The round functions of KASUMI generate the alternating group

Sparr, Rüdiger; Wernsdorf, Ralph

doi:10.1515/jmc-2013-0028

Cited by 7 publications

(4 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Section: Resultsmentioning

confidence: 78%

“…Moreover we observe that for any block cipher C acting on 64−bit messages such that Γ∞(C) = Alt(F 64 ) (e.g. KASUMI [13] and a special extension of GOST [3]) with a similar argument of Lemma and so if Alt(F 64 ) < GL(F 2 m ), then m ≥ 33. Also in this case, we can conclude that the embedding of GOST and KASUMI in a linear cipher is infeasible in practice.…”

Section: Discussionmentioning

confidence: 82%

See 1 more Smart Citation

A note on an infeasible linearization of some block ciphers

Aragona

Rimoldi

Sala

2018

Journal of Discrete Mathematical Sciences and Cryptography

View full text Add to dashboard Cite

A block cipher can be easily broken if its encryption functions can be seen as linear maps on a small vector space. Even more so, if its round functions can be seen as linear maps on a small vector space. We show that this cannot happen for the AES. More precisely, we prove that if the AES round transformations can be embedded into a linear cipher acting on a vector space, then this space is huge-dimensional and so this embedding is infeasible in practice. We present two elementary proofs.

show abstract

Section: Resultsmentioning

confidence: 78%

Section: Discussionmentioning

confidence: 82%

A note on an infeasible linearization of some block ciphers

Aragona

Rimoldi

Sala

2018

Journal of Discrete Mathematical Sciences and Cryptography

View full text Add to dashboard Cite

show abstract

“…Actually, in [27] and [26], with an ad hoc proof, it has been proved respectively that Γ ∞ (AES) = Alt(V ) and Γ ∞ (SERPENT) = Alt(V ). See also [10,23] for an AES-like cipher, [4] for a GOSTlike cipher, and [25,24] for DES and KASUMI respectively. Other interesting translation based ciphers are those of type lightweight, i.e., ciphers designed to run on devices with very low computing power.…”

Section: Some Applications To Real-life Cryptographymentioning

confidence: 99%

Primitivity of PRESENT and other lightweight ciphers

et al. 2018

View full text Add to dashboard Cite

We provide two sufficient conditions to guarantee that the round functions of a translation based cipher generate a primitive group. Furthermore, under the same hypotheses, and assuming that a round of the cipher is strongly proper and consists of m-bit S-Boxes, with m = 3, 4 or 5, we prove that such a group is the alternating group. As an immediate consequence, we deduce that the round functions of some lightweight translation based ciphers, such as the PRESENT cipher, generate the alternating group.

show abstract

“…Later, a similar methodology called invariant subspace attack has been introduced for the cryptanalysis of PRINTcipher [20]. Today, the resistance to the imprimitivity attack of many known constructions has been proved [1,2,10,25,26], and primitivity conditions have been established also for large families of ciphers. For example, Aragona et al [3,Theorem 4.5] have shown that the primitivity of the group generated by the rounds of an FN can be reduced to the primitivity of the group generated by the rounds of an SPN whose round functions are the ones implemented as F-functions 1 One remarkable exception is a paper due to Wernsdorf [28] which shows that the multiplyaddition box at the center of the round of IDEA generates the alternating group on F 32 2 and where it is conjectured that also the entire rounds of IDEA generate the alternating group.…”

Section: Introductionmentioning

confidence: 99%

On Invariant Subspaces in the Lai–Massey Scheme and a Primitivity Reduction

Aragona

Civino

2021

Mediterr. J. Math.

View full text Add to dashboard Cite

In symmetric cryptography, the round functions used as building blocks for iterated block ciphers are obtained as the composition of different layers acting as a sequence of bijective transformations providing global increasing complexity. The study of the conditions on such layers which make the group generated by the round functions of a block cipher a primitive group has been addressed in the past years, both in the case of Substitution Permutation Networks and Feistel Networks, giving to block cipher designers the recipe to avoid the imprimitivity attack, which exploits the invariance of some subspaces during the encryption. In the case of Lai–Massey schemes, where both Substitution Permutation Network and Feistel Network features are combined, the resistance against imprimitivity attacks has been a long-standing open problem. In this paper we consider a generalization of such a scheme and we prove its resistance against the imprimitivity attack. Our solution is obtained as a consequence of a more general result in which the problem of proving the primitivity of a generalized Lai–Massey scheme is reduced to the simpler one of proving the primitivity of the group generated by the round functions of a strictly related Substitution Permutation Network. We prove how this implies a reduction in the computational cost of invariant-subspace search.

show abstract

The round functions of KASUMI generate the alternating group

Cited by 7 publications

References 13 publications

A note on an infeasible linearization of some block ciphers

A note on an infeasible linearization of some block ciphers

Primitivity of PRESENT and other lightweight ciphers

On Invariant Subspaces in the Lai–Massey Scheme and a Primitivity Reduction

Contact Info

Product

Resources

About