Heuristic Tool for Linear Cryptanalysis with Applications to CAESAR Candidates

Christoph Erwin Dobraunig; Maria Eichlseder; Florian Mendel

doi:10.1007/978-3-662-48800-3_20

Heuristic Tool for Linear Cryptanalysis with Applications to CAESAR Candidates

Christoph Erwin Dobraunig, Maria Eichlseder, Florian Mendel

Institute of Applied Information Processing and Communications (7050)

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

Differential and linear cryptanalysis are the general purpose tools to analyze various cryptographic primitives. Both techniques have in common that they rely on the existence of good differential or linear characteristics. The difficulty of finding such characteristics depends on the primitive. For instance, AES is designed to be resistant against differential and linear attacks and therefore, provides upper bounds on the probability of possible linear characteristics. On the other hand, we have primitives like SHA-1, SHA-2, and Keccak, where finding good and useful characteristics is an open problem. This becomes particularly interesting when considering, for example, competitions like CAESAR. In such competitions, many cryptographic primitives are waiting for analysis. Without suitable automatic tools, this is a virtually infeasible job. In recent years, various tools have been introduced to search for characteristics. The majority of these only deal with differential characteristics. In this work, we present a heuristic search tool which is capable of finding linear characteristics even for primitives with a relatively large state, and without a strongly aligned structure. As a proof of concept, we apply the presented tool on the underlying permutations of the first round CAESAR candidates Ascon, ICEPOLE, Keyak, Minalpher and Prøst.

Original language	English
Title of host publication	Advances in Cryptology - ASIACRYPT 2015
Place of Publication	Cham
Publisher	Springer
Pages	490-509
ISBN (Print)	978-3-662-48799-0
DOIs	https://doi.org/10.1007/978-3-662-48800-3_20
Publication status	Published - 2015
Event	2015 International Conference on the Theory and Application of Cryptology and Information Security: ASIACRYPT 2015 - Auckland, New Zealand Duration: 29 Nov 2015 → 3 Dec 2015

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	9453

Conference

Conference	2015 International Conference on the Theory and Application of Cryptology and Information Security
Abbreviated title	ASIACRYPT 2015
Country/Territory	New Zealand
City	Auckland
Period	29/11/15 → 3/12/15

Fields of Expertise

Information, Communication & Computing

Treatment code (Nähere Zuordnung)

Basic - Fundamental (Grundlagenforschung)

Access to Document

10.1007/978-3-662-48800-3_20

fulltext.pdfAccepted author manuscript, 353 KB

FWF - AE - Design and Analysis of Next Generation Authenticated Encryption Algorithms
Mendel, F., Dobraunig, C. E. & Eichlseder, M.
1/10/14 → 30/09/17
Project: Research project
Cryptography
Schläffer, M., Oswald, M. E., Lipp, P., Dobraunig, C. E., Mendel, F., Eichlseder, M., Nad, T., Posch, R., Lamberger, M., Rijmen, V. & Rechberger, C.
1/01/95 → 31/01/19
Project: Research area

Cite this

Dobraunig, CE, Eichlseder, M & Mendel, F 2015, Heuristic Tool for Linear Cryptanalysis with Applications to CAESAR Candidates. in Advances in Cryptology - ASIACRYPT 2015. Lecture Notes in Computer Science, vol. 9453, Springer, Cham, pp. 490-509, 2015 International Conference on the Theory and Application of Cryptology and Information Security, Auckland, New Zealand, 29/11/15. https://doi.org/10.1007/978-3-662-48800-3_20

@inproceedings{2442f845f8b34952866d7216d38a529c,

title = "Heuristic Tool for Linear Cryptanalysis with Applications to CAESAR Candidates",

abstract = "Differential and linear cryptanalysis are the general purpose tools to analyze various cryptographic primitives. Both techniques have in common that they rely on the existence of good differential or linear characteristics. The difficulty of finding such characteristics depends on the primitive. For instance, AES is designed to be resistant against differential and linear attacks and therefore, provides upper bounds on the probability of possible linear characteristics. On the other hand, we have primitives like SHA-1, SHA-2, and Keccak, where finding good and useful characteristics is an open problem. This becomes particularly interesting when considering, for example, competitions like CAESAR. In such competitions, many cryptographic primitives are waiting for analysis. Without suitable automatic tools, this is a virtually infeasible job. In recent years, various tools have been introduced to search for characteristics. The majority of these only deal with differential characteristics. In this work, we present a heuristic search tool which is capable of finding linear characteristics even for primitives with a relatively large state, and without a strongly aligned structure. As a proof of concept, we apply the presented tool on the underlying permutations of the first round CAESAR candidates Ascon, ICEPOLE, Keyak, Minalpher and Pr{\o}st.",

