TY - GEN
T1 - An Improved affine equivalence algorithm for random permutations
AU - Dinur, Itai
N1 - Publisher Copyright:
© International Association for Cryptologic Research 2018.
PY - 2018/1/1
Y1 - 2018/1/1
N2 - In this paper we study the affine equivalence problem, where given two functions F,G: {0, 1}n → {0, 1}n, the goal is to determine whether there exist invertible affine transformations A1,A2 over GF(2)n such that G = A2°F°A1Algorithms for this problem have several wellknown applications in the design and analysis of Sboxes, cryptanalysis of white-box ciphers and breaking a generalized Even-Mansour scheme. We describe a new algorithm for the affine equivalence problem and focus on the variant where F,G are permutations over n-bit words, as it has the widest applicability. The complexity of our algorithm is about n32n bit operations with very high probability whenever F (or G) is a random permutation. This improves upon the best known algorithms for this problem (published by Biryukov et al. at EUROCRYPT 2003), where the first algorithm has time complexity of n322nnd the second has time complexity of about n323n/2 and roughly the same memory complexity. Our algorithm is based on a new structure (called a rank table) which is used to analyze particular algebraic properties of a function that remain invariant under invertible affine transformations. Besides its standard application in our new algorithm, the rank table is of independent interest and we discuss several of its additional potential applications.
AB - In this paper we study the affine equivalence problem, where given two functions F,G: {0, 1}n → {0, 1}n, the goal is to determine whether there exist invertible affine transformations A1,A2 over GF(2)n such that G = A2°F°A1Algorithms for this problem have several wellknown applications in the design and analysis of Sboxes, cryptanalysis of white-box ciphers and breaking a generalized Even-Mansour scheme. We describe a new algorithm for the affine equivalence problem and focus on the variant where F,G are permutations over n-bit words, as it has the widest applicability. The complexity of our algorithm is about n32n bit operations with very high probability whenever F (or G) is a random permutation. This improves upon the best known algorithms for this problem (published by Biryukov et al. at EUROCRYPT 2003), where the first algorithm has time complexity of n322nnd the second has time complexity of about n323n/2 and roughly the same memory complexity. Our algorithm is based on a new structure (called a rank table) which is used to analyze particular algebraic properties of a function that remain invariant under invertible affine transformations. Besides its standard application in our new algorithm, the rank table is of independent interest and we discuss several of its additional potential applications.
KW - Affine equivalence problem
KW - Block cipher
KW - Cryptanalysis
KW - Even-Mansour cipher
KW - Rank table
UR - http://www.scopus.com/inward/record.url?scp=85045954242&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-78381-9_16
DO - 10.1007/978-3-319-78381-9_16
M3 - Conference contribution
AN - SCOPUS:85045954242
SN - 9783319783802
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 413
EP - 442
BT - Advances in Cryptology - EUROCRYPT 2018 - 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2018 Proceedings
A2 - Nielsen, Jesper Buus
A2 - Rijmen, Vincent
PB - Springer Verlag
T2 - 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2018
Y2 - 29 April 2018 through 3 May 2018
ER -