searching for subspace trails and truncated differentials
play

Searching for Subspace Trails and Truncated Differentials March - PowerPoint PPT Presentation

Aug 23, 2023 •294 likes •541 views

RUHR-UNIVERSITT BOCHUM Searching for Subspace Trails and Truncated Differentials March 5th, 2018 Horst Grtz Institute for IT Security Ruhr-Universitt Bochum Gregor Leander, Cihangir Teczan, and Friedrich Wiemer Friedrich Wiemer |

  1. RUHR-UNIVERSITÄT BOCHUM Searching for Subspace Trails and Truncated Differentials March 5th, 2018 Horst Görtz Institute for IT Security Ruhr-Universität Bochum Gregor Leander, Cihangir Teczan, and Friedrich Wiemer Friedrich Wiemer | Searching for Subspace Trails and Truncated Differentials | March 5th, 2018 1

  2. RUHR-UNIVERSITÄT BOCHUM Differential Cryptanalysis SPN Cipher k 0 k 1 k t x E k ( x ) ... S L S L E k ( x + α ) x + α Friedrich Wiemer | Searching for Subspace Trails and Truncated Differentials | March 5th, 2018 2

  3. RUHR-UNIVERSITÄT BOCHUM Differential Cryptanalysis SPN Cipher k 0 k 1 k t x E k ( x ) ... S L S L E k ( x + α ) x + α Definition [Knu94; BLN14] Let F : � n 2 . A truncated differential of probability one is a pair of affine subspaces U + s and V + t 2 → � n of � n 2 , s. t. ∀ u ∈ U : ∀ x ∈ � n F ( x ) + F ( x + u + s ) ∈ V + t 2 : Friedrich Wiemer | Searching for Subspace Trails and Truncated Differentials | March 5th, 2018 2

  4. RUHR-UNIVERSITÄT BOCHUM Structural Attacks Subspace Trail Cryptanalysis Main Idea b U + a r s + V . . . ... F U + a 1 b 1 + V V U Friedrich Wiemer | Searching for Subspace Trails and Truncated Differentials | March 5th, 2018 3

  5. RUHR-UNIVERSITÄT BOCHUM Structural Attacks Subspace Trail Cryptanalysis Main Idea W b U + a r s + + V c t . . . . . . ... ... F F W U + a 1 b 1 + + c V 1 W V U Friedrich Wiemer | Searching for Subspace Trails and Truncated Differentials | March 5th, 2018 3

  6. RUHR-UNIVERSITÄT BOCHUM Structural Attacks Subspace Trail Cryptanalysis Main Idea W b U + a r s + + V c t . . . . . . ... ... F F W U + a 1 b 1 + + c V 1 W V U Subspace Trail Cryptanalysis [GRR16] (Last Year’s FSE) F F Let U 0 ,..., U r ⊆ � n 2 , and F : � n 2 . We write U 0 → U r , iff 2 → � n → ··· ∀ a ∈ U ⊥ i : ∃ b ∈ U ⊥ F ( U i + a ) ⊆ U i + 1 + b i + 1 : Friedrich Wiemer | Searching for Subspace Trails and Truncated Differentials | March 5th, 2018 3

  7. RUHR-UNIVERSITÄT BOCHUM Outline Outline Motivation 1 Link to Truncated Differentials 2 Security against Subspace Trail Attacks 3 Friedrich Wiemer | Searching for Subspace Trails and Truncated Differentials | March 5th, 2018 4

  8. RUHR-UNIVERSITÄT BOCHUM Intuition The Image of the Derivative is in the Subspace Lemma F Let U → V be a subspace trail. Then for all u ∈ U and all x : F ( x ) + F ( x + u ) ∈ V . Proof b U + a s t + V . . . ... F ( x ) F · x · V U Friedrich Wiemer | Searching for Subspace Trails and Truncated Differentials | March 5th, 2018 5

  9. RUHR-UNIVERSITÄT BOCHUM Intuition The Image of the Derivative is in the Subspace Lemma F Let U → V be a subspace trail. Then for all u ∈ U and all x : F ( x ) + F ( x + u ) ∈ V . Proof b U + a s t + V . . . ... F ( x ) F · x · x + u · u · V U · F ( x + u ) Friedrich Wiemer | Searching for Subspace Trails and Truncated Differentials | March 5th, 2018 5

