Statistics of Random Permutations and the Cryptanalysis of Periodic Block Ciphers
It has been stated many times that a block cipher is "intended to be" computationally indistinguishable from a random permutation of appropriate domain and range. But what are the properties of a random permutation? In this article, by the aid of exponential generating functions (EGFs) and...
Saved in:
| Published in | Cryptologia Vol. 36; no. 3; pp. 240 - 262 |
|---|---|
| Main Authors | , , |
| Format | Journal Article |
| Language | English |
| Published |
West Point
Taylor & Francis Group
01.07.2012
Taylor & Francis Inc |
| Subjects | |
| Online Access | Get full text |
| ISSN | 0161-1194 1558-1586 |
| DOI | 10.1080/01611194.2011.632806 |
Cover
| Abstract | It has been stated many times that a block cipher is "intended to be" computationally indistinguishable from a random permutation of appropriate domain and range. But what are the properties of a random permutation? In this article, by the aid of exponential generating functions (EGFs) and ordinary generating functions (OGFs), we derive a series of corollaries of interest to the cryptographic community. While the notion of EGFs and OGFs is known among combinatoricists, we believe that the subject is relatively unfamiliar to those working in cryptography.
As an application, we present three cryptanalytic attacks. The first two are on the block cipher Keeloq, used in the remote keyless-entry systems of automobiles. While these attacks have appeared in heuristic form before, we render them rigorous, with exact (instead of experimental) analysis of their running time. Furthermore, we demonstrate that these attacks can succeed with less data available than was previously thought-namely, that less than the entire codebook need be checked, and we give a formula for the probability of success in terms of the fraction of the codebook used. It is hoped that the rigor will also serve as a pedagogical aid for those who wish to understand these attacks at the deepest level.
The third attack is against the (roughly) millionth-fold iteration of any block cipher. In particular, we create a distinguishing attack, whereby the iteration of a cipher by a number of times equal to a highly composite number is breakable, but merely one fewer round is considerably more secure. We then extend this to a key-recovery attack in a "Triple-DES" style construction, but using AES-256 and iterating the middle cipher (roughly) a million-fold. We furthermore show that if a cipher must be iterated, then it should be iterated a prime number of times to avoid this attack.
It is hoped that these results will showcase the utility of exponential and ordinary generating functions and will encourage their use in cryptanalytic research, as well as provide an introduction to Keeloq. |
|---|---|
| AbstractList | It has been stated many times that a block cipher is "intended to be" computationally indistinguishable from a random permutation of appropriate domain and range. But what are the properties of a random permutation? In this article, by the aid of exponential generating functions (EGFs) and ordinary generating functions (OGFs), we derive a series of corollaries of interest to the cryptographic community. While the notion of EGFs and OGFs is known among combinatoricists, we believe that the subject is relatively unfamiliar to those working in cryptography.
As an application, we present three cryptanalytic attacks. The first two are on the block cipher Keeloq, used in the remote keyless-entry systems of automobiles. While these attacks have appeared in heuristic form before, we render them rigorous, with exact (instead of experimental) analysis of their running time. Furthermore, we demonstrate that these attacks can succeed with less data available than was previously thought-namely, that less than the entire codebook need be checked, and we give a formula for the probability of success in terms of the fraction of the codebook used. It is hoped that the rigor will also serve as a pedagogical aid for those who wish to understand these attacks at the deepest level.
The third attack is against the (roughly) millionth-fold iteration of any block cipher. In particular, we create a distinguishing attack, whereby the iteration of a cipher by a number of times equal to a highly composite number is breakable, but merely one fewer round is considerably more secure. We then extend this to a key-recovery attack in a "Triple-DES" style construction, but using AES-256 and iterating the middle cipher (roughly) a million-fold. We furthermore show that if a cipher must be iterated, then it should be iterated a prime number of times to avoid this attack.
