extended generalized feistel networks using matrix
play

Extended Generalized Feistel Networks using Matrix Representation - PowerPoint PPT Presentation

Aug 28, 2022 •133 likes •448 views

Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example Extended Generalized Feistel Networks using Matrix Representation Thierry P. Berger 1 , Marine Minier 2 , Gal Thomas 1 1 XLIM

  1. Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example Extended Generalized Feistel Networks using Matrix Representation Thierry P. Berger 1 , Marine Minier 2 , Gaël Thomas 1 1 XLIM (UMR CNRS 7252), Université de Limoges 123 avenue Albert Thomas, 87060 Limoges Cedex thierry.berger@unilim.fr gael.thomas@unilim.fr 2 Université de Lyon, INRIA INSA-Lyon, CITI, F-69621, Villeurbanne marine.minier@insa-lyon.fr SAC 2013, August 15, 2013 This work was partially supported by the French National Agency of Research: ANR-11-INS-011. Thierry P. Berger, Marine Minier, Gaël Thomas Extended Generalized Feistel Networks using Matrix Rep. 1/24

  2. Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example Generalized Feistel Networks Introduced by Zheng, Matsumoto, and Imai at CRYPTO‘89 Splits the message into k ≥ 2 n -bit-long blocks Made of two consecutive layers: round-function layer and block-permutation layer Different flavors of GFNs, according to the round-function layer x 0 x 1 x 2 x 3 x 4 x 5 x 6 x 7 round-function layer F F F F permutation layer y 0 y 1 y 2 y 3 y 4 y 5 y 6 y 7 Pro: fitted for small scale implementation (Block size = Sbox size) Con: "diffusion" between blocks gets poorer as k grows Thierry P. Berger, Marine Minier, Gaël Thomas Extended Generalized Feistel Networks using Matrix Rep. 2/24

  3. Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example The Generalized Feistel Flavors x 0 x 1 x 2 x 3 x 0 x 1 x 2 x 3 x 0 x 1 x 2 x 3 F F F F F F y 0 y 1 y 2 y 3 y 0 y 1 y 2 y 3 y 0 y 1 y 2 y 3 Type-1 (CAST-256, Lesamnta) Type-2 (HIGHT, CLEFIA) Type-3 x 0 x 1 x 2 x 3 x 0 x 1 x 2 x 3 x 0 x 1 x 2 x 3 F F F F y 0 y 1 y 2 y 3 y 0 y 1 y 2 y 3 y 0 y 1 y 2 y 3 Source Heavy (RC2, SHA-1) Target Heavy (MARS) Nyberg’s Thierry P. Berger, Marine Minier, Gaël Thomas Extended Generalized Feistel Networks using Matrix Rep. 3/24

  4. Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example Table of Contents Full Diffusion Delay 1 Matrix of a Feistel Network 2 New Feistel Networks Proposals 3 An Efficient Example 4 Thierry P. Berger, Marine Minier, Gaël Thomas Extended Generalized Feistel Networks using Matrix Rep. 4/24

  5. Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example Full Diffusion Delay F F F F Introduced by Suzaki and Minematsu at FSE‘10 F F F F Minimum number of rounds d + for F F F F every inputs to influence every outputs Depends solely on the structure of the F F F F network, not on the round-functions used F F F F d − : similarly defined when performing F F F F decryption We consider encryption and decryption F F F F important, thus we look at: d = max ( d + , d − ) . F F F F Thierry P. Berger, Marine Minier, Gaël Thomas Extended Generalized Feistel Networks using Matrix Rep. 5/24

  6. Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example Graph Point of View x 6 x 0 x 1 x 2 x 3 x 4 x 5 x 6 x 7 x 5 x 7 F F F F F x 4 x 0 F F F x 3 x 1 y 0 y 1 y 2 y 3 y 4 y 5 y 6 y 7 x 2 Graph of a Feistel Network: obtained by folding outputs onto the corresponding inputs Represents the structure of the Network Full diffusion delay d + : smallest distance such that for all vertices couple ( u , v ) there exists a path of length d + going from u to v Thierry P. Berger, Marine Minier, Gaël Thomas Extended Generalized Feistel Networks using Matrix Rep. 6/24

