indifferentiability of confusion diffusion networks
play

Indifferentiability of Confusion- Diffusion Networks Yevgeniy Dodis - PowerPoint PPT Presentation

Aug 27, 2022 •447 likes •1.23k views

Indifferentiability of Confusion- Diffusion Networks Yevgeniy Dodis (NYU), Martijn Stam (Bristol), John Steinberger (Tsinghua), Tianren Liu (MIT) Wednesday, May 11, 16 Indifferentiability of Confusion- Diffusion Networks Yevgeniy Dodis (NYU),

  1. Indifferentiability of Confusion- Diffusion Networks Yevgeniy Dodis (NYU), Martijn Stam (Bristol), John Steinberger (Tsinghua), Tianren Liu (MIT) Wednesday, May 11, 16

  2. Indifferentiability of Confusion- Diffusion Networks Yevgeniy Dodis (NYU), Martijn Stam (Bristol), John Steinberger (Tsinghua), Liu Tianren (MIT) Wednesday, May 11, 16

  3. Substitution-Permutation Network (ex: AES): S S S S S S S S π π π π S S S S k 0 k 1 k 2 k 3 k 4 S S S S Wednesday, May 11, 16

  4. Substitution-Permutation Network (ex: AES): S S S S S S S S π π π π S S S S k 0 k 1 k 2 k 3 k 4 S S S S S-boxes (small input size) (permutations!) Wednesday, May 11, 16

  5. Substitution-Permutation Network (ex: AES): S S S S S S S S π π π π S S S S k 0 k 1 k 2 k 3 k 4 S S S S S-boxes “Diffusion” (small input size) (permutations!) Permutations (big input size, simple structure) Wednesday, May 11, 16

  6. Substitution-Permutation Network (ex: AES): S S S S S S S S π π π π S S S S k 0 k 1 k 2 k 3 k 4 S S S S S-boxes Subkeys! “Diffusion” (small input size) (permutations!) Permutations (big input size, simple structure) Wednesday, May 11, 16

  7. Confusion-Diffusion Network: S S S S S S S S S S π π π π S S S S S S S S S S Wednesday, May 11, 16

  8. Confusion-Diffusion Network: S S S S S S S S S S π π π π S S S S S S S S S S ...same, but no keys! Wednesday, May 11, 16

  9. Confusion-Diffusion Network: S S S S S S S S S S π π π π S S S S S S S S S S ...same, but no keys! • can be seen as a domain extension mechanism for permutations (from S-box to “full” permutation) Wednesday, May 11, 16

  10. Confusion-Diffusion Network: S S S S S S S S S S π π π π S S S S S S S S S S ...same, but no keys! • can be seen as a domain extension mechanism for permutations (from S-box to “full” permutation) • terminology goes back to Shannon (1949), but the design paradigm seems to be Feistel’s (1970) Wednesday, May 11, 16

  11. This work’s high-level goals • Investigate the theoretical soundness of CD (confusion-diffusion!) networks as a design paradigm for cryptographic permutations • Fundamental question: (efficient) domain extension of a public random permutation • Work in an ideal model (S-boxes are independent random permutations, D-boxes are fixed, explicit permutations) • Does the network “emulate” a random permutation? How many rounds are necessary, and what kinds of D-boxes do we need?? Wednesday, May 11, 16

  12. This work’s high-level goals • Investigate the theoretical soundness of CD (confusion-diffusion!) networks as a design paradigm for cryptographic permutations • Fundamental question: (efficient) domain extension of a public random permutation • Work in an ideal model (S-boxes are independent random permutations, D-boxes are fixed, explicit permutations) • Does the network “emulate” a random permutation? How many rounds are necessary, and what kinds of D-boxes do we need?? Wednesday, May 11, 16

  13. This work’s high-level goals • Investigate the theoretical soundness of CD (confusion-diffusion!) networks as a design paradigm for cryptographic permutations • Fundamental question: (efficient) domain extension of a public random permutation • Work in an ideal model (S-boxes are independent random permutations, D-boxes are fixed, explicit permutations) • Does the network “emulate” a random permutation? How many rounds are necessary, and what kinds of D-boxes do we need?? Wednesday, May 11, 16

  14. This work’s high-level goals • Investigate the theoretical soundness of CD (confusion-diffusion!) networks as a design paradigm for cryptographic permutations • Fundamental question: (efficient) domain extension of a public random permutation • Work in an ideal model (S-boxes are independent random permutations, D-boxes are fixed, explicit permutations) • Does the network “emulate” a random permutation? How many rounds are necessary, and what kinds of D-boxes do we need?? Wednesday, May 11, 16

