Guesswork and Variation Distance as Measures of Cipher Security

Absolute lower limits to the cost of cryptanalytic attacks are quantified, via a theory of guesswork. Conditional guesswork naturally expresses limits to known and chosen plaintext attacks. New inequalities are derived between various forms of guesswork and variation distance. The machinery thus offers a new technique for establishing the security of a cipher: When the work-factor of the optimal known or chosen plaintext attack against a cipher is bounded below by a prohibitively large number, then no practical attack against the cipher can succeed. As an example, we apply the technique to iterated cryptosystems, as the Markov property which results from an independent subkey assumption makes them particularly amenable to analysis.

[1]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[2]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[3]  I. Olkin,et al.  Inequalities: Theory of Majorization and Its Applications , 1980 .

[4]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[5]  Christian Cachin,et al.  Entropy measures and unconditional security in cryptography , 1997 .

[6]  Joe Harris,et al.  Representation Theory: A First Course , 1991 .

[7]  Jovan Dj. Golic,et al.  A Unified Markow Approach to Differential and Linear Cryptanalysis , 1994, ASIACRYPT.

[8]  M. O. Lorenz,et al.  Methods of Measuring the Concentration of Wealth , 1905, Publications of the American Statistical Association.

[9]  Eli Biham,et al.  Differential Cryptanalysis of the Data Encryption Standard , 1993, Springer New York.

[10]  J. Dixon,et al.  Permutation Groups , 1996 .

[11]  Xuejia Lai,et al.  Markov Ciphers and Differential Cryptanalysis , 1991, EUROCRYPT.

[12]  P. S. Aleksandrov,et al.  An introduction to the theory of groups , 1960 .

[13]  J. Massey Guessing and entropy , 1994, Proceedings of 1994 IEEE International Symposium on Information Theory.

[14]  P. Diaconis,et al.  SHUFFLING CARDS AND STOPPING-TIMES , 1986 .

[15]  P. Diaconis Group representations in probability and statistics , 1988 .

[16]  George W. Polites,et al.  An introduction to the theory of groups , 1968 .

[17]  E. Bruce Lee,et al.  Ciphers and their products: group theory in private key cryptography , 1999 .

[18]  Ralph Wernsdorf,et al.  The One-Round Functions of the DES Generate the Alternating Group , 1992, EUROCRYPT.

[19]  G. Grimmett,et al.  Probability and random processes , 2002 .

[20]  Serge Vaudenay,et al.  Provable Security for Block Ciphers by Decorrelation , 1998, STACS.