1 / 23

Symmetric cryptography: scalable matrix cipher

Symmetric cryptography: scalable matrix cipher . Nguyen Dinh Thuc University of Science, HCMC ndthuc@fit.hcmus.edu.vn. outline. M atrix-base cipher Advanced Encryption Standard Scalable Substitution Matrix cipher. Matrix-base cipher matrix cipher: introduction.

asabi
Télécharger la présentation

Symmetric cryptography: scalable matrix cipher

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Symmetric cryptography:scalable matrix cipher Nguyen DinhThuc University of Science, HCMC ndthuc@fit.hcmus.edu.vn

  2. outline • Matrix-base cipher • Advanced Encryption Standard • Scalable Substitution Matrix cipher

  3. Matrix-base ciphermatrix cipher: introduction • in Hill/matrix cipher, each letter is treated as a number in Z26. A block of n letters is processed as a vector of n dimensions, and multiplied by a nxn matrix, modulo 26. • in order to decrypt, this permutation matrix must be invertible in Z26 and is considered as the cipher key

  4. Matrix-base ciphermatrix cipher: properties • Linearity  encryption/decryption: fast  but unsecure • Scalability

  5. Matrix-base ciphermatrix cipher: key space • let GL(d,Zm)={Adxd/A is invertible modulo m} • |GL(d,Zp)|=i=0,…,d-1(pd – pi) where p is a prime number • |GL(d,Zpn)|=p(n-1)d^2i=0,…,d-1(pd – pi) where p is a prime number • |GL(d,Zm)|=i=1,..,k(pi(ni-1)d^2j=0,…,d-1(pid – pij) where m=p1n1…pknk, pi: prime

  6. Matrix-base ciphera symmetric cryptosystem over group Z2n : LogSig • Anxn: a non-singular matrix over Z2n • B={a1,…,an /ai: ith of matrix A}: basis of Z2n • B={a1,…,an} • ={a1,…,ar1,ar1+1,…,ar1+r2,…,a(rs-1)+1,…,a(rs-1)+rs} • Let • i be a permutation on {1,…,ri}, i=1,…,s • i be a linear combination of {a((ri-1)+1),…, a((ri-1)+ri)}, i=1,…,s and r0=1 •   = {1,…,s}: logarithmic signature over Z2n.

  7. Matrix-base ciphera symmetric cryptosystem over group Z2n : bijections • Given a logsig of type (r1,…,rs), which spanned by matrix A and permutations i, i=1,…,s • mZ(2n) whose the binary representation: m=(m11,…,m1r1,…,ms1,…,msrs)Z2n •  (m) = (p1,…,p2) where pi is decimal value of binary string mi1…miri, i=1,…,s • (p1,…,ps)=i=1,…,r1p1ia1(i) + i=1,…,rspsias(i), where pij is the jth of pi, i=1,…,2

  8. Matrix-base ciphera symmetric cryptosystem over group Z2n : factorization • Given a logsig of type (r1,…,rs), which spanned by matrix A and permutations i, i=1,…,s • Given uZ2n , u=(u1,…,un) • Compute v=u1xnAnxn=(v11,…,v1r1,…,vs1,…,vsrs)Z2n • Let qi (i=1,…,s) be decimal value of binary string vii(1)…vii(ri) •  (q1,…,qs) is factorization of u by 

  9. Matrix-base ciphera symmetric cryptosystem over group Z2n : discussion • LetS be a finite set and let f be a bijection from S to S. The function f is an involution if f(f(x)) = x for all xS. • Given two logarithmic signatures  and , which are spanned by two non-singular A and B in respectively. • When function E is involution: E(m)=m for all mZ(2n).

