Specifying cycles of minimal length for commonly used linear layers in block ciphers

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2024-07-04 DOI:10.1016/j.jisa.2024.103824

Guoqiang Deng , Yongzhuang Wei , Xuefeng Duan , Enes Pasalic , Samir Hodžić

{"title":"Specifying cycles of minimal length for commonly used linear layers in block ciphers","authors":"Guoqiang Deng , Yongzhuang Wei , Xuefeng Duan , Enes Pasalic , Samir Hodžić","doi":"10.1016/j.jisa.2024.103824","DOIUrl":null,"url":null,"abstract":"<div><p>Nonlinear invariant attack applied to lightweight block ciphers relies on the existence of a nonlinear invariant <span><math><mrow><mi>g</mi><mo>:</mo><msubsup><mrow><mi>F</mi></mrow><mrow><mn>2</mn></mrow><mrow><mi>n</mi></mrow></msubsup><mo>→</mo><msub><mrow><mi>F</mi></mrow><mrow><mn>2</mn></mrow></msub></mrow></math></span> for the round function. Whereas invariants of the entire S-box layer have been studied in terms of the corresponding cycle structure, a similar analysis for the linear layer has not been performed yet. In this article, we provide a theoretical analysis for specifying the minimal length of cycles for commonly used linear permutations in lightweight block ciphers. Namely, using a suitable matrix representation, we exactly specify the minimal cycle lengths for those linear layers that employ ShiftRows, Rotational-XOR and circular Boolean matrix operations which can be found in many well-known families of block ciphers. These results are practically useful for the purpose of finding nonlinear invariants of the entire encryption rounds since these can be specified using the intersection of cycles corresponding to the linear and S-box layer. We also apply our theoretical analysis practically and specify minimal cycle lengths of linear layers for certain families of block ciphers including some NIST candidates.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":null,"pages":null},"PeriodicalIF":3.8000,"publicationDate":"2024-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212624001273","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Nonlinear invariant attack applied to lightweight block ciphers relies on the existence of a nonlinear invariant $g : F_{2}^{n} \to F_{2}$ for the round function. Whereas invariants of the entire S-box layer have been studied in terms of the corresponding cycle structure, a similar analysis for the linear layer has not been performed yet. In this article, we provide a theoretical analysis for specifying the minimal length of cycles for commonly used linear permutations in lightweight block ciphers. Namely, using a suitable matrix representation, we exactly specify the minimal cycle lengths for those linear layers that employ ShiftRows, Rotational-XOR and circular Boolean matrix operations which can be found in many well-known families of block ciphers. These results are practically useful for the purpose of finding nonlinear invariants of the entire encryption rounds since these can be specified using the intersection of cycles corresponding to the linear and S-box layer. We also apply our theoretical analysis practically and specify minimal cycle lengths of linear layers for certain families of block ciphers including some NIST candidates.

查看原文本刊更多论文

为块状密码中常用的线性层指定最小长度的周期

应用于轻量级块密码的非线性不变量攻击依赖于轮函数的非线性不变量 g:F2n→F2 的存在。虽然已经根据相应的循环结构研究了整个 S 盒层的不变量，但还没有对线性层进行类似的分析。在本文中，我们提供了一种理论分析，用于指定轻量级块密码中常用线性排列的最小循环长度。也就是说，利用合适的矩阵表示法，我们精确地指定了采用 ShiftRows、Rotational-XOR 和循环布尔矩阵操作的线性层的最小循环长度，这些操作在许多著名的块密码系列中都能找到。这些结果对于寻找整个加密轮的非线性不变式非常有用，因为这些不变式可以用线性层和 S 盒层对应的循环交集来指定。我们还实际应用了我们的理论分析，并为包括一些 NIST 候选者在内的某些系列的块密码指定了线性层的最小周期长度。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.