  10. RUHR-UNIVERSITÄT BOCHUM Intuition The Image of the Derivative is in the Subspace Lemma F Let U → V be a subspace trail. Then for all u ∈ U and all x : F ( x ) + F ( x + u ) ∈ V . Proof b U + a s t + V . . . ... F ( x ) F · x · x + u · u v · · V U · F ( x + u ) Friedrich Wiemer | Searching for Subspace Trails and Truncated Differentials | March 5th, 2018 5

  11. RUHR-UNIVERSITÄT BOCHUM Link to Truncated Differentials Direct consequence from above Lemma Theorem (Subspaces Trails are Truncated Differentials with probability one) F Let U → V be a subspace trail. Then U + 0 and V + 0 form a truncated differential with probabiliy one. Subspace Trails are thus a special case of truncated differentials. Friedrich Wiemer | Searching for Subspace Trails and Truncated Differentials | March 5th, 2018 6

  12. RUHR-UNIVERSITÄT BOCHUM Provable Resistant against Subspace Trails How to search efficiently for Subspace Trails? Security against Subspace Trails? Given the round function F : � n 2 of an SPN cipher, prove the resistance against subspace trail 2 → � n attacks! 1 Friedrich Wiemer | Searching for Subspace Trails and Truncated Differentials | March 5th, 2018 7

  13. RUHR-UNIVERSITÄT BOCHUM Provable Resistant against Subspace Trails How to search efficiently for Subspace Trails? Security against Subspace Trails? Given the round function F : � n 2 of an SPN cipher, prove the resistance against subspace trail 2 → � n attacks! Main problem: Too many possible starting points. Already for initially one-dimensional subspaces there are 2 n − 1 possibilities. Can’t we just activate a single S-box and check to what this leads us? 1 Friedrich Wiemer | Searching for Subspace Trails and Truncated Differentials | March 5th, 2018 7

  14. RUHR-UNIVERSITÄT BOCHUM Provable Resistant against Subspace Trails How to search efficiently for Subspace Trails? Security against Subspace Trails? Given the round function F : � n 2 of an SPN cipher, prove the resistance against subspace trail 2 → � n attacks! Main problem: Too many possible starting points. Already for initially one-dimensional subspaces there are 2 n − 1 possibilities. Can’t we just activate a single S-box and check to what this leads us? The short answer is: No! 1 1 The long answer is: Read our paper Friedrich Wiemer | Searching for Subspace Trails and Truncated Differentials | March 5th, 2018 7

  15. RUHR-UNIVERSITÄT BOCHUM Approach to the Algorithm How to reduce the number of starting points? SPN Cipher k 0 k 1 k t x E k ( x ) ... S L S L E k ( x + α ) x + α Easy parts Given a starting subspace, computing the trail is easy. The effect of the linear layer L to a subspace U is clear: L → L ( U ) U Friedrich Wiemer | Searching for Subspace Trails and Truncated Differentials | March 5th, 2018 8

  16. RUHR-UNIVERSITÄT BOCHUM Approach to the Algorithm How to reduce the number of starting points? SPN Cipher k 0 k 1 k t x E k ( x ) ... S L S L E k ( x + α ) x + α Easy parts S-box: First Observation S For an S-box S and U → V , because of the above lemma, Given a starting subspace, 2 and ∀ u ∈ U : computing the trail is easy. ∀ x ∈ � n The effect of the linear layer S ( x ) + S ( x + u ) ∈ V L to a subspace U is clear: ∀ α ∈ V ⊥ . ⇔ 〈 α , S ( x ) + S ( x + u ) 〉 = 0 L → L ( U ) U Friedrich Wiemer | Searching for Subspace Trails and Truncated Differentials | March 5th, 2018 8

  17. RUHR-UNIVERSITÄT BOCHUM Approach to the Algorithm How to reduce the number of starting points? SPN Cipher k 0 k 1 k t x E k ( x ) ... S L S L E k ( x + α ) x + α Easy parts S-box: First Observation S For an S-box S and U → V , because of the above lemma, Given a starting subspace, 2 and ∀ u ∈ U : computing the trail is easy. ∀ x ∈ � n The effect of the linear layer S ( x ) + S ( x + u ) ∈ V L to a subspace U is clear: ∀ α ∈ V ⊥ . ⇔ 〈 α , S ( x ) + S ( x + u ) 〉 = 0 L → L ( U ) U By definition, V ⊥ is the set of zero-linear structures of S . Friedrich Wiemer | Searching for Subspace Trails and Truncated Differentials | March 5th, 2018 8

