measures to side channel attacks

Low-weight correlation-immune Boolean functions for counter-measures to side channel attacks

Low-weight correlation-immune Boolean functions for counter-measures to side channel attacks Claude Carlet LAGA, Universities of Paris 8 and Paris 13, CNRS, France and University of Bergen, Norway Work in common with Xi Chen Outline

498 views • 45 slides
Boolean Functions Boolean Expressions Let B = { 0 , 1 } . 1 ... true, 0 ... false Let x 1 , x 2 ,

Boolean Functions Boolean Expressions Let B = { 0 , 1 } . 1 ... true, 0 ... false Let x 1 , x 2 ,

Boolean Functions Boolean Expressions Let B = { 0 , 1 } . 1 ... true, 0 ... false Let x 1 , x 2 , . . . , x n be boolean variables. Boolean Function of Arity n Semantics and Verification 2005 Abstract Syntax for Boolean Expressions ( x ranges

382 views • 4 slides
3.2 Graphing Quadratic Functions The equation of a quadratic relation may be written in several

3.2 Graphing Quadratic Functions The equation of a quadratic relation may be written in several

MPM2D1 U3L2 Graphing Quadratic Functions 3.2 Graphing Quadratic Functions The equation of a quadratic relation may be written in several forms: Factored Form: Standard Form: Vertex Form: Last class, we looked at graphing equations in

195 views • 7 slides
Overview Hash Functions On Building Hash Functions From Multivariate Quadratic Equations

Overview Hash Functions On Building Hash Functions From Multivariate Quadratic Equations

Overview Hash Functions On Building Hash Functions From Multivariate Quadratic Equations Multivariate quadratic equations Olivier Billet, Thomas Peyrin, and Matt Robshaw Hash functions and multivariate quadratic equations Orange Labs

299 views • 3 slides
On S-Box Reverse-Engineering: from Cryptanalysis to the Big APN Problem Lo Perrin DTU, Lyngby

On S-Box Reverse-Engineering: from Cryptanalysis to the Big APN Problem Lo Perrin DTU, Lyngby

On S-Box Reverse-Engineering: from Cryptanalysis to the Big APN Problem Lo Perrin DTU, Lyngby perrin dot leo at gmail 4th of July 2017 Boolean Functions and Their Applications The content of this talk is based on joint works with Biryukov,

1.32k views • 108 slides
Reciprocals of Quadratic Functions MHF4U: Advanced Functions A quadratic function has the form f (

Reciprocals of Quadratic Functions MHF4U: Advanced Functions A quadratic function has the form f (

r a t i o n a l f u n c t i o n s r a t i o n a l f u n c t i o n s Reciprocals of Quadratic Functions MHF4U: Advanced Functions A quadratic function has the form f ( x ) = ax 2 + bx + c in standard form, where a , b and c are real coefficients.

402 views • 3 slides
Key Terms Solve Quadratic Equations by Factoring Application of Zero Product Property Solve

Key Terms Solve Quadratic Equations by Factoring Application of Zero Product Property Solve

Slide 1 / 222 Slide 2 / 222 Algebra II Quadratic Functions 2014-10-14 www.njctl.org Slide 3 / 222 Slide 4 / 222 Table of Contents Key Terms click on the topic to go to that section Explain Characteristics of Quadratic Functions

645 views • 37 slides
Block Cipher Cryptanalysis II: Block Cipher Cryptanalysis II: Linear Cryptanalysis yp y Andrey

Block Cipher Cryptanalysis II: Block Cipher Cryptanalysis II: Linear Cryptanalysis yp y Andrey

Block Cipher Cryptanalysis II: Block Cipher Cryptanalysis II: Linear Cryptanalysis yp y Andrey Bogdanov Andrey Bogdanov K.U.Leuven, ESAT/COSIC Outline Outline Distribution of Correlation Data Complexity Linear Hulls Zero

659 views • 30 slides
d i E Quadratic functions a l l u d Dr. Abdulla Eid b A College of Science . r D

d i E Quadratic functions a l l u d Dr. Abdulla Eid b A College of Science . r D

Section 3.3 d i E Quadratic functions a l l u d Dr. Abdulla Eid b A College of Science . r D MATHS 103: Mathematics for Business I Dr. Abdulla Eid (University of Bahrain) Quadratics 1 / 10 Introduction Recall: A quadratic

349 views • 10 slides
Computing M o bius Transforms of Boolean Functions and Characterising Coincident Boolean

Computing M o bius Transforms of Boolean Functions and Characterising Coincident Boolean

