Abstract
An iterated block cipher can be regarded as a means of producing a set of permutations of a message space. Some properties of the group generated by the round functions of such a cipher are known to be of cryptanalytic interest. It is shown here that if this group acts imprimitively on the message space then there is an exploitable weakness in the cipher. It is demonstrated that a weakness of this type can be used to construct a trapdoor that may be difficult to detect. An example of a DES-like cipher, resistant to both linear and differential cryptanalysis that generates an imprimitive group and is easily broken, is given. Some implications for block cipher design are noted.
This work was supported by The Royal Society through its European Science Exchange Programme and the Swiss National Science Foundation, and was performed whilst the author was visiting ETH Zurich.
Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
C.M. Adams and S.E. Tavares, “The structured design of cryptographically good S-boxes,” Journal of Cryptology, 3, 27–41,1990.
E. Biham, A. Biryukov and A. Shamir, “Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials,” Proceedings of EUROCRYPT’99, LNCS, 1999.
E. Biham and A. Shamir, Differential cryptanalysis of the Data Encrpytion Standard, Springer-Verlag, New York, 1993.
K.W. Campbell and M. Wiener, “DES is not a group,” Proceedings of CRYPTO’92, LNCS 740, 512–520, 1993.
D. Coppersmith, “The Data Encryption Standard (DES) and its strength against attacks,” IBM Research Report, RC 18613, 1992.
D. Coppersmith and E. Grossman, “Generators for certain alternating groups with applications to cryptology,” SIAM Journal on Applied Mathematics, 29, 624–627, 1975.
Data Encryption Standard, National Bureau of Standards, Federal Information Processing Standards Publications No. 46, 1977.
S. Even and O. Goldreich, “DES-like functions can generate the alternating group,” IEEE Transactions on Information Theory, 29, 863–865, 1983.
J.-H. Evertse, “Linear structures in blockciphers,” Proceedings EUROCRYPT’87, LNCS 304, 249–266, 1988.
C. Harpes, Cryptanalysis of iterated block ciphers, ETH Series in Information Processing, Ed. J. L. Massey, Hartung-Gorre Verlag, Konstanz, 1996.
M. Hellman, R. Merkle, R. Schroeppel, L. Washington, W. Dié, S. Pohlig and P. Schweitzer, “Results of an initial attempt to cryptanalyze the NBS Data Encryption Standard,” Information Systems Laboratory report, Stanford University, 1976.
G. Hornauer, W. Stephan and R. Wernsdorf, “Markov ciphers and alternating groups,” Presented at Rump Session, EUROCRYPT’93, 1993.
B.S. Kaliski Jr., R.L. Rivest and A.T. Sherman, “Is the Data Encryption Standard a group? (Results of cycling experiments on DES),” Journal of Cryptology, 1, 3–36, 1988.
K. Kim, “Construction of DES-like S-boxes based on boolean functions satisfying the SAC,” Proceedings of ASIACRYPT’91, LNCS 739, 59–72, 1992.
B. Kam and G.I. Davida, “A structured design of substitution-permutation encryption networks,” IEEE Transactions on Computers, 28, 747–753, 1979.
L.R. Knudsen, “Iterative characteristics of DES and s2-DES,” Proceedings of CRYPTO’92, LNCS 740, 497–511, 1993.
L.R. Knudsen, “Practically secure Feistel ciphers,” Fast Software Encryption, LNCS 809, 211–221, 1994.
L.R. Knudsen, “Applications of higher order differentials and partial differentials,” Fast Software Encryption, LNCS 1008, 196–211, 1995.
L.R. Knudsen, “DEAL-A 128-bit Block Cipher,” available online at http://www.ii.uib.no/larsr/papers/deal.ps Revised May 15, 1998.
X. Lai, J.L. Massey and S. Murphy, “Markov ciphers and differential cryptanalysis,” Proceedings of EUROCRYPT’91, LNCS 547, 17–38, 1991.
M. Matsui, “Linear cryptanalysis method for DES cipher,” Proceedings of EUROCRYPT’93, LNCS 765, 386–397, 1994.
W. Meier and O. Staélbach, “Nonlinearity criteria for cryptographic functions,” Proceedings of EUROCRYPT’89, LNCS 434, 549–562, 1989.
J.H. Moore and G.J. Simmons, “Cycle structure of the DES with weak and semiweak keys,” Proceedings of CRYPTO’86, LNCS 263, 9–32, 1987.
S. Murphy, “The cryptanalysis of FEAL-4 with 20 chosen plaintexts,” Journal of Cryptology, 2, 145–154, 1990.
S. Murphy, K. Paterson and P. Wild, “A weak cipher that generates the symmetric group,” Journal of Cryptology, 7, 61–65, 1994.
J. Pieprzyk and X.-M. Zhang, “Permutation generators of alternating groups,” Proceedings of AUSCRYPT’90, LNCS 453, 237–244, 1990.
J.A. Reeds and J.L. Manferdelli, “DES has no per round linear factors,” Proceedings of CRYPTO’84, LNCS 196, 377–389, 1985.
V. Rijmen and B. Preneel, “A family of trapdoor ciphers,” Fast Software Encryption, LNCS 1267, 139–148, 1997.
D.J.S. Robinson, A course in the Theory of Groups, Graduate Texts in Mathematics, Springer, New York, 1982.
R. Wernsdorf, “The one-round functions of the DES generate the alternating group,” Proceedings of EUROCRYPT’92, LNCS 658, 99–112, 1993.
H. Wielandt, Finite Permutation Groups, Academic Press, New York and London, 1964.
H. Wu, F. Bao, R.H. Deng and Q.-Z. Ye, “Cryptanalysis of Rijmen-Preneel trap-door ciphers,” Proceedings of ASIACRYPT’98, LNCS 1514, 126–132, 1998.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Paterson, K.G. (1999). Imprimitive Permutation Groups and Trapdoors in Iterated Block Ciphers. In: Knudsen, L. (eds) Fast Software Encryption. FSE 1999. Lecture Notes in Computer Science, vol 1636. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48519-8_15
Download citation
DOI: https://doi.org/10.1007/3-540-48519-8_15
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66226-6
Online ISBN: 978-3-540-48519-3
eBook Packages: Springer Book Archive