new techniques for trail bounds and application to
play

New techniques for trail bounds and application to differential - PowerPoint PPT Presentation

Nov 27, 2022 •36 likes •476 views

New techniques for trail bounds and application to differential trails in Keccak Silvia Mella 1 , 2 Joan Daemen 1 , 3 Gilles Van Assche 1 1 STMicroelectronics 2 University of Milan 3 Radboud University Fast Software Encryption March 5-8, 2017

  1. New techniques for trail bounds and application to differential trails in Keccak Silvia Mella 1 , 2 Joan Daemen 1 , 3 Gilles Van Assche 1 1 STMicroelectronics 2 University of Milan 3 Radboud University Fast Software Encryption March 5-8, 2017 S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 1 / 31

  2. Outline 1 Introduction 2 Generating trails 3 Scanning space of trails in Keccak - f 4 Experimental results 5 Conclusions S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 2 / 31

  3. Introduction Outline 1 Introduction 2 Generating trails 3 Scanning space of trails in Keccak - f 4 Experimental results 5 Conclusions S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 3 / 31

  4. Introduction Differential trails Differential trails in iterated mappings ◮ Trail: the sequence of differences after each round ◮ DP(Q): fraction of pairs that exhibit q i differences S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 4 / 31

  5. Introduction Differential trails Differential trails and weight w = − log 2 ( DP ) ◮ The weight is the number of binary conditions that a pair must satisfy to exhibit q i differences ◮ If independent conditions and w ( Q ) < b : #pairs( Q ) ≈ 2 b − w ( Q ) S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 5 / 31

  6. Introduction Differential trails Trail extension Given a trail, we can extend it ◮ forward: iterate over all differences R -compatible with q 5 ◮ backward: iterate over all differences R − 1 -compatible with q 1 Extension can be done recursively S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 6 / 31

  7. Introduction Differential trails Trail extension Given a trail, we can extend it ◮ forward: iterate over all differences R -compatible with q 5 ◮ backward: iterate over all differences R − 1 -compatible with q 1 Extension can be done recursively S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 6 / 31

  8. Introduction Differential trails Trail extension Given a trail, we can extend it ◮ forward: iterate over all differences R -compatible with q 5 ◮ backward: iterate over all differences R − 1 -compatible with q 1 Extension can be done recursively S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 6 / 31

  9. Introduction Differential trails Trail extension Given a trail, we can extend it ◮ forward: iterate over all differences R -compatible with q 5 ◮ backward: iterate over all differences R − 1 -compatible with q 1 Extension can be done recursively S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 6 / 31

  10. Introduction Differential trails Trail cores ◮ Minimum reverse weight: w rev ( q 1 ) � min q 0 w ( q 0 , q 1 ) ◮ Can be used to lower bound set of trails ◮ Trail core: set of trails with q 1 , q 2 , . . . in common S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 7 / 31

  11. Introduction Goals of this work Goals of this work ◮ Present general techniques to generate trails ◮ Improve bounds of differential trails in Keccak - f ◮ By extending the space of trails in Keccak - f that can be scanned with given computation resources rounds Keccak - f [200] Keccak - f [400] Keccak - f [800] Keccak - f [1600] 2 8 8 8 8 3 20 this work this work 32 4 46 this work this work this work 5 this work this work this work this work 6 this work this work this work this work S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 8 / 31

  12. Generating trails Outline 1 Introduction 2 Generating trails 3 Scanning space of trails in Keccak - f 4 Experimental results 5 Conclusions S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 9 / 31

  13. Generating trails Second-order approach Generation of n-round trails of weight ≤ T First-order approach � T � Starting from 1-round differentials with weight ≤ n Second-order approach � 2 T � Starting from 2-round trails with weight ≤ n Fact The number of 2-round trails with weight ≤ 2 L is much smaller than the number of 1-round differentials with weight ≤ L . Example: AES AES has more than 10 11 round differentials with weight ≤ 15, but no 2-round trail with weight ≤ 30 S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 10 / 31

