Imprimitive Permutation Groups and Trapdoors in Iterated Block Ciphers

An iterated block cipher can be regarded as a means of producing a set of permutations of a message space. Some properties of the group generated by the round functions of such a cipher are known to be of cryptanalytic interest. It is shown here that if this group acts imprimitively on the message space then there is an exploitable weakness in the cipher. It is demonstrated that a weakness of this type can be used to construct a trapdoor that may be difficult to detect. An example of a DES-like cipher, resistant to both linear and differential cryptanalysis that generates an imprimitive group and is easily broken, is given. Some implications for block cipher design are noted.

[1]  Xian-Mo Zhang,et al.  Permutation Generators of Alternating Groups , 1990, AUSCRYPT.

[2]  Lars R. Knudsen,et al.  Practically Secure Feistel Ciphers , 1994 .

[3]  Lars R. Knudsen,et al.  Truncated and Higher Order Differentials , 1994, FSE.

[4]  D. Robinson A Course in the Theory of Groups , 1982 .

[5]  Kwangjo Kim,et al.  Construction of DES-like S-boxes Based on Boolean Functions Satisfyieng the SAC , 1991, ASIACRYPT.

[6]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[7]  D. Chaum,et al.  Di(cid:11)erential Cryptanalysis of the full 16-round DES , 1977 .

[8]  Gray De Bureau of standards. , 1989 .

[9]  John B. Kam,et al.  Structured Design of Substitution-Permutation Encryption Networks , 1979, IEEE Transactions on Computers.

[10]  H. Wielandt,et al.  Finite Permutation Groups , 1964 .

[11]  Xuejia Lai,et al.  Markov Ciphers and Differential Cryptanalysis , 1991, EUROCRYPT.

[12]  Lars R. Knudsen Iterative Characteristics of DES and s²-DES , 1992, CRYPTO.

[13]  John Manferdelli,et al.  DES Has No Per Round Linear Factors , 1985, CRYPTO.

[14]  Jan-Hendrik Evertse,et al.  Linear Structures in Blockciphers , 1987, EUROCRYPT.

[15]  Eli Biham,et al.  Differential Cryptanalysis of the Data Encryption Standard , 1993, Springer New York.

[16]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[17]  Ralph Wernsdorf,et al.  The One-Round Functions of the DES Generate the Alternating Group , 1992, EUROCRYPT.

[18]  Vincent Rijmen,et al.  A Family of Trapdoor Ciphers , 1997, FSE.

[19]  Gustavus J. Simmons,et al.  Cycle Structures of the DES with Weak and Semi-Weak Keys , 1986, CRYPTO.

[20]  Eli Biham,et al.  Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials , 1999 .

[21]  Lars R. Knudsen,et al.  Practically Secure Feistel Cyphers , 1993, FSE.

[22]  Michael J. Wiener,et al.  DES is not a Group , 1992, CRYPTO.

[23]  Oded Goldreich,et al.  DES-like functions can generate the alternating group , 1983, IEEE Trans. Inf. Theory.

[24]  D. Coppersmith,et al.  Generators for Certain Alternating Groups with Applications to Cryptography , 1975 .

[25]  Willi Meier,et al.  Nonlinearity Criteria for Cryptographic Functions , 1990, EUROCRYPT.

[26]  Ralph Wernsdorf,et al.  Markov Ciphers and Alternating Groups , 1994, EUROCRYPT.

[27]  L. Knudsen Iterative Characteristics of DES and S^2-DES , 1993 .

[28]  Albert R. Meyer,et al.  Logic at Botik '89 , 1989, Lecture Notes in Computer Science.

[29]  Don Coppersmith,et al.  The Data Encryption Standard (DES) and its strength against attacks , 1994, IBM J. Res. Dev..

[30]  Carlo Harpes Cryptanalysis of iterated block ciphers , 1996 .

[31]  Robert H. Deng,et al.  Cryptanalysis of Rijmen-Preneel Trapdoor Ciphers , 1998, ASIACRYPT.