Rasta: A cipher with low ANDdepth and few ANDs per bit

Recent developments in multi party computation (MPC) and fully homomorphic encryption (FHE) promoted the design and analysis of symmetric cryptographic schemes that minimize multiplications in one way or another. In this paper, we propose with Rastaa design strategy for symmetric encryption that has ANDdepth d and at the same time only needs d ANDs per encrypted bit. Even for very low values of d between 2 and 6 we can give strong evidence that attacks may not exist. This contributes to a better understanding of the limits of what concrete symmetric-key constructions can theoretically achieve with respect to AND-related metrics, and is to the best of our knowledge the first attempt that minimizes both metrics simultaneously. Furthermore, we can give evidence that for choices of d between 4 and 6 the resulting implementation properties may well be competitive by testing our construction in the use-case of removing the large ciphertext-expansion when using the BGV scheme.

[1]  Virginie Lallemand,et al.  Cryptanalysis of the FLIP Family of Stream Ciphers , 2016, CRYPTO.

[2]  Yuval Ishai,et al.  Cryptography in NC0 , 2004, SIAM J. Comput..

[3]  Xuejia Lai Higher Order Derivatives and Differential Cryptanalysis , 1994 .

[4]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[5]  Martin R. Albrecht,et al.  Ciphers for MPC and FHE , 2015, IACR Cryptol. ePrint Arch..

[6]  David A. Wagner,et al.  Integral Cryptanalysis , 2002, FSE.

[7]  Anne Canteaut,et al.  Stream Ciphers: A Practical Solution for Efficient Homomorphic-Ciphertext Compression , 2016, FSE.

[8]  V. Rich Personal communication , 1989, Nature.

[9]  Joan Daemen,et al.  Cipher and hash function design strategies based on linear and differential cryptanalysis , 1995 .

[10]  Christophe De Cannière,et al.  Trivium: A Stream Cipher Construction Inspired by Block Cipher Design Principles , 2006, ISC.

[11]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[12]  Gregory V. Bard,et al.  Efficient Multiplication of Dense Matrices over GF(2) , 2008, ArXiv.

[13]  Anne Canteaut,et al.  Stream Ciphers: A Practical Solution for Efficient Homomorphic-Ciphertext Compression , 2016, Journal of Cryptology.

[14]  Yehuda Lindell,et al.  Efficient Protocols for Set Intersection and Pattern Matching with Security Against Malicious and Covert Adversaries , 2008, Journal of Cryptology.

[15]  Nicolas Courtois Fast Algebraic Attacks on Stream Ciphers with Linear Feedback , 2003, CRYPTO.

[16]  Claude Carlet,et al.  Towards Stream Ciphers for Efficient FHE with Low-Noise Ciphertexts , 2016, EUROCRYPT.

[17]  Gu Chun-sheng,et al.  Cryptanalysis of the Smart-Vercauteren and Gentry-Halevi's Fully Homomorphic Encryption. , 2011 .

[18]  Benny Pinkas,et al.  Keyword Search and Oblivious Pseudorandom Functions , 2005, TCC.

[19]  Dana Randall Efficient Generation of Random Nonsingular Matrices , 1993, Random Struct. Algorithms.

[20]  Florian Mendel,et al.  Higher-Order Cryptanalysis of LowMC , 2015, ICISC.

[21]  Henri Gilbert,et al.  Key-Recovery Attack on the ASASA Cryptosystem with Expanding S-Boxes , 2015, CRYPTO.

[22]  Sebastian Ramacher,et al.  Improvements to the Linear Layer of LowMC: A Faster Picnic , 2017, IACR Cryptol. ePrint Arch..

[23]  Alex Biryukov,et al.  Structural Cryptanalysis of SASAS , 2001, Journal of Cryptology.

[24]  Craig Gentry,et al.  Homomorphic Evaluation of the AES Circuit , 2012, IACR Cryptol. ePrint Arch..

