generalized feistel networks with optimal diffusion
play

Generalized Feistel Networks with Optimal Diffusion Lo Perrin DTU, - PowerPoint PPT Presentation

Sep 16, 2022 •768 likes •1.31k views

Generalized Feistel Networks with Optimal Diffusion Lo Perrin DTU, Lyngby Inria, Paris Dagstuhl 2018 (seminar-18021) Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion In this talk

  1. Generalized Feistel Networks with Optimal Diffusion Léo Perrin DTU, Lyngby Inria, Paris Dagstuhl 2018 (seminar-18021)

  2. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion In this talk A new type of generalized Feistel Networks Linear layer design Wide block cipher/sponge permutation blueprint Fibonnaci numbers! 1 / 20

  3. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Outline 1 Introduction Observations on GFNs 2 Multi-Rotating Feistel Network (MRFN) 3 Possible Applications 4 Conclusion 5 1 / 20

  4. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion First GFN Source: Generalized Feistel networks , K. Nyberg (1996) 2 / 20

  5. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Basic GFN Source: Generalized Feistel networks revisited , A. Bogdanov, K. Shibutani (2013) 3 / 20

  6. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Improved GFN Source: TWINE: A Lightweight, Versatile Block Cipher , T. Suzaki, K. Minematsu, S. Morioka, and E. Kobayashi 4 / 20

  7. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Diffusion in Generalized Feistel networks How long does it take for each input word to influence each output word? The state consists of 2 b branches. 5 / 20

  8. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Diffusion in Generalized Feistel networks How long does it take for each input word to influence each output word? The state consists of 2 b branches. Nyberg/Type-II GFN: ≈ 2 b rounds 5 / 20

  9. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Diffusion in Generalized Feistel networks How long does it take for each input word to influence each output word? The state consists of 2 b branches. Nyberg/Type-II GFN: TWINE-like GFN: ≈ 2 log 2 ( b ) rounds ≈ 2 b rounds 5 / 20

  10. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion General Vue X i X i X i X i X i X i X i X i 0 1 2 3 4 5 6 7 f ⊕ f ⊕ f ⊕ f ⊕ π Optimal Diffusion The best we can achieve is for X 0 0 to influence ϕ i + 2 branches at round i , where ϕ 0 = 0 , ϕ 1 = 1 , ϕ i + 2 = ϕ i + 1 + ϕ i . 6 / 20

  11. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Diffusion in GFNs b 8 16 32 64 128 .. 2048 Nyberg Type-II/Nyberg 16 32 64 128 256 4096 TWINE-like 6 8 10 12 14 22 Optimal 6 8 9 11 12 18 Number of rounds for full diffusion. 7 / 20

  12. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Can we reach the Fibonacci-based bound? Can we have an easy to implement π ? 8 / 20

  13. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Can we reach the Fibonacci-based bound? Can we have an easy to implement π ? Yes (for both) 8 / 20

  14. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Outline 1 Introduction Observations on GFNs 2 Multi-Rotating Feistel Network (MRFN) 3 Possible Applications 4 Conclusion 5 8 / 20

  15. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion General Structure Number of branches: 2 b Number of rounds: r w -bit permutations f i j ( i < r , j < b ) Sequence s i of rotations of b words. The round i of a MRFN with b = 4 and s i = 1 is: f i 0 f i 1 f i 2 f i 3 9 / 20

  16. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Some Observations Both a Feistel network and a GFN π is very simple (1 word-wise rotation per round) Round function depends on the round index. Interesting case: s i = ϕ i . 10 / 20

  17. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Some Observations Both a Feistel network and a GFN π is very simple (1 word-wise rotation per round) Round function depends on the round index. Interesting case: s i = ϕ i . Fibonacci Case A MRFN with s i = ϕ i has optimal diffusion. 10 / 20

  18. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Fibonacci Case At round 0, X 0 0 has touched the first ϕ 1 = 1 branches of one side. ϕ i + 1 ϕ i X i X i − 1 ϕ i ϕ i + ϕ i + 1 F i ⊕ ϕ i + 2 ϕ i + 1 X i + 1 X i 11 / 20

  19. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Example with 12 branches ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ϕ 0 = 0 ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ϕ 1 = 1 ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ϕ 2 = 1 ⊕ ⊕ ⊕ ⊕ ⊕ ⊕ ϕ 3 = 2 ⊕ ⊕ ⊕ ϕ 4 = 3 ⊕ ⊕ ⊕ 12 / 20

