Security analysis of P-SPN schemes against invariant subspace attack with inactive S-boxes

IF 1.4 2区 数学 Q3 COMPUTER SCIENCE, THEORY & METHODS Designs, Codes and Cryptography Pub Date : 2024-07-21 DOI:10.1007/s10623-024-01465-z
Bolin Wang, Wenling Wu
{"title":"Security analysis of P-SPN schemes against invariant subspace attack with inactive S-boxes","authors":"Bolin Wang, Wenling Wu","doi":"10.1007/s10623-024-01465-z","DOIUrl":null,"url":null,"abstract":"<p>The security requirements of new applications such as cloud computing, big data, and the Internet of Things have promoted the development and application of security protocols such as secure multi-party computation, fully homomorphic encryption, and zero-knowledge proof. In order to meet these demands, there is a need for new symmetric ciphers that minimize multiplications in <span>\\( {\\mathbb {F}}_{2^{n}} \\)</span> or <span>\\( {\\mathbb {F}}_{p} \\)</span>, where <i>p</i> is prime. One construction that addresses this demand is Partial SPN (P-SPN) construction, where the S-box layer is only applied to a portion of the state in each round. And there have been several research on the construction over the past years. The key to the design of P-SPN construction lies in the linear layers, but systematic exploration in this direction has been lacking in the existing work. In this work, we first establish a lower bound on the dimension of the maximal invariant subspace without active S-boxes for a generic P-SPN scheme. Subsequently, we concentrate on the linear layers of P-SPN construction. Through a meticulous examination of intriguing and beneficial characteristics for various matrices, we showcase that the security of a P-SPN scheme against invariant subspace attack depends on the degree of the minimal polynomial of the matrix. Inadequate choices of the matrices allow for large invariant subspaces that navigate any number of rounds without activating any S-boxes. A comprehensive proof for the Conjecture 1 proposed by Keller and Rosemarin is presented, which not only further improves the lower bound on the dimension of the maximal invariant subspace for the P-SPN rounds of STARKAD permutation, but also implies a lower bound on the dimension of the maximal invariant subspace for block matrices with special blocks. For a block circulant matrix with special blocks, a better annihilating polynomial exists and a lower bound on the dimension of the maximal invariant subspace can be identified. For circulant matrices and block circulant matrices with circulant blocks, we introduce methods to ascertain the range or exact value of the minimal polynomial degree. This determination advances the exploration of the invariant subspaces in these matrices. Especially if the number of S-Boxes in a P-SPN scheme is 1, we can attain the exact value of the dimension for the maximal invariant subspace. All the cases discussed here are invariant subspaces with inactive S-boxes. Our work intends to provide concise cryptanalytic methods for new proposals following P-SPN or HADES design principles. In addition, we derive a way to make sure that a circulant matrix <i>C</i> is resistant to invariant subspace attack with inactive S-boxes, thus providing design criteria for the construction of such matrices in the design of P-SPN schemes.\n</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"35 1","pages":""},"PeriodicalIF":1.4000,"publicationDate":"2024-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Designs, Codes and Cryptography","FirstCategoryId":"100","ListUrlMain":"https://doi.org/10.1007/s10623-024-01465-z","RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
引用次数: 0

Abstract

The security requirements of new applications such as cloud computing, big data, and the Internet of Things have promoted the development and application of security protocols such as secure multi-party computation, fully homomorphic encryption, and zero-knowledge proof. In order to meet these demands, there is a need for new symmetric ciphers that minimize multiplications in \( {\mathbb {F}}_{2^{n}} \) or \( {\mathbb {F}}_{p} \), where p is prime. One construction that addresses this demand is Partial SPN (P-SPN) construction, where the S-box layer is only applied to a portion of the state in each round. And there have been several research on the construction over the past years. The key to the design of P-SPN construction lies in the linear layers, but systematic exploration in this direction has been lacking in the existing work. In this work, we first establish a lower bound on the dimension of the maximal invariant subspace without active S-boxes for a generic P-SPN scheme. Subsequently, we concentrate on the linear layers of P-SPN construction. Through a meticulous examination of intriguing and beneficial characteristics for various matrices, we showcase that the security of a P-SPN scheme against invariant subspace attack depends on the degree of the minimal polynomial of the matrix. Inadequate choices of the matrices allow for large invariant subspaces that navigate any number of rounds without activating any S-boxes. A comprehensive proof for the Conjecture 1 proposed by Keller and Rosemarin is presented, which not only further improves the lower bound on the dimension of the maximal invariant subspace for the P-SPN rounds of STARKAD permutation, but also implies a lower bound on the dimension of the maximal invariant subspace for block matrices with special blocks. For a block circulant matrix with special blocks, a better annihilating polynomial exists and a lower bound on the dimension of the maximal invariant subspace can be identified. For circulant matrices and block circulant matrices with circulant blocks, we introduce methods to ascertain the range or exact value of the minimal polynomial degree. This determination advances the exploration of the invariant subspaces in these matrices. Especially if the number of S-Boxes in a P-SPN scheme is 1, we can attain the exact value of the dimension for the maximal invariant subspace. All the cases discussed here are invariant subspaces with inactive S-boxes. Our work intends to provide concise cryptanalytic methods for new proposals following P-SPN or HADES design principles. In addition, we derive a way to make sure that a circulant matrix C is resistant to invariant subspace attack with inactive S-boxes, thus providing design criteria for the construction of such matrices in the design of P-SPN schemes.