[25]  Antoine Joux,et al.  A Crossbred Algorithm for Solving Boolean Polynomial Systems , 2017, NuTMiC.

[26]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[27]  Gregory V. Bard,et al.  Algorithm 898: Efficient multiplication of dense matrices over GF(2) , 2010, TOMS.

[28]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[29]  Claudio Orlandi,et al.  A New Approach to Practical Active-Secure Two-Party Computation , 2012, IACR Cryptol. ePrint Arch..

[30]  Joan Boyar,et al.  On the multiplicative complexity of Boolean functions over the basis (cap, +, 1) , 2000, Theor. Comput. Sci..

[31]  Craig Gentry,et al.  (Leveled) fully homomorphic encryption without bootstrapping , 2012, ITCS '12.

[32]  François-Xavier Standaert,et al.  LS-Designs: Bitslice Encryption for Efficient Masked Software Implementations , 2014, FSE.

[33]  Daniel Slamanig,et al.  Post-Quantum Zero-Knowledge and Signatures from Symmetric-Key Primitives , 2017, CCS.

[34]  Armin Biere Lingeling, Plingeling and Treengeling Entering the SAT Competition 2013 , 2013 .

[35]  J. Massey,et al.  Communications and Cryptography: Two Sides of One Tapestry , 1994 .

[36]  Jonathan Katz,et al.  Improved Non-Interactive Zero Knowledge with Applications to Post-Quantum Signatures , 2018, IACR Cryptol. ePrint Arch..

[37]  Brice Minaud,et al.  Key-Recovery Attacks on ASASA , 2017, Journal of Cryptology.

[38]  Itai Dinur,et al.  Decomposing the ASASA Block Cipher Construction , 2015, IACR Cryptol. ePrint Arch..

[39]  Alex Biryukov,et al.  On Reverse-Engineering S-Boxes with Hidden Design Criteria or Structure , 2015, CRYPTO.

[40]  Shai Halevi,et al.  Algorithms in HElib , 2014, CRYPTO.

[41]  Masahiro Yagisawa,et al.  Fully Homomorphic Encryption without bootstrapping , 2015, IACR Cryptol. ePrint Arch..

[42]  Riivo Talviste,et al.  From Oblivious AES to Efficient and Secure Database Join in the Multiparty Setting , 2013, ACNS.

[43]  Martin R. Albrecht,et al.  MiMC: Efficient Encryption and Cryptographic Hashing with Minimal Multiplicative Complexity , 2016, ASIACRYPT.

[44]  Willi Meier,et al.  Optimized Interpolation Attacks on LowMC , 2015, ASIACRYPT.

[45]  Yuval Ishai,et al.  Low-Complexity Cryptographic Hash Functions , 2017, ITCS.

[46]  Willi Meier,et al.  Fast Algebraic Attacks on Stream Ciphers with Linear Feedback , 2003, CRYPTO.

[47]  Jean-Sébastien Coron,et al.  Scale-Invariant Fully Homomorphic Encryption over the Integers , 2014, Public Key Cryptography.

[48]  Daniel Slamanig,et al.  Post-Quantum Zero-Knowledge Proofs for Accumulators with Applications to Ring Signatures from Symmetric-Key Primitives , 2018, IACR Cryptol. ePrint Arch..

[49]  Dan Boneh Post-Quantum EPID Group Signatures from Symmetric Primitives , 2018 .

[50]  Morris J. Dworkin,et al.  SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions , 2015 .

[51]  Adi Shamir,et al.  Cube Attacks on Tweakable Black Box Polynomials , 2009, IACR Cryptol. ePrint Arch..

[52]  S. Halevi,et al.  Design and Implementation of a Homomorphic-Encryption Library , 2012 .

[53]  Dragos Rotaru,et al.  MPC-Friendly Symmetric Key Primitives , 2016, CCS.

[54]  Alex Biryukov,et al.  Cryptographic Schemes Based on the ASASA Structure: Black-Box, White-Box, and Public-Key (Extended Abstract) , 2014, ASIACRYPT.