exponential s boxes a link between the s boxes of belt
play

Exponential S-Boxes: a Link Between the S-Boxes of BelT and - PowerPoint PPT Presentation

Jan 31, 2023 •553 likes •1.14k views

Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog Lo Perrin 1 , Aleksei Udovenko 1 1 SnT, University of Luxembourg https://www.cryptolux.org March 6, 2017 Fast Sofware Encryption 2017 Introduction S-Box Design

  1. Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog Léo Perrin 1 , Aleksei Udovenko 1 1 SnT, University of Luxembourg https://www.cryptolux.org March 6, 2017 Fast Sofware Encryption 2017

  2. Introduction S-Box Design Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 1 / 22

  3. Introduction S-Box Design Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 1 / 22

  4. Introduction S-Box Design AES → ← Whirlpool ← Scream Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 1 / 22

  5. Introduction S-Box Reverse-Engineering ? Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 2 / 22

  6. Introduction Results on Kuznyechik/Streebog π Feistel-like Exponential-like Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 3 / 22

  7. Introduction Results on Kuznyechik/Streebog π Feistel-like Exponential-like Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 3 / 22

  8. Talk Outline Outline 1 Introduction 2 Reminder About π A Detour Through Belarus 3 New Decompositions of π 4 Conclusion 5 Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 4 / 22

  9. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion Plan Introduction 1 Reminder About π 2 Previous Decomposition of π How Was It Found? A Detour Through Belarus 3 4 New Decompositions of π 5 Conclusion Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 4 / 22

  10. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion A First Decomposition of π α From Eurocrypt’16 ⊙ I α , ω : linear 8-bit permutations ν 0 ν 1 ν 0 , ν 1 , σ : 4-bit permutations ϕ : 4-bit function ( ϕ ( x ) � 0) ⊙ ϕ I multiplicative inverse in F 16 σ ⊙ multiplication in F 16 ω Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 5 / 22

  11. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion How was it found? Decomposition Procedure Overview 1 Identify paterns in LAT; Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 6 / 22

  12. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion How was it found? Decomposition Procedure Overview µ 1 Identify paterns in LAT; 2 Deduce linear layers µ , η such that T π is decomposed as in right picture; U η Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 6 / 22

  13. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion How was it found? Decomposition Procedure Overview µ 1 Identify paterns in LAT; 2 Deduce linear layers µ , η such that T π is decomposed as in right picture; U 3 Decompose U , T ; η Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 6 / 22

  14. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion How was it found? Decomposition Procedure Overview µ 1 Identify paterns in LAT; 2 Deduce linear layers µ , η such that T π is decomposed as in right picture; U 3 Decompose U , T ; 4 Put it all together. η Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 6 / 22

  15. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion Pollock to the Rescue Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 7 / 22

  16. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion Pollock to the Rescue Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 7 / 22

  17. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion What the Lines Mean ✸✵ ✷✺ ❱❛r✐❛♥❝❡ ✷✵ ✶✺ ✶✵ ✺ ✵ ✺✵ ✶✵✵ ✶✺✵ ✷✵✵ ✷✺✵ ❈♦❧✉♠♥ ✐♥❞❡① Variance of the absolute value of the coefficients in each column of the LAT of π . Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 8 / 22

  18. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion Plan Introduction 1 Reminder About π 2 A Detour Through Belarus 3 Qick Overview of BelT Paterns in the LAT of H The Actual Structure of H New Decompositions of π 4 Conclusion 5 Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 8 / 22

  19. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion Round Function of BelT a c b d K 7 i − 6 K 7 i − 5 G 5 G 21 ⊕ ⊕ ⊞ ⊞ K 7 i − 4 G 13 H K 7 i − 3 ⊟ ⊞ ⊞ G 21 H ≪ r ⊕ K 7 i − 2 ⊞ ⊟ G 13 ⊞ ⊞ H i K 7 i − 1 K 7 i G 21 ⊕ ⊕ G 5 ⊞ ⊞ H The 32-bit function G r . The round function of BelT. Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 9 / 22

  20. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion Properties of H DDT LAT max(DDT) = 8 Algebraic degree 7 (all max(LAT) = 26 coordinates) P [ random ] ≤ 2 − 122 Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 10 / 22

  21. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion Structure of H (1/3) Is H structured? Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 11 / 22

  22. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion Structure of H (1/3) Is H structured? Yes! Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 11 / 22

