cryptographic properties and applications of bipermutive
play

Cryptographic Properties and Applications of Bipermutive Cellular - PowerPoint PPT Presentation

Dec 31, 2023 •261 likes •826 views

Cryptographic Properties and Applications of Bipermutive Cellular Automata Luca Mariot Dipartimento di Informatica, Sistemistica e Comunicazione, Universit degli Studi Milano - Bicocca, l.mariot@campus.unimib.it Nice, April 16, 2014 Luca

  1. Cryptographic Properties and Applications of Bipermutive Cellular Automata Luca Mariot Dipartimento di Informatica, Sistemistica e Comunicazione, Università degli Studi Milano - Bicocca, l.mariot@campus.unimib.it Nice, April 16, 2014 Luca Mariot Cryptographic Properties and Applications of Bipermutive Cellular Automata

  2. Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments Outline Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments Luca Mariot Cryptographic Properties and Applications of Bipermutive Cellular Automata

  3. Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments Outline Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments Luca Mariot Cryptographic Properties and Applications of Bipermutive Cellular Automata

  4. Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments One-Dimensional Cellular Automata Definition A finite boolean one-dimensional cellular automaton (CA) is a triple � n , r , f � where n ∈ N is the number of cells, r ∈ N is the radius and f : F 2 r + 1 → F 2 is a boolean function specifying the CA local rule. 2 ◮ During a single time step, a cell i updates its boolean state c i in parallel by computing f ( c i − r , ··· , c i , ··· , c i + r ) ◮ Periodic CA: Each cell updates its state, and the array of n cells is seen as a ring, with the first cell following the last one ◮ No Boundary CA: only the central cells i ∈ { r + 1 , ··· , n − r } update their states; the array shrinks by 2 r cells at each time step Luca Mariot Cryptographic Properties and Applications of Bipermutive Cellular Automata

  5. Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments Cryptographic Pseudorandom Numbers Generators ◮ Cryptography heavily relies upon the use of pseudorandom numbers, especially in the context of Vernam-like stream ciphers ◮ Cellular Automata provide an interesting framework to design Cryptographic PRNGs, for two reasons: ◮ Some CAs show a chaotic dynamic behaviour, which can be exploited to make cryptanalysis harder. ◮ CAs are massively parallel systems, and can be efficiently implemented in hardware (FPGA, etc.) ◮ The first CA-based cryptographic PRNG dates back to [Wolfram, 1986] Luca Mariot Cryptographic Properties and Applications of Bipermutive Cellular Automata

  6. Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments Wolfram’s PRNG ◮ Main idea: sample the trace of a particular cell in a CA equipped with the elementary rule 30 (radius r = 1) as a pseudorandom sequence, using a random initial configuration as seed Example with 16 cells CA, 8 th cell sampled. Wolfram suggested to use a CA having at least n = 127 cells ◮ Pseudorandom quality of the generated sequences assessed only by means of statistical tests Luca Mariot Cryptographic Properties and Applications of Bipermutive Cellular Automata

  7. Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments Statistical Tests and Cryptographic Properties ◮ Statistical testing is a necessary but not sufficient condition to verify the cryptographic robustness of a PRNG ◮ A failed test can be used to discard a bad generator: the null hypothesis H 0 “The generated numbers are random” is rejected ◮ On the other hand, a passed test cannot be used to prove the security of a generator ◮ There are several properties that a boolean function used in a cryptographic PRNG should satisfy, in order to resist to specific attacks Luca Mariot Cryptographic Properties and Applications of Bipermutive Cellular Automata

  8. Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments Mathematical Transforms of Boolean Functions Some cryptographic properties of a boolean function f : F m 2 → F 2 can be characterized through the following discrete transforms: ◮ Walsh transform: f ( x ) · ( − 1 ) ω · x , ∀ ω ∈ F m F ( ω ) = ∑ ˆ ˆ 2 x ∈ F m 2 ◮ Autocorrelation function: r ( s ) = ∑ ˆ f ( x ) · ˆ f ( x ⊕ s ) , ∀ s ∈ F m ˆ 2 x ∈ F m 2 where ˆ f ( x ) = ( − 1 ) f ( x ) , ˆ f ( x ⊕ s ) = ( − 1 ) f ( x ⊕ s ) and ω · x denotes the usual dot product on F m 2 between ω and x Luca Mariot Cryptographic Properties and Applications of Bipermutive Cellular Automata