  20. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Implementation b b w VRound function operating on 2 bw bit internal state. 13 / 20

  21. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Implementation b b w 1. copy 13 / 20

  22. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Implementation b b w f i f i f i f i f i f i f i f i f i f i 1 2 3 4 5 6 7 8 9 10 2. parallel layer of f i 2. parallel layer of f i 2. parallel layer of f i 2. parallel layer of f i 2. parallel layer of f i 2. parallel layer of f i 2. parallel layer of f i 2. parallel layer of f i 2. parallel layer of f i 2. parallel layer of f i 13 / 20

  23. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Implementation b b w ≪ s i ≪ s i ≪ s i 3. rotations 3. rotations 3. rotations 13 / 20

  24. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Implementation b b ⊕ w ⊕ ⊕ 4. XOR 4. XOR 4. XOR 13 / 20

  25. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Implementation b b w 5. swap 13 / 20

  26. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Implementation b b w 6. finished! 13 / 20

  27. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Some Observations s i and s i + ( − ℓ ) i mod b are equivalent if gcd ( s i , b ) � 1 for all i , no full diffusion! Importance of the choice of { s i } i ≥ 0 14 / 20

  28. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Security If s i = ϕ i , then full diffusion in ≈ Λ( n ) rounds, where Λ( x ) = i if ϕ i − 1 < x ≤ ϕ i (optimal). If s 2 i = 0 and i 2 i + 1 = 2 i , then full diffusion in ≈ 2 log 2 ( n ) rounds (like TWINE). Both are quickly safe from miss-in-the-middle based impossible differential atacks and MitM! 15 / 20

  29. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Security If s i = ϕ i , then full diffusion in ≈ Λ( n ) rounds, where Λ( x ) = i if ϕ i − 1 < x ≤ ϕ i (optimal). If s 2 i = 0 and i 2 i + 1 = 2 i , then full diffusion in ≈ 2 log 2 ( n ) rounds (like TWINE). Both are quickly safe from miss-in-the-middle based impossible differential atacks and MitM! When s i = ϕ i , bad truncated differential with 2 active S-Boxes/round. 15 / 20

  30. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Security If s i = ϕ i , then full diffusion in ≈ Λ( n ) rounds, where Λ( x ) = i if ϕ i − 1 < x ≤ ϕ i (optimal). If s 2 i = 0 and i 2 i + 1 = 2 i , then full diffusion in ≈ 2 log 2 ( n ) rounds (like TWINE). Both are quickly safe from miss-in-the-middle based impossible differential atacks and MitM! When s i = ϕ i , bad truncated differential with 2 active S-Boxes/round. Open Problem 1 Differential/Linear bound? Open Problem 2 Choice of { s i } i ≥ 0 ? 15 / 20

  31. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion Outline 1 Introduction Observations on GFNs 2 Multi-Rotating Feistel Network (MRFN) 3 Possible Applications 4 Conclusion 5 15 / 20

  32. Introduction Observations on GFNs Multi-Rotating Feistel Network (MRFN) Possible Applications Conclusion GFN-based Linear Layers Use linear { f i } i ≥ 0 ; s i = ϕ i n -bit block divided into 2 b branches of w bits uses: w 2 × b × 2 log 2 ( b ) XORs . 2 � ���� �� ���� � ���� r f i j � ����� �� ����� � f layer 16 / 20

Recommend

General Diffusion Analysis: How to Find Optimal Permutations for Generalized Type-II Feistel

General Diffusion Analysis: How to Find Optimal Permutations for Generalized Type-II Feistel

General Diffusion Analysis: How to Find Optimal Permutations for Generalized Type-II Feistel Schemes Victor Cauchois 1 , 2 , Clment Gomez 1 , Gal Thomas 1 1 DGA Maitrise de lInformation, Bruz, France 2 IRMAR, Universit de Rennes 1,

810 views • 68 slides
Extended Generalized Feistel Networks using Matrix Representation Thierry P. Berger 1 , Marine

Extended Generalized Feistel Networks using Matrix Representation Thierry P. Berger 1 , Marine

Introduction Full Diffusion Delay Matrix of a Feistel Network New Feistel Networks Proposals An Efficient Example Extended Generalized Feistel Networks using Matrix Representation Thierry P. Berger 1 , Marine Minier 2 , Gal Thomas 1 1 XLIM

448 views • 31 slides
Improved Security Bounds for Generalized Feistel Networks Yaobin Shen 1 Chun Guo 2 Lei Wang 1 1