author = "Dobraunig, {Christoph Erwin} and Maria Eichlseder and Florian Mendel",

year = "2015",

doi = "10.1007/978-3-662-48800-3_20",

language = "English",

isbn = "978-3-662-48799-0",

series = " Lecture Notes in Computer Science",

publisher = "Springer",

pages = "490--509",

booktitle = "Advances in Cryptology - ASIACRYPT 2015",

note = "2015 International Conference on the Theory and Application of Cryptology and Information Security : ASIACRYPT 2015, ASIACRYPT 2015 ; Conference date: 29-11-2015 Through 03-12-2015",

}

TY - GEN

T1 - Heuristic Tool for Linear Cryptanalysis with Applications to CAESAR Candidates

AU - Dobraunig, Christoph Erwin

AU - Eichlseder, Maria

AU - Mendel, Florian

PY - 2015

Y1 - 2015

N2 - Differential and linear cryptanalysis are the general purpose tools to analyze various cryptographic primitives. Both techniques have in common that they rely on the existence of good differential or linear characteristics. The difficulty of finding such characteristics depends on the primitive. For instance, AES is designed to be resistant against differential and linear attacks and therefore, provides upper bounds on the probability of possible linear characteristics. On the other hand, we have primitives like SHA-1, SHA-2, and Keccak, where finding good and useful characteristics is an open problem. This becomes particularly interesting when considering, for example, competitions like CAESAR. In such competitions, many cryptographic primitives are waiting for analysis. Without suitable automatic tools, this is a virtually infeasible job. In recent years, various tools have been introduced to search for characteristics. The majority of these only deal with differential characteristics. In this work, we present a heuristic search tool which is capable of finding linear characteristics even for primitives with a relatively large state, and without a strongly aligned structure. As a proof of concept, we apply the presented tool on the underlying permutations of the first round CAESAR candidates Ascon, ICEPOLE, Keyak, Minalpher and Prøst.

AB - Differential and linear cryptanalysis are the general purpose tools to analyze various cryptographic primitives. Both techniques have in common that they rely on the existence of good differential or linear characteristics. The difficulty of finding such characteristics depends on the primitive. For instance, AES is designed to be resistant against differential and linear attacks and therefore, provides upper bounds on the probability of possible linear characteristics. On the other hand, we have primitives like SHA-1, SHA-2, and Keccak, where finding good and useful characteristics is an open problem. This becomes particularly interesting when considering, for example, competitions like CAESAR. In such competitions, many cryptographic primitives are waiting for analysis. Without suitable automatic tools, this is a virtually infeasible job. In recent years, various tools have been introduced to search for characteristics. The majority of these only deal with differential characteristics. In this work, we present a heuristic search tool which is capable of finding linear characteristics even for primitives with a relatively large state, and without a strongly aligned structure. As a proof of concept, we apply the presented tool on the underlying permutations of the first round CAESAR candidates Ascon, ICEPOLE, Keyak, Minalpher and Prøst.

U2 - 10.1007/978-3-662-48800-3_20

DO - 10.1007/978-3-662-48800-3_20

M3 - Conference paper

SN - 978-3-662-48799-0

T3 - Lecture Notes in Computer Science

SP - 490

EP - 509

BT - Advances in Cryptology - ASIACRYPT 2015

PB - Springer

CY - Cham

T2 - 2015 International Conference on the Theory and Application of Cryptology and Information Security

Y2 - 29 November 2015 through 3 December 2015

ER -

Heuristic Tool for Linear Cryptanalysis with Applications to CAESAR Candidates

Abstract

Publication series

Conference

Fields of Expertise

Treatment code (Nähere Zuordnung)

Access to Document

Fingerprint

Projects

FWF - AE - Design and Analysis of Next Generation Authenticated Encryption Algorithms

Cryptography

Cite this