  14. Generating trails Tree traversal Generating 2-round trails as tree traversal ◮ 2-round trails are arranged in a tree ◮ Children are generated by adding groups of active bits without removing bits already added ◮ Pruning by lower bounding the weight of a node and its children S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 11 / 31

  15. Scanning space of trails in Keccak - f Outline 1 Introduction 2 Generating trails 3 Scanning space of trails in Keccak - f 4 Experimental results 5 Conclusions S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 12 / 31

  16. Scanning space of trails in Keccak - f Keccak - f Keccak - f Operates on 3D state: Round function with 5 steps: ◮ θ : mixing layer ◮ ρ : inter-slice bit transposition ◮ π : intra-slice bit transposition ◮ χ : non-linear layer state y ◮ ι : round constants z # rounds: 12 + 2 ℓ for width b = 2 ℓ 25 x ◮ 12 rounds in Keccak - f [25] ◮ (5 × 5)-bit slices ◮ 24 rounds in Keccak - f [1600] ◮ 2 ℓ -bit lanes ◮ parameter 0 ≤ ℓ < 7 S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 13 / 31

  17. Scanning space of trails in Keccak - f Keccak - f Keccak - f Operates on 3D state: Round function with 5 steps: ◮ θ : mixing layer ◮ ρ : inter-slice bit transposition ◮ π : intra-slice bit transposition ◮ χ : non-linear layer slice y ◮ ι : round constants z # rounds: 12 + 2 ℓ for width b = 2 ℓ 25 x ◮ 12 rounds in Keccak - f [25] ◮ (5 × 5)-bit slices ◮ 24 rounds in Keccak - f [1600] ◮ 2 ℓ -bit lanes ◮ parameter 0 ≤ ℓ < 7 S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 13 / 31

  18. Scanning space of trails in Keccak - f Keccak - f Keccak - f Operates on 3D state: Round function with 5 steps: ◮ θ : mixing layer ◮ ρ : inter-slice bit transposition ◮ π : intra-slice bit transposition ◮ χ : non-linear layer row y ◮ ι : round constants z # rounds: 12 + 2 ℓ for width b = 2 ℓ 25 x ◮ 12 rounds in Keccak - f [25] ◮ (5 × 5)-bit slices ◮ 24 rounds in Keccak - f [1600] ◮ 2 ℓ -bit lanes ◮ parameter 0 ≤ ℓ < 7 S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 13 / 31

  19. Scanning space of trails in Keccak - f Keccak - f Keccak - f Operates on 3D state: Round function with 5 steps: ◮ θ : mixing layer ◮ ρ : inter-slice bit transposition ◮ π : intra-slice bit transposition ◮ χ : non-linear layer column y ◮ ι : round constants z # rounds: 12 + 2 ℓ for width b = 2 ℓ 25 x ◮ 12 rounds in Keccak - f [25] ◮ (5 × 5)-bit slices ◮ 24 rounds in Keccak - f [1600] ◮ 2 ℓ -bit lanes ◮ parameter 0 ≤ ℓ < 7 S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 13 / 31

  20. Scanning space of trails in Keccak - f Keccak - f Properties of θ + = column parity θ e ff ect combine ◮ The θ map adds a pattern, that depends on the parity, to the state. ◮ Affected columns are complemented ◮ Unaffected columns are not changed S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 14 / 31

  21. Scanning space of trails in Keccak - f Keccak - f The parity Kernel + = column parity θ effect combine ◮ θ acts as the identity if parity is zero ◮ A state with parity zero is in the kernel (or in | K | ) ◮ A state with parity non-zero is outside the kernel (or in | N | ) S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 15 / 31

