AVALANCHE EFFECT IN THE FAMILY OF BLOCK CIPHERS

1
AVALANCHE EFFECT IN THE FAMILY OF BLOCK CIPHERS
SD-(n,k)
University Ss Cyril and Methodius Skopje, RM
S. Markovski, PhD A. Mileva, MSc D. Gligoroski,
PhD V. Dimitrova, MSc
NATO Advanced Research Workshop Velingrad, 21-25
October 2006
2

• Kerckoffs principle A cryptosystem should be
  secure even if everything about the system,
  except the key, is public knowledge.
• Shannon maxime The enemy knows the system.
• Bruce Schneier Every secret creates potential
  failure point.

3
Outline

• Introduction
• The family of block ciphers SD-(n,k)
• Avalanche effect in encryption
• Avalanche effect in decryption
• Future work
• Conclusion

4
Introduction

• Term first used by Horst Feistel
• The avalanche effect refers to a desirable
  property of cryptographic algorithms, typically
  block-ciphers and hash functions. The avalanche
  effect is evident if, when an input is changed
  slightly (for example, flipping a single bit) the
  output changes significantly.
• Constructing a cipher to exhibit a substantial
  avalanche effect is one of the primary design
  goals. If a block cipher does not exhibit the
  avalanche effect to a significant degree, then it
  has poor randomization, and thus a cryptanalyst
  can make predictions about the input, being given
  only the output. This may be sufficient to
  partially or completely break the algorithm.

5
The family of block ciphers SD-(n,k)

• Based is on quasigroup operations and quasigroup
  string transformations
• Arbitrary alphabet Aa0,a1,...,ar
• Quasigroup (A,) of order r and two of its
  parastrophes (A,\) and (A, /)
• e-, d-, e-, d- transformations

6
The family of block ciphers SD-(n,k)

• Blocks with length of n letters
• Key KK0K1...Kn4k-1, Ki?A , where k is number of
  repeating of 4 different quasigroup string
  transformations in encryption/decryption
  functions
• Input plaintext m0m1...mn-1, mi?A
• Output ciphertext c0c1...cn-1, ci?A

7
The family of block ciphers SD-(n,k)

• Subfamilies SD4-(n,k), SD16-(n,k),
• SD256-(n,k)
• For SD4-(n,k) examples in this talk we are
  using this quasigroup of order 4
• 0 1 2 3
• 1 2 3 0
• 3 0 1 2
• 2 3 0 1

8
The family of block ciphers SD-(n,k)
Key length in bits Key length in bits Key length in bits
k SD4-(40,k) SD16-(20,k) SD256-(10,k)
1 88 96 112
2 96 112 144
3 104 128 176
4 112 144 208
5 120 160 240
6 128 176 272
7 136 192 304
8 144 208 336
9 152 224 368
10 160 240 400
9
Example of avalanche effect in encryption in
SD4-(4,1) subfamily(flipping one bit in
plaintext)
10
Example of avalanche effect in encryption in
SD4-(4,2) subfamily(flipping one bit in
plaintext)
11
Example of avalanche effect in encryption in
SD4-(4,1) subfamily (flipping one bit in key)
12
Avalanche effect in encryption

• Block size of 80 bits
• Subtract-with-borrow random number generator with
  period 21492
• Examination for each k1,2,3,4,5,6,7,8,9,10 and
  for each subfamilies SD4-(40,k), SD16-(20,k)
  and SD256-(10,k)
• For every k, we use 1000 different random
  generated pairs of plaintext and keys
• We compute mean and standard deviation of bit
  differences in ciphertext

13
Avalanche effect in encryption

• Results for SD4-(40, k)
• Flipping one bit in plaintext cause already for
  k2 50 different bits in ciphertext
• Standard deviation is stabilized around 5,6 for
  k3
• Flipping one bit in key cause dropping of
  different bits in ciphertext from 50,57 for k1
  to 50,16 for k10
• Standard deviation drops from 6,31 for k2 to
  5,88 for k10

14
Avalanche effect in encryption

• Results for SD4-(40, k) different modes CBC,
  OFB and CFB
• Random generated key and plaintext of 10000 bits
• IV first n letter from key
• For OFB and CFB parameter r8
• Flipping one bit in last 4k letters in key cause
  already for k1 50 different bits in ciphertext
  in all modes
• Standard deviation varies between 0,28 and 0,49
  in all modes