  15. vaguely related work • Miles & Viola prove an indistinguishability result for SPN networks where the S-boxes are secret (part of the key) and one-way (so not really an SPN network after all) Wednesday, May 11, 16

  16. vaguely related work CD indifferentiability • Miles & Viola prove an indistinguishability result for SPN networks where the S-boxes are secret (part of the key) and one-way (so not really an SPN network after all) public two-way Wednesday, May 11, 16

  17. S 1 , 3 S 2 , 3 S 3 , 3 S 4 , 3 S 1 , 2 S 2 , 2 S 3 , 2 S 4 , 2 π 1 π 2 π 3 S 1 , 1 S 2 , 1 S 3 , 1 S 4 , 1 Wednesday, May 11, 16

  18. n S 1 , 3 S 2 , 3 S 3 , 3 S 4 , 3 n S 1 , 2 S 2 , 2 S 3 , 2 S 4 , 2 π 1 π 2 π 3 n S 1 , 1 S 2 , 1 S 3 , 1 S 4 , 1 n = wire length Wednesday, May 11, 16

  19. n S 1 , 3 S 2 , 3 S 3 , 3 S 4 , 3 n w = 3 S 1 , 2 S 2 , 2 S 3 , 2 S 4 , 2 π 1 π 2 π 3 n S 1 , 1 S 2 , 1 S 3 , 1 S 4 , 1 n = wire length w = “width” (no. S-boxes per round) Wednesday, May 11, 16

  20. r = 4 n S 1 , 3 S 2 , 3 S 3 , 3 S 4 , 3 n w = 3 S 1 , 2 S 2 , 2 S 3 , 2 S 4 , 2 π 1 π 2 π 3 n S 1 , 1 S 2 , 1 S 3 , 1 S 4 , 1 n = wire length w = “width” (no. S-boxes per round) r = number of rounds Wednesday, May 11, 16

  21. { 0 , 1 } wn = domain of CD network r = 4 n S 1 , 3 S 2 , 3 S 3 , 3 S 4 , 3 n w = 3 S 1 , 2 S 2 , 2 S 3 , 2 S 4 , 2 π 1 π 2 π 3 n S 1 , 1 S 2 , 1 S 3 , 1 S 4 , 1 n = wire length w = “width” (no. S-boxes per round) r = number of rounds Wednesday, May 11, 16

  22. Security Model (indifferentiability) ? D ? ? Wednesday, May 11, 16

  23. Security Model (indifferentiability) REAL WORLD ? D ? IDEAL WORLD ? Wednesday, May 11, 16

  24. Security Model (indifferentiability) REAL WORLD S 1 , 3 S 2 , 3 S 3 , 3 S 1 , 2 S 2 , 2 S 3 , 2 π 1 π 2 ? S 1 , 1 S 2 , 1 S 3 , 1 D ? IDEAL WORLD ? Wednesday, May 11, 16

  25. Security Model (indifferentiability) REAL WORLD S 1 , 3 S 2 , 3 S 3 , 3 S 1 , 3 S 2 , 3 S 3 , 3 S 1 , 2 S 2 , 2 S 3 , 2 S 1 , 2 S 2 , 2 S 3 , 2 π 1 π 2 ? S 1 , 1 S 2 , 1 S 3 , 1 S 1 , 1 S 2 , 1 S 3 , 1 D ? IDEAL WORLD ? Wednesday, May 11, 16

  26. Security Model (indifferentiability) REAL WORLD S 1 , 3 S 2 , 3 S 3 , 3 S 1 , 3 S 2 , 3 S 3 , 3 S 1 , 2 S 2 , 2 S 3 , 2 S 1 , 2 S 2 , 2 S 3 , 2 π 1 π 2 ? S 1 , 1 S 2 , 1 S 3 , 1 S 1 , 1 S 2 , 1 S 3 , 1 D ? IDEAL WORLD ? Q Wednesday, May 11, 16

  27. Security Model (indifferentiability) REAL WORLD S 1 , 3 S 2 , 3 S 3 , 3 S 1 , 3 S 2 , 3 S 3 , 3 S 1 , 2 S 2 , 2 S 3 , 2 S 1 , 2 S 2 , 2 S 3 , 2 π 1 π 2 ? S 1 , 1 S 2 , 1 S 3 , 1 S 1 , 1 S 2 , 1 S 3 , 1 D ? Insert Simulator IDEAL WORLD ? Here Q Wednesday, May 11, 16