  23. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion LAT Row Variance ✸✵ ✷✺ ❱❛r✐❛♥❝❡ ✷✵ ✶✺ ✶✵ ✺ ✵ ✺✵ ✶✵✵ ✶✺✵ ✷✵✵ ✷✺✵ ▲✐♥❡ ✐♥❞❡① Variance of the absolute value of the coefficients in each row of the LAT of H . Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 12 / 22

  24. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion The Actual Structure The BelT S-Box Construction (translated) The look-up tables of the S-Box coordinate functions were chosen as different segments of length 255 of different linear recurrences defined by the irreducible polynomial p ( λ ) : p ( λ ) = λ 8 + λ 6 + λ 5 + λ 2 + 1 . Additionally, a zero element was inserted in a fixed position of each segment. 1 http://eprint.iacr.org/2004/024 Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 13 / 22

  25. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion The Actual Structure The BelT S-Box Construction (translated) The look-up tables of the S-Box coordinate functions were chosen as different segments of length 255 of different linear recurrences defined by the irreducible polynomial p ( λ ) : p ( λ ) = λ 8 + λ 6 + λ 5 + λ 2 + 1 . Additionally, a zero element was inserted in a fixed position of each segment. Equivalent Pseudo-Exponential Representation S : = [ w i , i < z ] + [ 0 ] + [ w i , z ≤ i ] Exponential (case z = 0) studied in [AA04] 1 1 http://eprint.iacr.org/2004/024 Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 13 / 22

  26. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion Properties of (Pseudo-)Exponentials Exponential ( z = 0) Pseudo-Exponential ( z � 0) � Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 14 / 22

  27. Introduction Reminder About π A Detour Through Belarus New Decompositions of π Conclusion Properties of (Pseudo-)Exponentials Exponential ( z = 0) Pseudo-Exponential ( z � 0) � “Exponential” definition inconsistent in literature... z = 0? z = 255? Léo Perrin, Aleksei Udovenko Exponential S-Boxes: a Link Between the S-Boxes of BelT and Kuznyechik/Streebog 14 / 22

Recommend

BOXES BOXES PRESENTATION POP-UP GIFT CARD BOXES Boxes are made from recycled board. IMPRINT ME!

BOXES BOXES PRESENTATION POP-UP GIFT CARD BOXES Boxes are made from recycled board. IMPRINT ME!

BOXES BOXES PRESENTATION POP-UP GIFT CARD BOXES Boxes are made from recycled board. IMPRINT ME! Custom minimum 500. U.S. Patent #8.47 Standard hot stamping costs do not apply. Call for quote. *Lime Ice and Pearl Pillows cannot be hot

440 views • 4 slides
Interaction guidelines Dr. Karim Bouzoubaa Outline Control devices buttons, check boxes,

Interaction guidelines Dr. Karim Bouzoubaa Outline Control devices buttons, check boxes,

Interaction guidelines Dr. Karim Bouzoubaa Outline Control devices buttons, check boxes, list boxes, sliders, Forms Dialog boxes Menus Messages Color Icons and tool bars Metaphors On-line help Browsing

402 views • 26 slides
Long-term population monitoring of American Kestrels in Saskatchewan, using nest boxes. Jared

Long-term population monitoring of American Kestrels in Saskatchewan, using nest boxes. Jared

Long-term population monitoring of American Kestrels in Saskatchewan, using nest boxes. Jared Clarke @jaredclarke5 Getting started 2007 put up 2 boxes around Regina both were occupied! 2008 put up 14 boxes 8 were

734 views • 17 slides
Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about

Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about

Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about digital signatures... A Tale of Two Boxes A Tale of Two Boxes Much of today s applied cryptography works with two magic boxes A Tale of Two Boxes

1.37k views • 120 slides
Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about

Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about

Hash Functions Hash Functions Lecture 10 Hash Functions Lecture 10 Before we talk about digital signatures... A Tale of Two Boxes A Tale of Two Boxes Much of today s applied cryptography works with two magic boxes A Tale of Two Boxes

1.68k views • 129 slides
Can you put the balls in boxes so that no box has more than one ball? Where do these go? No. You

Can you put the balls in boxes so that no box has more than one ball? Where do these go? No. You

Warmup Annoucements: PA2 due tonight Can you put the balls in boxes so that no box has more than one ball? Where do these go? No. You cannot put more things in than there are positions. Mathematicians call this the &quot;pigeonhole