Improved Security Bounds for Generalized Feistel Networks Yaobin Shen 1 Chun Guo 2 Lei Wang 1 1

Feistel Networks Our Contributions Security Proofs Conclusion Improved Security Bounds for Generalized Feistel Networks Yaobin Shen 1 Chun Guo 2 Lei Wang 1 1 Shanghai Jiao Tong University 2 Shandong University November 13, FSE 2020 Yaobin

407 views • 22 slides
Differential Attacks on Generalized Feistel Schemes Val erie Nachef - Emmanuel Volte - Jacques

Differential Attacks on Generalized Feistel Schemes Val erie Nachef - Emmanuel Volte - Jacques

Differential Attacks on Generalized Feistel Schemes Val erie Nachef - Emmanuel Volte - Jacques Patarin CANS 2013 20 November 2013 Outline Introduction 1 State of the Art Our Contribution Definition of the schemes Attacks on Type-1

893 views • 45 slides
Optimal multiple stopping time problems of jumps diffusion processes Im` ene BEN LATIFA

Optimal multiple stopping time problems of jumps diffusion processes Im` ene BEN LATIFA

Motivation Problem formulation Swing options in the jump diffusion model Viscosity solution Further research Optimal multiple stopping time problems of jumps diffusion processes Im` ene BEN LATIFA ENIT-LAMSIN New advances in Backward SDEs

346 views • 30 slides
Information Diffusion on Social Networks SMART Summer School 2017 Sylvain Lamprier LIP6 - UPMC

Information Diffusion on Social Networks SMART Summer School 2017 Sylvain Lamprier LIP6 - UPMC

Information Diffusion on Social Networks SMART Summer School 2017 Sylvain Lamprier LIP6 - UPMC MLIA Team 1 / 78 Information Diffusion 1 Diffusion on Networks Tasks Challenges Diffusion Models The Independent Cascade Model 2 Learning

994 views • 78 slides
Optimal Supply Networks Introduction Optimal branching Complex Networks, Course 295A, Spring,

Optimal Supply Networks Introduction Optimal branching Complex Networks, Course 295A, Spring,

Supply Networks Optimal Supply Networks Introduction Optimal branching Complex Networks, Course 295A, Spring, 2008 Murray meets Tokunaga Single Source History Reframing the question Minimal volume calculation Prof. Peter Dodds Blood

1.06k views • 76 slides
Numerical experiments with a level-set tracking algorithm for generalized diffusion equations

Numerical experiments with a level-set tracking algorithm for generalized diffusion equations

Numerical experiments with a level-set tracking algorithm for generalized diffusion equations Jacob Cheverie and Leandro Fosque Mentor: Marianne Korten Department of Mathematics Kansas State University July 22 nd , 2014 Math REU funded by NSF

618 views • 31 slides
Core Models of Complex Networks Principles of Complex Systems Generalized random networks

Core Models of Complex Networks Principles of Complex Systems Generalized random networks

Core Models of Complex Networks Core Models of Complex Networks Principles of Complex Systems Generalized random networks CSYS/MATH 300, Spring, 2013 | #SpringPoCS2013 Small-world networks Main story Generalized affiliation networks

2.16k views • 99 slides
An Empirical Study of Optimization for Maximizing Diffusion in Networks Kiyan Ahmadizadeh

An Empirical Study of Optimization for Maximizing Diffusion in Networks Kiyan Ahmadizadeh

An Empirical Study of Optimization for Maximizing Diffusion in Networks Kiyan Ahmadizadeh Bistra Dilkina, Carla P. Gomes, Ashish Sabharwal Cornell University Institute for Computational Sustainability Diffusion in Networks: Cascades Our

725 views • 55 slides
A generalized MBO diffusion generated method for constrained harmonic maps Braxton Osting

A generalized MBO diffusion generated method for constrained harmonic maps Braxton Osting

A generalized MBO diffusion generated method for constrained harmonic maps Braxton Osting University of Utah February 10, 2018 Inverse Problems and Machine Learning Based on joint work with Dong Wang and Ryan Viertel 1/ 28 Motion by mean

579 views • 28 slides
Diffusion of epicenter of earthquake aftershock, Omoris law, and generalized continuous-time

Diffusion of epicenter of earthquake aftershock, Omoris law, and generalized continuous-time

Diffusion of epicenter of earthquake aftershock, Omoris law, and generalized continuous-time random walk models [Helmstetter &amp; Sornette, 2002b] 2017.5.29 So Ozawa (ERI, Hatano Lab, M1) 2017/5/29 Seismogenesis Seminar 1 In these

