Imprimitive Permutation Groups and Trapdoors in Iterated Block Ciphers

نویسنده

Kenneth G. Paterson

چکیده

An iterated block cipher can be regarded as a means of producing a set of permutations of a message space. Some properties of the group generated by the round functions of such a cipher are known to be of cryptanalytic interest. It is shown here that if this group acts imprimitively on the message space then there is an exploitable weakness in the cipher. It is demonstrated that a weakness of this type can be used to construct a trapdoor that appears to be di cult to detect. An example of a DES-like cipher, resistant to both linear and di erential cryptanalysis that generates an imprimitive group and is easily broken, is given. Some implications for block cipher design are noted.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

On imprimitive rank 3 permutation groups

A classification is given of rank 3 group actions which are quasiprimitive but not primitive. There are two infinite families and a finite number of individual imprimitive examples. When combined with earlier work of Bannai, Kantor, Liebler, Liebeck and Saxl, this yields a classification of all quasiprimitive rank 3 permutation groups. Our classification is achieved by first classifying imprimi...

متن کامل

A Family of Trapdoor Ciphers

This paper presents several methods to construct trapdoor block ciphers. A trapdoor cipher contains some hidden structure; knowledge of this structure allows an attacker to obtain information on the key or to decrypt certain ciphertexts. Without this trapdoor information the block cipher seems to be secure. It is demonstrated that for certain block ciphers, trapdoors can be built-in that make t...

متن کامل

On the Data Complexity of Statistical Attacks Against Block Ciphers (full version)

Many attacks on iterated block ciphers rely on statistical considerations using plaintext/ciphertext pairs to distinguish some part of the cipher from a random permutation. We provide here a simple formula for estimating the amount of plaintext/ciphertext pairs which is needed for such distinguishers and which applies to a lot of different scenarios (linear cryptanalysis, differentiallinear cry...

متن کامل

A note on some algebraic trapdoors for block ciphers

We provide sufficient conditions to guarantee that a translation based cipher is not vulnerable with respect to the partition-based trapdoor. This trapdoor has been introduced, recently, by Bannier et al. (2016) and it generalizes that introduced by Paterson in 1999. Moreover, we discuss the fact that studying the group generated by the round functions of a block cipher may not be sufficient to...

متن کامل