Structural weaknesses of permutations with a low differential uniformity and generalized crooked functions

Canteaut, Anne; Naya-Plasencia, Maŕıa

doi:10.1090/conm/518/10196

Cited by 14 publications

(18 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As noticed in [98], F is differentially Δ F -uniform with two-valued differential spectrum if and only if ∇ F · Δ F = 2 n holds.…”

Section: Exploiting the Apn Property Of The S-boxes In Cryptanalysismentioning

confidence: 92%

“…In [98], Anne Canteaut and Marìa Naya-Plasencia present an attack on the hash function MARACA proposed to the SHA3 competition and show that the higher the number of input differences which can lead to the same output difference is, the better the attack works. The quantity describing the power of the attack is denoted by ∇ F and is defined as…”

Section: Exploiting the Apn Property Of The S-boxes In Cryptanalysismentioning

confidence: 99%

“…The attack described in [98] does not take advantage of only the size of D F (b), but also of the structure of these sets, and gives rise to the following generalization of crooked functions originally defined in [99].…”

Section: Exploiting the Apn Property Of The S-boxes In Cryptanalysismentioning

confidence: 99%

“…In [67], all quadratic permutation monomials were proved crooked. In [98] it is conjectured that crooked permutations of any co-dimension are quadratic.…”

Section: Exploiting the Apn Property Of The S-boxes In Cryptanalysismentioning

confidence: 99%

See 3 more Smart Citations

Perfect nonlinear functions and cryptography

Blondeau

Nyberg

2015

Finite Fields and Their Applications

View full text Add to dashboard Cite

In the late 1980s the importance of highly nonlinear functions in cryptography was first discovered by Meier and Staffelbach from the point of view of correlation attacks on stream ciphers, and later by Nyberg in the early 1990s after the introduction of the differential cryptanalysis method. Perfect nonlinear (PN) and almost perfect nonlinear (APN) functions, which have the optimal properties for offering resistance against differential cryptanalysis, have since then been an object of intensive study by many mathematicians. In this paper, we survey some of the theoretical results obtained on these functions in the last 25 years. We recall how the links with other mathematical concepts have accelerated the search on PN and APN functions. To illustrate the use of PN and APN functions in practice, we discuss examples of ciphers and their resistance to differential attacks. In particular, we recall that in cryptographic applications suboptimal functions are often used.

show abstract

“…As noticed in [98], F is differentially Δ F -uniform with two-valued differential spectrum if and only if ∇ F · Δ F = 2 n holds.…”

Section: Exploiting the Apn Property Of The S-boxes In Cryptanalysismentioning

confidence: 92%

Section: Exploiting the Apn Property Of The S-boxes In Cryptanalysismentioning

confidence: 99%

Section: Exploiting the Apn Property Of The S-boxes In Cryptanalysismentioning

confidence: 99%

“…In [67], all quadratic permutation monomials were proved crooked. In [98] it is conjectured that crooked permutations of any co-dimension are quadratic.…”

Section: Exploiting the Apn Property Of The S-boxes In Cryptanalysismentioning

confidence: 99%

See 2 more Smart Citations

Perfect nonlinear functions and cryptography

Blondeau

Nyberg

2015

Finite Fields and Their Applications

View full text Add to dashboard Cite

show abstract

“…However, in practice, the function t often has a set of properties which can be exploited to optimize this approach. We aim at reducing the number of candidates which have to be examined, in some cases by a preliminary sieving similar to the one used in [5]. This paper presents such optimization techniques, that, when applied to most of the rebound attacks published on the SHA-3 candidates, yield significant improvements in the overall time and/or memory complexities of the attack, as shown on Table 1.…”

Section: Introductionmentioning

confidence: 99%

How to Improve Rebound Attacks

Naya-Plasencia

2011

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Rebound attacks are a state-of-the-art analysis method for hash functions. These cryptanalysis methods are based on a well chosen differential path and have been applied to several hash functions from the SHA-3 competition, providing the best known analysis in these cases. In this paper we study rebound attacks in detail and find for a large number of cases that the complexities of existing attacks can be improved. This is done by identifying problems that optimally adapt to the cryptanalytic situation, and by using better algorithms to find solutions for the differential path. Our improvements affect one particular operation that appears in most rebound attacks and which is often the bottleneck of the attacks. This operation, which varies depending on the attack, can be roughly described as merging large lists. As a result, we introduce new general purpose algorithms for enabling further rebound analysis to be as performant as possible. We illustrate our new algorithms on real hash functions. More precisely, we demonstrate how to reduce the complexities of the best known analysis on four SHA-3 candidates: JH, Grøstl, ECHO and Lane and on the best known rebound analysis on the SHA-3 candidate Luffa.

show abstract