symmetric cryptography: scalable matrix cipher
DESCRIPTION
Symmetric cryptography: scalable matrix cipher . Nguyen Dinh Thuc University of Science, HCMC [email protected]. outline. M atrix-base cipher Advanced Encryption Standard Scalable Substitution Matrix cipher. Matrix-base cipher matrix cipher: introduction. - PowerPoint PPT PresentationTRANSCRIPT
Symmetric cryptography:scalable matrix cipher
Nguyen Dinh ThucUniversity of Science, HCMC
outline
• Matrix-base cipher• Advanced Encryption Standard• Scalable Substitution Matrix cipher
Matrix-base ciphermatrix cipher: introduction
• in Hill/matrix cipher, each letter is treated as a number in Z26. A block of n letters is processed as a vector of n dimensions, and multiplied by a nxn matrix, modulo 26.
• in order to decrypt, this permutation matrix must be invertible in Z26 and is considered as the cipher key
• Linearity encryption/decryption: fast but unsecure
• Scalability
Matrix-base cipher matrix cipher: properties
Matrix-base ciphermatrix cipher: key space
• let GL(d,Zm)={Adxd/A is invertible modulo m}
• |GL(d,Zp)|= i=0,…,d-1(pd – pi) where p is a prime number
• |GL(d,Zpn)|=p(n-1)d^2 i=0,…,d-1(pd – pi) where p is a
prime number• |GL(d,Zm)|= i=1,..,k(pi
(ni-1)d^2 j=0,…,d-1(pi
d – pij) where
m=p1n
1…pkn
k, pi: prime
Matrix-base ciphera symmetric cryptosystem over group Z2
n : LogSig
• Anxn: a non-singular matrix over Z2n
• B={a1,…,an /ai: ith of matrix A}: basis of Z2n
• B={a1,…,an} ={a1,…,ar1,ar1+1,…,ar1+r2,…,a(rs-1)+1,…,a(rs-1)+rs}• Let • i be a permutation on {1,…,ri}, i=1,…,s
• i be a linear combination of {a((ri-1)+1),…, a((ri-1)+ri)}, i=1,…,s and r0=1
= {1,…,s}: logarithmic signature over Z2n.
Matrix-base ciphera symmetric cryptosystem over group Z2
n : bijections
Given a logsig of type (r1,…,rs), which spanned by matrix A and permutations i, i=1,…,s
• mZ(2n
) whose the binary representation: m=(m11,…,m1r1,…,ms1,…,msrs)Z2
n (m) = (p1,…,p2) where pi is decimal value of binary
string mi1…miri, i=1,…,s (p1,…,ps)=i=1,…,r1p1ia1(i) + i=1,…,rspsias(i), where pij is
the jth of pi, i=1,…,2
Matrix-base ciphera symmetric cryptosystem over group Z2
n : factorization
Given a logsig of type (r1,…,rs), which spanned by matrix A and permutations i, i=1,…,s
• Given u Z2n , u=(u1,…,un)
• Compute v=u1xnAnxn=(v11,…,v1r1,…,vs1,…,vsrs) Z2n
• Let qi (i=1,…,s) be decimal value of binary string vii(1)…vii(ri)
(q1,…,qs) is factorization of u by
Matrix-base ciphera symmetric cryptosystem over group Z2
n : discussion
Let S be a finite set and let f be a bijection from S to S. The function f is an involution if f(f(x)) = x for all x S.
• Given two logarithmic signatures and , which are spanned by two non-singular A and B in respectively.
• When function E is involution: E(m)=m for all m Z(2n).
Advanced Encryption Standard:substitution-permutation network
S00 S01 S02 S03
S10 S11 S12 S13
S20 S21 S22 S23
S30 S31 S32 S33
in0 in4 in8 in12
in1 in5 in9 in13
in2 in6 in10 in14
in3 in7 in11 in15
AddRoundKey
SubBytes
ShiftRows
MixColumns
AddRoundKey
SubBytes
ShiftRows
AddRoundKey
xNr - 1
out0
out4
out8 out12
out1
out5
out9 out13
out2
out6
out10
out14
out3
out7
out11
out15
State S
Advanced Encryption Standard: design rationale
• two properties of operations of a secure cipher:– confusion: minimize input-output correlation– diffusion: maximize prop ratio
• wide trail strategy:– A general strategy to construct a modern secure block
cipher– base on substitution-permutation network (SPN)
which consists of multiple rounds of transformations, each of which consists of a substitution layer and a permutation layer to provide confusion and diffusion respectively
Advanced Encryption Standard: substitution layerbased on the AES S-box which is defined by the
composition of 3 operations:• inversion. The input byte to the S-Box is regarded
as an element w F, and for w 0 the output x=w-1; and 0-1=0. Where F is Rijndael field.