  28. Security Model (indifferentiability) REAL WORLD S 1 , 3 S 2 , 3 S 3 , 3 S 1 , 3 S 2 , 3 S 3 , 3 S 1 , 2 S 2 , 2 S 3 , 2 S 1 , 2 S 2 , 2 S 3 , 2 π 1 π 2 ? S 1 , 1 S 2 , 1 S 3 , 1 S 1 , 1 S 2 , 1 S 3 , 1 D ? Insert Simulator IDEAL WORLD ? S S S Here Q S S S S S S Wednesday, May 11, 16

  29. Security Model (indifferentiability) REAL WORLD S 1 , 3 S 2 , 3 S 3 , 3 S 1 , 3 S 2 , 3 S 3 , 3 S 1 , 2 S 2 , 2 S 3 , 2 S 1 , 2 S 2 , 2 S 3 , 2 π 1 π 2 ? S 1 , 1 S 2 , 1 S 3 , 1 S 1 , 1 S 2 , 1 S 3 , 1 D ? Insert Simulator IDEAL WORLD ? S S S Here Q S S S S S S S Q Goal: By using oracle access to the simulator has to make up answers that look “consistent” with Q Wednesday, May 11, 16

  30. Security Model (indifferentiability) REAL WORLD S 1 , 3 S 2 , 3 S 3 , 3 S 1 , 3 S 2 , 3 S 3 , 3 S 1 , 2 S 2 , 2 S 3 , 2 S 1 , 2 S 2 , 2 S 3 , 2 π 1 π 2 “For so-and-so many rounds, for such-and-such ? S 1 , 1 S 2 , 1 S 3 , 1 S 1 , 1 S 2 , 1 S 3 , 1 diffusion permutations, and with such-and-such D a simulator, the distinguisher cannot distinguish ? Insert Simulator using so-and-so-many queries.” IDEAL WORLD ? S S S Here Q S S S S S S ⊆ { Q Goal: By using oracle access to the simulator has to make up answers that look “consistent” with Q Wednesday, May 11, 16

  31. Security Model (indifferentiability) REAL WORLD S 1 , 3 S 2 , 3 S 3 , 3 S 1 , 3 S 2 , 3 S 3 , 3 S 1 , 2 S 2 , 2 S 3 , 2 S 1 , 2 S 2 , 2 S 3 , 2 π 1 π 2 “For so-and-so many rounds, for such-and-such ? S 1 , 1 S 2 , 1 S 3 , 1 S 1 , 1 S 2 , 1 S 3 , 1 diffusion permutations, and with such-and-such D a simulator, the distinguisher cannot distinguish ? Insert Simulator using so-and-so-many queries.” IDEAL WORLD ? S S S Here Q S S S S S S ⊆ { Q Goal: By using oracle access to the simulator has to make up answers that look “consistent” with Q Wednesday, May 11, 16

  32. Combinatorial Properties of the Diffusion Permutations, by name: 1. Entry-Wise Randomized Preimage Resistance (RPR) 2. Entry-Wise Randomized Collision Resistance (RCR) 3. Conductance (& “all-but-one Conductance”) Wednesday, May 11, 16

  33. RPR $ → x 1 ? = y ∗ x 2 y 2 2 π x 3 x 4 Wednesday, May 11, 16

  34. RPR $ → x 1 ? = y ∗ x 2 y 2 2 π x 3 x 4 For any fixed values of , and x 2 x 3 , and for any , there is low y ∗ x 4 2 probability that over the y 2 = y ∗ 2 randomness in x 1 Wednesday, May 11, 16

  35. RCR $ → x 1 ? = y ′ x 2 , x ′ y 2 2 2 π x 3 , x ′ 3 x 4 , x ′ 4 Wednesday, May 11, 16

Recommend

Diffusion and Confusion Two properties that a good cryptosystem should have: Diffusion: change of

Diffusion and Confusion Two properties that a good cryptosystem should have: Diffusion: change of

Diffusion and Confusion Two properties that a good cryptosystem should have: Diffusion: change of one character in the plaintext results in several characters changed in the ciphertext Confusion: the key does not relate in a simple way to the

512 views • 6 slides
Shannons Idea of Confusion and Diffusion The DES, AES and many block ciphers are designed

Shannons Idea of Confusion and Diffusion The DES, AES and many block ciphers are designed

