Welcome!
To use the personalized features of this site, please log in or register.
If you have forgotten your username or password, we can help.
My Menu
Marked Items 
Alerts
Order History
Saved Items
All
Favorites
    
Book Chapter Printable view
Non-linear Cryptanalysis Revisited: Heuristic Search for Approximations to S-Boxes

Non-linear Cryptanalysis Revisited: Heuristic Search for Approximations to S-Boxes

Book SeriesLecture Notes in Computer Science
PublisherSpringer Berlin / Heidelberg
ISSN0302-9743 (Print) 1611-3349 (Online)
VolumeVolume 4887/2007
BookCryptography and Coding
DOI10.1007/978-3-540-77272-9
Copyright2007
ISBN978-3-540-77271-2
DOI10.1007/978-3-540-77272-9_7
Pages99-117
Subject CollectionComputer Science
SpringerLink DateThursday, December 06, 2007
Add to marked items

Non-linear Cryptanalysis Revisited: Heuristic Search for Approximations to S-Boxes

Juan M. E. TapiadorContact Information, John A. ClarkContact Information and Julio C. Hernandez-CastroContact Information

(1)  Department of Computer Science, University of York, York YO10 5DD, England
(2)  Department of Computer Science, Carlos III University of Madrid, 28911 Leganes (Madrid), Spain
Abstract
Non-linear cryptanalysis is a natural extension to Matsui’s linear cryptanalitic techniques in which linear approximations are replaced by non-linear expressions. Non-linear approximations often exhibit greater absolute biases than linear ones, so it would appear that more powerful attacks may be mounted. However, their use presents two main drawbacks. The first is that in the general case no joint approximation can be done for more than one round of a block cipher. Despite this limitation, Knudsen and Robshaw showed that they can be still very useful, for they allow the cryptanalist greater flexibility in mounting a classic linear cryptanalysis. The second problem concerning non-linear functions is how to identify them efficiently, given that the search space is superexponential in the number of variables. As the size of S-boxes (the elements usually approximated) increases, the computational resources available to the cryptanalyst for the search become rapidly insufficient.
In this work, we tackle this last problem by using heuristic search techniques –particularly Simulated Annealing– along with a specific representation strategy that greatly facilitates the identification. We illustrate our approach with the 9×32 S-box of the MARS block cipher. For it, we have found multiple approximations with biases considerably larger (e.g. 151/512) than the best known linear mask (84/512) in reasonable time. Finally, an analysis concerning the search dynamics and its effectiveness is also provided.

Contact Information Juan M. E. Tapiador
Email: jet@cs.york.ac.uk

Contact Information John A. Clark
Email: jac@cs.york.ac.uk

Contact Information Julio C. Hernandez-Castro
Email: jcesar@inf.uc3m.es
Fulltext Preview (Small, Large)
Image of the first page of the fulltext

References secured to subscribers.
more options
Find


Export this chapter
Export this chapter as RIS | Text
 
Referenced by
1 newer article

  1. Tokareva, N. N. (2008) On quadratic approximations in block ciphers. Problems of Information Transmission 44(3)
    [CrossRef]
Frequently asked questions | General information on journals and books | Send us your feedback | Impressum | Contact
© Springer. Part of Springer Science+Business Media
Privacy, Disclaimer, Terms and Conditions, © Copyright Information
Remote Address: 38.107.191.113 • Server: mpweb22
HTTP User Agent: CCBot/1.0 (+http://www.commoncrawl.org/bot.html)