  9. Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments Cryptographic Properties of Boolean Functions (1/2) Some important cryptographic properties for a boolean function f : ◮ Balancedness: The counterimages f − 1 ( 0 ) and f − 1 ( 1 ) have the same cardinality, 2 m − 1 . This is verified if and only if ˆ F ( 0 ) = 0 ◮ Algebraic Degree: The degree of the Algebraic Normal Form of f should be as high as possible. A boolean function with degree 1 is called affine or linear ◮ Nonlinearity: The Hamming distance of f from the set of affine functions should be as high as possible. It is computed as Nl ( f ) = 2 − 1 ( 2 m − W max ( f )) , where W max ( f ) is the maximum absolute value of ˆ F ( ω ) for all ω ∈ F m 2 Luca Mariot Cryptographic Properties and Applications of Bipermutive Cellular Automata

  10. Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments Cryptographic Properties of Boolean Functions (2/2) ◮ Resiliency: f is k -resilient if by fixing at most k variables the resulting restrictions are all balanced. This is verified if and only if ˆ F ( ω ) = 0 for all ω having Hamming weight at most k . ◮ Strict Avalanche Criterion: f satisfies the SAC if, by complementing a single input variable, the probability that the output changes is 1 / 2. ◮ Propagation Criterion: f satisfies PC ( l ) if for all vectors s ∈ F m 2 having Hamming weight at most l it results that ˆ r ( s ) = 0. The Strict Avalanche Criterion corresponds to PC ( 1 ) ◮ Absence of Linear Structures: there should be no nonzero vector s ∈ F m 2 such that f ( x ) f ( x ⊕ s ) is constant. This condition is r ( s ) | � = 2 m verified if and only if | ˆ Luca Mariot Cryptographic Properties and Applications of Bipermutive Cellular Automata

  11. Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments Cryptographic Properties of Elementary CA Rules ◮ The elementary rule 30 used by Wolfram is both balanced and nonlinear, but it is not 1-resilient. ◮ More generally, [Martin, 2008] showed that there are no elementary rules which are both nonlinear and 1-resilient ◮ CA-based PRNGs using nonlinear elementary rules are thus vulnerable to correlation attacks ◮ Consequence: necessity to explore the sets of rules having radii r > 1 to find good trade-offs between cryptographic properties and pseudorandom quality of the generated sequences Luca Mariot Cryptographic Properties and Applications of Bipermutive Cellular Automata

  12. Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments Outline Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments Luca Mariot Cryptographic Properties and Applications of Bipermutive Cellular Automata

  13. Introduction: Classic CA-based PRNGs Cryptographic Properties of Bipermutive CA Bipermutive CA-based Secret Sharing Scheme Conclusions and Future Developments Permutive and Bipermutive Functions Notation: by ( x , ˜ x { i } ) we denote the vector x , x i ,..., x m − 1 ) ∈ F m ( x , ˜ x { i } ) = ( x 1 ,..., x i − 1 , ˜ 2 , where x ∈ F m − 1 and ˜ x ∈ F 2 . 2 Definition 2 → F 2 is i -permutive if, for all x ∈ F m − 1 A boolean function f : F m , it 2 results that f ( x , 0 { i } ) � = f ( x , 1 { i } ) . Function f is called: ◮ leftmost (rightmost) permutive if it is 1-permutive ( m -permutive) ◮ bipermutive if it is both leftmost and rightmost permutive Luca Mariot Cryptographic Properties and Applications of Bipermutive Cellular Automata

Recommend

Symbolic verification of cryptographic protocols using Tamarin Part 3 : Security Properties and

Symbolic verification of cryptographic protocols using Tamarin Part 3 : Security Properties and

Symbolic verification of cryptographic protocols using Tamarin Part 3 : Security Properties and Algorithmic Verification David Basin ETH Zurich Summer School on Verification Technology, Systems & Applications Nancy France August 2018

1.23k views • 78 slides
Analysing privacy-type properties in cryptographic protocols Stphanie Delaune Univ Rennes,

Analysing privacy-type properties in cryptographic protocols Stphanie Delaune Univ Rennes,

Analysing privacy-type properties in cryptographic protocols Stphanie Delaune Univ Rennes, CNRS, IRISA, France Thursday, July 12th, 2018 Cryptographic protocols everywhere ! Cryptographic protocols small programs designed to secure