  10. Advanced Encryption Standard:substitution-permutation network AddRoundKey SubBytes ShiftRows MixColumns AddRoundKey xNr - 1 SubBytes ShiftRows AddRoundKey State S

  11. Advanced Encryption Standard: design rationale • two properties of operations of a secure cipher: • confusion: minimize input-output correlation • diffusion: maximize prop ratio • wide trail strategy: • A general strategy to construct a modern secure block cipher • base on substitution-permutation network (SPN) which consists of multiple rounds of transformations, each of which consists of a substitution layer and a permutation layer to provide confusion and diffusion respectively

  12. Advanced Encryption Standard: substitution layer based on the AES S-box which is defined by the composition of 3 operations: • inversion. The input byte to the S-Box is regarded as an element wF, and for w0 the output x=w-1; and 0-1=0. Where F is Rijndael field. • GF(2)-linear mapping (affine mapping) is a linear transformation :GF(2)8GF(2)8 • s-Box constant. The output of the GF(2)-linear mapping is regarded as an element of the Rijndael field and added to the field element 63 to produce the output of S-Box

  13. Advanced Encryption Standard: S-BOX • the AES S-Box is actually a combination of a power function P(x) and an affine surjection A(x): AP(x), where:

  14. Advanced Encryption Standard: diffusion layer • has been designed in according with the wide trail strategy • based on a 4x4 matrix over F used in MixColumns • this is the parity check matrix for a maximal distance separable code, known as an MDS matrix

  15. Advanced Encryption Standard: diffusion layer and branch number • branch number B of a linear transformation F is defined as follows: • B(F)=min{wt(a)+wt(F(a)), adom(F)\{0}} where wt is number of non-rezo elements in a given vector • if F is defined over n-dimensional space, B(F)n+1 • if B(F)=n+1, F is considered as maximum diffusion layer J.Daemen and V.Rijmen, AES proposal: Rijndael, AES algorithm submission , 1999. (available on Internet)

  16. Scalable Substitution Matrix cipherstructure • ssm is a byte-oriented block cipher. • plaintext block of a fixed length is transformed into a corresponding cipher text block using a given key k • cipher key is a nontrivial diffusion invertible matrix • Encryption process consists of multiple rounds of transformations

  17. Scalable Substitution Matrix cipherdiffusion matrix • diffusion degree of a nxn matrix M is defined by: d(M)=minX0{wt(Xnx1)+wt(MnxnXnx1)} • matrix M is called nontrivial diffusion matrix if d(M)>2; otherwise, M is called trivial diffusion matrix D.H.Van, N.T.Binh. T.M.Triet, and T.N.Bao, SSM: Scalable Substitution Matrix cipher, Vietnam Journal of Science and Technology, vol.46, 2009.

  18. Scalable Substitution Matrix cipherencryption process • round transformation Nr=22n/2+2, where  is a branch number of the keyed linear transformation  • round transformation of round r, denoted r, consists two main steps: • Key-independent nonlinear transformation (denoted ): each byte of the state is substituted using a fixed nonlinear S-box • Keyed linear transformation (denoted ): the whole state is linearly mixed using a matrix derived from the cipher key k

  19. Scalable Substitution Matrix cipherschema SSM[k]=Nr-1[k]…1[k]0[k] n byte … S S S S … S S S S [kr] …

  20. Scalable Substitution Matrix cipherkey independent nonlinear substitution  in SSM, all operations of  are processed using a fixed S-Box constructed as follows: • applying the affine mapping over GF(2)8 on the binary representation of x: y=1x • take the inverse mapping z=y-1 over GF(2)[x]/<(x)>, with 0-1=0 • apply the affine mapping over GF(2)8 on the binary representation of z: t=2z Bao Ngoc Tran, ThucDinh Nguyen, Thu Dan Tran, A New S-Box Structure to Increase Complexity of Algebraic Expression for Block Cipher Cryptosystems, icctd, vol. 2, pp.212-216, 2009 International Conference on Computer Technology and Development, 2009

  21. Scalable Substitution Matrix cipherkeyed linear transformation  •  operates on the whole state • the state is considered as an n-byte column vector and multiplied [mod 256] an nxn matrix M • M is cipher key, is also a nontrivial diffusion matrix • it should be noticed that  is defined over Zn256 instead of GF(28) as in the nonlinear step.

  22. Scalable Substitution Matrix cipherconclusion • SSM supports unlimited block length and key length. • With non-linear substitution, SSM eliminates limitation of most matrix ciphers with only linear components. • SSM can against differential and linear cryptanalysis D.H.Van, N.T.Binh. T.M.Triet, and T.N.Bao, SSM: Scalable Substitution Matrix cipher, Vietnam Journal of Science and Technology, vol. 2009.

More Related