TEA analysis using genetic programming Karel Kub´ ıˇ cek, karel-kubicek@mail.muni.cz Faculty of Informatics, Masaryk University December 3, 2015 1 / 13
Motivation Cipher output should look like random data but it is completely deterministic If we can distinguish between cipher output and truly random data, cipher is not considered to be secure used as one of the test for AES candidate Randomness testing can be automatized to save expensive time of skilled cryptanalyst 2 / 13
Common way of randomness testing – statistical batteries Common criteria: for example monobit test From pros to cons: quick interpret but may be hard to design Closed set of tests there exist nonrandom data, s.t. pass tests 3 / 13
Tiny Encryption Algorithm Simple structure Blocks of 64 bits, 128 bits key Feistel network, 32 rounds Currently weak (related-key attack) 4 / 13
Tiny Encryption Algorithm Simple structure Blocks of 64 bits, 128 bits key Feistel network, 32 rounds Currently weak (related-key attack) Why to test TEA? used by other teams ([HSIR02], [HI04], [Hu+10]) with same idea as benchmark they evolved a mask to restrict the input 4 / 13
EACirc – software-emulated electronic circuit We want to create tests automatically IN IN IN IN IN IN IN IN 0 1 2 3 4 5 6 7 AND AND CYCR CYCR CYCR CYCR CONS ROTR 8 133 22 106 155 121 110 46 CYCR NOT ROTL CYCL NAND NOR CYCR ROTL 17 72 246 66 61 216 63 231 ROTL NOR CYCR NOP BSLC NOP CYCR NAND 39 226 229 59 150 181 60 202 NOT CYCL NOP NOT XOR XOR CYCL XOR 252 75 1 130 104 23 188 19 CYCR 252 OUT 0 5 / 13
EACirc – process Generate 2 sets of test vectors 1 output of the cipher 2 truly random data – QRNG (from physical source) let the distinguisher choose, which vector is random and which is nonrandom # correct quesses fitness is # test vectors count 6 / 13
Results – Plaintext mode: counter Plaintext: counter incremented by one for each test vector EACirc 1 a nodes without shifts and rotations EACirc 1 b shifts and rotations enabled Rounds NIST STS Dieharder EACirc 1 a EACirc 1 b 1 1/162 0/20 100 100 2 1/162 0/20 100 100 3 27/188 1.5/20 100 100 4 183/188 6.0/20 (5.0) 100 5 188/188 16.5/20 (3.0) (5.3) Expected 188/188 20/20 (5.0) (5.0) 7 / 13
Results – Plaintext mode: strict avalanche criterion Plaintext: vector with two almost identical parts (first is random) differing only in a single bit Rounds NIST STS Dieharder EACirc 2 1 29/188 2.5/20 100 2 67/188 2.5/20 100 3 (186)/188 7.0/20 100 4 (187)/188 8.5/20 100 5 (188)/188 16.0/20 (4.5) 8 / 13
Results – interpretation 4 rounds TEA distinguisher (fitness 99%) for counter plaintext IN IN IN IN IN IN IN IN 0 1 2 3 4 5 6 7 AND AND CYCR CYCR CYCR CYCR CONS ROTR 8 133 22 106 155 121 110 46 CYCR NOT ROTL CYCL NAND NOR CYCR ROTL 17 72 246 66 61 216 63 231 ROTL NOR CYCR NOP BSLC NOP CYCR NAND 39 226 229 59 150 181 60 202 NOT CYCL NOP NOT XOR XOR CYCL XOR 252 75 1 130 104 23 188 19 CYCR 252 OUT 0 9 / 13
Results – interpretation 4 rounds TEA distinguisher (fitness 99%) for SAC plaintext IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 OR CONS BSLC NOT CONS BSLC NOT NAND 108 124 163 168 155 213 205 200 CYCR AND ROTL CYCL NAND OR ROTR XOR 170 65 241 112 157 161 78 116 NOT AND XOR BSLC NOT OR BSLC ROTL 100 251 194 237 111 183 98 100 NOT ROTR NAND NAND OR ROTR ROTR XOR 182 146 204 33 255 127 100 156 NOT 112 OUT 0 10 / 13
Future plans Better analysis of defects in data. ”Give us your data” website 11 / 13
Questions Questions? Full version of MKB paper on http://crcs.cz/papers/mkb2015 12 / 13
Bibliography J. C. Hern´ andez and P. Isasi, “Finding Efficient Distinguishers for Cryptographic Mappings, with an Application to the Block Cipher TEA”, Computational Intelligence , vol. 20, no. 3, pp. 517–525, 2004. J. C. Hern´ andez, J. M. Sierra, P. Isasi, and A. Ribagorda, “Genetic Cryptoanalysis of Two Rounds TEA”, in Computational Science—ICCS 2002 , Springer, 2002, pp. 1024–1031. W. Hu et al. , “Cryptanalysis of TEA Using Quantum-Inspired Genetic Algorithms”, Journal of Software Engineering and Applications , vol. 3, no. 01, p. 50, 2010. 13 / 13
Recommend
More recommend