Author:

Keywords:

Cryptanalysis, Symmetric Key, C16/15/058#53326573

Abstract:

This thesis deals with symmetric-key algorithms and more specifically block ciphers and stream ciphers. It is divided into three parts. In the first part, we introduce the mixed integer linear programming (MILP) technique and discuss its applications in symmetric-key primitives. Differential and linear cryptanalysis are two of the most powerful statistical techniques to analyse symmetric-key primitives. For modern ciphers, resistance against these attacks is therefore a mandatory design criterion. We propose a MILP-based technique to prove security bounds against both differential and linear cryptanalysis. Our technique significantly reduces the workload of designers and cryptanalysts. MILP finds applications in this thesis in the following cases: We prove differential and linear upper bounds for the stream cipher \mbox{Enocoro-128v2}. For CLEFIA-type generalized Feistel networks (GFNs) with diffusion switching mechanism (DSM), we prove tighter lower bounds on the number of linearly active S-boxes, and deliver the first evidence that DSM provides an advantage by guaranteeing more active S-boxes in GFNs. Moreover, in the design of the underlying permutation of the CAESAR (Competition for Authenticated Encryption: Security, Applicability, and Robustness) candidate PRIMATEs, MILP helps to determine the offsets of the ShiftRows operations, and provides the upper bounds of the permutation against differential/linear and collision. In addition, by using MILP we construct related-key rectangle distinguishers of Rijndael-160/160 and Rijndael-192/192, based on which we can achieve the best attacks in terms of attacked rounds. Secondly, we contribute to the cryptanalysis of block ciphers: To the best of our knowledge, our impossible-differential cryptanalysis results of Rijndael-224 and Rijndael-256 are the best in terms of round. We also analyse NSA's recent lightweight design SIMON by applying integral and zero-correlation linear cryptanalysis. As a final contribution of this part, we successfully analyse a design for MPC and FHE, which is presented at Eurocrypt 2015, and refute the designers' security claim. Thirdly, we contribute to the research of links among statistic cryptanalysis methods by deriving the link between the impossible-differential, zero-correlation linear and integral cryptanalysis.