  18. RUHR-UNIVERSITÄT BOCHUM Possibility I The short one Theorem SPN Round: S-box layer Let F : � kn 2 → � kn 2 be an S-box layer that applies k S-boxes with no non-trivial linear structures in parallel. U 1 V 1 S F Then every essential subspace trail U → V is of the form × × U 2 V 2 S U = V = U 1 × ··· × U k , × × U = = V � � where U i ∈ . { 0 } , � n U 3 V 3 S 2 × × In particular, in this case, bounds from activating S-boxes U 4 V 4 S are optimal. Friedrich Wiemer | Searching for Subspace Trails and Truncated Differentials | March 5th, 2018 9

  19. RUHR-UNIVERSITÄT BOCHUM Possibility I Algorithm Algorithm Complexity (No. of starting U s) For k S-boxes: 2 k (can be further de- Simply (de-)activate S-boxes creased to k ). Compute resulting subspace trail This approach is independent of the S-box, i. e. any S-box without linear structures behaves the same with respect to subspace trails. Friedrich Wiemer | Searching for Subspace Trails and Truncated Differentials | March 5th, 2018 10

  20. RUHR-UNIVERSITÄT BOCHUM Possibility I Algorithm Algorithm Complexity (No. of starting U s) For k S-boxes: 2 k (can be further de- Simply (de-)activate S-boxes creased to k ). Compute resulting subspace trail This approach is independent of the S-box, i. e. any S-box without linear structures behaves the same with respect to subspace trails. The problem with S-boxes that have linear structures Subspace trails through S-box layers with one -linear structures are not necessarily a direct product of subspaces (see e. g. PRESENT). Friedrich Wiemer | Searching for Subspace Trails and Truncated Differentials | March 5th, 2018 10

  21. RUHR-UNIVERSITÄT BOCHUM Possibility II S-boxes with linear structures Observation S   0   S   α     U V ∋     0 S     0 S Friedrich Wiemer | Searching for Subspace Trails and Truncated Differentials | March 5th, 2018 11

Recommend

Truncated Differentials Lars R. Knudsen June 2014 Lars R. Knudsen Truncated Differentials

Truncated Differentials Lars R. Knudsen June 2014 Lars R. Knudsen Truncated Differentials

Truncated differentials Impossible differentials Truncated Differentials Lars R. Knudsen June 2014 Lars R. Knudsen Truncated Differentials Truncated differentials Impossible differentials Outline Truncated differentials 1 Impossible

489 views • 32 slides
On the Usage of Deterministic (Related-Key) Truncated Differentials and Multidimensional Linear

On the Usage of Deterministic (Related-Key) Truncated Differentials and Multidimensional Linear

On the Usage of Deterministic (Related-Key) Truncated Differentials and Multidimensional Linear Approximations for SPN Ciphers Ling Sun 1 , David Gerault 2 , Wei Wang 1 , Meiqin Wang 1 ( ) 1. Shandong University, Jinan & Qingdao, China

646 views • 26 slides
New Techniques for Searching Di ff erential Trails in Keccak Guozhen Liu, Weidong Qiu, Yi Tu

New Techniques for Searching Di ff erential Trails in Keccak Guozhen Liu, Weidong Qiu, Yi Tu

New Techniques for Searching Di ff erential Trails in Keccak Guozhen Liu, Weidong Qiu, Yi Tu Nanyang Technological University, Singapore Shanghai Jiao Tong University, China 3-Round Di ff erential Trail Core Search of Keccak Permutation 1 / 21

392 views • 21 slides
Cryptanalysis of PRINT CIPHER : The Invariant Subspace Attack Gregor Leander, Mohamed

Cryptanalysis of PRINT CIPHER : The Invariant Subspace Attack Gregor Leander, Mohamed

Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Cryptanalysis of PRINT CIPHER : The Invariant Subspace Attack Gregor Leander, Mohamed Abdelraheem, Huda AlKhzaimi, and Erik Zenner DTU Mathematics

598 views • 37 slides
Vat Phou and Champasaks trails Champasaks Highlights Archaeological trails Cultural

Vat Phou and Champasaks trails Champasaks Highlights Archaeological trails Cultural

Vat Phou and Champasaks trails Champasaks Highlights Archaeological trails Cultural trails Historical trails Natural trails Discover Vat Phou and Champasaks cultural and historic landscape by exploring thematjc trails 8 7 2 3 6

91 views • 6 slides
JUST THE MATHS SLIDES NUMBER 14.4 PARTIAL DIFFERENTIATION 4 (Exact differentials) by

JUST THE MATHS SLIDES NUMBER 14.4 PARTIAL DIFFERENTIATION 4 (Exact differentials) by