849 views • 80 slides
Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified Cryptographic Web Applications in WASM May. 22 st , 2019 1 / 22 in WebAssembly Jonathan Protzenko Microsoft Research Benjamin Beurdouche INRIA

1.5k views • 57 slides
Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Pascal LAFOURCADE

Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Pascal LAFOURCADE

Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Pascal LAFOURCADE , Vanessa Terrade & Sylvain Vigier Universit e Joseph

1.01k views • 49 slides
Randomness Properties of Cryptographic Hash Functions Micah A. Thornton Southern Methodist

Randomness Properties of Cryptographic Hash Functions Micah A. Thornton Southern Methodist

Introduction Methodology Results Conclusions Randomness Properties of Cryptographic Hash Functions Micah A. Thornton Southern Methodist University Bobby B. Lyle School of Engineering August 8, 2017 Micah A. Thornton Randomness Properties of

886 views • 40 slides
Cryptographic applications of codes in rank metric Pierre Loidreau CELAr and Universit e de

Cryptographic applications of codes in rank metric Pierre Loidreau CELAr and Universit e de

Cryptographic applications of codes in rank metric Cryptographic applications of codes in rank metric Pierre Loidreau CELAr and Universit e de Rennes Pierre.Loidreau@m4x.org June 16th, 2009 Cryptographic applications of codes in rank

498 views • 33 slides
Cryptographic Reductions: Classification and Applications to Ideal Models Paul Baecher

Cryptographic Reductions: Classification and Applications to Ideal Models Paul Baecher

Cryptographic Reductions: Classification and Applications to Ideal Models Paul Baecher Cryptographic Reductions: Classification and Applications to Ideal Models Paul Baecher Three Ways to Argue for Cryptographic Security Cryptanalysis

933 views • 75 slides
Arithmetic operators on GF ( 2 m ) for cryptographic applications: performance - power

Arithmetic operators on GF ( 2 m ) for cryptographic applications: performance - power

Introduction Arithmetic in GF ( 2 m ) Summary - results, comments, future prospects Arithmetic operators on GF ( 2 m ) for cryptographic applications: performance - power consumption - security tradeoffs Danuta Pamua 17th December 2012

695 views • 32 slides
Optimal Cryptographic Functions Lilya Budaghyan Selmer Center University of Bergen Norway

Optimal Cryptographic Functions Lilya Budaghyan Selmer Center University of Bergen Norway

Preliminaries Equivalence Relations of Functions APN Polynomial Constructions, Their Applications and Properties Optimal Cryptographic Functions Lilya Budaghyan Selmer Center University of Bergen Norway Finse Winter School 2019 May 10, 2019

1.41k views • 79 slides
Enumerating Orthogonal Latin Squares Generated by Bipermutive CA Luca Mariot 1 , 2 , Enrico

Enumerating Orthogonal Latin Squares Generated by Bipermutive CA Luca Mariot 1 , 2 , Enrico

Enumerating Orthogonal Latin Squares Generated by Bipermutive CA Luca Mariot 1 , 2 , Enrico Formenti 2 , Alberto Leporati 1 1 Dipartimento di Informatica, Sistemistica e Comunicazione (DISCo) Universit degli Studi Milano - Bicocca 2 Laboratoire

380 views • 21 slides
On the Periods of Spatially Periodic Preimages in Linear Bipermutive CA Automata 2015 - June 8-10

On the Periods of Spatially Periodic Preimages in Linear Bipermutive CA Automata 2015 - June 8-10

On the Periods of Spatially Periodic Preimages in Linear Bipermutive CA Automata 2015 - June 8-10 - Turku Luca Mariot, Alberto Leporati Dipartimento di Informatica, Sistemistica e Comunicazione Universit degli Studi Milano - Bicocca

372 views • 22 slides
Theoretical Background on Cryptographic Primitives Bogdan Groza This material intends to be a

Theoretical Background on Cryptographic Primitives Bogdan Groza This material intends to be a

Theoretical Background on Cryptographic Primitives Bogdan Groza This material intends to be a brief introduction to symmetric and asymmetric cryptographic primitives, pointing out some relevant design principles and security properties.