It is hoped that these results will showcase the utility of exponential and ordinary generating functions and will encourage their use in cryptanalytic research, as well as provide an introduction to Keeloq. It has been stated many times that a block cipher is "intended to be" computationally indistinguishable from a random permutation of appropriate domain and range. But what are the properties of a random permutation? In this article, by the aid of exponential generating functions (EGFs) and ordinary generating functions (OGFs), we derive a series of corollaries of interest to the cryptographic community. While the notion of EGFs and OGFs is known among combinatoricists, we believe that the subject is relatively unfamiliar to those working in cryptography. As an application, we present three cryptanalytic attacks. The first two are on the block cipher Keeloq, used in the remote keyless-entry systems of automobiles. While these attacks have appeared in heuristic form before, we render them rigorous, with exact (instead of experimental) analysis of their running time. Furthermore, we demonstrate that these attacks can succeed with less data available than was previously thought -- namely, that less than the entire codebook need be checked, and we give a formula for the probability of success in terms of the fraction of the codebook used. It is hoped that the rigor will also serve as a pedagogical aid for those who wish to understand these attacks at the deepest level. The third attack is against the (roughly) millionth-fold iteration of any block cipher. In particular, we create a distinguishing attack, whereby the iteration of a cipher by a number of times equal to a highly composite number is breakable, but merely one fewer round is considerably more secure. We then extend this to a key-recovery attack in a "Triple-DES" style construction, but using AES-256 and iterating the middle cipher (roughly) a million-fold. We furthermore show that if a cipher must be iterated, then it should be iterated a prime number of times to avoid this attack. It is hoped that these results will showcase the utility of exponential and ordinary generating functions and will encourage their use in cryptanalytic research, as well as provide an introduction to Keeloq. [PUBLICATION ABSTRACT] It has been stated many times that a block cipher is aintended to bea computationally indistinguishable from a random permutation of appropriate domain and range. But what are the properties of a random permutation? In this article, by the aid of exponential generating functions (EGFs) and ordinary generating functions (OGFs), we derive a series of corollaries of interest to the cryptographic community. While the notion of EGFs and OGFs is known among combinatoricists, we believe that the subject is relatively unfamiliar to those working in cryptography. |
| Author | Ault, Shaun V. Courtois, Nicolas T. Bard, Gregory V. |
