Ralph Wernsdorf scite author profile

2002

For the block cipher RIJNDAEL with a block length of 128 bits group theoretic properties of the round functions are derived. Especially it is shown that these round functions generate the alternating group.The notation of the RIJNDAEL round function components will be similar to the RIJNDAEL definition given in [1]. One exception will be that the states are not given in a matrix form. They are given as 128-bit-or 16-byte-vectors, where the correspondence to the matrices in [1] is defined row by row from left to right. The round functions R k are defined by ∀k ∈ {0, 1} 128 ∀x ∈ {0, 1} 128 : R k (x) := k ⊕ mc(rs(s(x))), J. Daemen and V.

Group theoretic properties of Rijndael-like ciphers

Sparr

Discrete Applied Mathematics

2008

We provide conditions for which the round functions of an -bit Rijndael-like block cipher generate the alternating group on the set {0, 1} . These conditions show that the class of Rijndael-like ciphers whose round functions generate the alternating group on their message space is large, and includes both the actual Rijndael and the block cipher used by the compression function of the WHIRLPOOL hash function. The result indicates that there is no trapdoor design for a Rijndael-like cipher based on the imprimitivity of the group action of its proper round functions which is difficult to detect.

The One-Round Functions of the DES Generate the Alternating Group

SIT Gesellschaft fiir S ysteme der Informationstechnik mbH 0-1252 Griinheide (Mark), Germany Charlottenside 7 Abstract; hi c a d of thc 16 DES rounds we have a permutation of @-bitblocks. According to the corresponding key-block there are 248 possible permutations per round. In this paper we will prove that these permutations generate the alternating group. The main parts of the paper are the proof that the generated group is 3-transitive, and the application of a result from p. J. Cameron based on the classification of finite simple groups. A corollary concerning n-round functions generalizes the result

Complementation-Like and Cyclic Properties of AES Round Functions

Sparr

et al. 2005

Abstract.While it is known previously that the cycle lengths of individual components of the AES round function are very small, we demonstrate here that the cycle length of the S-box combined with the ShiftRow and MixColumn transformation is at least 10205 . This result is obtained by providing new invariances of the complete AES round function without the key addition. Furthermore, we consider self-duality properties of the AES round function and derive a property analogous to the complementation property of the DES round function. These results confirm the assessments given in other publications that the AES components have several unexpected structural properties.

Markov Ciphers and Alternating Groups

Hornauer

Stephan

This paper includes some relalions between differential cryptanalysis and group theory. The main result is the following: If the one-round functions of :UI r-round iterated, cipher generate the rdternating or the symmetric group, then for all corresponding Markov ciphers the chains of differences are irreducible and aperiodic. As an application it will be shown that if the hypothesis of stochastic equivalence holds for any of these corresponding Uvkov ciphers, then the DES and the IDEA(32) 'we secure against a differential cryptanalysis attack after sufficiently m,my rounds for these Mmkov ciphers. The section about IDEA(32) includes the result that the one-round functions of this algorithm generate the altemqting group.The theoretic foundations in group theory and Markov chains are described for instance in [Wie 641 and [Fel 581. Properties of Markov Chains and Markov CiphersLet us recall some definitions and properties of Markov chains. The definitions follow the notations of [LMM 911. In this section we will briefly review parts of this paper.A sequence of discrete random variables vo,vl ,. .., v, is a Markov chain if for 0 I i < r (where r = -is allowed):A Markov chain is called homogeneous if P ( V~+~ = PI vi = a) is independent of i for all pairs (a$).Let I 7 = ipu[ denote the transition probability matrix of a finite homogeneous Markov chain with M states and p;i the transition probabilities.

The round functions of KASUMI generate the alternating group

Sparr

2014

On the connectedness of the set of efficient points n convex optimization problems with multiple or random Objectives

Mathematische Operationsforschung und Statistik. Series Optimiz

1984