532 views • 26 slides
Sharing Secrets by Computing Preimages of Bipermutive CA ACRI 2014 - September 22-25 - Krakow

Sharing Secrets by Computing Preimages of Bipermutive CA ACRI 2014 - September 22-25 - Krakow

Sharing Secrets by Computing Preimages of Bipermutive CA ACRI 2014 - September 22-25 - Krakow Luca Mariot, Alberto Leporati Dipartimento di Informatica, Sistemistica e Comunicazione Universit degli Studi Milano - Bicocca

654 views • 38 slides
CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools Cryptographic Tools Cryptographic algorithms important element in security services Review various types of elements symmetric encryption secure

1.27k views • 23 slides
Cryptographic Tools for Privacy, Compliance & Efficiency in Blockchain Applications Fernando

Cryptographic Tools for Privacy, Compliance & Efficiency in Blockchain Applications Fernando

Cryptographic Tools for Privacy, Compliance & Efficiency in Blockchain Applications Fernando Krell, PhD Columbia U. Lead Cryptography Engineer, Findora Public-Ledgers/Blockchains R 1:... R 2:... R 3:... R 4:... ... Append only Database

359 views • 34 slides
Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim Kobeissi PROSECCO: Pro gramming Sec urely with C rypt o graphy. Team at INRIA Paris specializing in applied cryptography and formal verification.

357 views • 14 slides
1-Resiliency of Bipermutive CA Rules AUTOMATA 2013 - September 17-19 - Giessen Alberto Leporati,

1-Resiliency of Bipermutive CA Rules AUTOMATA 2013 - September 17-19 - Giessen Alberto Leporati,

1-Resiliency of Bipermutive CA Rules AUTOMATA 2013 - September 17-19 - Giessen Alberto Leporati, Luca Mariot Dipartimento di Informatica, Sistemistica e Comunicazione, Universit degli Studi Milano - Bicocca, Viale Sarca 336/14, 20124 Milano,

813 views • 24 slides
Cryptographic Hash Functions Cryptographic Hash Functions and their many applications and their

Cryptographic Hash Functions Cryptographic Hash Functions and their many applications and their

Cryptographic Hash Functions Cryptographic Hash Functions and their many applications and their many applications Shai Halevi IBM Research IBM Research Shai Halevi USENIX Security USENIX Security August 2009 August 2009

665 views • 55 slides
Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction to cryptographic protocols communication (various security goals) Bruno Blanchet use cryptographic primitives (e.g. encryption, hash function,

451 views • 14 slides
Future Cryptographic Requirements from Mobile Applications Chris Mitchell, Kenny Paterson and

Future Cryptographic Requirements from Mobile Applications Chris Mitchell, Kenny Paterson and

Future Cryptographic Requirements from Mobile Applications Chris Mitchell, Kenny Paterson and Vaia Sdralia Information Security Group, Royal Holloway, University of London, Egham, Surrey, TW20 0EX, UK. Some Trends in Mobile Telecoms >

460 views • 5 slides
Summary Security: Applications & Aspects Part I Cryptographic Features Introduction

Summary Security: Applications & Aspects Part I Cryptographic Features Introduction

Summary Security: Applications & Aspects Part I Cryptographic Features Introduction Software vs Hardware Support Hardware Acceleration Solutions Processor Extensions for Security Basic Cyphering Part II Symmetric vs Asymmetric

1.14k views • 21 slides
Cryptographic Logical Relations What is the contextual equivalence for cryptographic

Cryptographic Logical Relations What is the contextual equivalence for cryptographic

Cryptographic Logical Relations What is the contextual equivalence for cryptographic protocols and how to prove it? Yu ZHANG Including joint work with J. Goubault-Larrecq, D. Nowak and S. Lasota EVEREST, INRIA Sophia-Antipolis February

487 views • 37 slides
Open problems in the design of cryptographic applications based on Cellular Automata Luca Mariot

Open problems in the design of cryptographic applications based on Cellular Automata Luca Mariot

University of Milano-Bicocca Department of Informatics, Systems and Communications Open problems in the design of cryptographic applications based on Cellular Automata Luca Mariot luca.mariot@disco.unimib.it Delft June 19, 2018 Context

329 views • 21 slides
Codes with locality: constructions and applications to cryptographic protocols Julien Lavauzelle

Codes with locality: constructions and applications to cryptographic protocols Julien Lavauzelle

Codes with locality: constructions and applications to cryptographic protocols Julien Lavauzelle cole Polytechnique & INRIA Saclay, Universit Paris-Saclay PhD defense 30/11/2018 Outline 1. Codes with locality Locality in coding

1.54k views • 104 slides

More recommend