• GF(2)-linear mapping (affine mapping) is a linear transformation :GF(2)8 GF(2)8
• s-Box constant. The output of the GF(2)-linear mapping is regarded as an element of the Rijndael field and added to the field element 63 to produce the output of S-Box
Advanced Encryption Standard: S-BOXthe AES S-Box is actually a combination of a power
function P(x) and an affine surjection A(x): AP(x), where:
1
0
1
2
3
4
5
6
7
, 0( ) ,
0, 0
1 0 0 0 1 1 1 1 11 1 0 0 0 1 1 1 11 1 1 0 0 0 1 1 01 1 1 1 0 0 0 1 0
( )1 1 1 1 1 0 0 0 00 1 1 1 1 1 0 0 10 0 1 1 1 1 1 0 10 0 0 1 1 1 1 1 0
x xP x
x
xxxx
A xxxxx
Advanced Encryption Standard: diffusion layer
• has been designed in according with the wide trail strategy
• based on a 4x4 matrix over F used in MixColumns
• this is the parity check matrix for a maximal distance separable code, known as an MDS matrix
Advanced Encryption Standard: diffusion layer and branch number
• branch number B of a linear transformation F is defined as follows: B(F)=min{wt(a)+wt(F(a)), adom(F)\{0}} where wt is number of non-rezo elements in a given vector
• if F is defined over n-dimensional space, B(F)n+1
• if B(F)=n+1, F is considered as maximum diffusion layer
J.Daemen and V.Rijmen, AES proposal: Rijndael, AES algorithm submission , 1999. (available on Internet)
Scalable Substitution Matrix cipherstructure
• ssm is a byte-oriented block cipher.• plaintext block of a fixed length is transformed
into a corresponding cipher text block using a given key k
• cipher key is a nontrivial diffusion invertible matrix
• Encryption process consists of multiple rounds of transformations
Scalable Substitution Matrix cipherdiffusion matrix
• diffusion degree of a nxn matrix M is defined by: d(M)=minX0{wt(Xnx1)+wt(MnxnXnx1)}
• matrix M is called nontrivial diffusion matrix if d(M)>2; otherwise, M is called trivial diffusion matrix
D.H.Van, N.T.Binh. T.M.Triet, and T.N.Bao, SSM: Scalable Substitution Matrix cipher, Vietnam Journal of Science and Technology, vol.46, 2009.
Scalable Substitution Matrix cipherencryption process
• round transformation Nr=22n/2 +2, where is a branch number of the keyed linear transformation
• round transformation of round r, denoted r, consists two main steps:– Key-independent nonlinear transformation (denoted
): each byte of the state is substituted using a fixed nonlinear S-box
– Keyed linear transformation (denoted ): the whole state is linearly mixed using a matrix derived from the cipher key k
Scalable Substitution Matrix cipherschema
…
S S S S … S S S S
…
[kr]
n byte
SSM[k]=Nr-1[k]…1[k]0[k]
Scalable Substitution Matrix cipherkey independent nonlinear substitution
in SSM, all operations of are processed using a fixed S-Box constructed as follows:
• applying the affine mapping over GF(2)8 on the binary representation of x: y= 1x
• take the inverse mapping z=y-1 over GF(2)[x]/< (x)>, with 0-1=0
• apply the affine mapping over GF(2)8 on the binary representation of z: t= 2z
Bao Ngoc Tran, Thuc Dinh Nguyen, Thu Dan Tran, A New S-Box Structure to Increase Complexity of Algebraic Expression for Block Cipher Cryptosystems, icctd, vol. 2, pp.212-216, 2009 International Conference on Computer Technology and Development, 2009
1
2
1 1 0 0 0 0 0 00 1 1 0 0 0 0 00 0 1 1 0 0 0 00 0 0 1 1 0 0 00 0 0 0 1 1 0 00 0 0 0 0 1 1 00 0 0 0 0 0 1 10 0 0 0 0 0 0 1
1 0 0 0 1 1 1 11 1 0 0 0 1 1 11 1 1 0 0 0 1 11 1 1 1 0 0 0 11 1 1 1 1 0 0 00 1 1 1 1 1 0 00 0 1 1 1 1 1 00 0 0 1 1 1 1 1
Scalable Substitution Matrix cipherkeyed linear transformation
• operates on the whole state• the state is considered as an n-byte column
vector and multiplied [mod 256] an nxn matrix M
• M is cipher key, is also a nontrivial diffusion matrix
• it should be noticed that is defined over Zn256
instead of GF(28) as in the nonlinear step.
• SSM supports unlimited block length and key length.
• With non-linear substitution, SSM eliminates limitation of most matrix ciphers with only linear components.
• SSM can against differential and linear cryptanalysis
Scalable Substitution Matrix cipherconclusion
D.H.Van, N.T.Binh. T.M.Triet, and T.N.Bao, SSM: Scalable Substitution Matrix cipher, Vietnam Journal of Science and Technology, vol. 2009.