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
针对不活动 S 盒的不变子空间攻击的 P-SPN 方案的安全分析
云计算、大数据和物联网等新应用的安全要求促进了安全协议的发展和应用,如安全多方计算、全同态加密和零知识证明。为了满足这些需求,人们需要新的对称密码,以最小化 \( {\mathbb {F}}_{2^{n}} \) 或 \( {\mathbb {F}}_{p} \) 中的乘法,其中 p 是素数。部分 SPN(Partial SPN,P-SPN)结构是解决这一需求的一种结构,在这种结构中,S-box 层在每一轮中只应用于部分状态。在过去的几年里,已经有多项关于该结构的研究。P-SPN 结构设计的关键在于线性层,但现有工作中一直缺乏这方面的系统探索。在这项工作中,我们首先为一个通用的 P-SPN 方案建立了无活动 S 盒的最大不变子空间的维度下限。随后,我们专注于 P-SPN 结构的线性层。通过对各种矩阵的有趣和有利特征的细致研究,我们发现 P-SPN 方案抵御不变子空间攻击的安全性取决于矩阵最小多项式的度数。如果矩阵选择不当,就会产生大的不变子空间,这些不变子空间可以在不激活任何 S 盒的情况下浏览任意多轮。本文提出了对 Keller 和 Rosemarin 提出的猜想 1 的全面证明,不仅进一步提高了 STARKAD 置换 P-SPN 轮的最大不变子空间维度的下限,还隐含了具有特殊块的块矩阵的最大不变子空间维度的下限。对于具有特殊块的块环矩阵,存在一个更好的湮灭多项式,并且可以确定最大不变子空间维数的下限。对于循环矩阵和具有循环块的块循环矩阵,我们引入了确定最小多项式度的范围或精确值的方法。这种确定方法推进了对这些矩阵中不变子空间的探索。特别是当 P-SPN 方案中的 S-Boxes 数量为 1 时,我们可以获得最大不变子空间维度的精确值。这里讨论的所有情况都是不活动 S 盒的不变子空间。我们的工作旨在为遵循 P-SPN 或 HADES 设计原则的新方案提供简明的密码分析方法。此外,我们还推导出一种方法,确保环状矩阵 C 能够抵御不活动 S 盒的不变子空间攻击,从而为 P-SPN 方案设计中构建此类矩阵提供设计标准。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Designs, Codes and Cryptography
Designs, Codes and Cryptography 工程技术-计算机:理论方法
CiteScore
2.80
自引率
12.50%
发文量
157
审稿时长
16.5 months
期刊介绍: Designs, Codes and Cryptography is an archival peer-reviewed technical journal publishing original research papers in the designated areas. There is a great deal of activity in design theory, coding theory and cryptography, including a substantial amount of research which brings together more than one of the subjects. While many journals exist for each of the individual areas, few encourage the interaction of the disciplines. The journal was founded to meet the needs of mathematicians, engineers and computer scientists working in these areas, whose interests extend beyond the bounds of any one of the individual disciplines. The journal provides a forum for high quality research in its three areas, with papers touching more than one of the areas especially welcome. The journal also considers high quality submissions in the closely related areas of finite fields and finite geometries, which provide important tools for both the construction and the actual application of designs, codes and cryptographic systems. In particular, it includes (mostly theoretical) papers on computational aspects of finite fields. It also considers topics in sequence design, which frequently admit equivalent formulations in the journal’s main areas. Designs, Codes and Cryptography is mathematically oriented, emphasizing the algebraic and geometric aspects of the areas it covers. The journal considers high quality papers of both a theoretical and a practical nature, provided they contain a substantial amount of mathematics.
期刊最新文献
Quantum rectangle attack and its application on Deoxys-BC Almost tight security in lattices with polynomial moduli—PRF, IBE, all-but-many LTF, and more Breaking the power-of-two barrier: noise estimation for BGV in NTT-friendly rings A new method of constructing $$(k+s)$$ -variable bent functions based on a family of s-plateaued functions on k variables Further investigation on differential properties of the generalized Ness–Helleseth function
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1