15
Avalanche effect in encryption

• Results for SD16-(20, k)
• Flipping one bit in plaintext cause already for
  k1 50 different bits in ciphertext
• Standard deviation is stabilized around 5,6 for
  k2
• Flipping one bit in key cause dropping of
  different bits in ciphertext from 50,15 for k1
  to 50,05 for k10
• Standard deviation is stabilized around 5,6 for
  k2

16
Avalanche effect in encryption

• Results for SD16-(20, k) different modes CBC,
  OFB and CFB
• Random generated key and plaintext of 10000 bits
• IV first n letter from key
• For OFB and CFB parameter r8
• Flipping one bit in last 4k letters in key cause
  already for k1 50 different bits in ciphertext
  in all modes
• Standard deviation varies between 0,30 and 0,38
  in all modes

17
Avalanche effect in encryption

• Results for SD256-(10, k)
• Flipping one bit in plaintext cause already for
  k1 50 different bits in ciphertext
• Standard deviation is stabilized around 5,6 for
  k1
• Flipping one bit in key cause already for k1 50
  different bits in ciphertext
• Standard deviation is stabilized around 5,6 for
  k1

18
Avalanche effect in encryption

• Results for SD256-(10, k) different modes CBC,
  OFB and CFB
• Random generated key and plaintext of 10000 bits
• IV first n letter from key
• For OFB and CFB parameter r8
• Flipping one bit in last 4k letters in key cause
  already for k1 50 different bits in ciphertext
  in all modes
• Standard deviation varies between 0,32 and 0,42
  in all modes

19
Example of avalanche effect in decryption in
SD4-(4,1) subfamily (flipping one bit in
ciphertext)
20
Example of avalanche effect in decryption in
SD4-(4,2) subfamily (flipping one bit in
ciphertext)
21
Avalanche effect in decryption

• Avalanche effect in decryption function is not
  really a issue
• Avalanche effect in decryption function usually
  is not so significant as in encryption function

22
Avalanche effect in decryption

• Substract-with-borrow random number generator
  with period 21492
• Examination for each k1,2,...,20 and for each
  subfamilies SD4-(40,k), SD16-(20,k) and
  SD256-(10,k)
• For every k, we use 1000 different random
  generated pairs of ciphertext and keys
• We compute mean and standard deviation of bit
  differences in plaintext

23
Avalanche effect in decryption

• Results for SD4-(40, k)
• Flipping one bit in ciphertext cause growing up
  different bits in plaintext from 6,46 for k1 to
  38,55 for k10 and its stabilizing around 50
  for k19
• Standard deviation is stabilized around 5,6 for
  k19

24
Avalanche effect in decryption

• Results for SD16-(20, k)
• Flipping one bit in ciphertext cause growing up
  different bits in plaintext from 12,06 for k1
  and its stabilizing around 50 for k10
• Standard deviation is stabilized around 5,6 for
  k10

25
Avalanche effect in decryption

• Results for SD256-(10, k)
• Flipping one bit in ciphertext cause growing up
  different bits in plaintext from 22,05 for k1
  and its stabilizing around 50 for k5
• Standard deviation is stabilized around 5,6 for
  k5

26
Future work

• Cryptanalysis of SD-(n,k)
• linear cryptanalysis and its extensions and
  variants
• differential cryptanalysis and its extensions and
  variants
• multiset cryptanalysis
• other cryptanalysis
• Practical implementation
• Design improvement

27
Conclusion

• The SD-(n,k) is a new family of block ciphers,
  based on quasigroup string transformations and
  quasigroup operations
• The SD-(n,k) exhibit a substantial avalanche
  effect in encryption function
• Avalanche effect is evident in all basic modes of
  operation (ECB, CBC, OFB, CFB)
• Avalanche effect in decryption function is not so
  significant as in encryption function, which was
  expectable

28
Conclusion

• For avalanche effect, k must be at least
• 3, for SD4-(n,k) subfamily
• 2, for SD16-(n,k) subfamily
• 1, for SD256-(n,k) subfamily
• To satisfy today security needs for key length, k
  must be at least
• 6, for SD4-(n,k) subfamily
• 3, for SD16-(n,k) subfamily
• 2, for SD256-(n,k) subfamily

29
THANKS FOR YOUR ATTENTION