À venir :

Variants of the AES Key-Schedule for Better Truncated Differential Bounds

Résumé.

Differential attacks are one of the main ways to attack block ciphers. Hence, we need to evaluate the security of a given block cipher against these attacks. One way to do so is to determine the minimal number of active S-boxes, and use this number along with the maximal differential probability of the S-box to determine the minimal probability of any differential characteristic. Thus, if one wants to build a new block cipher, one should try to maximize the minimal number of active S-boxes. On the other hand, the related-key security model is now quite important, hence, we also need to study the security of block ciphers in this model. In this work, we search how one could design a key schedule to maximize the number of active S-boxes in the related-key model. However, we also want this key schedule to be efficient, and therefore choose to only consider permutations. Our target is AES, and along with a few generic results about the best reachable bounds, we found a permutation to replace the original key schedule that reaches a minimal number of active S-boxes of 20 over 6 rounds, while no differential characteristic with a probability larger than $2^{-128}$ exists. We also describe an algorithm which helped us to show that there is no permutation that can reach 18 or more active S-boxes in 5 rounds. Finally, we give several pairs $(P_s, P_k)$, replacing respectively the ShiftRows operation and the key schedule of the AES, reaching a minimum of 21 active S-boxes over 6 rounds, while again, there is no differential characteristic with a probability larger than $2^{-128}$. This article is a joint work with Patrick Derbez, Pierre-Alain Fouque and Jérémy Jean, and has been accepted at SAC 2018.

[12 décembre 2018 | 14h | Campus II - Salle S3-351]

Baptiste Lambin

Passé:

Algorithms and their implementation in elliptic curve cryptography

Résumé.

Elliptic curves play an important role in today's public key cryptographic systems. For example, Elliptic curve Diffie-Hellman key agreement scheme, elliptic curve integrated encryption scheme (ECIES), and elliptic curve digital signature algorithm (ECDSA) are among the standardized and widely deployed cryptographic schemes. Efficient and secure implementation of these cryptographic systems require carefully designed mathematical algorithms and their analysis. In the first part of my talk, I will motivate the use of elliptic curves in cryptography with a survey of some algorithms. Then, I will present some recent results on the design and implementation of elliptic curve based cryptographic algorithms in both classical and post-quantum settings.

[14 novembre 2018 | 14h | Campus II - Salle S3-351]