Indifferentiability of the Confusion-Diffusion Network and the Cascade Block Cipher

Document Type

Conference Article

Publication Title

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Abstract

Substitution Permutation Networks (SPNs) are widely used in the design of modern symmetric cryptographic building blocks. In their Eurocrypt 2016 paper titled ‘Indifferentiability of Confusion-Diffusion Networks’, Dodis et al. theorized such SPNs as Confusion-Diffusion networks and established their provable security in Maurer’s indifferentiability framework. Guo et al. extended this work to non-linear Confusion-Diffusion networks (NLCDNs), i.e., networks using non-linear permutation layers, in weaker indifferentiability settings. The authors provided a security proof in the sequential indifferentiability model for the 3-round NLCDN and exhibited the tightness of the positive result by providing an (incorrect) attack on the 2-round NLCDN. In this paper, we provide a corrected attack on the 2-round NLCDN. Our attack on the 2-round CDN is primitive-construction-sequential, implying that the construction is not secure even in the weaker sequential indifferentiability setting of Mandal et al. In their paper titled ‘Revisiting Cascade Ciphers in Indifferentiability Setting’, Guo et al. showed that four stages are necessary and sufficient to realize an ideal -block cipher using the cascade of independent ideal -block ciphers with two alternated independent keys, in the indifferentiability paradigm (where a (k, n)-blockcipher has k-bit key space and n-bit message space). As part of their negative results, Guo et al. provided attacks for the 2-round and 3-round cascade constructions with two alternating keys. Further, they gave a heuristic outline of an attack on the 3-round cascade construction with (certain) stronger key schedules. As the second half of this paper, we formalize the attack explored by Guo et al. on the 3-round cascade construction with stronger key schedules and extend the same to any 2n-bit to 3n-bit non-idealized key scheduling function.

First Page

178

Last Page

195

DOI

10.1007/978-3-031-33017-9_12

Publication Date

1-1-2023

This document is currently not available here.

Share

COinS