We define a substitution block cipher C with the plaintext and ciphertext blocks in Fn and with the keyspace Ks0,n(g) that is the set {/(x) : f (x) = ))); ai,a2 e Fn;n1,n2 G Sn}, where so is an integer, 1 ^ so ^ n; g : Fn ^ Fn is a bijec-tive vector function g(x) = g1(x)g2(x) ...gn(x) such that every its coordinate function gi(x) essentially depends on some Si ^ s0 variables in the string x = x1x2 .. .xn; Sn is the set of all permutations of the row (12... n); ni and ai are the permutation and negation operations, that is, (n = (i1i2 ... in)) ^ (n(a1a2 ... an) = ail ai2 .. . . . ain ), (a = b1b2 .. .bn) ^ ((a1a2 ... an)^ = a^11 a22... a^) and, for a and b in F2, ab = a if b = 1 and ab = -a if b = 0. Like g, any key / in Ks0,n(g) is a bijection on Fn, / (x) = f1(x)/2(x) ...fn(x), and every its coordinate function fi(x) essentially depends on not more than so variables in x. The encryption of a plaintext block x and the decryption of a ciphertext block y on the key f are defined in C as follows: y = f (x) and x = f-1(y). Here, we suggest a known plaintext attack on C with the threat of discovering the key f that was used. Let P1 ,P2,..., Pm be some blocks of a plaintext, C1, C2,..., Cm be the corresponding blocks of a ciphertext, i.e., Ci = f (Pi) for l = 1,2,... ,m, and Pi = Pi1Pi2 ... Pin, Ci = СцС12 ... Cin. The object is to determine the coordinate function fi(x) of f for each i G {1,2,...,n}. The suggested attack consists of two steps, namely we first determine the essential variables xil,...,xis of fi(x) and then compute a Boolean function h(xil,...,xis) such that h(ail,... ,ais) = fi(a1,..., an) for all n-tuples (a1a2 ... an) G Fn. For determining the essential variables of fi, we construct a Boolean matrix || inf D(fi)|| with the set of rows inf D(fi), where D(fi) = {Pi 0 Pj : Cii = Cji; l,j = 1, 2,..., m}, Cii = fi(Pi), l = 1,...,m, i = 1,...,n, and infD(fi) is the subset of all the minimal vectors in D(fi). Then the numbers of essential variables for fi are the numbers of columns in the intersection of all covers of || inf D(fi)|| with the cardinalities not more than s0, where a cover of a Boolean matrix M is defined as a subset C of its columns such that each row in M has ’1’ in a column in C. For computing h(xil,... ,xis), we first set h(Piil,..., Piis) = Cii for l = 1,..., m and then, if hi is not yet completely determined on F2, we increase the number m of known blocks (Pi,Ci) of plain- and ciphertexts or extend hi on F2 in such a way that the vector function h = h1h2 ... hn with the completely defined coordinate functions is a bijection on Fn. We also describe some special known plaintext attacks on substitution block ciphers with keyspaces being subsets of Ks0,n(g).
Download file
Counter downloads: 203
- Title Substitution block ciphers with functional keys
- Headline Substitution block ciphers with functional keys
- Publesher
Tomsk State University - Issue Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics 38
- Date:
- DOI 10.17223/20710410/38/4
Keywords
substitution ciphers, block ciphers, functional keys, cryptanalysis, known plaintext attack, Boolean functions, essential variables, bijective functions, шифры подстановки, блочные шифры, функциональные ключи, криптоанализ, атака с известным открытым текстом, булевы функции, существенные переменные, биективные функцииAuthors
References
Agibalov G. P. and Levashnikov A. A. Statisticheskoe issledovanie zadachi opoznaniya bulevykh funktsiy odnogo klassa [Statistical study of the identifying problem for a class of Boolean functions]. Proc. ASDA Conf., Novosibirsk, 1966, pp. 40-45. (in Russian)
Agibalov G. P. and Sungurova O. G. Kriptoanaliz konechno-avtomatnogo generatora klyuchevogo potoka s funktsiey vykhodov v kachestve klyucha [Cryptanalysis of a finite-state keystream generator with an output function as a key]. Vestnik TSU. Prilozhenie, 2006, no. 17, pp. 104-108. (in Russian)
Agibalov G. P. SIBCiphers - simmetrichnye iterativnye blochnye shifry iz bulevykh funktsiy s klyuchevymi argumentami [SIBCiphers - symmetric iterative block ciphers composed of Boolean functions depending on small number of variables]. Prikladnaya Diskretnaya Matematika. Prilozhenie, 2014, no. 7, pp. 43-48. (in Russian)
Agibalov G. P. Watermarking ciphers. Prikladnaya Diskretnaya Matematika, 2016, no. 1(31), pp. 62-66.
Agibalov G. P. and Pankratova I. A. O dvukhkaskadnykh konechno-avtomatnykh kriptograficheskikh generatorakh i metodakh ikh kriptoanaliza [About 2-cascade finite automata cryptographic generators and their cryptanalysis]. Prikladnaya Diskretnaya Matematika, 2017, no. 35, pp. 38-47. (in Russian)
Agibalov G. P. Kriptoavtomaty s funktsional’nymi klyuchami [Cryptautomata with functional keys]. Prikladnaya Diskretnaya Matematika, 2017, no. 36, pp. 59-72. (in Russian)
Pankratova I. A. Construction of invertible vectorial Boolean functions with coordinates depending on given number of variables. Proc. CSIST’2016, Minsk, BSU Publ., 2016, pp. 519-521.
Pankratova I. A. Ob obratimosti vektornykh bulevykh funktsiy [On the invertibility of vector Boolean functions]. Prikladnaya Diskretnaya Matematika. Prilozhenie, 2015, no. 8, pp. 35-37. (in Russian)
Agibalov G. P. Minimizatsiya chisla argumentov bulevykh funktsiy [Number minimization for variables a partial Boolean function depends on]. Problemy Sinteza Tsifrovykh Avtomatov, Moscow, Nauka Publ., 1967, pp. 96-100. (in Russian)
Agibalov G. P. O nekotorykh doopredeleniyakh chastichnoy bulevoy funktsii [Some completions of partial Boolean function]. Trudy SPhTI, 1970, iss.49, pp. 12-19. (in Russian)
Substitution block ciphers with functional keys | Prikladnaya Diskretnaya Matematika - Applied Discrete Mathematics. 2017. № 38. DOI: 10.17223/20710410/38/4
Download full-text version
Counter downloads: 455