BoolTest: The Fast Randomness Testing Strategy Based on Boolean Functions with Application to DES, 3-DES, MD5, MD6 and SHA-256

The output of modern cryptographic primitives like pseudorandom generators and block or stream ciphers is frequently required to be indistinguishable from a truly random data. The existence of any distinguisher provides a hint about the insufficient confusion and diffusion property of an analyzed function. In addition to targeted cryptoanalysis, statistical tests included in batteries such as NIST STS, Dieharder or TestU01 are frequently used to assess the indistinguishability property. However, the tests included in these batteries are either too simple to spot the common biases (like the Monobit test) or overly complex (like the Fourier Transform test) requiring an extensive amount of data. We propose a simple, yet surprisingly powerful method called BoolTest for the construction of distinguishers based on an exhaustive search for boolean function(s). The BoolTest typically constructs distinguisher with fewer input data required and directly identifies the function’s biased output bits. We analyze the performance on four input generation strategies: counter-based, low hamming weight, plaintext-ciphertext block combination and bit-flips to test strict avalanche criterion. The BoolTest detects bias and thus constructs distinguisher in a significantly higher number of rounds in the round-reduced versions of DES, 3-DES, MD5, MD6 and SHA-256 functions than the state-of-the-art batteries. Finally, we provide a precise interpretation of BoolTest verdict (provided in the form of Z-score) about the confidence of a distinguisher found. The BoolTest clear interpretation is a significant advantage over standard batteries consisting of multiple tests, where not only a statistical significance of a single test but also aggregated decision over multiple, potentially correlated tests, needs to be correctly performed.

[1]  Michael Mascagni,et al.  SPRNG: A Scalable Library for Pseudorandom Number Generation , 1999, PP.

[2]  William M. Daley,et al.  Security Requirements for Cryptographic Modules , 1999 .

[3]  Werner Schindler,et al.  Evaluation Criteria for True (Physical) Random Number Generators Used in Cryptographic Applications , 2002, CHES.

[4]  David J. Sheskin,et al.  Handbook of Parametric and Nonparametric Statistical Procedures , 1997 .

[5]  Gregory V. Bard,et al.  Algebraic Cryptanalysis , 2009 .

[6]  Emil Simion,et al.  The Relevance of Statistical Tests in Cryptography , 2015, IEEE Security & Privacy.

[7]  Vashek Matyas,et al.  Constructing empirical tests of randomness , 2014, 2014 11th International Conference on Security and Cryptography (SECRYPT).

[8]  Thomas Johansson,et al.  A Framework for Chosen IV Statistical Analysis of Stream Ciphers , 2007, INDOCRYPT.

[9]  Alex Biryukov,et al.  Automatic Search for Differential Trails in ARX Ciphers , 2014, CT-RSA.

[10]  Pedro Isasi,et al.  Finding Efficient Distinguishers for Cryptographic Mappings, with an Application to the Block Cipher TEA , 2004 .

[11]  Paul Stankovski,et al.  Greedy Distinguishers and Nonrandomness Detectors , 2010, INDOCRYPT.

[12]  Pierre L'Ecuyer,et al.  TestU01: A C library for empirical testing of random number generators , 2006, TOMS.

[13]  Donald Ervin Knuth,et al.  The Art of Computer Programming , 1968 .

[14]  Sylvain Chevillard,et al.  The functions erf and erfc computed with arbitrary precision and explicit error bounds , 2009, Inf. Comput..

[15]  Eric Filiol,et al.  A New Statistical Testing for Symmetric Ciphers and Hash Functions , 2002, ICICS.

[16]  Vashek Matyas,et al.  The Million-Key Question - Investigating the Origins of RSA Public Keys , 2016, USENIX Security Symposium.

[17]  Petr Svenda,et al.  The Efficient Randomness Testing using Boolean Functions , 2017, SECRYPT.

[18]  Elaine B. Barker,et al.  A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications , 2000 .

[19]  Howard M. Heys,et al.  A TUTORIAL ON LINEAR AND DIFFERENTIAL CRYPTANALYSIS , 2002, Cryptologia.