Shannons Idea of Confusion and Diffusion The DES, AES and many block ciphers are designed using Shannons idea of confusion and diffusion. The objectives of this document is to introduce linear and nonlinear functions; and

451 views • 11 slides
Information Diffusion on Social Networks SMART Summer School 2017 Sylvain Lamprier LIP6 - UPMC

Information Diffusion on Social Networks SMART Summer School 2017 Sylvain Lamprier LIP6 - UPMC

Information Diffusion on Social Networks SMART Summer School 2017 Sylvain Lamprier LIP6 - UPMC MLIA Team 1 / 78 Information Diffusion 1 Diffusion on Networks Tasks Challenges Diffusion Models The Independent Cascade Model 2 Learning

994 views • 78 slides
An Empirical Study of Optimization for Maximizing Diffusion in Networks Kiyan Ahmadizadeh

An Empirical Study of Optimization for Maximizing Diffusion in Networks Kiyan Ahmadizadeh

An Empirical Study of Optimization for Maximizing Diffusion in Networks Kiyan Ahmadizadeh Bistra Dilkina, Carla P. Gomes, Ashish Sabharwal Cornell University Institute for Computational Sustainability Diffusion in Networks: Cascades Our

725 views • 55 slides
Pedestrian Pedestrian Pedestrian C Pedestrian C C Crossing confusion rossing confusion

Pedestrian Pedestrian Pedestrian C Pedestrian C C Crossing confusion rossing confusion

Pedestrian Pedestrian Pedestrian C Pedestrian C C Crossing confusion rossing confusion rossing confusion rossing confusion Bevan Woodward Transport Planner Whats happening overseas in countries with far better road safer and higher

312 views • 27 slides
Diffusion in Social Networks with Competing Products Krzysztof R. Apt (so not Krzystof and

Diffusion in Social Networks with Competing Products Krzysztof R. Apt (so not Krzystof and

Diffusion in Social Networks with Competing Products Krzysztof R. Apt (so not Krzystof and definitely not Krystof) CWI, Amsterdam, the Netherlands , University of Amsterdam based on joint work with E. Markakis Diffusion in Social Networks with

383 views • 22 slides
Media Diffusion: Cascading Behavior in Networks Epidemic Spread Influence Maximization 1

Media Diffusion: Cascading Behavior in Networks Epidemic Spread Influence Maximization 1

Online Social Networks and Media Diffusion: Cascading Behavior in Networks Epidemic Spread Influence Maximization 1 Introduction Diffusion: process by which a piece of information is spread and reaches individuals through interactions

1.84k views • 134 slides
Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the

Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the

Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the Netherlands , University of Amsterdam based on joint work with E. Markakis Athens University of Economics and Business Diffusion in Social Networks with

569 views • 37 slides
Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the

Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the

Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the Netherlands , University of Amsterdam based on joint work with E. Markakis Athens University of Economics and Business Diffusion in Social Networks with

462 views • 28 slides
Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the

Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the

Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the Netherlands , University of Amsterdam based on joint work with E. Markakis Athens University of Economics and Business Diffusion in Social Networks with

758 views • 31 slides
SNA 6: processes on networks Lada Adamic Processes on networks Diffusion (simple) ER

SNA 6: processes on networks Lada Adamic Processes on networks Diffusion (simple) ER

SNA 6: processes on networks Lada Adamic Processes on networks Diffusion (simple) ER graphs Scale-free graphs Small-world topologies Complex contagion/thresholds Collective action Innovation Problem

548 views • 43 slides
Trademark Law as to source) (are these forms of irrelevant confusion?): Prof. Madison 1.

Trademark Law as to source) (are these forms of irrelevant confusion?): Prof. Madison 1.

Creative confusion theories (other than confusion Trademark Law as to source) (are these forms of irrelevant confusion?): Prof. Madison 1. Initial interest confusion: The defendants (junior) use of the mark attracts consumers to

431 views • 5 slides
Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the

Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the

Diffusion in Social Networks with Competing Products Krzysztof R. Apt CWI, Amsterdam, the Netherlands , University of Amsterdam based on joint work with E. Markakis Athens University of Economics and Business (SAGT 11) Diffusion in Social

735 views • 36 slides
Diffusion and Propagation Social and Economic Networks Jafar Habibi MohammadAmin Fazli Social

Diffusion and Propagation Social and Economic Networks Jafar Habibi MohammadAmin Fazli Social

Diffusion and Propagation Social and Economic Networks Jafar Habibi MohammadAmin Fazli Social and Economic Networks 1 ToC Diffusion and Propagation Information Cascades Cascading Behavior Epidemics Readings: Chapter 7