  22. Scanning space of trails in Keccak - f Trails in Keccak - f Differential trails in Keccak - f Round: linear step λ = π ◦ ρ ◦ θ and non-linear step χ ◮ a i fully determines b i = λ ( a i ) ◮ χ has degree 2: w ( b i − 1 ) independent of a i ◮ Minimum reverse weight: w rev ( a 1 ) � min b 0 w ( b 0 ) S. Mella, J. Daemen, G. Van Assche New techniques for trail bounds and application to differential trails in Keccak 16 / 31

Recommend

Trail Bound Techniques in Primitives with Weak Alignment Silvia Mella 1 based on a joint work

Trail Bound Techniques in Primitives with Weak Alignment Silvia Mella 1 based on a joint work

Trail Bound Techniques in Primitives with Weak Alignment Silvia Mella 1 based on a joint work with Joan Daemen 2 and Gilles Van Assche 1 1 STMicroelectronics 2 Radboud University APBC 2018 Outline 1 Differential trails 2 Tree search 3 Bounds in

644 views • 50 slides
Community Engagement and the Ludlam Trail Friends of the Ludlam Trail Tony Garcia , Cofounder +

Community Engagement and the Ludlam Trail Friends of the Ludlam Trail Tony Garcia , Cofounder +

Community Engagement and the Ludlam Trail Friends of the Ludlam Trail Tony Garcia , Cofounder + Chair Ludlam Trail Im a neighbor! Biscayne Trail Ludlam Trail Southern Glades Trail The Underline Amelia Trail South Dade Greenway

563 views • 17 slides
Community Engagement and the Ludlam Trail Friends of the Ludlam Trail Tony Garcia , Cofounder +

Community Engagement and the Ludlam Trail Friends of the Ludlam Trail Tony Garcia , Cofounder +

Community Engagement and the Ludlam Trail Friends of the Ludlam Trail Tony Garcia , Cofounder + Chair Ludlam Trail Im a neighbor! Biscayne Trail Ludlam Trail Southern Glades Trail The Underline Amelia Trail South Dade Greenway

516 views • 20 slides
Techniques to lower bound extension complexity Thomas Rothvoss UW Seattle Known lower bounds on

Techniques to lower bound extension complexity Thomas Rothvoss UW Seattle Known lower bounds on

Techniques to lower bound extension complexity Thomas Rothvoss UW Seattle Known lower bounds on extended formulation Kaibel, Razborovs Inform. SA Weltge symmetry arg. theory + Fourier COR/ yes yes yes ? TSP [KW13]

1.25k views • 108 slides
I NTENT ? Are you looking to build a trail or challenge? Do you have a trail

I NTENT ? Are you looking to build a trail or challenge? Do you have a trail

P OSITIONING YOUR T RAIL TO MAXIMIZE THE ECONOMIC IMPACT Michelle Clement Director of Destination Development Projects, ROOST I NTENT ? Are you looking to build a trail or challenge? Do you have a trail you want to

433 views • 17 slides
Conditional Lower Bounds for Failed Literals and Related Techniques Matti Jrvisalo Janne H.

Conditional Lower Bounds for Failed Literals and Related Techniques Matti Jrvisalo Janne H.

Conditional Lower Bounds for Failed Literals and Related Techniques Matti Jrvisalo Janne H. Korhonen* University of Helsinki, Department of Computer Science, and Helsinki Institute for Information Technology HIIT 1.

886 views • 39 slides
(Supplement of Page 5) Four techniques for finding lower bounds. (1) Comparison tree. (2) A

(Supplement of Page 5) Four techniques for finding lower bounds. (1) Comparison tree. (2) A

(Supplement of Page 5) Four techniques for finding lower bounds. (1) Comparison tree. (2) A particular problem instance. (3) State transition. (4) Problem reduction. (Supplement of Page 7) The progress of any comparison-based searching algorithm

355 views • 3 slides
Fast gradient descent for drifting least squares regression: Non-asymptotic bounds and application

