Provable Security of SP Networks with Partial Non-Linear Layers

Motivated by the recent trend towards low multiplicative complexity blockciphers (e.g., Zorro, CHES 2013; LowMC, EUROCRYPT 2015; HADES, EUROCRYPT 2020; MALICIOUS, CRYPTO 2020), we study their underlying structure partial SPNs, i.e., Substitution-Permutation Networks (SPNs) with parts of the substitution layer replaced by an identity mapping, and put forward the first provable security analysis for such partial SPNs built upon dedicated linear layers. For different instances of partial SPNs using MDS linear layers, we establish strong pseudorandom security as well as practical provable security against impossible differential attacks. By extending the well-established MDS code-based idea, we also propose the first principled design of linear layers that ensures optimal differential propagation. Our results formally confirm the conjecture that partial SPNs achieve the same security as normal SPNs while consuming less non-linearity, in a well-established framework.

[1]  Thomas Peyrin,et al.  The MALICIOUS Framework: Embedding Backdoors into Tweakable Block Ciphers , 2020, CRYPTO.

[2]  Marine Minier,et al.  New Results on the Pseudorandomness of Some Blockcipher Constructions , 2001, FSE.

[3]  Vinod Vaikuntanathan,et al.  The t-wise Independence of Substitution-Permutation Networks , 2021, IACR Cryptol. ePrint Arch..

[4]  Serge Vaudenay,et al.  Decorrelation: A Theory for Block Cipher Security , 2003, Journal of Cryptology.

[5]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[6]  Ron M. Roth,et al.  On generator matrices of MDS codes , 1985, IEEE Trans. Inf. Theory.

[7]  Thierry P. Berger,et al.  Extended Generalized Feistel Networks Using Matrix Representation to Propose a New Lightweight Block Cipher: Lilliput , 2016, IEEE Transactions on Computers.

[8]  Martin R. Albrecht,et al.  Ciphers for MPC and FHE , 2015, IACR Cryptol. ePrint Arch..

[9]  Jonathan Katz,et al.  Provable Security of (Tweakable) Block Ciphers Based on Substitution-Permutation Networks , 2018, CRYPTO.

[10]  Xuejia Lai,et al.  A Proposal for a New Block Encryption Standard , 1991, EUROCRYPT.

[11]  Vincent Rijmen,et al.  Improved Impossible Differential Cryptanalysis of 7-Round AES-128 , 2010, INDOCRYPT.

[12]  Yehuda Lindell,et al.  Introduction to Modern Cryptography, Second Edition , 2014 .

[13]  Jooyoung Lee,et al.  Security of the Misty Structure Beyond the Birthday Bound , 2014, IACR Cryptol. ePrint Arch..

[14]  Chenhui Jin,et al.  Upper bound of the length of truncated impossible differentials for AES , 2018, Des. Codes Cryptogr..

[15]  Luan Cardoso dos Santos,et al.  Alzette: A 64-Bit ARX-box - (Feat. CRAX and TRAX) , 2020, CRYPTO.

[16]  Eli Biham,et al.  Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials , 1999, Journal of Cryptology.

[17]  Ueli Maurer,et al.  Indistinguishability Amplification , 2007, CRYPTO.

[18]  Daniel Kales,et al.  Starkad and Poseidon: New Hash Functions for Zero Knowledge Proof Systems , 2019, IACR Cryptol. ePrint Arch..

[19]  Boaz Tsaban,et al.  Cryptanalysis of SP Networks with Partial Non-Linear Layers , 2015, EUROCRYPT.

[20]  Itai Dinur,et al.  Linear Equivalence of Block Ciphers with Partial Non-Linear Layers: Application to LowMC , 2019, IACR Cryptol. ePrint Arch..

[21]  John P. Steinberger,et al.  Tight Security Bounds for Key-Alternating Ciphers , 2014, EUROCRYPT.

[22]  Kaoru Kurosawa,et al.  On the Pseudorandomness of the AES Finalists - RC6 and Serpent , 2000, FSE.

[23]  Vincent Rijmen,et al.  Linear hulls with correlation zero and linear cryptanalysis of block ciphers , 2014, Des. Codes Cryptogr..

[24]  Vincent Rijmen,et al.  Links Among Impossible Differential, Integral and Zero Correlation Linear Cryptanalysis , 2015, CRYPTO.