772 views • 50 slides
On the Public Indifferentiability and Correlation Intractability of the 6-Round Feistel

On the Public Indifferentiability and Correlation Intractability of the 6-Round Feistel

On the Public Indifferentiability and Correlation Intractability of the 6-Round Feistel Construction Avradip Mandal 1 Jacques Patarin 2 Yannick Seurin 3 1 University of Luxembourg 2 University of Versailles, France 3 ANSSI, France March 20, TCC

1.05k views • 89 slides
A Quantitative Model and Analysis for Information Confusion in Social Networks Anand

A Quantitative Model and Analysis for Information Confusion in Social Networks Anand

A Quantitative Model and Analysis for Information Confusion in Social Networks Anand Santhanakrishnan Research Associate WINLAB Rutgers Outline Motivation Problem Formulation System Model Analysis Results Conclusion

382 views • 22 slides
Diffusion in Networks Luchon Summer School, 2015 Panayiotis Tsaparas University of Ioannina,

Diffusion in Networks Luchon Summer School, 2015 Panayiotis Tsaparas University of Ioannina,

Diffusion in Networks Luchon Summer School, 2015 Panayiotis Tsaparas University of Ioannina, Greece Diffusion: the process by which a piece of information spreads and reaches individuals through interactions in a netowork. Why do we

1.58k views • 135 slides
How$to$Record$Quantum$Queries$ and$Applications$to$Quantum$Indifferentiability Mark%Zhandry

How$to$Record$Quantum$Queries$ and$Applications$to$Quantum$Indifferentiability Mark%Zhandry

How$to$Record$Quantum$Queries$ and$Applications$to$Quantum$Indifferentiability Mark%Zhandry Princeton%University%&%NTT%Research Me This%talk x N xy The$(Classical)$Random$Oracle$Model$(ROM) [Bellare@Rogaway93] hash%

481 views • 37 slides
Diffusion and Strategic Interaction on Social Networks Leeat Yariv Summer School in Algorithmic

Diffusion and Strategic Interaction on Social Networks Leeat Yariv Summer School in Algorithmic

Diffusion and Strategic Interaction on Social Networks Leeat Yariv Summer School in Algorithmic Game Theory, Part1, 8.6.2012 Why Networks Matter 15 th Century Florentine Marriages (Padgett and Ansell, 1993) Why Networks Matter Florence

1.41k views • 108 slides
Diffusion Dynamics of Games on Online Social Networks Xiao

Diffusion Dynamics of Games on Online Social Networks Xiao

Diffusion Dynamics of Games on Online Social Networks Xiao Wei, Jiang Yang, and Lada A. Adamic University of Michigan, Ann Arbor Ricardo Matsumura

501 views • 27 slides
Diffusion and Strategic Interaction on Social Networks Leeat Yariv Summer School in Algorithmic

Diffusion and Strategic Interaction on Social Networks Leeat Yariv Summer School in Algorithmic

Diffusion and Strategic Interaction on Social Networks Leeat Yariv Summer School in Algorithmic Game Theory, Part 2, 8.7.2012 The Big Questions How does the structure of networks impact outcomes: In different locations within the

1.44k views • 129 slides
Information Diffusion in Social Networks Research Promotion Workshop 15 th March 2013 BESU,

Information Diffusion in Social Networks Research Promotion Workshop 15 th March 2013 BESU,

Information Diffusion in Social Networks Research Promotion Workshop 15 th March 2013 BESU, Shibpur Amitabha Bagchi Computer Science and Engineering IIT Delhi Online Social Networks OSNs like Facebook and Twitter are ubiquitous. In

525 views • 34 slides
Modeling Information Diffusion Modeling Information Diffusion in Multi in Multi-Sensitive

Modeling Information Diffusion Modeling Information Diffusion in Multi in Multi-Sensitive

1896 1920 1987 2006 Modeling Information Diffusion Modeling Information Diffusion in Multi in Multi-Sensitive Networks Sensitive Networks -5140219277 1896 1920 1987 2006 Time Line: 6 weeks reading papers 6 weeks proposing a new

456 views • 17 slides
Processes on networks Robustness, resilience Random walks Diffusion, spreading

Processes on networks Robustness, resilience Random walks Diffusion, spreading

Processes on networks Robustness, resilience Random walks Diffusion, spreading Rumor propagation Opinion/consensus formation Cooperative phenomena Synchronization Studies of the role of the topology of the network

295 views • 15 slides

More recommend