It is hard to overestimate the ubiquity and importance of securecommunications and information processing in modern society. Fromprivate individuals to industry or governments --- they all rely ontechnology guaranteeing the confidentiality, integrity andauthenticity of their communication. To realise these security goals,one relies on cryptographic algorithms, often totallytransparent to their users.For a cryptographic algorithm to be useful, it is important to have agood understanding to which extent it actually achieves the intendedsecurity goals. Progress in understanding how to analyse ("break")cryptographic algorithms is going to improve our understanding of howto design them, and vice versa. At the same time, obtaining rigorousstatements about the security guarantees offered by algorithms on theone hand, and the power of attacks on the other hand is an importantcomplement to the perpetual interplay between cryptanalysis anddesign.This thesis is dedicated to the study of symmetric-key cryptographicalgorithms, which form the backbone of virtually all security systems.It aims at improving the understanding of these algorithms byextending the mathematical foundations regarding design, analysis, andsecurity proofs of symmetric algorithms.As a first contribution, we propose nonsmooth cryptanalysis, anovel technique for the analysis of symmetric algorithms based on theapplication of methods from nonsmooth optimisation to the solving ofequations over finite fields of characteristic two. We then focus onrebound attacks, a powerful recent method for the cryptanalysisof hash functions. In this context, we demonstrate new extensions ofthis attack on the hash function Grøstl-0, and analyse how to designa hash function which is resistant to rebound attacks, leading to thenew hash function Whirlwind.Incorporating the advances in cryptanalysis into new design criteriaalso requires a rigorous understanding of the exact power of theseattacks. We study two important cryptanalysis methods, linearcryptanalysis and differential attacks using structures, and obtainmore precise and realistic mathematical models for the complexityanalysis of these attacks. In both cases, we base our study on adeepened analysis of the statistical phenomena exploited by theseattacks.Complementing this analysis, we consider the question of idealstatistical behaviour with regard to linear and differentialcryptanalysis and some of their extensions, providing an explicitcharacterisation of a reference point for resistance againstthese attacks. Finally, we study key-alternating ciphers from a structuralpoint of view. With the ubiquitous Advanced Encryption Standard (AES)belonging to this class, key-alternating ciphers are a particularlyimportant way of constructing a block cipher. We prove thatkey-alternatingciphers can be considered a sound constructionprinciple. In the context of its resistance to linear attacks, ourstudy especially highlights the constructive effect of havingmultiple, but not too many rounds in such a design.
Table of Contents:
3. Stream ciphers and nonsmooth cryptanalysis
4. Hash functions and the rebound attack
5. Block ciphers and statistical cryptanalysis
6. Designing block ciphers: Statistical and structural aspects
7. Conclusion and outlook