Banca de DEFESA: Murilo Coutinho Silva
Uma banca de DEFESA de DOUTORADO foi cadastrada pelo programa.STUDENT : Murilo Coutinho Silva
DATE: 25/11/2022
TIME: 14:30
LOCAL: Videoconferência
TITLE:
Design, Diffusion, and Cryptanalysis of Symmetric Primitives
KEY WORDS:
Cryptography, ARX, Cryptanalysis, Diffusion, Security, ChaCha, Salsa, Speck, AES, PRESENT, Forró, Continuous Diffusion Analysis, Continuous Differential Cryptanalysis.
PAGES: 217
BIG AREA: Engenharias
AREA: Engenharia Elétrica
SUBÁREA: Telecomunicações
SPECIALTY: Sistemas deTelecomunicações
SUMMARY:
In this PhD thesis, we study and propose new cryptographic techniques and algorithms. The following results are achieved: • We propose a new technique called Continuous Diffusion Analysis (CDA) that can be used to study, design, and compare of cryptographic algorithms. CDA allows us to generalize cryptographic algorithms by transforming the discrete bits into probabilities such that the algorithm is generalized into a continuous mathematical function. We propose three new metrics to measure the diffusion in this generalized continuous space, namely the Continuous Avalanche Factor, the Continuous Neutrality Measure, and the Diffusion Factor. In addition, we show that these measures can be used to analyze the diffusion of cryptographic algorithms, in particular, the Diffusion Factor can be used to compare the diffusion without the need of reducing the number of rounds or considering a small subset of bits. • We propose a new framework, named ColoreD, to evaluate security against differential cryptanalysis. In the proposed framework, instead of considering only binary (black and white) differences, we allow the use of Continuous Differences (ColoreD), which is possible using of continuous generalizations of cryptographic algorithms, allowing us to use differences smaller than one bit. ColoreD incorporates not only continuous generalization of algorithms, but we also propose new theoretical tools such as the Continuous Differential Cryptanalysis (CDC). This tool provides us with a theoretical framework that allows us to mount key recovery attacks without the need of reducing the number of rounds. To showcase the usefulness of the new framework, we use ColoreD to study and compare AES and PRESENT ciphers. This analysis leads to the conclusion that AES is safer than PRESENT when considering differential cryptanalysis, and that PRESENT would need at least 37 rounds to achieve the same security margin of AES. Additionally, applying CDC to both AES and PRESENT we show that is possible to mount a key recovery to both algorithms when considering inputs with very small continuous differences. • We propose new techniques to improve cryptanalysis against ARX ciphers. First, we present a new way to generate linear approximations, which can be used to find better linear approximations in ARX ciphers. Using this technique, we present the first explicitly derived linear approximations for 3 and 4 rounds of ChaCha and, as a consequence, it enables us to improve the recent attacks against ChaCha. More precisely, we our attacks have complexity of 2 51 and 2 224 against 6 and 7 rounds of ChaCha, respectively. Additionally, we propose a technique called Bidirectional Linear Expansions (BLE) to improve the efficacy of differential-linear distinguishers. Using the BLE, we propose the first differential-linear distinguishers ranging 7 and 8 rounds of Salsa20, with time complexities of 2 108.98 and 2 215.62, respectively. Additionally, we show that using the differentials obtained, it is possible to improved Probabilistic Neutral Bits (PNB) key-recovery attacks against 7 and 8 rounds of Salsa20, obtaining time complexities of 2 122.63 and 2 219.56, respectively. • We propose the design of new stream ciphers. First, we show that a simple modification in the algorithm ChaCha, namely changing the rotation distances in the Quarter Round Function, makes it more secure against all the most effective known attacks without any loss in performance. In fact, we show that with these changes, it is only possible to break up to 6 rounds of ChaCha. Therefore, it would be no longer possible to break 7 rounds of ChaCha with the best-known attacks. Finally, we propose a new stream cipher called Forró. We show that Forró is able to achieve more security than Salsa and ChaCha using fewer arithmetic operations. We show that the security of 5 rounds of Forró is equivalent to 7 rounds of ChaCha and that Forró is faster when implemented in several different processors.
BANKING MEMBERS:
Externo à Instituição - ANDERSON CLAYTON ALVES NASCIMENTO - UW
Interno - 1141301 - FRANCISCO ASSIS DE OLIVEIRA NASCIMENTO
Externo ao Programa - 2556078 - GEORGES DANIEL AMVAME NZE
Externo à Instituição - JULIO CÉSAR LÓPEZ HERNANDEZ - UNICAMP
Presidente - 2201912 - RAFAEL TIMOTEO DE SOUSA JUNIOR