  7. Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example Full Diffusion Delay of Generalized Feistel Networks x 0 x 1 x 2 x 3 x 0 x 1 x 2 x 3 x 0 x 1 x 2 x 3 F F F F F F y 0 y 1 y 2 y 3 y 0 y 1 y 2 y 3 y 0 y 1 y 2 y 3 Type-1 (CAST-256, Lesamnta) Type-2 (HIGHT, CLEFIA) Type-3 d = ( k − 1 ) 2 + 1 d = k d = k x 0 x 1 x 2 x 3 x 0 x 1 x 2 x 3 x 0 x 1 x 2 x 3 F F F F y 0 y 1 y 2 y 3 y 0 y 1 y 2 y 3 y 0 y 1 y 2 y 3 Source Heavy (RC2, SHA-1) Target Heavy (MARS) Nyberg’s d = k d = k d = k Thierry P. Berger, Marine Minier, Gaël Thomas Extended Generalized Feistel Networks using Matrix Rep. 7/24

  8. Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example An Improvement of Type-2 x 0 x 1 x 2 x 3 x 4 x 5 x 6 x 7 round-function layer F F F F permutation layer y 0 y 1 y 2 y 3 y 4 y 5 y 6 y 7 Proposed by Suzaki and Minematsu at FSE‘10 Idea: Replace the cyclic shift of the permutation layer by any block-wise permutation Includes Nyberg’s GFNs Full diffusion delay d goes from k to 2 log 2 k for optimum permutations x 0 x 1 x 2 x 3 x 4 x 5 x 6 x 7 F F F F y 0 y 1 y 2 y 3 y 4 y 5 y 6 y 7 Thierry P. Berger, Marine Minier, Gaël Thomas Extended Generalized Feistel Networks using Matrix Rep. 8/24

  9. Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example Improve Type-1, Type-3, Source-Heavy and Target-Heavy? x 0 x 1 x 2 x 3 x 0 x 1 x 2 x 3 x 0 x 1 x 2 x 3 x 0 x 1 x 2 x 3 F F F F F F y 0 y 1 y 2 y 3 y 0 y 1 y 2 y 3 y 0 y 1 y 2 y 3 y 0 y 1 y 2 y 3 Type-1 Type-3 Source Heavy Target Heavy Studied by Yanagihara and Iwata at IEICE Trans. 2013 Same idea as Suzaki and Minematsu: allow any block permutation P Source Heavy and Target-Heavy cannot be improved Full diffusion delay of Type-1 drops from ( k − 1 ) 2 + 1 to k ( k + 2 ) / 2 − 2 No general construction for Type-3 but found permutations with d ≤ 4 for k ≤ 8 Thierry P. Berger, Marine Minier, Gaël Thomas Extended Generalized Feistel Networks using Matrix Rep. 9/24

  10. Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example Matrix of a Feistel Network x 0 x 1 x 2 x 3 x 4 x 5 x 6 x 7 round-function layer F F F F permutation layer y 0 y 1 y 2 y 3 y 4 y 5 y 6 y 7 a GFN is made of a round-function layer and a permutation layer The permutation layer can be represented 1   1 by a permutation matrix P  1    1 P =   1     1    1  1 Thierry P. Berger, Marine Minier, Gaël Thomas Extended Generalized Feistel Networks using Matrix Rep. 10/24

  11. Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example Matrix of a Feistel Network x 0 x 1 x 2 x 3 x 4 x 5 x 6 x 7 round-function layer F F F F permutation layer y 0 y 1 y 2 y 3 y 4 y 5 y 6 y 7 a GFN is made of a round-function layer and a permutation layer The permutation layer can be represented 1   1 by a permutation matrix P  1    1 P =   1 Idea: Represent the round-function layer     1   by a matrix F with:  1  1 an all-one diagonal 1   a parameter F at position ( i , j ) when F 1  1  y P ( i ) = F ( x j ) ⊕ x i   F 1 F =    1    F is a formal parameter merely indicating F 1    1  the presence of a round-function F 1 Matrix of the whole GFN defined as M = P × F Thierry P. Berger, Marine Minier, Gaël Thomas Extended Generalized Feistel Networks using Matrix Rep. 10/24

