Abstract
In symmetric cryptography, the round functions used as building blocks for iterated block ciphers are obtained as the composition of different layers acting as a sequence of bijective transformations providing global increasing complexity. The study of the conditions on such layers which make the group generated by the round functions of a block cipher a primitive group has been addressed in the past years, both in the case of Substitution Permutation Networks and Feistel Networks, giving to block cipher designers the recipe to avoid the imprimitivity attack, which exploits the invariance of some subspaces during the encryption. In the case of Lai–Massey schemes, where both Substitution Permutation Network and Feistel Network features are combined, the resistance against imprimitivity attacks has been a long-standing open problem. In this paper we consider a generalization of such a scheme and we prove its resistance against the imprimitivity attack. Our solution is obtained as a consequence of a more general result in which the problem of proving the primitivity of a generalized Lai–Massey scheme is reduced to the simpler one of proving the primitivity of the group generated by the round functions of a strictly related Substitution Permutation Network. We prove how this implies a reduction in the computational cost of invariant-subspace search.
Highlights
Until the selection of the Advanced Encryption Standard [13], Feistel Networks (FN) have undoubtedly been the most popular design framework forAll the authors are members of INdAM-GNSAGA (Italy)
The contribution of this paper is a group-theoretical analysis of the Lai–Massey scheme (LM) scheme aimed at detecting invariant subspaces, i.e. subspaces of the message space which are invariant under the encryption functions and whose knowledge can be exploited by the cryptanalysts, which are studied by looking at the group generated by the round functions of the cipher
We prove here that the primitivity of the group generated by the rounds of an Substitution Permutation Networks (SPN) implies the one of a group containing the group generated by the rounds of an LM which features in its structure the same key-dependent transformation acting in the SPN
Summary
Until the selection of the Advanced Encryption Standard [13], Feistel Networks (FN) have undoubtedly been the most popular design framework for. The contribution of this paper is a group-theoretical analysis of the LM scheme aimed at detecting invariant subspaces, i.e. subspaces of the message space which are invariant under the encryption functions and whose knowledge can be exploited by the cryptanalysts, which are studied by looking at the group generated by the round functions of the cipher. Such a group, probably already investigated in the Cold War context, was first defined in 1975 by Coppersmith and Grossman [11].
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
