Which of these are characteristics of block ciphers

Differential cryptanalysis was developed by Biham and Shamir in 1990 [4]. This cryptanalysis method is performed in the two stages of “design” and “execution”. In the design stage, a cryptanalyst finds the weaknesses of the cipher algorithm and uses them to find a high probability differential characteristic. In the execution stage, the cryptanalyst gathers sufficient pairs with suitable difference and tries to determine some bits of the last round key through a counting scheme. In order to find high probability differential characteristics in the design stage, a very large space must be searched, the size of which is of an exponential order with respect to the number of rounds of the block cipher. Heuristic techniques can be used to resolve this problem. Such techniques have been used in different cryptanalysis problems as reported in [13], [15], [17].

In order to more efficiently find differential characteristics, we have developed a modeling method to represent the differential operation of block ciphers [7], [8], [9]. Through this modeling scheme, the whole space of differential characteristics for a block cipher is represented as a multi-level weighted directed graph called the differential operation graph. Multi-branch paths are defined in these graphs, and it is proven that each differential characteristic for a block cipher corresponds to a multi-branch path in the differential operation graph of that block cipher [6]. In this way, finding the best differential characteristic for a block cipher is reduced to finding the minimum-weight multi-branch path between two known nodes in the proposed graph.

Neural network techniques have been used in different optimization problems such as VLSI placement, n-queen, clustering, packing, graph partitioning, graph coloring, network routing, shortest path finding and TSP. In this paper, we apply several neural network techniques to find the minimum-weight multi-branch path in the differential operation graph. We use the Hopfield network, the Boltzmann machine, the chaotic Hopfield network and the chaotic Boltzmann machine to find the minimum-weight multi-branch paths. We compare these techniques through efficiency and efficacy. We apply each of these techniques to find the 4-round, 5-round, 6-round and 7-round differential characteristics for Serpent block cipher. The optimization procedure is repeated 100 times in each case and the best result is considered as the suitable result.

We describe the modeling and the use of neural networks through applying it to Serpent block cipher. First a recurrent neural network is considered and the weight of each multi-branch path in differential operation graph is incorporated in the network cost function. Then the network algorithm is applied to minimize the cost function. In order to overcome the weakness of the network in converging to local minima, we also introduced simulated annealing and chaos in the learning algorithm.

The paper is organized as follows. Section 2 describes Serpent block cipher briefly. Section 3 describes the differential operation model of block cipher algorithms. In Section 4, we design a recurrent neural network to find the minimum-weight multi-branch path in the differential operation graph. In Sections 5 Optimization using Hopfield networks, 6 Optimization using Boltzmann machines, the ordinary and chaotic Hopfield network and Boltzmann machine are utilized to achieve the required minimization. Section 7 compares the results produced by the four selected networks and Section 8 concludes the paper.

The Serpent algorithm

Serpent [2] is a block cipher algorithm with a block size of 128 and a key size of 256 bits. Its structure is a SP-network, consisting of alternating layers of key mixing, S-boxes and linear transformation. Serpent has 32 rounds with a set of eight 4-bit to 4-bit S-boxes as shown in Table 1. In general, an m-bit to n-bit S-box is defined as a function S:{0,1}m → {0,1}n which maps an m-bit value to an n-bit value. For example, S-box3 of Serpent maps 8hex = 1000bin to Dhex = 1101bin.

The cipher may be

Differential operation model of block cipher algorithms

In [7], [8] we proposed a differential operation model for finding suitable differential characteristics for block ciphers. This model represents an S-box with a directed weighted graph. For example, the difference distribution of the S-box3 of Serpent, which is shown in Table 2, is represented in Fig. 1.

