Markov Ciphers and Alternating Groups

Hornauer, G.; Wernsdorf, Ralph; Stephan, W.

doi:10.1007/3-540-48285-7_41

Cited by 14 publications

(12 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Unfortunately this property seems to be hard to verify in practice. We note that DES and IDEA (probably, see [12]) do satisfy this property.…”

Section: Discussionmentioning

confidence: 80%

Imprimitive Permutation Groups and Trapdoors in Iterated Block Ciphers

Paterson

1999

Fast Software Encryption

View full text Add to dashboard Cite

Abstract. An iterated block cipher can be regarded as a means of producing a set of permutations of a message space. Some properties of the group generated by the round functions of such a cipher are known to be of cryptanalytic interest. It is shown here that if this group acts imprimitively on the message space then there is an exploitable weakness in the cipher. It is demonstrated that a weakness of this type can be used to construct a trapdoor that may be difficult to detect. An example of a DES-like cipher, resistant to both linear and differential cryptanalysis that generates an imprimitive group and is easily broken, is given. Some implications for block cipher design are noted.

show abstract

“…Unfortunately this property seems to be hard to verify in practice. We note that DES and IDEA (probably, see [12]) do satisfy this property.…”

Section: Discussionmentioning

confidence: 80%

Imprimitive Permutation Groups and Trapdoors in Iterated Block Ciphers

Paterson

1999

Fast Software Encryption

View full text Add to dashboard Cite

show abstract

“…Small cardinality. If the cardinality of the group G R,n were small, then this property may be related to regularities of Markov chains that are considered in the context of differential and linear cryptanalysis (see [25] and [12]). If these chains are not irreducible or not aperiodic, then differential and/or linear attacks may be derived.…”

Section: Application To the Rijndael Block Ciphermentioning

confidence: 98%

“…A further motivation to study the group theoretic properties of a block cipher stems from a connection to the Markov cipher approach to classical differential cryptanalysis [16,25]. If it can be shown that the round functions of a block cipher generate the alternating group on the message space, then for all corresponding Markov ciphers the chain of differences is irreducible and aperiodic, which means that after sufficiently many rounds of the cipher all differences become equally probable [12]. As the AES round functions generate the alternating group on the state space [32], after sufficiently many AES rounds all differences will roughly be equally probable with respect to the Markov cipher theory approach (see also [1,Section 3.2]).…”

Section: Introductionmentioning

confidence: 99%

Group theoretic properties of Rijndael-like ciphers

Sparr

Wernsdorf

2008

Discrete Applied Mathematics

View full text Add to dashboard Cite

We provide conditions for which the round functions of an -bit Rijndael-like block cipher generate the alternating group on the set {0, 1} . These conditions show that the class of Rijndael-like ciphers whose round functions generate the alternating group on their message space is large, and includes both the actual Rijndael and the block cipher used by the compression function of the WHIRLPOOL hash function. The result indicates that there is no trapdoor design for a Rijndael-like cipher based on the imprimitivity of the group action of its proper round functions which is difficult to detect.

show abstract

“…The group * is primitive by Proposition 6.1 and contains only even permutations by [ Proof. The group generated by the KASUMI encryption functions with independent round keys is a normal subgroup of * (see [10]). Since the alternating group on {0, 1} 64 is simple, the result follows from Theorem 6.6.…”

Section: The Kasumi Two-round Functions Generate the Alternating Groupmentioning

confidence: 99%

“…A further purpose for the analysis of group theoretic properties of a block cipher stems from the fact that, if the round functions of the cipher generate the alternating group on the message space, then general security proofs for the cipher are possible with respect to the Markov cipher approach to classical di erential cryptanalysis (cf. [2,10,16]). For the DES [4], AES [22], and other ciphers, several results on the cyclic and group theoretic structure of their components have already been found (see [3,5,8,13,21,23,24]).…”

Section: Introductionmentioning

confidence: 97%