[25]  María Naya-Plasencia,et al.  Block Ciphers That Are Easier to Mask: How Far Can We Go? , 2013, CHES.

[26]  O. Antoine,et al.  Theory of Error-correcting Codes , 2022 .

[27]  Michael Luby,et al.  How to Construct Pseudo-Random Permutations from Pseudo-Random Functions (Abstract) , 1986, CRYPTO.

[28]  Shai Halevi,et al.  A Tweakable Enciphering Mode , 2003, CRYPTO.

[29]  Shai Halevi,et al.  EME*: Extending EME to Handle Arbitrary-Length Messages with Associated Data , 2004, INDOCRYPT.

[30]  Moni Naor,et al.  On the Construction of Pseudorandom Permutations: Luby—Rackoff Revisited , 1996, Journal of Cryptology.

[31]  Begül Bilgin,et al.  Low AND Depth and Efficient Inverses: a Guide on S-boxes for Low-latency Masking , 2020, IACR Trans. Symmetric Cryptol..

[32]  John P. Steinberger,et al.  Indifferentiability of Confusion-Diffusion Networks , 2015, EUROCRYPT.

[33]  Hideki Imai,et al.  On the Construction of Block Ciphers Provably Secure and Not Relying on Any Unproved Hypotheses , 1989, CRYPTO.

[34]  Eric Miles,et al.  Substitution-Permutation Networks, Pseudorandom Functions, and Natural Proofs , 2012, J. ACM.

[35]  Vincent Rijmen,et al.  Provable Security Evaluation of Structures Against Impossible Differential and Zero Correlation Linear Cryptanalysis , 2016, EUROCRYPT.

[36]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[37]  Thomas Ristenpart,et al.  How to Enrich the Message Space of a Cipher , 2007, IACR Cryptol. ePrint Arch..

[38]  Andrey Bogdanov,et al.  Zero-Correlation Linear Cryptanalysis with FFT and Improved Attacks on ISO Standards Camellia and CLEFIA , 2013, Selected Areas in Cryptography.

[39]  Proving Resistance Against Infinitely Long Subspace Trails , 2021 .

[40]  Kazuhiko Minematsu,et al.  Improving the Generalized Feistel , 2010, FSE.

[41]  Andrey Bogdanov,et al.  Zero Correlation Linear Cryptanalysis with Reduced Data Complexity , 2012, FSE.

[42]  Jonathan Katz,et al.  Provable Security of Substitution-Permutation Networks , 2017, IACR Cryptol. ePrint Arch..

[43]  Mridul Nandi,et al.  XLS is Not a Strong Pseudorandom Permutation , 2014, ASIACRYPT.

[44]  Mridul Nandi On the Optimality of Non-Linear Computations of Length-Preserving Encryption Schemes , 2015, ASIACRYPT.

[45]  Dragos Rotaru,et al.  On a Generalization of Substitution-Permutation Networks: The HADES Design Strategy , 2020, IACR Cryptol. ePrint Arch..

[46]  Mitsuru Matsui,et al.  New Block Encryption Algorithm MISTY , 1997, FSE.

[47]  Daniel S. Roche,et al.  New Instantiations of the CRYPTO 2017 Masking Schemes , 2018, IACR Cryptol. ePrint Arch..

[48]  Pierre-Alain Fouque,et al.  Efficient Search for Optimal Diffusion Layers of Generalized Feistel Networks , 2019, IACR Cryptol. ePrint Arch..

[49]  Phillip Rogaway,et al.  On Generalized Feistel Networks , 2010, CRYPTO.

[50]  Je Hong Park,et al.  On Lai–Massey and quasi-Feistel ciphers , 2011, Des. Codes Cryptogr..

[51]  Serge Vaudenay,et al.  On the Pseudorandomness of Top-Level Schemes of Block Ciphers , 2000, ASIACRYPT.

[52]  Mridul Nandi,et al.  ZCZ - Achieving n-bit SPRP Security with a Minimal Number of Tweakable-block-cipher Calls , 2018, IACR Cryptol. ePrint Arch..

[53]  Yosuke Todo,et al.  Lower Bounds on the Degree of Block Ciphers , 2020, IACR Cryptol. ePrint Arch..