Analysis of probabilities of differentials for block cipher “Kalyna” (DSTU 7624:2014)
Journal Title: Восточно-Европейский журнал передовых технологий - Year 2018, Vol 4, Issue 9
Abstract
<p class="a"><span lang="EN-US">The adaptation and application of the method for estimating the upper bound of the probability of tworound differentials for the block symmetric cipher Kalyna is carried out. This cipher was adopted as the Ukrainian standard DSTU 7624: 2014 in 2015. Known methods allow getting only the approximate value of this parameter for this cipher or cannot be applied explicitly through the structural features of this cipher. Using the approximate probability of tworound differentials gives an even greater error in the evaluation of the probabilities of differentials with a large number of rounds, as well as in assessing the resistance of the encryption algorithm to other types of differential attacks.</span></p><p class="a"><span lang="EN-US">The main stages of the used method are the following: definition of the minimum number of active Sboxes; definition of the type of differential characteristic having the maximum probability; determination of the number and probabilities of additional differential characteristics.</span></p><p class="a"><span lang="EN-US">In the course of research, an adapted method has allowed clarifying the upper bound of the probability of 2round differentials for the cipher Kalyna significantly. This bound is ≈2–47.3 instead of 2–40 when using the method for nested SPN ciphers.</span></p><p class="a"><span lang="EN-US">The elaborated upper bound of the probability of 2round differentials allowed clarifying also the bound value of the probability of 4round differentials. For Kalyna128 (block size 128 bits), the value is specified 214.6 times, for Kalyna256 – 229.2 times, Kalyna512 – 258.4 times.</span></p><p class="a"><span lang="EN-US">The main advantage of the method adapted for the Kalyna cipher was the possibility of a significant specification of the upper bound of the probability of a 2round differential. The disadvantage of the adapted method is that assumptions are made, such as, for example, the use of one substitution instead of four in the original algorithm. The result of this assumption is that a real bound of the probability of 2round differentials could be even smaller.</span></p>
Authors and Affiliations
Victor Ruzhentsev, Valerii Sokurenko, Yuriy Ulyanchenko
Keywords
Related Articles
- EP ID EP528107
- DOI 10.15587/1729-4061.2018.139682
- Views 82
- Downloads 0
Studying the influence of design and operation mode parameters on efficiency of the systems of biochemical purification of emissions
<p>A procedure for evaluating efficiency of the systems of biological elimination of soluble and insoluble in water harmful gaseous substances as well as dissolved in water contaminants has been devised. The procedure is...
Comparison of products of whey proteins concentrate proteolysis, obtained by different proteolytic preparations
<p>An important source of bioactive peptides is hydrolyzed products based on milk whey: hypoallergenic products, hydrolyzates for baby food, and products for athletes. However, in their production, proteolytic preparatio...
Synthesis and implementation of fractional-order controllers in a current curcuit of the motor with series excitation
<p>We have synthesized and investigated fractional-order regulators, which provide for a series of technological processes the best indicators for the quality of transient process, specifically DC motors with series exci...
Development of the procedure for integrated application of scenario prediction methods
<p>The paper proposes a procedure for the integrated application of methods for scenario analysis and prediction, represented by graphs of the «tree» type. The task on analysis of risks in software projects has been cons...
Analog of the classical borel theorem for entire harmonic functions in ℝn and generalized orders
<p>The article describes research on the growth of functions that are harmonic in the whole space ℝ<sup>n</sup>, n≥3, and thus they are called entire harmonic.</p><p>A relation has been established between the maximum te...