Author:

Keywords:

Symmetric cryptology, Cryptanalysis

Abstract:

Symmetric-key cryptology is the oldest form of cryptology in which identical keys are used by the sender and receiver of confidential data. There are two types of modern symmetric-key algorithms -- block ciphers and stream ciphers. A major portion of this thesis is devoted to the analysis and design of these algorithms. We begin with the theoretical foundations of modern symmetric-key cryptology that were laid down by Shannon in his landmark paper, `Communication Theory of Secrecy Systems'. In this paper, he provides two necessary-and-sufficient probabilistic conditions for perfect secrecy of a cryptosystem. We show that a paradox results if either probabilistic condition is both necessary and sufficient, and that the paradox is resolved if the condition is only necessary. Following this, we present cryptanalytic results on five fast, software-oriented synchronous stream ciphers -- Py, Pypy, TPy, TPypy and HC-256 -- that are based on arrays, modular additions and bit-rotations. The attacks on the Py family of ciphers are in a related-key setting and the attacks on HC-256 are in the standard (non-related-key) setting. All the attacks are of the distinguish-from-random type that are based on the correlations between array-elements and their corresponding indices. Next, we show key recovery attacks on the self-synchronising stream cipher MOUSTIQUE. Our attacks work in both a related-key setting and otherwise. A highlight is that we show that related-key weaknesses are useful in constructing attacks in the standard setting. Our discussion on cryptanalysis of stream ciphers is followed by a treatment of block ciphers. In block ciphers, we focus on Feistel constructions. We present two novel approaches to the classical meet-in-the-middle attack and use them to mount key recovery attacks on reduced-round variants of the ciphers DES, GOST, XTEA and XETA. Apart from the novelties in the attack methodologies, a highlight is that our meet-in-the-middle attacks require very few plaintext-ciphertext pairs. One chapter of this thesis is devoted to the analysis of a full cryptosystem. That is, we attack not only the symmetric algorithm therein but also the key management techniques. The cryptosystem is covered by several national patents and an international patent. Our attacks are highly practical in nature, requiring very few plaintext-ciphertext pairs and negligible time/memory. Of the other attacks in this thesis, many are certificational but the best attacks on the respective ciphers. On the design side, we construct two fast synchronous stream ciphers, viz., RCR-64 and RCR-32, by tweaking the ciphers TPy and TPypy respectively. We provide some security analysis of the RCR ciphers. On select platforms, the RCR-64 is among the fastest stream ciphers in the literature. Our designs have remained unblemished for more than three years now. Along with the proposals of the RCR ciphers, we also point out some common mistakes in the analysis and design of symmetric ciphers. Aside from symmetric encryption algorithms, this thesis also deals with cryptographic hash functions (CHFs). CHFs are connected with the rest of this thesis since they employ the design principles of symmetric encryption algorithms. We devote a chapter to the theory of hash functions. We find that there does not exist a hash function that is regular for more than a negligibly small fraction of subsets of the domain. Finally, we present an analysis of the ESSENCE family of CHFs.