Project Details
Projekt Print View

Application Specific Block Ciphers and a Focus on the Linear Layer

Subject Area Theoretical Computer Science
Term from 2015 to 2021
Project identifier Deutsche Forschungsgemeinschaft (DFG) - Project number 267225567
 
Final Report Year 2020

Final Report Abstract

This project dealt with the design and the analysis of symmetric cryptography. Symmetric cryptography is, due to its major advantages in efficiency compared to its public-key counterparts, used in virtual all applications that handle sensitive data. For this reason, it is of crucial importance to understand the security of the symmetric primitives used. Moreover, the rise of new application areas with new resource constrains calls for new ciphers that outperform the existing primitives in their specific application domain. In this context, the advanced encryption standard, the AES, can be seen as the swiss-army knife of block ciphers, it can be used for a lot of different applications, but it is not optimized for specific applications. This ongoing demand for new ciphers is in particular reflected in the competition that NIST started, calling for the future standards for lightweight ciphers. The results of this project helped to build a good basis for several candidates in this competition. Moreover, we gained new fundamental insights into the security requirements of ciphers. For the part concerning the design of ciphers, the aim of this project was to focus on the less understood linear part of the round function of block ciphers. This part, which simply corresponds to the multiplication with a binary matrix has to be chosen carefully to achieve the security criteria on the one hand and be efficiently implementable on the other hand. One interesting question in this context can be phrased informally as follows: How many XORs operations are needed to implement the multiplication with a fixed primitive element in a finite field of given order. Here, we do not care about how the field is represented nor about the exact element multiplied with. This freedom nicely left a lot of room for possible improvements and interesting theoretical considerations. Interesting and surprisingly, for the linear layer, the largest improvement in efficiency was achieved by the technically most trivial approach: We could show that simply applying known algorithms, to heuristically compute efficient implementations of binary matrices, outperforms many rather sophisticated improvements. The main reasons for this was that many papers focused on local rather than global optimizations within the linear layer. When it comes to new fundamental insights into the security of ciphers, we like to highlight the improved understanding with respect to invariant attacks. Here we were able to construct new ideas that allowed to break several block ciphers. In a second phase, we established new criteria to avoid those attacks. Those criteria are nicely related to properties of the linear part of the round function. Putting all this together, several new ciphers have been developed with different optimization criteria in mind. The most influential one among those is probably the cipher SKINNY. This has been designed as a direct, academic, competitor for the block cipher Simon designed by the US National Security Agency (NSA). The main challenge was to be as efficient as Simon but, in sharp contrast to the NSA design, give strong security arguments on why SKINNY is a secure cipher. The success of SKINNY can best be seen by noticing that it is used in practice already (in particular in the French COVID-app) and that several NIST lightweight candidates use SKINNY as their fundamental building block.

Publications

 
 

Additional Information

Textvergrößerung und Kontrastanpassung