High Performance Computing Techniques for Attacking Reduced Version of AES Using XL and XSL Methods Elizabeth Kleiman Iowa State University

High Performance Computing Techniques for Attacking Reduced Version of AES Using XL and XSL Methods Elizabeth Kleiman Iowa State University

Iowa State University Capstones, Theses and Graduate Theses and Dissertations Dissertations 2010 High Performance Computing techniques for attacking reduced version of AES using XL and XSL methods Elizabeth Kleiman Iowa State University Follow this and additional works at: https://lib.dr.iastate.edu/etd Part of the Mathematics Commons Recommended Citation Kleiman, Elizabeth, "High Performance Computing techniques for attacking reduced version of AES using XL and XSL methods" (2010). Graduate Theses and Dissertations. 11473. https://lib.dr.iastate.edu/etd/11473 This Dissertation is brought to you for free and open access by the Iowa State University Capstones, Theses and Dissertations at Iowa State University Digital Repository. It has been accepted for inclusion in Graduate Theses and Dissertations by an authorized administrator of Iowa State University Digital Repository. For more information, please contact [email protected]. High Performance Computing techniques for attacking reduced version of AES using XL and XSL methods by Elizabeth Kleiman A dissertation submitted to the graduate faculty in partial fulfillment of the requirements for the degree of DOCTOR OF PHILOSOPHY Co-majors: Mathematics; Computer Science Program of Study Committee: Clifford Bergman, Co-major Professor David Fernndez-Baca, Co-major Professor Maria Axenovich Giora Slutzki Srinivas Aluru Iowa State University Ames, Iowa 2010 Copyright c Elizabeth Kleiman, 2010. All rights reserved. ii DEDICATION This thesis is dedicated to my family. To my husband and children for their love and support. To my parents, who have raised me to be the person I am today. Thank you for believing in me along the way. iii TABLE OF CONTENTS LIST OF TABLES . v LIST OF FIGURES . vii ACKNOWLEDGEMENTS . ix ABSTRACT . x CHAPTER 1. A General Overview and Introduction . 1 1.1 Introduction . 1 1.2 Thesis Organization . 2 PART I Cryptography: The XL and XSL attack on Baby Rijndael 4 CHAPTER 2. Rijndael - AES - Advanced Encryption Standard . 5 2.1 Definitions . 5 2.1.1 Cryptography Definitions . 5 2.1.2 Algebra Definitions . 9 2.2 AES . 10 2.3 Rijndael Structure . 11 2.4 Rijndael and GF (28)................................. 13 CHAPTER 3. Baby Rijndael . 17 3.1 Baby Rijndael structure . 17 3.1.1 Introduction . 17 3.1.2 The cipher . 18 3.2 Baby Rijndael S-box Structure . 20 iv 3.3 Example . 22 3.3.1 Example for Key Schedule . 22 3.3.2 Example for Encryption . 23 CHAPTER 4. The XL and XSL attacks . 24 4.1 MQ problem . 24 4.2 Relinearization technique . 25 4.3 The XL method for solving MQ problem . 26 4.4 The XSL attack on MQ problem . 29 CHAPTER 5. The XL and XSL attacks on Baby Rijndael . 32 5.1 The XL attack on one round of Baby Rijndael . 32 5.1.1 Constructing equations . 32 5.1.2 Applying XL attack on equations . 36 5.2 XL and XSL attack on four round Baby Rijndael . 37 5.2.1 Equations for four round Baby Rijndael . 37 5.2.2 The XL method for four round Baby Rijndael . 39 5.2.3 The XSL method for four round Baby Rijndael . 40 PART II Linear Algebra: Methods for solving sparse systems of linear equations 45 CHAPTER 6. Direct Methods: Gauss Elimination . 46 6.1 Introduction . 46 6.2 Definitions. 47 6.3 Gaussian Elimination . 49 6.4 Reordering . 50 PART III High Performance Computing: SPSOLVEMOD2 52 CHAPTER 7. Introduction . 53 v CHAPTER 8. SPSOLVEMOD2 Solver: Implementation Overview . 56 8.1 General Information . 