703 views • 37 slides
Diffusion in Social Networks with Competing Products Krzysztof R. Apt (so not Krzystof and

Diffusion in Social Networks with Competing Products Krzysztof R. Apt (so not Krzystof and

Diffusion in Social Networks with Competing Products Krzysztof R. Apt (so not Krzystof and definitely not Krystof) CWI, Amsterdam, the Netherlands , University of Amsterdam based on joint work with E. Markakis Diffusion in Social Networks with

383 views • 22 slides
Media Diffusion: Cascading Behavior in Networks Epidemic Spread Influence Maximization 1

Media Diffusion: Cascading Behavior in Networks Epidemic Spread Influence Maximization 1

Online Social Networks and Media Diffusion: Cascading Behavior in Networks Epidemic Spread Influence Maximization 1 Introduction Diffusion: process by which a piece of information is spread and reaches individuals through interactions

1.84k views • 134 slides
Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the

Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the

Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the Netherlands , University of Amsterdam based on joint work with E. Markakis Athens University of Economics and Business Diffusion in Social Networks with

569 views • 37 slides
Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the

Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the

Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the Netherlands , University of Amsterdam based on joint work with E. Markakis Athens University of Economics and Business Diffusion in Social Networks with

462 views • 28 slides
Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the

Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the

Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the Netherlands , University of Amsterdam based on joint work with E. Markakis Athens University of Economics and Business Diffusion in Social Networks with

758 views • 31 slides
SNA 6: processes on networks Lada Adamic Processes on networks Diffusion (simple) ER

SNA 6: processes on networks Lada Adamic Processes on networks Diffusion (simple) ER

SNA 6: processes on networks Lada Adamic Processes on networks Diffusion (simple) ER graphs Scale-free graphs Small-world topologies Complex contagion/thresholds Collective action Innovation Problem

548 views • 43 slides
Outline Supply Networks Introduction Optimal Supply Networks Introduction Introduction

Outline Supply Networks Introduction Optimal Supply Networks Introduction Introduction

Supply Networks Outline Supply Networks Introduction Optimal Supply Networks Introduction Introduction Optimal branching Optimal branching Complex Networks, Course 295A, Spring, 2008 Optimal branching Murray meets Tokunaga Murray meets

600 views • 19 slides
Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the

Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the

Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the Netherlands , University of Amsterdam based on joint work with E. Markakis Athens University of Economics and Business (SAGT 11) Diffusion in Social

735 views • 36 slides
Diffusion and Propagation Social and Economic Networks Jafar Habibi MohammadAmin Fazli Social

Diffusion and Propagation Social and Economic Networks Jafar Habibi MohammadAmin Fazli Social

Diffusion and Propagation Social and Economic Networks Jafar Habibi MohammadAmin Fazli Social and Economic Networks 1 ToC Diffusion and Propagation Information Cascades Cascading Behavior Epidemics Readings: Chapter 7

772 views • 50 slides
Diffusion in Networks Luchon Summer School, 2015 Panayiotis Tsaparas University of Ioannina,

Diffusion in Networks Luchon Summer School, 2015 Panayiotis Tsaparas University of Ioannina,

Diffusion in Networks Luchon Summer School, 2015 Panayiotis Tsaparas University of Ioannina, Greece Diffusion: the process by which a piece of information spreads and reaches individuals through interactions in a netowork. Why do we

1.58k views • 135 slides
Indifferentiability of Confusion- Diffusion Networks Yevgeniy Dodis (NYU), Martijn Stam

Indifferentiability of Confusion- Diffusion Networks Yevgeniy Dodis (NYU), Martijn Stam

Indifferentiability of Confusion- Diffusion Networks Yevgeniy Dodis (NYU), Martijn Stam (Bristol), John Steinberger (Tsinghua), Tianren Liu (MIT) Wednesday, May 11, 16 Indifferentiability of Confusion- Diffusion Networks Yevgeniy Dodis (NYU),

1.23k views • 77 slides
Diffusion and Strategic Interaction on Social Networks Leeat Yariv Summer School in Algorithmic

Diffusion and Strategic Interaction on Social Networks Leeat Yariv Summer School in Algorithmic

Diffusion and Strategic Interaction on Social Networks Leeat Yariv Summer School in Algorithmic Game Theory, Part1, 8.6.2012 Why Networks Matter 15 th Century Florentine Marriages (Padgett and Ansell, 1993) Why Networks Matter Florence

1.41k views • 108 slides

More recommend