Ph.D. Defence Elmar Tischhauser - Mathematical Aspects of Symmetric-Key Cryptography
Start date: 25/05/2012
Location: Aula van de Tweede Hoofdwet
For a cryptographic algorithm to be useful, it is important to have a good understanding to which extent it actually achieves the intended security goals. Progress in understanding how to analyse ("break") cryptographic algorithms is going to improve our understanding of how to design them, and vice versa. At the same time, obtaining rigorous statements about the security guarantees offered by algorithms on the one hand, and the power of attacks on the other hand is an important complement to the perpetual interplay between cryptanalysis and design.
This thesis is dedicated to the study of symmetric-key cryptographic algorithms, which form the backbone of virtually all security systems. It aims at improving the understanding of these algorithms by extending the mathematical foundations regarding design, analysis, and security proofs of symmetric algorithms.
As a first contribution, we propose nonsmooth cryptanalysis, a novel technique for the analysis of symmetric algorithms based on the application of methods from nonsmooth optimisation to the solving of equations over finite fields of characteristic two. We then focus on rebound attacks, a powerful recent method for the cryptanalysis of hash functions. In this context, we demonstrate new extensions of
this attack on the hash function GrÝstl-0, and analyse how to design a hash function which is resistant to rebound attacks, leading to the new hash function Whirlwind.
Incorporating the advances in cryptanalysis into new design criteria also requires a rigorous understanding of the exact power of these attacks. We study two important cryptanalysis methods, linear cryptanalysis and differential attacks using structures, and obtain more precise and realistic mathematical models for the complexity analysis of these attacks. In both cases, we base our study on a deepened analysis of the statistical phenomena exploited by these attacks.
Complementing this analysis, we consider the question of ideal statistical behaviour with regard to linear and differential cryptanalysis and some of their extensions, providing an explicit characterisation of a reference point for resistance against these attacks.
Finally, we study key-alternating ciphers from a structural point of view. With the ubiquitous Advanced Encryption Standard (AES) belonging to this class, key-alternating ciphers are a particularly important way of constructing a block cipher. We prove that key-alternatingciphers can be considered a sound construction principle. In the context of its resistance to linear attacks, our study especially highlights the constructive effect of having multiple, but not too many rounds in such a design.