Analysis of probabilities of differentials for block cipher “Kalyna” (DSTU 7624:2014)
Journal Title: Восточно-Европейский журнал передовых технологий - Year 2018, Vol 4, Issue 9
Abstract
<p class="a"><span lang="EN-US">The adaptation and application of the method for estimating the upper bound of the probability of tworound differentials for the block symmetric cipher Kalyna is carried out. This cipher was adopted as the Ukrainian standard DSTU 7624: 2014 in 2015. Known methods allow getting only the approximate value of this parameter for this cipher or cannot be applied explicitly through the structural features of this cipher. Using the approximate probability of tworound differentials gives an even greater error in the evaluation of the probabilities of differentials with a large number of rounds, as well as in assessing the resistance of the encryption algorithm to other types of differential attacks.</span></p><p class="a"><span lang="EN-US">The main stages of the used method are the following: definition of the minimum number of active Sboxes; definition of the type of differential characteristic having the maximum probability; determination of the number and probabilities of additional differential characteristics.</span></p><p class="a"><span lang="EN-US">In the course of research, an adapted method has allowed clarifying the upper bound of the probability of 2round differentials for the cipher Kalyna significantly. This bound is ≈2–47.3 instead of 2–40 when using the method for nested SPN ciphers.</span></p><p class="a"><span lang="EN-US">The elaborated upper bound of the probability of 2round differentials allowed clarifying also the bound value of the probability of 4round differentials. For Kalyna128 (block size 128 bits), the value is specified 214.6 times, for Kalyna256 – 229.2 times, Kalyna512 – 258.4 times.</span></p><p class="a"><span lang="EN-US">The main advantage of the method adapted for the Kalyna cipher was the possibility of a significant specification of the upper bound of the probability of a 2round differential. The disadvantage of the adapted method is that assumptions are made, such as, for example, the use of one substitution instead of four in the original algorithm. The result of this assumption is that a real bound of the probability of 2round differentials could be even smaller.</span></p>
Authors and Affiliations
Victor Ruzhentsev, Valerii Sokurenko, Yuriy Ulyanchenko
Keywords
Related Articles
- EP ID EP528107
- DOI 10.15587/1729-4061.2018.139682
- Views 72
- Downloads 0
Development of a technology of vitaminized blended vegetable oils and their identification by the fatty acid and vitamin contents
<p class="a">Due to the comparative analyses of physicochemical properties and fatty acid composition of vegetable oils, a reasonable choice has been made. Namely, sunflower, pumpkin, flaxseed, and camelina oils have bee...
Development of the method for rapid detection of hazardous atmospheric pollution of cities with the help of recurrence measures
The method for rapid detection of hazardous pollution of the atmosphere of cities, which is based on dynamic measures of recurrence (repeatability) of the states of the pollution concentration vector, was developed. The...
Construction of the expert system of geospatial analysis that employs scenarios for the automated data generation for a digital map
<p>This paper reports a study into the formalization of algorithms for solving problems, the generation of data for digital maps, as well as their implementation, through a set of simple operations that would be intuitiv...
Forecasting the estimated time of arrival for a cargo dispatch delivered by a freight train along a railway section
<p>This paper reports a method for predicting the expected time of arrival (ETA) of a cargo dispatch taking into consideration determining the duration at which a freight train travels along a railroad section where trai...
Determining the maximally permissible values for the indicators of insulation of sealed entrance bushings with a voltage of 110 kV using the method of minimal risk
<p>A method for determining the maximally permissible values for the indicators of insulation of high-voltage oilfilled entrance bushings that ensure the minimal risk value has been proposed. The proposed method differs...