376 views • 12 slides
Noodles/Mash in boxes 110g BIG LUNCH Noodles with chicken: Boxes per carton: Mashed potatoes with

Noodles/Mash in boxes 110g BIG LUNCH Noodles with chicken: Boxes per carton: Mashed potatoes with

Instant food products of Russian manufacturer Noodles/Mash in boxes 110g BIG LUNCH Noodles with chicken: Boxes per carton: Mashed potatoes with chicken 24 Inside the box: Inside the box: a sachet with meat preserves a meat preserves

511 views • 20 slides
Typically represent objects by bounding boxes. People have tried Goal rotated bounding boxes

Typically represent objects by bounding boxes. People have tried Goal rotated bounding boxes

Lecture 6: Introduction to Detection Jonathan Krause Fei-Fei Li, Jonathan Krause Lecture 6 - 1 Typically represent objects by bounding boxes. People have tried Goal rotated bounding boxes before. Locate objects in images Fei-Fei Li,

515 views • 24 slides
EMC KIT BOXES COVERS 4 EMC KIT BOXES Frequency Range 5 FOCUS ON HCC Kit Box 6

EMC KIT BOXES COVERS 4 EMC KIT BOXES Frequency Range 5 FOCUS ON HCC Kit Box 6

EMC KIT BOXES COVERS 4 EMC KIT BOXES Frequency Range 5 FOCUS ON HCC Kit Box 6 FOCUS ON NCC Kit Box 7 NCC STANDARD FERRITE CHOKES NCC Vs Ferrite CMC 8 STANDARD FERRITE CHOKES NCC NCC Vs Ferrite CMC 9 EMI KIT BOXES

400 views • 11 slides
C O M P A N Y P R O F I L E The main product ...are switchboard boxes for : 1) railway vehicles

C O M P A N Y P R O F I L E The main product ...are switchboard boxes for : 1) railway vehicles

The Koramex deals with welding construction and production of switchboard boxes. Koramex a.s. is supplier of machine parts and units for important companies in the Czech republic and abroad. Our company aims to realize orders in high quality,

216 views • 8 slides
Black Boxes Boxes: : Making Making Ends Ends Meet Meet Black in Data Driven Driven

Black Boxes Boxes: : Making Making Ends Ends Meet Meet Black in Data Driven Driven

Black Boxes Boxes: : Making Making Ends Ends Meet Meet Black in Data Driven Driven Networking Networking in Data Sasu Tarkoma Helsinki University of Technology and Helsinki Institute for Information Technology Dirk Trossen BT Research

296 views • 8 slides
Faster Ray y Tracing Using Adaptive Grids Krzysztof S. Klimaszewski Thomas W. Sederberg

Faster Ray y Tracing Using Adaptive Grids Krzysztof S. Klimaszewski Thomas W. Sederberg

Faster Ray y Tracing Using Adaptive Grids Krzysztof S. Klimaszewski Thomas W. Sederberg Preprocess ssing Steps FOR all object surround object with bounding box FOR all bounding boxes merge boxes FOR all remaining bounding boxes apply

250 views • 8 slides
Mazda Systems Presentation Mazda Quote Fill in information from the drop down boxes. When

Mazda Systems Presentation Mazda Quote Fill in information from the drop down boxes. When

Mazda Systems Presentation Mazda Quote Fill in information from the drop down boxes. When field is in light yellow its optional. Fill in information from client and use drop down boxes to select correct information where necessary.

292 views • 25 slides
International Containerboard Conference Whats going to happen to all of those boxes?

International Containerboard Conference Whats going to happen to all of those boxes?

International Containerboard Conference Whats going to happen to all of those boxes? Rachel Kenyon Fibre Box Association (FBA) 1 E ver y c ouple of weeks Can you give me the data that shows the spike in box shipments due to e

478 views • 19 slides
Dynamic Collision Detection using Oriented Bounding Boxes David Eberly Magic Software 6006

Dynamic Collision Detection using Oriented Bounding Boxes David Eberly Magic Software 6006

Dynamic Collision Detection using Oriented Bounding Boxes David Eberly Magic Software 6006 Meadow Run Court Chapel Hill, NC 27516 eberly@magic-software.com 1 Contents 1 Introduction 4 2 Oriented Bounding Boxes 6 2.1 Separation of OBBs

