On the Multi-output Filtering Model and Its Applications

In this paper, we propose a novel technique, called multi-output filtering model, to study the non-randomness property of a cryptographic algorithm such as message authentication codes and block ciphers. A multi-output filtering model consists of a linear feedback shift register and a multi-output filtering function. Our contribution in this paper is twofold. First, we propose an attack technique under IND-CPA using the multi-output filtering model. By introducing a distinguishing function, we theoretically determine the success rate of this attack. In particular, we construct a distinguishing function based on the distribution of the linear complexity of component sequences, and apply it on studying \({\textsf {TUAK}}\)’s \(f_1\) algorithm, \( {\textsf {AES} }\), \( {\textsf {KASUMI} }\), \( {\textsf {PRESENT} }\) and PRINTcipher. We demonstrate that the success rate of the attack on \( {\textsf {KASUMI} }\) and \( {\textsf {PRESENT} }\) is non-negligible, but \(f_1\) and \( {\textsf {AES} }\) are resistant to this attack. Second, we study the distribution of the cryptographic properties of component functions of a random primitive in the multi-output filtering model. Our experiments show some non-randomness in the distribution of algebraic degree and nonlinearity for \( {\textsf {KASUMI} }\).

[1]  Edwin L. Key,et al.  An analysis of the structure and complexity of nonlinear binary sequence generators , 1976, IEEE Trans. Inf. Theory.

[2]  Harald Niederreiter,et al.  On the expected value of the linear complexity and the k-error linear complexity ofperiodic sequences , 2002, IEEE Trans. Inf. Theory.

[3]  Claude Carlet,et al.  Boolean Functions for Cryptography and Error-Correcting Codes , 2010, Boolean Models and Methods.

[4]  Guang Gong,et al.  Signal Design for Good Correlation: For Wireless Communication, Cryptography, and Radar , 2005 .

[5]  Gregor Leander,et al.  A Cryptanalysis of PRINTcipher: The Invariant Subspace Attack , 2011, CRYPTO.

[6]  O. Antoine,et al.  Theory of Error-correcting Codes , 2022 .

[7]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[8]  Adi Shamir,et al.  Cube Attacks on Tweakable Black Box Polynomials , 2009, IACR Cryptol. ePrint Arch..

[9]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[10]  Joel Lathrop Cube attacks on cryptographic hash functions , 2009 .

[11]  Xuejia Lai,et al.  Improved zero-sum distinguisher for full round Keccak-f permutation , 2011, IACR Cryptol. ePrint Arch..

[12]  Anne Canteaut,et al.  Zero-Sum Distinguishers for Iterated Permutations and Application to Keccak-f and Hamsi-256 , 2010, Selected Areas in Cryptography.

[13]  Marian Srebrny,et al.  Security margin evaluation of SHA-3 contest finalists through SAT-based attacks , 2012, IACR Cryptol. ePrint Arch..

[14]  Marian Srebrny,et al.  Rotational Cryptanalysis of Round-Reduced Keccak , 2013, FSE.

[15]  G. V. Assche,et al.  Permutation-based encryption , authentication and authenticated encryption , 2012 .

[16]  Yosuke Todo Integral Cryptanalysis on Full MISTY1 , 2015, CRYPTO.

[17]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[18]  Marian Srebrny,et al.  Practical Complexity Cube Attacks on Round-Reduced Keccak Sponge Function , 2014, IACR Cryptol. ePrint Arch..

[19]  Andrey Bogdanov,et al.  PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[20]  Marian Srebrny,et al.  Preimage attacks on the round-reduced Keccak with the aid of differential cryptanalysis , 2013, IACR Cryptol. ePrint Arch..

[21]  Martin Stanek,et al.  On Cryptographic Properties of Random Boolean Functions , 1998, J. Univers. Comput. Sci..

[22]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[23]  Joan Daemen,et al.  Differential Propagation Analysis of Keccak , 2012, FSE.

[24]  Adi Shamir,et al.  Collision Attacks on Up to 5 Rounds of SHA-3 Using Generalized Internal Differentials , 2013, FSE.

[25]  Yin Tan,et al.  Security Assessment of TUAK Algorithm Set , 2014 .

[26]  Thomas Peyrin,et al.  Unaligned Rebound Attack: Application to Keccak , 2012, FSE.

[27]  Matthew J. B. Robshaw,et al.  PRINTcipher: A Block Cipher for IC-Printing , 2010, CHES.

[28]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[29]  R. A. Rueppel Analysis and Design of Stream Ciphers , 2012 .

[30]  Mihir Bellare,et al.  A concrete security treatment of symmet-ric encryption: Analysis of the DES modes of operation , 1997, FOCS 1997.

[31]  B Guido,et al.  Cryptographic sponge functions , 2011 .

[32]  J. Uspensky,et al.  Introduction to Mathematical Probability , 1938, Nature.

[33]  Adi Shamir,et al.  New Attacks on Keccak-224 and Keccak-256 , 2012, FSE.

[34]  Guido Bertoni,et al.  Keccak sponge function family main document , 2009 .

[35]  María Naya-Plasencia,et al.  Practical Analysis of Reduced-Round Keccak , 2011, INDOCRYPT.

[36]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.