| Author_xml | – sequence: 1 givenname: Gregory V. surname: Bard fullname: Bard, Gregory V. email: bardg@uwstout.edu – sequence: 2 givenname: Shaun V. surname: Ault fullname: Ault, Shaun V. – sequence: 3 givenname: Nicolas T. surname: Courtois fullname: Courtois, Nicolas T. |
| BookMark | eNqFkMtKxDAUQIMoODP6By4Kbtx0zKNNWzeixRcIvtchzdxgtG3GJIPM35ta3cxCV4Gbcy7cM0Xbve0BoQOC5wSX-BgTTgipsjnFhMw5oyXmW2hC8rxMSV7ybTQZkHRgdtHU-zeMKYvKBD08BRmMD0b5xOrkUfYL2yX34LrV8GF7n8RREl4hqd16GWQv27U333CkjF0YlZy3Vr0ntVm-gvN7aEfL1sP-zztDL5cXz_V1ent3dVOf3aaK8TKkRQ5EV6TgFVPQVBiKhulMN7gkUFRaloAZV1lVLAqZAQWsgFIuC5YTaPImYzN0NO5dOvuxAh9EZ7yCtpU92JUXJMec8YoyGtHDDfTNrly8JFI4xqpKTotInYyUctZ7B1ooMzYITpo2omKoLX5ri6G2GGtHOduQl8500q3_005HzfTauk5-WtcuRJDr1jrtZK-MF-zPDV8f2Zbr |
| CODEN | CRYPE6 |
| CitedBy_id | crossref_primary_10_1080_01611194_2017_1362062 crossref_primary_10_1080_01611194_2021_1920070 crossref_primary_10_1080_01611194_2014_988362 crossref_primary_10_1515_jmc_2016_0058 crossref_primary_10_1007_s10623_015_0098_y crossref_primary_10_1080_01611194_2014_915706 |
| Cites_doi | 10.1201/9781420070033 10.1007/s001459900034 10.1080/0025570X.2007.11953492 10.1007/978-0-387-88757-9 10.1007/s001459900050 10.1007/BF00630563 10.1007/s001459900027 |
| ContentType | Journal Article |
| Copyright | Copyright Taylor & Francis Group, LLC 2012 Copyright Taylor & Francis Inc. 2012 |
| Copyright_xml | – notice: Copyright Taylor & Francis Group, LLC 2012 – notice: Copyright Taylor & Francis Inc. 2012 |
| DBID | AAYXX CITATION 7SC 8FD JQ2 L7M L~C L~D |
| DOI | 10.1080/01611194.2011.632806 |
| DatabaseName | CrossRef Computer and Information Systems Abstracts Technology Research Database ProQuest Computer Science Collection Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional |
| DatabaseTitle | CrossRef Computer and Information Systems Abstracts Technology Research Database Computer and Information Systems Abstracts – Academic Advanced Technologies Database with Aerospace ProQuest Computer Science Collection Computer and Information Systems Abstracts Professional |
| DatabaseTitleList | Computer and Information Systems Abstracts Computer and Information Systems Abstracts |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Education |
| EISSN | 1558-1586 |
| EndPage | 262 |
| ExternalDocumentID | 2722069231 10_1080_01611194_2011_632806 632806 |
| Genre | Feature |
| GroupedDBID | -~X .7F .DC .QJ 0BK 0R~ 29F 2DF 30N 4.4 5GY 5VS 6J9 AAENE AAJMT AALDU AAMIU AAPUL AAQRR ABCCY ABFIM ABHAV ABJNI ABLIJ ABPAQ ABPEM ABTAI ABXUL ABXYU ACGFS ACGOD ACNCT ACTIO ADCVX ADGTB AEISY AENEX AEOZL AEPSL AEYOC AFKVX AGDLA AGMYJ AHDZW AIJEM AJWEG AKBVH AKOOK ALMA_UNASSIGNED_HOLDINGS ALQZU AQRUH AVBZW AWYRJ BLEHA CCCUG CE4 CS3 DGEBU DKSSO DU5 EBS EJD E~A E~B FPAXQ GTTXZ H13 HF~ HZ~ H~P IPNFZ J.P KYCEM M4Z NA5 NX~ O9- RIG RNANH ROSJB RTWRZ RWL RXW S-T S10 SNACF TAE TBQAZ TDBHL TEN TFL TFT TFW TNC TTHFI TUROJ TWF TWZ ULE UT5 UU3 WH7 ZGOLN ~S~ 07I 1TA 4B5 6TJ 88I 8AF 8FE 8FG 8FW AAGDL AAHIA AAYXX ABUWG ACTTO ADUMR ADXEU ADYSH AEHZU AEZBV AFBWG AFION AFKRA AFRVT AGBLW AGVKY AGWUF AIYEW AKHJE AKMBP ALRRR ALXIB AMPGV ARAPS ARCSS AZQEC BENPR BGLVJ BGSSV BPHCQ BWMZZ C0- C1A C5H CAG CCPQU CITATION COF CYRSC DAOYK DEXXA DWQXO E3Z FETWF GNUQQ HCIFZ IFELN K6V K7- L8C LJTGL M1Q M2P M2Q NUSFT OPCYK P62 PHGZM PHGZT PQQKQ PROAC S0X TAJZE TAP UB6 ZHY 7SC 8FD JQ2 L7M L~C L~D TASJS |
