International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Anne Canteaut

Affiliation: Inria, France

Publications

Year
Venue
Title
2019
EUROCRYPT
bison Instantiating the Whitened Swap-Or-Not Construction 📺
We give the first practical instance – bison – of the Whitened Swap-Or-Not construction. After clarifying inherent limitations of the construction, we point out that this way of building block ciphers allows easy and very strong arguments against differential attacks.
2019
TOSC
A General Proof Framework for Recent AES Distinguishers
In this paper, a new framework is developed for proving and adapting the recently proposed multiple-of-8 property and mixture-differential distinguishers. The above properties are formulated as immediate consequences of an equivalence relation on the input pairs, under which the difference at the output of the round function is invariant. This approach provides a further understanding of these newly developed distinguishers. For example, it clearly shows that the branch number of the linear layer does not influence the validity of the property, on the contrary of what was previously believed. We further provide an extension of the mixture-differential distinguishers and multiple-of-8 property to any SPN and to a larger class of subspaces. These adapted properties can then be exhibited in a systematic way for other ciphers than the AES. We illustrate this with the examples of Midori, Klein, LED and Skinny.
2018
JOFC
2018
TOSC
On the Boomerang Uniformity of Cryptographic Sboxes
Christina Boura Anne Canteaut
The boomerang attack is a cryptanalysis technique against block ciphers which combines two differentials for the upper part and the lower part of the cipher. The dependency between these two differentials then highly affects the complexity of the attack and all its variants. Recently, Cid et al. introduced at Eurocrypt’18 a new tool, called the Boomerang Connectivity Table (BCT) that permits to simplify this complexity analysis, by storing and unifying the different switching probabilities of the cipher’s Sbox in one table. In this seminal paper a brief analysis of the properties of these tables is provided and some open questions are raised. It is being asked in particular whether Sboxes with optimal BCTs exist for even dimensions, where optimal means that the maximal value in the BCT equals the lowest known differential uniformity. When the dimension is even and differs from 6, such optimal Sboxes correspond to permutations such that the maximal value in their DDT and in their BCT equals 4 (unless APN permutations for such dimensions exist). We provide in this work a more in-depth analysis of boomerang connectivity tables, by studying more closely differentially 4-uniform Sboxes. We first completely characterize the BCT of all differentially 4-uniform permutations of 4 bits and then study these objects for some cryptographically relevant families of Sboxes, as the inverse function and quadratic permutations. These two families provide us with the first examples of differentially 4-uniform Sboxes optimal against boomerang attacks for an even number of variables, answering the above open question.
2018
EUROCRYPT
Desperately Seeking Sboxes
Anne Canteaut
2018
TOSC
Nonlinear Approximations in Cryptanalysis Revisited
This work studies deterministic and non-deterministic nonlinear approximations for cryptanalysis of block ciphers and cryptographic permutations and embeds it into the well-understood framework of linear cryptanalysis. For a deterministic (i.e., with correlation ±1) nonlinear approximation we show that in many cases, such a nonlinear approximation implies the existence of a highly-biased linear approximation. For non-deterministic nonlinear approximations, by transforming the cipher under consideration by conjugating each keyed instance with a fixed permutation, we are able to transfer many methods from linear cryptanalysis to the nonlinear case. Using this framework we in particular show that there exist ciphers for which some transformed versions are significantly weaker with regard to linear cryptanalysis than their original counterparts.
2017
CRYPTO
2017
TOSC
Refined Probability of Differential Characteristics Including Dependency Between Multiple Rounds
The current paper studies the probability of differential characteristics for an unkeyed (or with a fixed key) construction. Most notably, it focuses on the gap between two probabilities of differential characteristics: probability with independent S-box assumption, pind, and exact probability, pexact. It turns out that pexact is larger than pind in Feistel network with some S-box based inner function. The mechanism of this gap is then theoretically analyzed. The gap is derived from interaction of S-boxes in three rounds, and the gap depends on the size and choice of the S-box. In particular the gap can never be zero when the S-box is bigger than six bits. To demonstrate the power of this improvement, a related-key differential characteristic is proposed against a lightweight block cipher RoadRunneR. For the 128-bit key version, pind of 2−48 is improved to pexact of 2−43. For the 80-bit key version, pind of 2−68 is improved to pexact of 2−62. The analysis is further extended to SPN with an almost-MDS binary matrix in the core primitive of the authenticated encryption scheme Minalpher: pind of 2−128 is improved to pexact of 2−96, which allows to extend the attack by two rounds.
2016
CRYPTO
2016
FSE
2016
FSE
2015
EPRINT
2015
EPRINT
2015
EPRINT
2015
EPRINT
2015
EUROCRYPT
2014
EPRINT
2014
FSE
2013
CRYPTO
2013
FSE
2012
ASIACRYPT
2011
FSE
2002
EUROCRYPT
2000
EUROCRYPT
2000
EUROCRYPT
2000
FSE
1999
FSE
1998
ASIACRYPT
1996
CRYPTO
1996
EUROCRYPT

Program Committees

FSE 2020
FSE 2019
FSE 2018
FSE 2017
Asiacrypt 2016
Crypto 2016
Eurocrypt 2015
Crypto 2015
FSE 2015
FSE 2014
Asiacrypt 2013
FSE 2013
FSE 2012
FSE 2011
Eurocrypt 2010
FSE 2008
Eurocrypt 2007
FSE 2006
FSE 2005
Crypto 2004
FSE 2003