+ + Computing M o bius Transforms of Boolean Functions and Characterising Coincident Boolean Functions Josef Pieprzyk and Xian-Mo Zhang Department of Computing Macquarie University, Australia + 1 + + Outline The M o bius

415 views • 26 slides
Linear Cryptanalysis of Stream Ciphers T-79.514 Special Course on Cryptology Seminar talk Emilia

Linear Cryptanalysis of Stream Ciphers T-79.514 Special Course on Cryptology Seminar talk Emilia

Linear Cryptanalysis of Stream Ciphers T-79.514 Special Course on Cryptology Seminar talk Emilia K asper 1 Overview Basic concept of correlation attacks on stream ciphers A correlation attack on the GSM cipher A5/1 A correlation

256 views • 22 slides
2 or 2 , are called quadratic functions. 6 y e y x How can you use this pattern to

2 or 2 , are called quadratic functions. 6 y e y x How can you use this pattern to

D AY 121 U NDERSTANDING THE PARTS OF A Q UADRATIC WITH R EAL W ORLD D ATA AND WRITE THE E QUATION The relationship involves the square of the length of an edge. Functions that involve squaring, such as 2 or 2 , are called quadratic

552 views • 13 slides
Associative dyadic boolean functions Goals Def: A Boolean function f : { 0 , 1 } 2 { 0 , 1 }

Associative dyadic boolean functions Goals Def: A Boolean function f : { 0 , 1 } 2 { 0 , 1 }

Associative dyadic boolean functions Goals Def: A Boolean function f : { 0 , 1 } 2 { 0 , 1 } is associative if define associative Boolean functions (and classify them). Chapter 3: Trees f ( f ( 1 , 2 ) , 3 ) = f ( 1 , f ( 2 ,

61 views • 5 slides
Polynomial threshold functions and Boolean threshold circuits Kristoffer Arnsfelt Hansen 1

Polynomial threshold functions and Boolean threshold circuits Kristoffer Arnsfelt Hansen 1

Polynomial threshold functions and Boolean threshold circuits Kristoffer Arnsfelt Hansen 1 Vladimir V. Podolskii 2 1 Aarhus University 2 Steklov Mathematical Institute MFCS 2013 1 / 27 Boolean Threshold Functions Boolean function f : { a , b } n

927 views • 44 slides
Solving Quadratic Equations MCR3U: Functions Recall that to solve a quadratic equation means to

Solving Quadratic Equations MCR3U: Functions Recall that to solve a quadratic equation means to

f u n c t i o n s f u n c t i o n s Solving Quadratic Equations MCR3U: Functions Recall that to solve a quadratic equation means to find all values of the independent variable to satisfy a given equation. For example, the quadratic equation x 2

209 views • 3 slides
Non-scalar operators and logarithmic correlation functions for the Potts model in arbitrary

Non-scalar operators and logarithmic correlation functions for the Potts model in arbitrary

Operator in the Potts model Correlation functions and non-scalar operators Log correlation functions Non-scalar operators and logarithmic correlation functions for the Potts model in arbitrary dimension RGP 2016 - IHP Romain Couvreur

173 views • 15 slides
Quadratic functions Elementary Functions In the last lecture we studied polynomials of simple form

Quadratic functions Elementary Functions In the last lecture we studied polynomials of simple form

Quadratic functions Elementary Functions In the last lecture we studied polynomials of simple form f ( x ) = mx + b. Now we move on to a more interesting case, polynomials of degree 2, the Part 2, Polynomials quadratic polynomials. Lecture

488 views • 9 slides
Boolean Functions and their Applications, Selmer Center, University of Bergen, Norway; July 38,

Boolean Functions and their Applications, Selmer Center, University of Bergen, Norway; July 38,

Boolean Functions and their Applications, Selmer Center, University of Bergen, Norway; July 38, 2017 (Generalized) Boolean functions: invariance under some groups of transformations and differential properties Pantelimon (Pante) St anic

1.78k views • 37 slides
Algebra II Quadratic Functions 2014-10-14 www.njctl.org Slide 3 / 222 Table of Contents click

Algebra II Quadratic Functions 2014-10-14 www.njctl.org Slide 3 / 222 Table of Contents click

Slide 1 / 222 Slide 2 / 222 Algebra II Quadratic Functions 2014-10-14 www.njctl.org Slide 3 / 222 Table of Contents click on the topic to go Key Terms to that section Explain Characteristics of Quadratic Functions Combining

1.62k views • 122 slides

More recommend