Primitivity of PRESENT and other lightweight ciphers

Aragona, Riccardo; Calderini, Marco; Tortora, Antonio; Tota, Maria

doi:10.1142/s0219498818501153

Cited by 13 publications

(18 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Later, a similar methodology called invariant subspace attack has been introduced for the cryptanalysis of PRINTcipher [20]. Today, the resistance to the imprimitivity attack of many known constructions has been proved [1,2,10,25,26], and primitivity conditions have been established also for large families of ciphers. For example, Aragona et al [3,Theorem 4.5] have shown that the primitivity of the group generated by the rounds of an FN can be reduced to the primitivity of the group generated by the rounds of an SPN whose round functions are the ones implemented as F-functions 1 One remarkable exception is a paper due to Wernsdorf [28] which shows that the multiplyaddition box at the center of the round of IDEA generates the alternating group on F 32 2 and where it is conjectured that also the entire rounds of IDEA generate the alternating group.…”

Section: Introductionmentioning

confidence: 99%

On Invariant Subspaces in the Lai–Massey Scheme and a Primitivity Reduction

Aragona

Civino

2021

Mediterr. J. Math.

Self Cite

View full text Add to dashboard Cite

In symmetric cryptography, the round functions used as building blocks for iterated block ciphers are obtained as the composition of different layers acting as a sequence of bijective transformations providing global increasing complexity. The study of the conditions on such layers which make the group generated by the round functions of a block cipher a primitive group has been addressed in the past years, both in the case of Substitution Permutation Networks and Feistel Networks, giving to block cipher designers the recipe to avoid the imprimitivity attack, which exploits the invariance of some subspaces during the encryption. In the case of Lai–Massey schemes, where both Substitution Permutation Network and Feistel Network features are combined, the resistance against imprimitivity attacks has been a long-standing open problem. In this paper we consider a generalization of such a scheme and we prove its resistance against the imprimitivity attack. Our solution is obtained as a consequence of a more general result in which the problem of proving the primitivity of a generalized Lai–Massey scheme is reduced to the simpler one of proving the primitivity of the group generated by the round functions of a strictly related Substitution Permutation Network. We prove how this implies a reduction in the computational cost of invariant-subspace search.

show abstract

Section: Introductionmentioning

confidence: 99%

On Invariant Subspaces in the Lai–Massey Scheme and a Primitivity Reduction

Aragona

Civino

2021

Mediterr. J. Math.

Self Cite

View full text Add to dashboard Cite

show abstract

“…More relevant in [28], Paterson built a DES-like cipher, resistant to both linear and differential cryptanalysis, whose encryption functions generate an imprimitive group and showed how the knowledge of this trapdoor can be turned into an efficient attack to the cipher. For this reason, a branch of research in Symmetric Cryptography is focused on showing that the group generated by the encryption functions of a given cipher is primitive and not of affine type (see [4,5,6,11,17,18,31,33,34,35]). In this sense, our purpose is to give sufficient conditions for the primitivity of the group generated by the round functions of a wave cipher.…”

Section: Introductionmentioning

confidence: 99%

Wave-shaped round functions and primitive groups

Aragona¹,

Calderini²,

Civino³

et al. 2019

Advances in Mathematics of Communications

Self Cite

View full text Add to dashboard Cite

Round functions used as building blocks for iterated block ciphers, both in the case of Substitution-Permutation Networks (SPN) and Feistel Networks (FN), are often obtained as the composition of different layers which provide confusion and diffusion, and key additions. The bijectivity of any encryption function, crucial in order to make the decryption possible, is guaranteed by the use of invertible layers or by the Feistel structure. In this work a new family of ciphers, called wave ciphers, is introduced. In wave ciphers, round functions feature wave functions, which are vectorial Boolean functions obtained as the composition of non-invertible layers, where the confusion layer enlarges the message which returns to its original size after the diffusion layer is applied. This is motivated by the fact that relaxing the requirement that all the layers are invertible allows to consider more functions which are optimal with regard to non-linearity. In particular it allows to consider injective APN S-boxes. In order to guarantee efficient decryption we propose to use wave functions in Feistel Networks. With regard to security, the immunity from some group-theoretical attacks is investigated. In particular, it is shown how to avoid that the group generated by the round functions acts imprimitively, which represents a serious flaw for the cipher. The primitivity of this group is derived as a consequence of a more general result, which allows to reduce the problem of proving that a given FN generates a primitive group to the one of proving that an SPN, directly related to the given FN, generates a primitive group. Finally, a concrete instance of real-world size wave cipher is proposed as an example, and its resistance against differential and linear cryptanalysis is also established.

show abstract

“…More relevant, in [23] Paterson built a DES-like cipher whose encryption functions generate an imprimitive group and showed how the knowledge of this trapdoor can be turned into an efficient attack to the cipher. For this reason, a branch of research in symmetric cryptography is focused on showing that the group generated by the encryption functions of a given cipher is primitive (see [3,4,5,9,12,13,25,28,29,30]).…”

Section: Introductionmentioning

confidence: 99%

Type-preserving matrices and security of block ciphers

Aragona¹,

Meneghetti²

2019

Advances in Mathematics of Communications

Self Cite

View full text Add to dashboard Cite

We introduce a new property for mixing layers which guarantees protection against algebraic attacks based on the imprimitivity of the group generated by the round functions. Mixing layers satisfying this property are called non-type-preserving. Our main result is to characterize such mixing layers by providing a list of necessary and sufficient conditions on the structure of their underlying binary matrices. Then we show how several families of linear maps are non-type-preserving, including the mixing layers of AES, GOST and PRESENT. Finally we prove that the group generated by the round functions of an SPN cipher with addition modulo 2 n as key mixing function is primitive if its mixing layer satisfies this property.

show abstract

Primitivity of PRESENT and other lightweight ciphers

Cited by 13 publications

References 27 publications

On Invariant Subspaces in the Lai–Massey Scheme and a Primitivity Reduction

On Invariant Subspaces in the Lai–Massey Scheme and a Primitivity Reduction

Wave-shaped round functions and primitive groups

Type-preserving matrices and security of block ciphers

Contact Info

Product

Resources

About