Imprimitive Permutation Groups and Trapdoors in Iterated Block Ciphers

Paterson, Kenneth G.

doi:10.1007/3-540-48519-8_15

Cited by 46 publications

(53 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In the light of recent revelations, we contend that kleptography deserves to play a larger role in the future development of our field. Additional work on back-doored blockciphers can be found in [38,35,36]. This entire line of work has focused on building schemes with deliberately-inserted and hard-to-detect backdoors.…”

mentioning

confidence: 99%

Security of Symmetric Encryption against Mass Surveillance

Bellare

Paterson

Rogaway

2014

Lecture Notes in Computer Science

Self Cite

140

208

View full text Add to dashboard Cite

Abstract. Motivated by revelations concerning population-wide surveillance of encrypted communications, we formalize and investigate the resistance of symmetric encryption schemes to mass surveillance. The focus is on algorithm-substitution attacks (ASAs), where a subverted encryption algorithm replaces the real one. We assume that the goal of "big brother" is undetectable subversion, meaning that ciphertexts produced by the subverted encryption algorithm should reveal plaintexts to big brother yet be indistinguishable to users from those produced by the real encryption scheme. We formalize security notions to capture this goal and then offer both attacks and defenses. In the first category we show that successful (from the point of view of big brother) ASAs may be mounted on a large class of common symmetric encryption schemes. In the second category we show how to design symmetric encryption schemes that avoid such attacks and meet our notion of security. The lesson that emerges is the danger of choice: randomized, stateless schemes are subject to attack while deterministic, stateful ones are not.

show abstract

mentioning

confidence: 99%

Security of Symmetric Encryption against Mass Surveillance

Bellare

Paterson

Rogaway

2014

Lecture Notes in Computer Science

Self Cite

140

208

View full text Add to dashboard Cite

show abstract

“…In other words, the results suggest bad mixing properties of the considered operations: first, there are many nontrivial subgroups that are subgroups with respect to both operations; second, the structure of the respective quotient group is completely retained for such subgroups. In terms of attacks based on homomorphisms [6], we may state that cosets of such subgroups create imprimitivity blocks, and the presence of such blocks potentially allows implementing these attacks on block ciphers constructed with the use of only the operations of bitwise and modular addition.…”

Section: Discussionmentioning

confidence: 99%

Mixing Properties of Operations Defined on the Set of N-Dimensional Vectors Over a Prime Finite Field

2014

View full text Add to dashboard Cite

The results are obtained that characterize the influence of bitwise (modular) addition defined on the set of vectors over the prime finite field on the structure of the quotient group of a particular subgroup with respect to the operation of modular (bitwise) addition on the same set. It is shown that the mixing properties of modular addition depend on the subgroup chosen with respect to the operation of bitwise addition.

show abstract

“…A first motivation for the investigation of the group theoretic structure of a block cipher is to exclude undesirable properties, such as short cycles or non-trivial factor groups for the group generated by the round functions of the cipher. For example, it was shown in [27] that if the group generated by the round functions of a block cipher acts imprimitively on the state space, then there is an exploitable weakness in the cipher. Moreover, it is possible to give examples of DES-like block ciphers, which have a trapdoor with respect to this property, but nevertheless possess a certain resistance against classical linear and differential cryptanalysis (see [27]).…”

Section: Introductionmentioning

confidence: 99%

“…For example, it was shown in [27] that if the group generated by the round functions of a block cipher acts imprimitively on the state space, then there is an exploitable weakness in the cipher. Moreover, it is possible to give examples of DES-like block ciphers, which have a trapdoor with respect to this property, but nevertheless possess a certain resistance against classical linear and differential cryptanalysis (see [27]). A further motivation to study the group theoretic properties of a block cipher stems from a connection to the Markov cipher approach to classical differential cryptanalysis [16,25].…”

Section: Introductionmentioning

confidence: 99%

Group theoretic properties of Rijndael-like ciphers

Sparr

Wernsdorf

2008

Discrete Applied Mathematics

View full text Add to dashboard Cite

We provide conditions for which the round functions of an -bit Rijndael-like block cipher generate the alternating group on the set {0, 1} . These conditions show that the class of Rijndael-like ciphers whose round functions generate the alternating group on their message space is large, and includes both the actual Rijndael and the block cipher used by the compression function of the WHIRLPOOL hash function. The result indicates that there is no trapdoor design for a Rijndael-like cipher based on the imprimitivity of the group action of its proper round functions which is difficult to detect.

show abstract

Imprimitive Permutation Groups and Trapdoors in Iterated Block Ciphers

Cited by 46 publications

References 32 publications

Security of Symmetric Encryption against Mass Surveillance

Security of Symmetric Encryption against Mass Surveillance

Mixing Properties of Operations Defined on the Set of N-Dimensional Vectors Over a Prime Finite Field

Group theoretic properties of Rijndael-like ciphers

Contact Info

Product

Resources

About