Fast gradient descent for drifting least squares regression: Non-asymptotic bounds and application

Fast gradient descent for drifting least squares regression: Non-asymptotic bounds and application to bandits Prashanth L A Joint work with Nathaniel Korda and R emi Munos INRIA Lille - Team SequeL MLRG - Oxford University

1.42k views • 73 slides
Formal Language Techniques for Space Lower Bounds Philipp Kuinke February 23, 2018 Contained in

Formal Language Techniques for Space Lower Bounds Philipp Kuinke February 23, 2018 Contained in

Formal Language Techniques for Space Lower Bounds Philipp Kuinke February 23, 2018 Contained in S anchez Villaamils Phd Thesis 2017 Treewidth

1.01k views • 56 slides
Sentiers Chelsea Trails 1 1. Chelsea Community Trail 2. Notch/Mine Road Bike Lanes 3.

Sentiers Chelsea Trails 1 1. Chelsea Community Trail 2. Notch/Mine Road Bike Lanes 3.

Sentiers Chelsea Trails 1 1. Chelsea Community Trail 2. Notch/Mine Road Bike Lanes 3. Chelsea Park Trail Building 4. Des Pommiers Trail Bridge 5. Proposed Trail Connection Between Centre Village &amp; Gatineau/Ottawa Trail Networks 6.

392 views • 24 slides
Corridor C was removed due to the fact that there is an existing regional trail extremely

Corridor C was removed due to the fact that there is an existing regional trail extremely

Bruce Vento Regional Trail Corridor Search 2018 ` Bruce Vento Regional Trail Bruce Vento Regional Trail - Master Planning Summary Otter Bruce Vento Trail Extension Project - ) * 61 General Information: Lake Fish Lake Bald Eagle -

230 views • 3 slides
OF WILDLIFE Division of Law Enforcement Trail Cameras June 2013 Trail Cameras SD card

OF WILDLIFE Division of Law Enforcement Trail Cameras June 2013 Trail Cameras SD card

NEVADA DEPARTMENT OF WILDLIFE Division of Law Enforcement Trail Cameras June 2013 Trail Cameras SD card Remote uplink to computer Walmart $50.00 The Wildgame Innovations Crush 8 Cellular Trail Camera sends pictures wirelessly via

233 views • 20 slides
Application of molecular techniques in Virology Suzan D Pas medical molecular microbiologist 1

Application of molecular techniques in Virology Suzan D Pas medical molecular microbiologist 1

Application of molecular techniques in Virology Suzan D Pas medical molecular microbiologist 1 Viroscience lab, Erasmus MC, Rotterdam, the Netherlands Molecular techniques in virus diagnostics Qualitative and quantitative (RT-)PCRs

561 views • 37 slides
Uniform bounds for positive random functionals with application to density estimation Oleg Lepski

Uniform bounds for positive random functionals with application to density estimation Oleg Lepski

Uniform bounds for positive random functionals with application to density estimation Oleg Lepski Laboratoire dAnalyse, Topologie et Probabilit es Universit e de Provence Congr` es SMAI 2011, May 23 - May 27, Guidel Oleg Lepski

680 views • 43 slides
MARKETING A WATER TRAIL Weekend for Rivers Conference 2011 Now that you have your trail

MARKETING A WATER TRAIL Weekend for Rivers Conference 2011 Now that you have your trail

MARKETING A WATER TRAIL Weekend for Rivers Conference 2011 Now that you have your trail developed, whats next Market ~ Promote ~ Communicate! 1. Ideas on how you can utilize existing tourism infrastructures 2. Resources that exist to

212 views • 17 slides
Ashokan Rail Trail Project U.C. Trail &amp; Rail Advisory Committee November 2, 2017

Ashokan Rail Trail Project U.C. Trail &amp; Rail Advisory Committee November 2, 2017

