Vector Boolean Functions: Applications in Symmetric Cryptography José Antonio Álvarez Cubero Departamento de Matemática Aplicada a las Tecnologías de la Información y las Comunicaciones Universidad Politécnica de Madrid This dissertation is submitted for the degree of Doctor Ingeniero de Telecomunicación Escuela Técnica Superior de Ingenieros de Telecomunicación November 2015 I would like to thank my wife, Isabel, for her love, kindness and support she has shown during the past years it has taken me to finalize this thesis. Furthermore I would also liketo thank my parents for their endless love and support. Last but not least, I would like to thank my loved ones such as my daughter and sisters who have supported me throughout entire process, both by keeping me harmonious and helping me putting pieces together. I will be grateful forever for your love. Declaration The following papers have been published or accepted for publication, and contain material based on the content of this thesis. 1. [7] Álvarez-Cubero, J. A. and Zufiria, P. J. (expected 2016). Algorithm xxx: VBF: A library of C++ classes for vector Boolean functions in cryptography. ACM Transactions on Mathematical Software. (In Press: http://toms.acm.org/Upcoming.html) 2. [6] Álvarez-Cubero, J. A. and Zufiria, P. J. (2012). Cryptographic Criteria on Vector Boolean Functions, chapter 3, pages 51–70. Cryptography and Security in Computing, Jaydip Sen (Ed.), http://www.intechopen.com/books/cryptography-and-security-in-computing/ cryptographic-criteria-on-vector-boolean-functions. (Published) 3. [5] Álvarez-Cubero, J. A. and Zufiria, P. J. (2010). A C++ class for analysing vector Boolean functions from a cryptographic perspective. In Katsikas, S. K. and Samarati, P., editors, SECRYPT 2010 - Proceedings of the International Conference on Security and Cryptography, Athens, Greece, July 26-28, 2010, SECRYPT is part of ICETE - The International Joint Conference on e-Business and Telecommunications, pages 512–520. SciTePress. (Published) 4. [4] Álvarez-Cubero, J. A. and Zufiria, P. J. (2005). Aplicaciones de la transformada de Walsh al criptoanaálisis lineal y diferencial. In Domínguez, A. P. and Caballero-Gil, P., editors, I Simposio sobre Seguridad Informaática (SSI 2005), pages 11–18. Thomson. (Published) José Antonio Álvarez Cubero November 2015 Acknowledgements I would like to thank all the people who have helped me through the years along the route. I would like to express my gratitude to my supervisor Prof. Pedro J. Zufiria for the useful comments, remarks and engagement through the learning process of this thesis. I would also like to acknowledge the editor and reviewers of the journals I published the papers related to this thesis. viii Resumen Esta tesis establece los fundamentos teóricos y diseña una colección abierta de clases C++ denominada VBF (Vector Boolean Functions) para analizar funciones booleanas vectoriales (funciones que asocian un vector booleano a otro vector booleano) desde una perspectiva criptográfica. Esta nueva implementación emplea la librería NTL de Victor Shoup, incor- porando nuevos módulos que complementan a las funciones de NTL, adecuándolas para el análisis criptográfico. La clase fundamental que representa una función booleana vectorial se puede inicializar de manera muy flexible mediante diferentes estructuras de datas tales como la Tabla de verdad, la Representación de traza y la Forma algebraica normal entre otras. De esta manera VBF permite evaluar los criterios criptográficos más relevantes de los algoritmos de cifra en bloque y de stream, así como funciones hash: por ejemplo, proporciona la no-linealidad, la distancia lineal, el grado algebraico, las estructuras lineales, la distribución de frecuencias de los valores absolutos del espectro Walsh o del espectro de autocorrelación, entre otros criterios. Adicionalmente, VBF puede llevar a cabo operaciones entre funciones booleanas vectoriales tales como la comprobación de igualdad, la composición, la inver- sión, la suma, la suma directa, el bricklayering (aplicación paralela de funciones booleanas vectoriales como la empleada en el algoritmo de cifra Rijndael), y la adición de funciones coordenada. La tesis también muestra el empleo de la librería VBF en dos aplicaciones prácticas. Por un