The Role of Latin Square in Cipher Systems : A Matrix Approach to Model Encryption Modes of Operation

This paper studies the theoretic background of cryptographic modes of operation, in particular those modes proposed to ensure message privacy. A novel algebraic model is presented as an archetype of encryption design. In the ideal case, encrypting multiple messages is treated as inductively applying the algebraic operation F, an operation corresponding to block-by-block processing, on Latin Squares over a sequence of finite groups {Zrn ,Zr2∗n ,Zr3∗n , · · ·, }. We further show that a Latin Square cipher is a newly discovered hard-core function for any strong one-way length-preserving function. Based on the discovery, we propose a thesis that encryption modes of operation should implement cryptographically strong pseudorandom generators in the ideal case, so that the random oracle model can be used to justify the practice of replacing Latin Square ciphers with “good” implementations (e.g., AES). Finally we present a cryptanalysis of NIST’s standard modes of operation based on this work. The algebraic model shows that, even when an ideally strong one-way function is used, none of NIST’s standard modes of operation (OFB, CFB, CTR, CBC) can produce cryptographically strong pseudorandom ensembles based on the ideal one-way function—the distinction of this work is to use formal method (rather than empirical attacks) to illustrate the design flaws in the standard modes of operation. As numerous security protocols are using the flawed modes of operation, we argue that these national standards should be repaired, and efficient repairs (double encryption) can be easily achieved.

[1]  Adi Shamir,et al.  On the Generation of Cryptographically Strong Pseudo-Random Sequences , 1981, ICALP.

[2]  H. Feistel Cryptography and Computer Privacy , 1973 .

[3]  Andrew Chi-Chih Yao,et al.  Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[4]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[5]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[6]  M. Rabin DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .

[7]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[8]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[9]  Ronald L. Rivest,et al.  All-or-Nothing Encryption and the Package Transform , 1997, FSE.

[10]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[11]  Anand Desai,et al.  The Security of All-or-Nothing Encryption: Protecting against Exhaustive Key Search , 2000, CRYPTO.

[12]  M. Näslund All Bits in ax + b mod p are Hard , 1996, CRYPTO 1996.

[13]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[14]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[15]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[16]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[17]  William C. Frederick,et al.  A Combinatory Logic , 1995 .

[18]  Stephen M. Matyas,et al.  Triple DES Cipher Block Chaining with Output Feedback Masking , 1996 .