838 views • 48 slides
PROPOSAL FOR NEW EXTERIOR WINDOW DETAILS, AWNINGS &amp; WINDOW BOXES 137 WEST 11TH STREET

PROPOSAL FOR NEW EXTERIOR WINDOW DETAILS, AWNINGS &amp; WINDOW BOXES 137 WEST 11TH STREET

PROPOSAL FOR NEW EXTERIOR WINDOW DETAILS, AWNINGS &amp; WINDOW BOXES 137 WEST 11TH STREET PRESENTATION TO: LANDMARKS PRESERVATION COMMISSION 29 OCTOBER, 2019 AWNINGS &amp; WINDOW BOXES 137 W. 11TH STREET NEW YORK, NY LPC BOARD PRESENTATION

404 views • 5 slides
Algebraic Immunity of S-boxes and Augmented Functions Simon Fischer and Willi Meier S. Fischer

Algebraic Immunity of S-boxes and Augmented Functions Simon Fischer and Willi Meier S. Fischer

Algebraic Immunity of S-boxes and Augmented Functions Simon Fischer and Willi Meier S. Fischer and W. Meier AI of Sbox and AF 1 / 23 Outline 1 Algebraic Properties of S-boxes 2 Augmented Functions 3 Application 1: Filter Generators 4

2.24k views • 24 slides
Higher-Order Masking Schemes for S-boxes Matthieu Rivain Joint work with C. Carlet, L. Goubin,

Higher-Order Masking Schemes for S-boxes Matthieu Rivain Joint work with C. Carlet, L. Goubin,

Higher-Order Masking Schemes for S-boxes Matthieu Rivain Joint work with C. Carlet, L. Goubin, E. Prouff and M. Quisquater FSE 2012 Washington DC, 21st March 2012 Higher-Order Masking Schemes for S-boxes Outline 1 Introduction 2

1.33k views • 98 slides
SoK: P a Platform for Evaluation, Implementation, and Generation of S-boxes

SoK: P a Platform for Evaluation, Implementation, and Generation of S-boxes

SoK: P a Platform for Evaluation, Implementation, and Generation of S-boxes Zhenzhen Bao Jian Guo San Ling Yu Sasaki FSE 2019 March 27, 2019 @ Paris, France 1/67 Outline Introduction On Security On Implementation

1.13k views • 67 slides
QuickCheck 11.11 The two boxes are on a frictionless surface. They had been sitting together at

QuickCheck 11.11 The two boxes are on a frictionless surface. They had been sitting together at

QuickCheck 11.11 The two boxes are on a frictionless surface. They had been sitting together at rest, but an explosion between them has just pushed them apart. How fast is the 2 kg box going? A. 1 m/s B. 2 m/s C. 4 m/s D. 8 m/s

834 views • 4 slides
in the boxes on the cabinet for Shoes for the Shoeless SHILOH CHURCH WELCOME HOME KIT 80% of

in the boxes on the cabinet for Shoes for the Shoeless SHILOH CHURCH WELCOME HOME KIT 80% of

Put them in the boxes on the cabinet for Shoes for the Shoeless SHILOH CHURCH WELCOME HOME KIT 80% of Dayton tornado victims here are renters, and most of them uninsured. These kits will go to families of modest means who lost everything as

432 views • 32 slides
Congratulations On a job well done! The Habitat House is complete Put them in the boxes on

Congratulations On a job well done! The Habitat House is complete Put them in the boxes on

Congratulations On a job well done! The Habitat House is complete Put them in the boxes on the cabinet Beginning next week Beginning next week for Shoes for the Shoeless August 25 10:30 Annual Picnic Fort St. Clair Small cabin

601 views • 34 slides
Generalized Polynomial Decomposition for S-boxes with Application to Side-Channel Countermeasures

Generalized Polynomial Decomposition for S-boxes with Application to Side-Channel Countermeasures

Generalized Polynomial Decomposition for S-boxes with Application to Side-Channel Countermeasures Dahmun Goudarzi, Matthieu Rivain, Srinivas Vivek, and Damien Vergnaud Background 2 Secure Software S-box Implementations Higher-Order

636 views • 25 slides
Projects, fallacies, behaviours, and complications, opening boxes, standing on shoulders (and

Projects, fallacies, behaviours, and complications, opening boxes, standing on shoulders (and

Projects, fallacies, behaviours, and complications, opening boxes, standing on shoulders (and toes), and still believing in making a difference. Dr Harvey Maylor, Senior Fellow in Management Practice, Sad Business School, University of

908 views • 34 slides

More recommend