lado, se han analizado las características más relevantes de los sistemas de cifra en bloque. Por otro lado, combinando VBF con algoritmos de optimización, se han diseñado funciones booleanas cuyas propiedades criptográficas son las mejores conocidas hasta la fecha. Abstract This thesis develops the theoretical foundations and designs an open collection of C++ classes, called VBF, designed for analyzing vector Boolean functions (functions that map a Boolean vector to another Boolean vector) from a cryptographic perspective. This new implementation uses the NTL library from Victor Shoup, adding new modules which complement the existing ones making VBF better suited for cryptography. The fundamental class representing a vector Boolean function can be initialized in a flexible way via several alternative types of data structures such as Truth Table, Trace Representation, Algebraic Normal Form (ANF) among others. This way, VBF allows the evaluation of the most relevant cryptographic criteria for block and stream ciphers as well as for hash functions: for instance, it provides the nonlinearity, the linearity distance, the algebraic degree, the linear structures, the frequency distribution of the absolute values of the Walsh Spectrum or the Autocorrelation Spectrum, among others. In addition, VBF can perform operations such as equality testing, composition, inversion, sum, direct sum, bricklayering (parallel application of vector Boolean functions as employed in Rijndael cipher), and adding coordinate functions of two vector Boolean functions. This thesis also illustrates the use of VBF in two practical applications. On the one hand, the most relevant properties of the existing block ciphers have been analysed. On the other hand, by combining VBF with optimization algorithms, new Boolean functions have been designed which have the best known cryptographic properties up-to-date. Table of contents List of figures xix List of tables xxi 1 Introduction5 1.1 Information Security . .5 1.2 Motivation . .8 1.3 Objectives and Outcomes of the Thesis . .9 1.4 Structure of the Thesis . 11 2 Fundamentals of Block Ciphers and the VBF Library 13 2.1 Basic Theoretical Background . 13 2.1.1 Definitions . 14 2.2 Block Ciphers . 16 2.2.1 Mini-AES Cipher . 17 2.2.2 KASUMI Cipher . 22 2.2.3 DES Cipher . 23 2.2.4 AES Cipher . 25 2.3 VBF (Vector Boolean Functions) library . 30 2.3.1 Features . 30 2.3.2 State-of-the-art on Vector Boolean Functions Analysis Software . 34 3 Representations and Characterizations 37 3.1 Truth Table . 39 3.1.1 Description . 39 3.1.2 Library . 40 3.2 Trace Representation . 45 3.2.1 Description . 45 3.2.2 Library . 46 xiv Table of contents 3.3 Polynomials in ANF . 49 3.3.1 Description . 49 3.3.2 Library . 49 3.4 ANF Table . 51 3.4.1 Description . 51 3.4.2 Library . 51 3.5 Image . 53 3.5.1 Description . 53 3.5.2 Library . 54 3.6 Walsh Spectrum . 55 3.6.1 Description . 55 3.6.2 Library . 65 3.7 Linear Profile and Linear Cryptanalysis . 67 3.7.1 Description . 67 3.7.2 Library . 70 3.8 Differential Profile and Differential Cryptanalysis . 73 3.8.1 Description . 73 3.8.2 Library . 76 3.9 Autocorrelation Spectrum . 79 3.9.1 Description . 79 3.9.2 Linear structures . 81 3.9.3 Library . 82 3.10 Affine Function and Affine Equivalence . 84 3.10.1 Description . 84 3.10.2 Library . 87 3.11 Cycle Structure, Fixed Points and Negated Fixed Points . 90 3.11.1 Description . 90 3.11.2 Library . 91 3.12 Permutation Vector . 93 3.12.1 Description . 93 3.12.2 Library . 93 3.13 DES Representations . 94 3.13.1 Description . 94 3.13.2 Library . 95 3.14 Auxiliary Functions . 99 3.15 Summary . 100 Table of contents xv 4 Cryptographic Criteria 103 4.1 Introduction . 103 4.1.1 Definitions . 103 4.1.2 Cryptographically Weak Functions . 105 4.2 Algebraic Degree . 105 4.2.1 Description . 105 4.2.2 Library . 106 4.3 Nonlinearity . 110 4.3.1 Description . 110 4.3.2 Library . 113 4.4 r-th Order Nonlinearity . 116 4.4.1 Description . 116 4.4.2 Library . 117 4.5 Balancedness . 118 4.5.1 Description . 118 4.5.2 Library . 119 4.6 Correlation Immunity . 121 4.6.1 Description . 121 4.6.2 Library . 123 4.7 Algebraic Immunity . 124 4.7.1 Description . 124 4.7.2 Library . 125 4.8 Global Avalanche Criterion . 127 4.8.1 Description . 127 4.8.2 Library . 127 4.9 Linearity Distance . ..