ShiftRows Alternatives for AES-like Ciphers and Optimal Cell Permutations for Midori and Skinny

Dec 5, 2018·
Gianira N. Alfarano
,
Christof Beierle
,
Takanori Isobe
Stefan Kölbl
Stefan Kölbl
,
Gregor Leander
· 0 min read
Abstract
We study possible alternatives for ShiftRows to be used as cell permutations in AES-like ciphers. As observed during the design process of the block cipher Midori, when using a matrix with a non-optimal branch number for the MixColumns operation, the choice of the cell permutation, i.e., an alternative for ShiftRows, can actually improve the security of the primitive. In contrast, when using an MDS matrix it is known that one cannot increase the minimum number of active S-boxes by deviating from the ShiftRows-type permutation. However, finding the optimal choice for the cell permutation for a given, non-optimal, MixColumns operation is a highly non-trivial problem. In this work, we propose techniques to speed up the search for the optimal cell permutations significantly. As case studies, we apply those techniques to Midori and Skinny and provide possible alternatives for their cell permutations. We finally state an easy-to-verify sufficient condition on a cell permutation, to be used as an alternative in Midori, that attains a high number of active S-boxes and thus provides good resistance against differential and linear attacks.
Type
Publication
publications
Block Ciphers AES Differential Cryptanalysis
Authors
Gianira N. Alfarano
Authors
Christof Beierle
Authors
Takanori Isobe
Stefan Kölbl
Authors
Stefan Kölbl
Staff Engineer, Tech Lead Manager

I am a Staff Engineer and Tech Lead Manager at Google, where I work in the Security Engineering team. My focus is on post-quantum cryptography and enabling developers at Google and across the internet to use cryptography safely and correctly.

I have a PhD in cryptography and an extensive background in the design and analysis of symmetric-key algorithms, post-quantum cryptography, and lightweight cryptography. I have contributed to several cryptographic standardization efforts, including the SKINNY cipher, which is part of the ISO/IEC 29192-2 standard. I also contributed to the SPHINCS+ signature scheme, which was standardized by NIST as FIPS 205. I currently represent Switzerland in the ISO/IEC JTC 1/SC 27/WG 2 committee for cryptography and security mechanisms.

Before joining Google, I was a Senior Technology Manager at Cybercrypt and a postdoctoral researcher at the Technical University of Denmark, working on the H2020 PQCRYPTO project.

%!s() %!s()
Authors
Gregor Leander