Upper bounds for a branch number of matrices over a ring of integers modulo power of two

Authors

  • Олег Вікторович Курінний National Technical University of Ukraine «Igor Sikorsky Kyiv Polytechnic Institute»
  • Сергій Володимирович Яковлєв National Technical University of Ukraine «Igor Sikorsky Kyiv Polytechnic Institute»

DOI:

https://doi.org/10.18372/2410-7840.22.14661

Keywords:

branch number, ring of integers modulo n, binary matrices, differential cryptanalysis, linear cryptanalysis

Abstract

Branch number is a very important cryptographic parameter of linear mappings used in block ciphers. It significantly affects security against differential and linear cryptanalysis due to “wide trail strategy” of block cipher design. Many techniques are well known to generate linear mappings with maximal possible branch number in matrix form over finite fields (so-called MDS-matrices). In the same time operations over integers modulo power of two are important for cryptographic purposes. They are very efficient in modern computing architectures and increase security of cryptographic functions against algebraic attacks. But known techniques of MDS-matrix generating are not applicable to a ring of integers modulo composite number. In this work we proved that any square matrix over a ring of integers modulo even number cannot have a maximal branch number. We proved that the branch number of any square matrix over a ring of integers modulo power of two is invariant under reduction modulo 2. Thus, any analytic result known for binary matrices is valid for matrices modulo power of two, including upper bounds for the branch number. Consequently, the branch number of this type of matrix cannot exceed about two thirds of a matrix size. Also we formulated some requirements for binary matrices to obtain high value of the branch number; we show that such matrices cannot have both sparse (low weight) and dense (high weight) columns. At the end we shortly consider how the security of binary ciphers (e.g. ARIA or Midori) against linear and integral cryptanalysis can be increased by replacing binary matrix with matrix over a ring of integers modulo power of two in linear layer. The results of this work allow to create block ciphers with potentially improved security against algebraic and integral attacks and reasonable security against differential and linear cryptanalysis.

Author Biographies

Олег Вікторович Курінний, National Technical University of Ukraine «Igor Sikorsky Kyiv Polytechnic Institute»

student of Institute of Physics and Technology, National Technical University of Ukraine «Igor Sikorsky Kyiv Polytechnic Institute»

Сергій Володимирович Яковлєв, National Technical University of Ukraine «Igor Sikorsky Kyiv Polytechnic Institute»

Ph. D., assistant professor of Department of mathematical methods of information security, Institute of Physics and Technology, National Technical University of Ukraine «Igor Sikorsky Kyiv Polytechnic Institute»

References

В. Дідан, "Методи побудови MDS-матриць над скiнченними полями та кiльцями", Матеріали XIV Всеукраїнської науково-практичної конференції студентів, аспірантів та молодих вчених «Теоретичні і прикладні проблеми фізики, математики та інформатики» (26-28 травня 2016 р., Київ), К.: Видавництво «Політехніка», С. 89-90, 2016.

K. Aoki, T. Ichikawa, M. Kanda et al. "Camellia: a 128-Bit block cipher suitable for multiple platforms – design and analysis", SAC 2000, LNCS, vol. 2012, pp. 39-56, 2001.

S. Banik, A. Bogdanov, T. Isobe et al., "Midori: A Block Cipher for Low Energy", Cryptology ePrint Archive, Report 2015/1142. https://eprint.iacr.org/ 2015/1142.pdf.

J. Choy, K. Khoo, "New Applications of Differential Bounds of the SDS Structure", Cryptology ePrint Archive, Report 2008/395. https://eprint.iacr.org/2008/395.pdf.

J. Daemen, V. Rijmen, "The Rijndael Block Cipher", AES Proposal, 1998.

J. Daemen, V. Rijmen, "The Wide Trail Design Strategy", Cryptography and Coding, pp. 222-238, 2001. http://jda.noekeon.org/JDA_VRI_Wide_2001.pdf.

M. Kanda et al., "A New 128-bit Block Cipher E2", Technical Report of IEICE. ISEC98-12.

J. Kang et al, "Practical and Provable Security against Differential and Linear Cryptanalysis for Substitution-Permutation Networks", ETRI Journal, Vol. 23, No. 4, Dec, 2001.

T. Kranz, G. Leander, K. Stoffelen, F. Wiemer, "Shorter Linear Straight-Line Programs for MDS Matrices", Cryptology ePrint Archive, Report 2017/1151. https://eprint.iacr.org/2017/1151.pdf.

D. Kwon, J. Kim, S. Park et al., "New Block Cipher: ARIA", ICISC 2003: Information Security and Cryptology - ICISC 2003, pp. 432-445. http://www.math.snu.ac. kr/~jinhong/04Aria.pdf.

S. Park, S. Sung, S. Chee et al., "On the security of Rijndael-like structures against differential and linear cryptanalysis", Advances in Cryptology – ASIACRYPT, LNCS, vol. 2501, pp. 176-191, 2002.

G. Piret, J. Quisquater, "Integral Cryptanalysis on reduced-round Safer++", Cryptology ePrint Archive, Report 2003/033. https://eprint.iacr.org/2003/033.pdf.

Downloads

Published

2020-03-31

Issue

Vol. 22 No. 1 (2020)

Section

Articles

License

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).