JUST THE MATHS SLIDES NUMBER 14.4 PARTIAL DIFFERENTIATION 4 (Exact differentials) by A.J.Hobson 14.4.1 Total differentials 14.4.2 Testing for exact differentials 14.4.3 Integration of exact differentials UNIT 14.4 PARTIAL

453 views • 11 slides
Trails of the World Millions of outdoor enthusiasts exploring and sharing great trails and

Trails of the World Millions of outdoor enthusiasts exploring and sharing great trails and

Trails of the World Millions of outdoor enthusiasts exploring and sharing great trails and pictures .com 10M Trails Community 4M Users 10M Trails 4M Registered Users 17M Pictures & Videos 4M Trails 75 Activities 2M Trails 190

192 views • 6 slides
Graph based Subspace Segmentation Canyi Lu National University of Singapore Nov. 21, 2013

Graph based Subspace Segmentation Canyi Lu National University of Singapore Nov. 21, 2013

Graph based Subspace Segmentation Canyi Lu National University of Singapore Nov. 21, 2013 Content Subspace Segmentation Problem Related Work Sparse Subspace Clustering (SSC) Low-Rank Representation (LRR) Multi-Subspace

353 views • 24 slides
Differentials and K3 surfaces Ignacio Barros Humboldt-Universit at zu Berlin February 12,

Differentials and K3 surfaces Ignacio Barros Humboldt-Universit at zu Berlin February 12,

Riemann Surfaces Differentials Geometry of H Differentials and K3 surfaces Ignacio Barros Humboldt-Universit at zu Berlin February 12, 2019 Riemann Surfaces Differentials Geometry of H Overview History Differentials My

730 views • 71 slides
Trails and Networks: Loom; Going from Trails to Networks and Networks to Trails Mihovil

Trails and Networks: Loom; Going from Trails to Networks and Networks to Trails Mihovil

<Your Name> Trails and Networks: Loom; Going from Trails to Networks and Networks to Trails Mihovil Bartulovic mbartulovic@cmu.edu Dr. Kathleen M. Carley kathleen.carley@cs.cmu.edu Center for Computational Analysis of Social and

394 views • 18 slides
Subspace Polynomials and Cyclic Subspace Codes Netanel Raviv Joint work with: Prof. Tuvi Etzion

Subspace Polynomials and Cyclic Subspace Codes Netanel Raviv Joint work with: Prof. Tuvi Etzion

Subspace Polynomials and Cyclic Subspace Codes Netanel Raviv Joint work with: Prof. Tuvi Etzion Prof. Eli Ben-Sasson Dr. Ariel Gabizon Netanel Raviv Subspace Polynomials and Cyclic Subspace Codes 1 June 2014 Motivation Subspace Codes

663 views • 27 slides
E-bikes and Trails: Measuring Impact and Acceptance of Class 1 E-bikes on Trails Presentation

E-bikes and Trails: Measuring Impact and Acceptance of Class 1 E-bikes on Trails Presentation

E-bikes and Trails: Measuring Impact and Acceptance of Class 1 E-bikes on Trails Presentation Overview Relevant legislation JCOS study design Current findings Decision on Class I on JCOS paved trails E-bike demo Discussion HB 17-1151

923 views • 32 slides
TALKING TRAILS BREAKFAST PRESENTED BY: CABOT TRAILS COMMITTEE & CENTRAL VERMONT REGIONAL

TALKING TRAILS BREAKFAST PRESENTED BY: CABOT TRAILS COMMITTEE & CENTRAL VERMONT REGIONAL

TALKING TRAILS BREAKFAST PRESENTED BY: CABOT TRAILS COMMITTEE & CENTRAL VERMONT REGIONAL PLANNING COMMISSION WELCOME Introductions Cabot Trails Committee Recreation Trails Planning Grant Review of Purpose and Needs

118 views • 10 slides
On truncated discrete moment problems Tobias Kuna University of Reading, UK (Joint work with

On truncated discrete moment problems Tobias Kuna University of Reading, UK (Joint work with

On truncated discrete moment problems Tobias Kuna University of Reading, UK (Joint work with Maria Infusino, Joel Lebowitz, Eugene Speer) IWOTA 2019 Lisbon 26th July T. Kuna On truncated discrete moment problems Discrete truncated moment

299 views • 19 slides
TRAILHEAD NORTH The Ontario Trails Strategy and Trails Action Plan Presentation by Carol Oitment

TRAILHEAD NORTH The Ontario Trails Strategy and Trails Action Plan Presentation by Carol Oitment