Ashokan Rail Trail Project U.C. Trail &amp; Rail Advisory Committee November 2, 2017 Presentation by Chris White, Deputy Director of Planning Ashokan Rail Trail Project Pending Legislative Resolutions Resolution No. 421: Negative Declaration

546 views • 32 slides
CITYWIDE TRAIL MASTER PLAN Planned Separated Bikeway Westside Trail at Mercer Crossing Project

CITYWIDE TRAIL MASTER PLAN Planned Separated Bikeway Westside Trail at Mercer Crossing Project

CITYWIDE TRAIL MASTER PLAN Planned Separated Bikeway Westside Trail at Mercer Crossing Project Status Approved Funding Agreement with Dallas County Consultant Submitting Proposal Developers Installing Portions of Trail

114 views • 9 slides
Application of Nuclear Techniques in Agriculture and Biotechnology Dr. Nayyer Iqbal Agriculture

Application of Nuclear Techniques in Agriculture and Biotechnology Dr. Nayyer Iqbal Agriculture

Application of Nuclear Techniques in Agriculture and Biotechnology Dr. Nayyer Iqbal Agriculture and Biotechnology Division PAEC, HQs, Islamabad 1/18 Application of Nuclear Techniques in Agriculture and Biotechnology Sequence of presentation

232 views • 19 slides
Trailhead Headwaters Destination Trail Assessment What makes a Trail a Destination? Destination

Trailhead Headwaters Destination Trail Assessment What makes a Trail a Destination? Destination

Trailhead Headwaters Destination Trail Assessment What makes a Trail a Destination? Destination Means Travel Within the province (90 minutes + by car) From adjacent provinces From other parts of North America From overseas A

669 views • 29 slides
Improved Discrepancy Bounds for Hybrid Sequences Harald Niederreiter RICAM Linz and University

Improved Discrepancy Bounds for Hybrid Sequences Harald Niederreiter RICAM Linz and University

Improved Discrepancy Bounds for Hybrid Sequences Harald Niederreiter RICAM Linz and University of Salzburg MC vs. QMC methods Hybrid sequences The basic sequences Deterministic discrepancy bounds The proof techniques MC

592 views • 19 slides
The Hoover Scout Trail Formally The Hoover Trail For Scouts ONLY , not open to the

The Hoover Scout Trail Formally The Hoover Trail For Scouts ONLY , not open to the

HAWKEYE AREA COUNCIL BOY SCOUTS OF AMERICA The Hoover Scout Trail Formally The Hoover Trail For Scouts ONLY , not open to the general public. Located near West Branch, Iowa No Cost to Hike or Canoe No Cost to Camp overnight HERBERT

363 views • 14 slides
St. Johns River to Sea Loop Trail Volusia County Coast to Coast Trail Brevard County East

St. Johns River to Sea Loop Trail Volusia County Coast to Coast Trail Brevard County East

St. Johns River to Sea Loop Trail Volusia County Coast to Coast Trail Brevard County East Coast Greenway Merritt Island National Wildlife Refuge Kennedy Space Center Titusville becoming a Trail Town Video can be found on Titusville Website

340 views • 18 slides
Kyle Academy MTB Trail Development Consultation Event Introduction to the Project Who we are

Kyle Academy MTB Trail Development Consultation Event Introduction to the Project Who we are

Kyle Academy MTB Trail Development Consultation Event Introduction to the Project Who we are Mountain bike trail designers www.architrail.co.uk What we want from this session? 1) To provide an understanding of typical trail types; 2) To

178 views • 17 slides
Update: Centennial Trail Boone-to-Pettet Route Improvement Boone Centennial Trail

Update: Centennial Trail Boone-to-Pettet Route Improvement Boone Centennial Trail

Update: Centennial Trail Boone-to-Pettet Route Improvement Boone Centennial Trail Boone-to-Pettet Route Gap Development History The City section of the Centennial Trail was routed years ago and signed in 2013/2014. Due to lack of

581 views • 18 slides

More recommend