Analysis And Design Of Block Ciphers

Oursocietyhadsteppedintoanexcellentinformationagewiththerapiddevelopmentof computer networks and communication technologies. In this environment, the securitystorage, process and transformation of information are urgent needed, thus the problem ofinformation security protection is very pressing. Cryptography is a useful and major ap-proach for security protection, which achieves the goals by various encryption algorithms,and nowadays, it had been the basis of the information security. Block ciphers belongsto the field of symmetric cryptography, it attracts more attention in recent years, due totheir features of high security, efficient implementations and easy standardizations. Underthis background, this thesis concentrates on the cryptanalysis and design methodologiesof block ciphers, and it mainly contains two parts.In the first part, we focus on the cryptanalytic methods for block ciphers, and obtainsome results that are related to the following three aspects:In the first aspect, we study the resistance of SPN ciphers against impossible differ-ential cryptanalysis and higher-order integral cryptanalysis. We adopt the matrix theoryon finite fields to propose several criteria for characterizing the existence of impossibledifferentials of SPN ciphers. This method can be extended to analyze other block cipherstructureswithSPN-typeroundfunction,andthuscanprovideusanewpotentialapproachto automatically search impossible differentials for various ciphers. We also borrow fromthelinearalgebrawiththetoolofdirectdecompositionofalinearspacetoproposeatheoryforhigher-orderintegralextensionofSPNciphers, whichunifiestheprocessforfinding4-round higher-order integrals of AES and ARIA. This method can be further generalized toanalyze the case of block cipher structures, and thus overcome the traditional approacheswith cryptanalyst’s experience and intuition. In the second aspect, we evaluate the secu-rity of a kind of generalized unbalanced Feistel network structure, called GF-NLFSR. Byalgebraic methods, the encryption characteristic can be expressed clearly, which directlydemonstrates a poor diffusion property of GF-NLFSR. Thus, the distinguishing attacks onGF-NLFSR can be significantly improved. Another contribution regarding to the securityof a variant of GF-NLFSR is the proposition of a kind of non-surjective attack, whichcan be applied to some block ciphers with bijective components. Such a kind of attack is verified through a experiment on a toy cipher based on GF-NLFSR and the sbox of AES.The most merit of this method is that its data complexity is only a linear function of theblock length. In the third aspect, we apply differential fault analysis on SMS4based onthe random byte fault model. By observing a difference propagation property of5-roundSMS4-type generalized Feistel structure with SPN round function, we show that if a ran-dombytefaultisinducedintoeitherthesecond,third,orfourthwordregisterattheinputofthe28-th round, we can break SMS4by an exhaustive search with time complexity222.11.This efficient attack implies that SMS4should be carefully protected when implementedin the products.The second part belongs to the design theory of block ciphers, and it contains thefollowing results:First, we concentrate on a kind of involutional linear transformation which is basedon the XOR of several rotations, the numeration of this kind of linear transformation isgiven and its branch number is shown to be upper bounded by4. Meanwhile, the relation-ship between the parameters of the rotations and the branch number is discussed, whichprovides a theoretical basis for the design. Then, we turn to the field of practical securityaspectsofblockcipherstructures.ThemainobjectistheMISTYstructurewithSPNroundfunction. According to the mask propagation and "divide-and-conquer" strategy, we pro-vide a new lower bound of the number of active s-boxes for consecutive4r-round linearcharacteristics of such block cipher construction, and thus unifies the practical securitybounds for this construction against differential and linear cryptanalysis. Last, we gener-alize the MISTY structure and propose two kinds of block cipher structures called Type-Iand Type-II generalized MISTY structure. For these two block cipher constructions, weprovide the proofs of their practical security against differential and linear cryptanalysis,which is the basis for the design of new block ciphers basing these structures. Accord-ingly, two efficient block cipher framework are proposed based on the Type-II generalizedMISTY structure.