Section: New Results

Symmetric Cryptology

Vectorial Boolean Functions with Very Low Differential-Linear Uniformity Using Maiorana-McFarland Type Construction

Participant : Bimal Mandal.

With Deng Tang and Subhamoy Maitra, we constructed in [14] a new class of balanced vectorial Boolean functions with very low differential-linear uniformity, whose coordinate functions are derived by modifying the Maiorana–McFarland bent functions. Further, we provided a combinatorial count of hardware gates required to implement such circuits.

Analysis of Boolean Functions in a Restricted (Biased) Domain

Participant : Bimal Mandal.

This work with Subhamoy Maitra, Thor Martinsen, Dibyendu Roy and Pantelimon Stanica [8] is a substantially revised and extended version of the paper “Tools in analyzing linear approximation for Boolean functions related to FLIP” that appeared in the proceedings of Indocrypt 2018  [32]. We proposed a technique to study the cryptographic properties of Boolean functions, whose inputs do not follow uniform distribution, and obtain a lower bound for the bias of the nonlinear filter function of FLIP by using biased Walsh–Hadamard transform. Our results provided more accurate calculation of the biases of Boolean function over restricted domain, which help to determine the security parameter of FLIP type ciphers.

Forkcipher: a New Primitive for Authenticated Encryption of Very Short Messages

Participant : Virginie Lallemand.

Together with Elena Andreeva, Antoon Purnal, Reza Reyhanitabar, Arnab Roy and Damian Vizár, we proposed a candidate to the NIST Lightweight competition that we also published at Asiacrypt 2019 [10]. Our proposal is based on the so-called forkcipher construction that was previously presented and investigated by a subset of the authors and which provides authenticated encryption optimized for short messages. Our NIST candidate is called ForkAE, and as required by NIST it is based on well investigated primitives, out of which the Skinny tweakable cipher. ForkAE is one of the 32 candidates that were selected to continue to Round 2 out of 56 valid submissions.

Computing AES Related-Key Differential Characteristics With Constraint Programming

Participant : Marine Minier.

In [5], with David Gérault, Pascal Lafourcade, and Christine Solnon, we improve existing Constraint Programming (CP) approaches for computing optimal related-key differential characteristics: we add new constraints that detect inconsistencies sooner, and we introduce a new decomposition of the problem in two steps. These improvements allow us to compute all optimal related-key differential characteristics for AES-128, AES-192 and AES-256 in a few hours.

Participation in the NIST Lightweight Cryptography Standardization Process

Participants : Marine Minier [contact] , Paul Huynh, Virginie Lallemand.

The team is actively taking part in the lightweight cryptography standardization process of the NIST. The two major actions that have been taken are the following:

• Proposition of two candidates, namely Lilliput-AE (Alexandre Adomnicai, Thierry P. Berger, Christophe Clavier, Julien Francq, Paul Huynh, Virginie Lallemand, Kévin Le Gouguec, Marine Minier, Léo Reynaud and Gaël Thomas) and ForkAE (Elena Andreeva, Virginie Lallemand, Antoon Purnal, Reza Reyhanitabar, Arnab Roy and Damian Vizár). ForkAE made it to the second round, but unfortunately a weak point has been detected in the design of Lilliput-AE.

• Organization of regular cryptanalysis meetings with other french cryptographers. Since the publication of the 56 proposals, four meetings have been held and some tangible results have already been achieved. As an example, the meeting participants found a practical differential forgery attack against the proposal named Quartet. The details have been made public on the NIST mailing list and they made the NIST remove this candidate from consideration.

Cryptanalysis of SKINNY in the Framework of the SKINNY 2018-2019 Cryptanalysis Competition

Participant : Virginie Lallemand.

Together with Patrick Derbez (University of Rennes) and Aleksei Udovenko (University of Luxembourg) we investigated in [12] the security of the SKINNY tweakable block cipher, a lightweight symmetric cipher proposed at Crypto in 2016. Our setting was the one of the SKINNY 2018-2019 Cryptanalysis Competition, that is we looked for attacks that can be run in practical time and that succeed with a data set reduced to the provided set of $2^{20}$ (plaintext, ciphertext). We solved the challenges (meaning that we experimentally recovered the 128-bit key) for up to 10-round SKINNY-128-128 and 12-round SKINNY-64-128. To this day these are the best results reported in this setting.