Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
MTZ-Fachkongress

Antriebe und Energiesysteme von morgen


Austausch von Automobil- und Energiewirtschaft

Am 14./15. Mai geht es in Chemnitz um die Mobilitätswende durch Elektro- und Wasserstofffahrzeuge.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Prerequisites and Notation Kapitel lesen Erstes Kapitel lesen

2016 | OriginalPaper | Buchkapitel

9. Applications to Block Ciphers

verfasst von : Alko R. Meijer

Erschienen in: Algebra for Cryptologists

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Finite fields have for a long time been important in Applied Algebra, in particular in the theory of error correcting codes. In more recent times, they have assumed an equally important role in Cryptography, initially mainly in the generation of pseudorandom sequences and the design of stream ciphers, as we have seen. But more recently, especially since the selection of Rijndael in 2000/2001 as the Advanced Encryption Standard (AES), they have assumed a vitally important role in the design of block ciphers as well. In this chapter we discuss some aspects of these further applications.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Boolean Functions
Nächstes Kapitel Number Theory in Public Key Cryptography
Fußnoten
1
This is as good a place as any to remind the reader and to re-emphasise the rather obvious fact that the logical/Boolean exclusive-or operation is really nothing else than addition modulo 2. Addition modulo 2 is, in turn, nothing but addition in GF(2) or in any field of characteristic 2. This explains why such fields are so popular in cryptology.
We shall continue to abbreviate ‘exclusive-or’ to ‘XOR’, and use the symbol ‘⊕’ to denote this operation.
 
2
At first sight, it seems odd that non-invertible functions can be used in an encryption function. After all, decryption must be possible, so the encryption function must be invertible. But that does not mean that every component needs to be! The Data Encryption Standard’s Feistel structure allowed for any function whatsoever to be used in its round function, as the nonlinear function only operates on half the round input.
 
3
Biryukov, A. and Wagner, D.: Slide Attacks, Proc. 6th International Workshop on Fast Software Encryption (FSE ’99), LNCS 1636, Springer-Verlag, 245–259.
 
4
The question needed to be asked why the designers chose this particular polynomial. The answer is reputedly that it was the first entry in a list of irreducible polynomials of degree 8 that the designers had available.
 
5
The key expansion is the process of obtaining the round keys, each of 128 bits, from the cipher key itself.
 
6
At the risk of offending the reader, through implying that he or she does not remember anything from the chapter on Boolean functions: An affine Boolean function is a function of the form i = 0 n−1 a i x i c, where a i , c ∈ GF(2). Thus a linear function is an affine function for which the constant c = 0.
 
7
Nyberg, K.: Differentially uniform mappings for cryptography, Proc. Eurocrypt ’93, Lecture Notes in Computer Science 765, Springer-Verlag, Berlin, Heidelberg, New York, 1994. The selection of the Rijndael S-box was, I suspect, based on the results obtained by Nyberg and published in this paper. The current discussion is lifted from Nyberg’s results. Nyberg does not provide a proof of the nonlinearity property, but refers to a paper by Carlitz and Uchiyama, which appeared in the Duke Mathematical Journal 24, 1957.
 
8
We are cheating here: we claim that the fact that we restrict ourselves to the subset Tr((s γ)−1) = 0 does not affect the distribution of Tr(γ). This seems to be true.
 
9
We have already noted that, in order to achieve adequate speed, the S-box of a block cipher is frequently, or even usually, implemented as a simple table, rather than in the mathematical form, if any, by which it is defined.
 
10
Wernsdorf, R.: The round functions of RIJNDAEL generate the alternating group, Proc. Fast Software Encryption, 2002, LNCS 2365, Springer-Verlag, 2002, pp. 143–148.
 
11
See Sect. 3.​2 for the definitions of S N and A N , in case you have forgotten what these are.
 
12
Yes, her again. This time in a paper entitled Perfect Nonlinear S-boxes, presented at Eurocrypt ’91; LNCS 547, Springer-Verlag.
 
13
The superscript t denotes, as usual, the transpose.
 
14
Junod, P. and Vaudenay, S.: Perfect diffusion matrices for block ciphers; Proc. Selected Areas in Cryptography, SAC 2004, LNCS 3357, Springer-Verlag 2005.
 
15
MacWilliams, F.J. and Sloane, N.J.A.: The Theory of Error-Correcting Codes, North-Holland Publishing Co., Amsterdam, 1977.
 
16
If the standard form is used in a code, the code is called systematic. When considering the code purely in its sense of a linear subspace, the form of the matrix does not matter, of course; the vital point is what subspace the row vectors actually span.
 
17
In particular every 1 × 1 submatrix is non-singular, so an MDS matrix cannot contain any 0 entries. This explains why in consideration of MDS matrices we have to use fields other than GF(2), even if we restrict ourselves to fields of characteristic 2. The only binary MDS codes, i.e. codes over the alphabet {0, 1}, are the repetition codes with generator matrices of the form
$$\displaystyle{(111\ldots 1)}$$
and their duals, the even weight codes. We leave the proof of this as an easy exercise. But see Sect. 9.5.7.
 
18
Gupta, K.C. and Ray, I.G.: On constructions of MDS matrices from companion matrices for lightweight cryptography; IACR ePrint Archive 2013/056.
 
19
See Xiao, L. and Heys, H.M.: Hardware design and analysis of block cipher components. Proc. 5th International Conference on Information Security and Cryptology—ICISC 2002, Seoul, LNCS 2587, Springer-Verlag.
 
20
These figures are from Daemen, J., Knudsen, L. and Rijmen, V.: The block cipher SQUARE, Proc. Fast Software Encryption (FSE) 1997, LNCS 1267, Springer-Verlag. pp. 149–165. (SQUARE was an ancestor of Rijndael.)
 
21
See Gligor, V.D.: Light-Weight Cryptography—How Light is Light?; Keynote presentation at the Information Security Summer School, Florida State University. Available for download at http://​www.​sait.​fsu.​edu/​conferences/​2005/​is3/​resources/​slides/​gligorv-cryptolite.​ppt /​conferences/​2005/​is3/​resources/​slides/​gligorv-cryptolite ppt, May 2005.
An investigation of how suitable currently standardised algorithms are for these purposes has been carried out by a team from the University of Luxembourg: Dinu, D., Le Corre, Y., Khovratovich, D., Perrin, L., Johann Großsädl, J. and Biryukov, A.: Triathlon of lightweight block ciphers for the Internet of Things, IACR ePrint Archive, 2015/209.
 
22
Kwon, D., Sung, S.H., Song, J.H. and Park, S.: Design of block ciphers and coding theory, Trends in Mathematics 8 (2005), 13–20.
 
23
The well-known [7,4,3] Hamming code, in fact.
 
Metadaten
Titel
Applications to Block Ciphers
verfasst von
Alko R. Meijer
Copyright-Jahr
2016
Buch
Algebra for Cryptologists

Print ISBN: 978-3-319-30395-6

Electronic ISBN: 978-3-319-30396-3

Copyright-Jahr: 2016

DOI
https://doi.org/10.1007/978-3-319-30396-3_9

Premium Partner

    Bildnachweise