To obtain the differential operation graph of a block cipher, first the components of the block cipher are modeled. Then the split and the concatenate graphs are used to join the differential

The neural network structure

We designed a recurrent neural network to find the minimum-weight multi-branch path in a differential operation graph. First, the neural network corresponding to each S-box is defined. Then, the neural network corresponding to a block cipher is formed based on its S-box neural networks. In this network, the cost function indicates the weight of multi-branch path in the differential operation graph. So, to find the minimum-weight multi-branch path, the cost function must be minimized.

Optimization using Hopfield networks

Hopfield is an associative neural network proposed in 1982 [10]. In 1985, Hopfield and Tank extended the use of this network to optimization tasks [11]. In this section, the Hopfield network is used to minimize the cost function described in the previous section.

Optimization using Boltzmann machines

Another solution to remedy the shortcoming of the Hopfield network is the use of simulated annealing in the Boltzmann machine [1], [3]. In this section, we explore this option.

Comparison

To compare the performance of the above techniques, we applied them to find 4-round, 5-round, 6-round and 7-round differential characteristics for the Serpent block cipher. The optimization procedure was repeated 100 times in each case and the best results were considered. Table 3 shows the complexity of these techniques, and Table 4 the number of convergences to a suitable result in 100 executions of the optimization procedure.

These tables show that using simulated annealing in the Boltzmann

Conclusion

In this paper, we proposed to find the minimum-weight multi-branch path in the differential operation graph using recurrent neural networks. To find the minimum-weight multi-branch path, we must minimize the cost function of the proposed neural network. First, we used the Hopfield network to minimize the cost function. But the results showed that the probability of convergence of the Hopfield network to local minima increases when the number of rounds of block cipher algorithm is increased. To

Cited by (21)

• A unified method for finding impossible differentials of block cipher structures

  2014, Information Sciences

  Suppose that the block cipher has m rounds, first, the adversary chooses several pairs of plaintexts which satisfy the input of the impossible differential; next he guesses the last m − r round subkeys and decrypts the corresponding ciphertexts to the rth round, and verifies whether one of the decrypted pairs matches the output of the impossible differential. One can conclude that the last m − r round subkey is wrong if any decrypted pair matches an impossible differential [2,17,8,11,12,16]. We propose an improved method, which we call the UID-method.

• Motion modeling and neural networks based yaw control of a biomimetic robotic fish

  2013, Information Sciences

  As stated above, yaw control is difficult to realize because of the complicated relationship between the motion of the robotic fish and the tail undulation law. One possible way to solve this complex problem is to use NN control methods, which have proved advantageous in controlling complicated plant models [2,6,7] and are popular in robot control. In this paper, an NN predictive control method is proposed to calculate the undulation law for the robotic fish’s yaw control.

• Security analysis of the public key algorithm based on Chebyshev polynomials over the integer ring ZN

  2011, Information Sciences

  Hence, elliptic curve cryptography (ECC) seems to be suitable for low computational devices such as smart cards. In recent years, there are many sparking works using chaos to construct cryptosystems [17,33,5,24,40,1,2,23,16,20,19,41,36,28,12,42], most of which are symmetric algorithms [17,33,5,24,40,1,2,23], but there are also some efforts to design asymmetric algorithms [16,20,34,19] and key agreement protocols [41,42,36,28,12]. It is worthy to note that many chaotic systems are defined over real numbers while traditional cryptography deals with systems mainly defined over finite fields.

• Mutation Hopfield neural network and its applications

  2011, Information Sciences

  However, the energy function of the HNN decreases rapidly only during the first few iterations. Thereafter, the network oscillates between neuron states with the same energy, and ultimately gets trapped in local minima [2]. The local minima problem is caused by the gradient descent dynamics of the binary HNN.

• Passive learning and input-to-state stability of switched Hopfield neural networks with time-delay

  2010, Information Sciences

  Among recurrent neural networks, Hopfield neural networks [12] are the most popular. They have been extensively studied and successfully applied in many areas such as combinatorial optimization, signal processing, and pattern recognition [11,1]. With the rapid development of intelligent control, hybrid systems have been studied because of their potential applications.

Recommended articles (6)