TRAILHEAD NORTH The Ontario Trails Strategy and Trails Action Plan Presentation by Carol Oitment Ministry of Tourism, Culture and Sport (MTCS) April 20, 2016 OVERVIEW OF THE PRESENTATION The Provincial Context for Trails Research on the

456 views • 28 slides
Subspace Embeddings and p -Regression Using Exponential Random Variables David P. Woodruff

Subspace Embeddings and p -Regression Using Exponential Random Variables David P. Woodruff

Subspace Embeddings and p -Regression Using Exponential Random Variables David P. Woodruff and Qin Zhang IBM Research Almaden COLT13, June 12, 2013 1-1 Subspace embeddings Subspace embeddings: A distribution over linear maps : R n

810 views • 44 slides
Cyclic Subspace Codes Via Subspace Polynomials Kamil Otal and Ferruh zbudak Middle East

Cyclic Subspace Codes Via Subspace Polynomials Kamil Otal and Ferruh zbudak Middle East

Introduction Motivation Our contributions Cyclic Subspace Codes Via Subspace Polynomials Kamil Otal and Ferruh zbudak Middle East Technical University Design and Application of Random Network Codes (DARNEC15) November 4-6, 2015 /

721 views • 26 slides
Bivariate Truncated Moment Problems with Algebraic Variety in the Nonnegative Quadrant in R 2

Bivariate Truncated Moment Problems with Algebraic Variety in the Nonnegative Quadrant in R 2

Bivariate Truncated Moment Problems with Algebraic Variety in the Nonnegative Quadrant in R 2 (joint work with Sang Hoon Lee and Jasang Yoon) Ra ul E. Curto, University of Iowa IWOTA 2019; Lisbon, Portugal Truncated Moment Problems , July 25,

702 views • 43 slides
Communications Update Circuit Trails Coalition Semi-Annual Meeting May 2017 Quick Refresher

Communications Update Circuit Trails Coalition Semi-Annual Meeting May 2017 Quick Refresher

Communications Update Circuit Trails Coalition Semi-Annual Meeting May 2017 Quick Refresher Objectives Raise awareness of Circuit Trails vision Increase use of existing trails Drive support for trails among influencers,

322 views • 28 slides
Subspace Embeddings for Regression Lecture 12 October 1, 2020 Chandra (UIUC) CS498ABD 1 Fall

Subspace Embeddings for Regression Lecture 12 October 1, 2020 Chandra (UIUC) CS498ABD 1 Fall

CS 498ABD: Algorithms for Big Data Subspace Embeddings for Regression Lecture 12 October 1, 2020 Chandra (UIUC) CS498ABD 1 Fall 2020 1 / 18 Subspace Embedding Question: Suppose we have linear subspace E of R n of dimension d . Can we find

296 views • 26 slides
Kids in Parks Designing Self-guided Trails that Get Kids in Parks Introducing TRACK Trails Kids

Kids in Parks Designing Self-guided Trails that Get Kids in Parks Introducing TRACK Trails Kids

Kids in Parks Designing Self-guided Trails that Get Kids in Parks Introducing TRACK Trails Kids in Parks provides a network of self-guided, brochure-led hiking trails designed for kids and their families called TRACK Trails. 1 st TRACK Trail

504 views • 13 slides
Truncated Sums, Matrix Iteration Giacomo Boffi

Truncated Sums, Matrix Iteration Giacomo Boffi

Truncated Sums, Matrix Iteration Giacomo Boffi http://intranet.dica.polimi.it/people/boffi-giacomo Dipartimento di Ingegneria Civile Ambientale e Territoriale Politecnico di Milano April 3, 2019 Giacomo Boffi Truncated Sums, Matrix Iteration

1.75k views • 113 slides
Truncated Sums, Matrix Iteration Giacomo Boffi

Truncated Sums, Matrix Iteration Giacomo Boffi

Truncated Sums, Matrix Iteration Giacomo Boffi Truncated Sums, Matrix Iteration Giacomo Boffi http://intranet.dica.polimi.it/people/boffi-giacomo Dipartimento di Ingegneria Civile Ambientale e Territoriale Politecnico di Milano March 27,

1.56k views • 112 slides
Multi-sampled Photon Differentials Incorporating the View Ray Differential in the Radiance

Multi-sampled Photon Differentials Incorporating the View Ray Differential in the Radiance

Multi-sampled Photon Differentials Incorporating the View Ray Differential in the Radiance Estimate Lasse Jon Fuglsang Pedersen (fuglsang@diku.dk) November 25. 2011 Outline What is photon mapping? What are photon differentials? Why

810 views • 13 slides

More recommend