  12. Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example Type-2 Feistel Network and its corresponding Matrix x 6 x 5 x 7 x 0 x 1 x 2 x 3 x 4 x 5 x 6 x 7 F F F F F F x 4 x 0 x 3 x 1 F y 0 y 1 y 2 y 3 y 4 y 5 y 6 y 7 F x 2 F 1 1 1       1 1 F 1 F 1 1 1             1 1 F 1       M = P = F =  F 1   1   1        1 1 F 1        F 1   1   1  1 1 F 1 M is the adjacency matrix of the graph associated to the GFN d + is the smallest integer such that M d + has no zero coefficient Thierry P. Berger, Marine Minier, Gaël Thomas Extended Generalized Feistel Networks using Matrix Rep. 11/24

  13. Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example Properties we require from GFNs GFNs transforms round-functions into a permutation, hence decryption mode matrix M − 1 should not contain any “ F − 1 ” ⇒ det ( M ) = ± 1. → verified for all classical GFNs GFNs are quasi-involutive: encryption/decryption is the same process up to using direct/inverse permutation layer P . → verified for all classical GFNs except Type-3 x 0 x 1 x 2 x 3 x 4 x 5 x 6 x 7 F F F F F F F y 0 y 1 y 2 y 3 y 4 y 5 y 6 y 7 Thierry P. Berger, Marine Minier, Gaël Thomas Extended Generalized Feistel Networks using Matrix Rep. 12/24

Recommend

Generalized Feistel Networks with Optimal Diffusion Lo Perrin DTU, Lyngby Inria, Paris

Generalized Feistel Networks with Optimal Diffusion Lo Perrin DTU, Lyngby Inria, Paris

Generalized Feistel Networks with Optimal Diffusion Lo Perrin DTU, Lyngby Inria, Paris Dagstuhl 2018 (seminar-18021) Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion In this talk

1.31k views • 52 slides
Improved Security Bounds for Generalized Feistel Networks Yaobin Shen 1 Chun Guo 2 Lei Wang 1 1

Improved Security Bounds for Generalized Feistel Networks Yaobin Shen 1 Chun Guo 2 Lei Wang 1 1

Feistel Networks Our Contributions Security Proofs Conclusion Improved Security Bounds for Generalized Feistel Networks Yaobin Shen 1 Chun Guo 2 Lei Wang 1 1 Shanghai Jiao Tong University 2 Shandong University November 13, FSE 2020 Yaobin

407 views • 22 slides
General Diffusion Analysis: How to Find Optimal Permutations for Generalized Type-II Feistel

General Diffusion Analysis: How to Find Optimal Permutations for Generalized Type-II Feistel

General Diffusion Analysis: How to Find Optimal Permutations for Generalized Type-II Feistel Schemes Victor Cauchois 1 , 2 , Clment Gomez 1 , Gal Thomas 1 1 DGA Maitrise de lInformation, Bruz, France 2 IRMAR, Universit de Rennes 1,

810 views • 68 slides
Differential Attacks on Generalized Feistel Schemes Val erie Nachef - Emmanuel Volte - Jacques

Differential Attacks on Generalized Feistel Schemes Val erie Nachef - Emmanuel Volte - Jacques

Differential Attacks on Generalized Feistel Schemes Val erie Nachef - Emmanuel Volte - Jacques Patarin CANS 2013 20 November 2013 Outline Introduction 1 State of the Art Our Contribution Definition of the schemes Attacks on Type-1

893 views • 45 slides
Core Models of Complex Networks Principles of Complex Systems Generalized random networks

Core Models of Complex Networks Principles of Complex Systems Generalized random networks

Core Models of Complex Networks Core Models of Complex Networks Principles of Complex Systems Generalized random networks CSYS/MATH 300, Spring, 2013 | #SpringPoCS2013 Small-world networks Main story Generalized affiliation networks

2.16k views • 99 slides
This reduces to a generalized eigenvalue problem, i.e. to finding generalized eigenvectors of

This reduces to a generalized eigenvalue problem, i.e. to finding generalized eigenvectors of

This reduces to a generalized eigenvalue problem, i.e. to finding generalized eigenvectors of the following form, with the lowest eigenvalues: Ly Dy This technique is called Laplacian Eigenmaps since the matrix L is