56 8.2 Data Structure: Matrixblock . 57 8.3 I/O . 59 8.4 Reorder . 61 8.5 Load Balance . 61 8.6 Gauss Elimination . 62 8.7 Finding the Solutions . 65 CHAPTER 9. SPSOLVEMOD2 Solver: Experimental Results . 66 9.1 Experimental Platforms . 66 9.2 Random Matrices . 67 9.3 Performance results for small random matrices . 68 9.4 Performance results for large random matrices . 69 9.5 Performance results of experimental platforms . 72 CHAPTER 10. Conclusions . 76 BIBLIOGRAPHY . 78 vi LIST OF TABLES Table 3.1 S-box table lookup. 19 Table 3.2 Different representations for GF (24) elements. 21 Table 3.3 The inverse elements. 22 Table 5.1 S-box space matrix. 43 Table 5.2 Values of ti.................................. 44 vii LIST OF FIGURES Figure 2.1 Iterative block cipher with three rounds. 7 Figure 2.2 Key-alternating block cipher with two rounds. 8 Figure 2.3 The matrices A and K............................ 11 Figure 2.4 The M matrix. 12 Figure 2.5 The affine transformation. 13 Figure 2.6 SubBytes. 15 Figure 2.7 ShiftRows. 15 Figure 2.8 MixColumns. 16 Figure 2.9 AddRoundKey. 16 Figure 3.1 SubBytes operation. 19 Figure 3.2 ShiftRows operation. 19 Figure 3.3 MixColumn operation. 20 Figure 3.4 The affine transformation for Baby Rijndael. 21 Figure 5.1 One round of Baby Rijndael. 35 Figure 5.2 Four rounds of Baby Rijndael. 38 Figure 7.1 Shared Memory Model. 53 Figure 7.2 Distributed Memory Model. 54 Figure 8.1 Conversion of a system of equations into augmented matrix. 56 Figure 8.2 Matrix and corresponding input file. 59 Figure 8.3 Matrixblock for input file from Figure 8.2 and 2 processors. 60 viii Figure 8.4 Load Balance. 62 Figure 9.1 Matrices 1 and 2. 69 Figure 9.2 Matrix 1. 70 Figure 9.3 Matrix 2. 70 Figure 9.4 Matrix 3, 4 and 5. 71 Figure 9.5 Matrix 3. 72 Figure 9.6 Matrix 4. 72 Figure 9.7 Matrix 5. 73 Figure 9.8 Lightning. 73 Figure 9.9 LightningSMP. 74 Figure 9.10 Cyblue. 74 Figure 9.11 Grid5000. 75 ix ACKNOWLEDGEMENTS I would like to take this opportunity to express my thanks to those who helped me with various aspects of conducting research and the writing of this dissertation. First and foremost, Prof. Clifford Bergman for his guidance, patience and support throughout this research and the writing of this dissertation. I would also like to thank Prof. David Fernndez-Baca, Prof. Giora Slutzki, Prof. Maria Axenovich and Prof. Srinivas Aluru for their efforts and contributions to this work. I would like to thank Camille Coti for her help on running experiments. Some of the exper- iments presented in this paper were carried out using the Grid'5000 experimental testbed, be- ing developed under the INRIA ALADDIN development action with support from CNRS, RE- NATER and several Universities as well as other funding bodies (see https://www.grid5000.fr). I gratefully acknowledge the help and support provided by Iowa State University HPC Group (Prof. Glenn Luecke, Dr. James Coyle, Dr. Marina Kraeva and Dr. James Hoekstra). I would like to thank Steve Nystrom for his help with Cybluegene. x ABSTRACT A known-plaintext attack on the Advanced Encryption Standard can be formulated as a system of quadratic multivariate polynomial equations in which the unknowns represent key bits. Algorithms such as XSL and XL use properties of the cipher to build a sparse system of linear equations over the field GF(2) from those multivariate polynomial equations. A scaled down version of AES called Baby Rijndael has structure similar to AES and can be attacked using the XL and XSL techniques among others. This results in a large sparse system of linear equations over.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    91 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us