464 views • 27 slides
Generalized method of moments for an extended Gamma process Zeina Al Masry, Sophie Mercier,

Generalized method of moments for an extended Gamma process Zeina Al Masry, Sophie Mercier,

Generalized method of moments for an extended Gamma process Zeina Al Masry, Sophie Mercier, Ghislain Verdier Laboratoire de Mathmatiques et de leurs Applications Pau UMR CNRS 5142 Universit de Pau et des Pays de lAdour, Pau, France

835 views • 29 slides
The Kronig-Penney model extended to arbitrary potentials via numerical matrix mechanics Robert

The Kronig-Penney model extended to arbitrary potentials via numerical matrix mechanics Robert

The Kronig-Penney model extended to arbitrary potentials via numerical matrix mechanics Robert Pavelich, Frank Marsiglio University of Alberta June 15, 2015 Marsiglio (2009) introduced a matrix diagonalization method for solving 1D potentials

1.1k views • 29 slides
Extended and generalized weight enumerators Relinde Jurrius Ruud Pellikaan Eindhoven University

Extended and generalized weight enumerators Relinde Jurrius Ruud Pellikaan Eindhoven University

Extended and generalized weight enumerators Relinde Jurrius Ruud Pellikaan Eindhoven University of Technology, The Netherlands International Workshop on Coding and Cryptography, 2009 1/23 Outline Previous work Codes, weights and weight

484 views • 32 slides
This reduces to a generalized eigenvalue problem, i.e. to finding generalized eigenvectors of

This reduces to a generalized eigenvalue problem, i.e. to finding generalized eigenvectors of

This reduces to a generalized eigenvalue problem, i.e. to finding generalized eigenvectors of the following form, with the lowest eigenvalues: Ly Dy This technique is called Laplacian Eigenmaps since the matrix L is called

324 views • 20 slides
Generalized Matrix Factorizations as a Unifying Framework for Pattern Set Mining Complexity

Generalized Matrix Factorizations as a Unifying Framework for Pattern Set Mining Complexity

Generalized Matrix Factorizations as a Unifying Framework for Pattern Set Mining Complexity Beyond Blocks Pauli Miettinen 10 September 2015 Community detection A B C ( ) 1 1 1 0 1 A 2 1 1 1 0 1 1 3 A B C B ( ) ( ) 2

301 views • 18 slides
Generalized MPLS Signaling draft-ietf-mpls-generalized-signaling-05.txt

Generalized MPLS Signaling draft-ietf-mpls-generalized-signaling-05.txt

Generalized MPLS Signaling draft-ietf-mpls-generalized-signaling-05.txt draft-ietf-mpls-generalized-cr-ldp-04.txt draft-ietf-mpls-generalized-rsvp-te-04.txt Authors Authors Peter Ashwood-Smith (Nortel Networks Corp.) Ayan Banerjee

386 views • 7 slides
Integrable discrete-time dynamics, generalized exclusion processes and "fused" matrix

Integrable discrete-time dynamics, generalized exclusion processes and "fused" matrix

Physical motivations and framework Integrable discrete-time dynamics Generalized exclusion processes Integrable discrete-time dynamics, generalized exclusion processes and "fused" matrix ansatz Matthieu VANICAT University of

1.41k views • 124 slides
A D.C. Programming Approach to the Sparse Generalized Eigenvalue Problem Bharath K.

A D.C. Programming Approach to the Sparse Generalized Eigenvalue Problem Bharath K.

A D.C. Programming Approach to the Sparse Generalized Eigenvalue Problem Bharath K. Sriperumbudur, David A. Torres and Gert R. G. Lanckriet University of California, San Diego OPT 2009 Generalized Eigenvalue Problem Given a matrix pair, ( A , B

340 views • 19 slides
Matrix Product States for frustrated spin chains, lattices with an extended Hilbert space and

Matrix Product States for frustrated spin chains, lattices with an extended Hilbert space and

Matrix Product States for frustrated spin chains, lattices with an extended Hilbert space and constrained models in 1D Natalia Chepiga Swiss National Science Foundation University of Amsterdam, The Netherlands 23 July 2019 Natalia Chepiga

1.91k views • 143 slides
Generalized Single Phase Z-Source Matrix Converter S. H. Hosseini J. Nabati A.Mirlou Faculty

Generalized Single Phase Z-Source Matrix Converter S. H. Hosseini J. Nabati A.Mirlou Faculty

1 Generalized Single Phase Z-Source Matrix Converter S. H. Hosseini J. Nabati A.Mirlou Faculty of Electrical and Computer Engineering University of Tabriz, Tabriz, Iran IEEE 2011 Electrical Power and Energy Conference 2

1.23k views • 27 slides
Grbner Bases. Applications in Cryptology Description of the Cipher Families Feistel cipher:

Grbner Bases. Applications in Cryptology Description of the Cipher Families Feistel cipher:

Grbner - Crypto J.-C. Faugre Plan Grbner bases: properties Grbner Bases. Applications in Cryptology Description of the Cipher Families Feistel cipher: FLURRY Feistel cipher modelling Jean-Charles Faugre Algorithms Buchberger

694 views • 57 slides
Matrix Groups Vyas Krishnamurthy 1 Prelims The text works in three generalized spaces, R n , C n

Matrix Groups Vyas Krishnamurthy 1 Prelims The text works in three generalized spaces, R n , C n

Matrix Groups Vyas Krishnamurthy 1 Prelims The text works in three generalized spaces, R n , C n and H n . As usual R is the set of real numbers and R n is the set of n-tuples with real-valued entries and C n is similarly the set of n-tuples with

327 views • 4 slides
Neural Networks (and Gradient Ascent Again) Frank Wood April 27, 2010 Generalized Regression

Neural Networks (and Gradient Ascent Again) Frank Wood April 27, 2010 Generalized Regression

Neural Networks (and Gradient Ascent Again) Frank Wood April 27, 2010 Generalized Regression Until now we have focused on linear regression techniques. We generalized linear regression to include nonlinear functions of the inputs we called

1.21k views • 36 slides
Generalized Loopy 2U: A New Algorithm for Approximate Inference in Credal Networks Alessandro

Generalized Loopy 2U: A New Algorithm for Approximate Inference in Credal Networks Alessandro

Generalized Loopy 2U: A New Algorithm for Approximate Inference in Credal Networks Alessandro Antonucci, Marco Zaffalon, Sun Yi, Cassio de Campos IDSIA Lugano, Switzerland PGM 08 - Hirtshals September 19th, 2008 Imprecise probabilities

1.04k views • 75 slides
Based on Extended Krylov Subspace for Transient Simulation of Large-Scale Linear Circuits Wenhui

Based on Extended Krylov Subspace for Transient Simulation of Large-Scale Linear Circuits Wenhui

Efficient Matrix Exponential Method Based on Extended Krylov Subspace for Transient Simulation of Large-Scale Linear Circuits Wenhui Zhao University of Hong Kong 1 Outline Introduction Circuit Simulation Matrix Exponential

540 views • 26 slides
Building an IoT Platform with Matrix matthew@matrix.org http://www.matrix.org What is Matrix?

Building an IoT Platform with Matrix matthew@matrix.org http://www.matrix.org What is Matrix?

Building an IoT Platform with Matrix matthew@matrix.org http://www.matrix.org What is Matrix? An open decentralised conversation store and message bus. Why? To create a global communication meta-network that bridges all the existing

471 views • 22 slides
Community Discovery in Dynamic Networks via non-nega6ve matrix

Community Discovery in Dynamic Networks via non-nega6ve matrix

Community Discovery in Dynamic Networks via non-nega6ve matrix factoriza6on Niloufar Afsariardchi Supervisor: Mark Coates McGill University March 15,2011 1

291 views • 17 slides
Tolls for heterogeneous selfish users in multicommodity networks and generalized congestion games

Tolls for heterogeneous selfish users in multicommodity networks and generalized congestion games

Tolls for heterogeneous selfish users in multicommodity networks and generalized congestion games Lisa Fleischer Kamal Jain Mohammad Mahdian July 30, 2004 Abstract 1 Introduction We prove the existence of tolls to induce multicommod- We

321 views • 10 slides

More recommend