| ID | FETCH-LOGICAL-c368t-75e1f917693ceb90e7b3f4fb081e79fa8e036c497d7a4e2e0ce226a7351eb5b43 |
| ISSN | 0161-1194 |
| IngestDate | Tue Aug 05 09:49:10 EDT 2025 Sun Jul 13 03:49:19 EDT 2025 Thu Apr 24 23:09:37 EDT 2025 Tue Jul 01 02:39:08 EDT 2025 Wed Dec 25 09:07:24 EST 2024 |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 3 |
| Language | English |
| LinkModel | OpenURL |
| MergedId | FETCHMERGED-LOGICAL-c368t-75e1f917693ceb90e7b3f4fb081e79fa8e036c497d7a4e2e0ce226a7351eb5b43 |
| Notes | SourceType-Scholarly Journals-1 ObjectType-Feature-1 content type line 14 ObjectType-Article-2 content type line 23 |
| PQID | 1028098627 |
| PQPubID | 48293 |
| PageCount | 23 |
| ParticipantIDs | proquest_journals_1028098627 proquest_miscellaneous_1506369232 crossref_primary_10_1080_01611194_2011_632806 informaworld_taylorfrancis_310_1080_01611194_2011_632806 crossref_citationtrail_10_1080_01611194_2011_632806 |
| ProviderPackageCode | CITATION AAYXX |
| PublicationCentury | 2000 |
| PublicationDate | 2012-07-00 |
| PublicationDateYYYYMMDD | 2012-07-01 |
| PublicationDate_xml | – month: 07 year: 2012 text: 2012-07-00 |
| PublicationDecade | 2010 |
| PublicationPlace | West Point |
| PublicationPlace_xml | – name: West Point |
| PublicationTitle | Cryptologia |
| PublicationYear | 2012 |
| Publisher | Taylor & Francis Group Taylor & Francis Inc |
| Publisher_xml | – name: Taylor & Francis Group – name: Taylor & Francis Inc |
| References | Bogdanov A. (CIT0012) 2007 Biham E. (CIT0007) 2008 Courtois N. T. (CIT0016) 2012 CIT0010 CIT0011 Garfinkel S. (CIT0022) 1996 Comtet L. (CIT0015) 2009 Wilf H. (CIT0027) 2006 Christensen C. (CIT0014) 2007; 80 Riedel M. R. (CIT0025) CIT0013 Weisstein E. W. (CIT0026) CIT0017 CIT0023 Courtois N. (CIT0018) 2007 Biere A. (CIT0005) 2009 Flajolet P. (CIT0020) 2008 CIT0003 Apéry R. (CIT0001) 1979; 61 CIT0002 Courtois N. (CIT0019) 2008 Bard G. V. (CIT0004) 2007 CIT0006 CIT0009 CIT0008 |
| References_xml | – volume-title: Efficient Methods for Conversion and Solution of Sparse Systems of Low-Degree Multivariate Polynomials over GF(2) via SAT-Solvers year: 2007 ident: CIT0004 – ident: CIT0017 – volume: 61 start-page: 11 year: 1979 ident: CIT0001 publication-title: Astérisque – ident: CIT0011 – ident: CIT0023 doi: 10.1201/9781420070033 – ident: CIT0013 – volume-title: Handbook of Satisfiability year: 2009 ident: CIT0005 – volume-title: Advanced Combinatorics: The Art of Finite and Infinite Expansions year: 2009 ident: CIT0015 – volume-title: Practical Unix & Internet Security, year: 1996 ident: CIT0022 – volume-title: Algebraic and Slide Attacks on KeeLoq year: 2007 ident: CIT0018 – volume-title: Cryptanalysis of the KeeLoq Block Cipher year: 2007 ident: CIT0012 – ident: CIT0002 – ident: CIT0009 doi: 10.1007/s001459900034 – volume: 80 start-page: 247 issue: 4 year: 2007 ident: CIT0014 publication-title: Mathematics Magazine doi: 10.1080/0025570X.2007.11953492 – volume-title: Generatingfunctionology, year: 2006 ident: CIT0027 – start-page: 35 volume-title: Cryptography and Security: From Theory to Applications—Essays Dedicated to Jean-Jacques Quisquater on the Occasion of His 65th Birthday, LNCS 6805 year: 2012 ident: CIT0016 – ident: CIT0003 doi: 10.1007/978-0-387-88757-9 – volume-title: Random Permutation Statistics ident: CIT0025 – ident: CIT0026 publication-title: MathWorld—A Wolfram Web Resource – ident: CIT0010 doi: 10.1007/s001459900050 – volume-title: Analytic Combinatorics year: 2008 ident: CIT0020 – ident: CIT0008 doi: 10.1007/BF00630563 – volume-title: FSE 2008, LNCS year: 2008 ident: CIT0019 – ident: CIT0006 doi: 10.1007/s001459900027 – start-page: 1 volume-title: Eurocrypt 2008, LNCS 4965 year: 2008 ident: CIT0007 |
| SSID | ssj0023111 |
| Score | 1.8869438 |
| Snippet | It has been stated many times that a block cipher is "intended to be" computationally indistinguishable from a random permutation of appropriate domain and... It has been stated many times that a block cipher is aintended to bea computationally indistinguishable from a random permutation of appropriate domain and... |
| SourceID | proquest crossref informaworld |
| SourceType | Aggregation Database Enrichment Source Index Database Publisher |
| StartPage | 240 |
| SubjectTerms | analytic combinatorics Blocking Combinatorics cryptanalysis Cryptography cycle structure EGF generating functions iterations of permutations Iterative methods Keeloq Mathematical analysis OGF Probability random permutations |
| Title | Statistics of Random Permutations and the Cryptanalysis of Periodic Block Ciphers |
| URI | https://www.tandfonline.com/doi/abs/10.1080/01611194.2011.632806 https://www.proquest.com/docview/1028098627 https://www.proquest.com/docview/1506369232 |
| Volume | 36 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1Lb9QwELagXLggnmKhICNxW2UVx3acHGEFqpCohNii3qLYccSKNqm6yQF-PTO281haFcolWnltJ7vzZTxjz3xDyNskripwpVUklTCRMODugFOAaVwmzazCZEnMHf58nB6diE-n8nQ6inHZJZ1emV_X5pX8j1ShDeSKWbK3kOw4KTTAZ5AvXEHCcP0nGaOlGIiWkVOkbKr2HGPaz_suRLgN8ZHry58XYAZOBCTQa9tWW7N8D6vZj-V6i_QCu7mp6oY41Tj57KUPhA-JLctvqxEv_ZnT5l-_l30za8eSeF3reQwc6MrdcrOabzWwKSx13H1MWcSYr0q8skFjSnBDZeCzDirVc5oE6PC5fvTcTGGpTbwivqLFQ9gj3A1v5nlWU45nwNOqNZzU_7GYjSGGbOA-DbMUOEvhZ7lL7iVKuVN9Hh-P_jlnzJevDL9yyLREKvZrnmXPktnjub2yrjtjZfOQPAheBn3nIfOI3LHNYyzQHYJ5npAvE3RoW1MPHTqHDoUmCtChe9DBzgN0qIMODdB5Sk4-ftisj6JQXSMyPM26SEnLangv05wbq_PYKs1rUWuwEa3K6zKzYNwYkatKlcImNjYWTPVSccmsllrwZ-SgaRv7nFDw0EQCuiDXSgubZ6UwTOc6qWqpqoTLBeHDP1WYQD2PFVDOipuktCDROOrCU6_8pX82F0LRuS2v2tenKfjNQw8HgRXh_d4VaHrHOXj8akHejF-D9sUjtbKxbQ99JJj4KThJyYtbPu1Lcn96xQ7JQXfZ21dg33b6tUPlb8YemOM |
| linkProvider | Taylor & Francis |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwpV1LT8MwDI5gHODCGzEYECSuhbZJmvYIE2i8JkAgcYuaNJWmwYpYd4Bfj720Ew8BElybpGkTO_mc2J8J2Qv9LANTWnpCcuNxA-YOGAUYxmWi2EoMlsTY4ctu1LnjZ_ei9iYcVm6VaEPnjihivFajcuNhdO0Sd4AwJQDr2zFwRgxvB6fJjADojkLO_O7E5mJB4FISRoGHTerouW_e8mF3-sBd-mWtHm9AJwtE15_u_E76-6NS75vXT6yO__q3RTJfwVN66ORpiUzZwTJmdq68QFbINaJTR-5Mi5zeQEfFI72C9X3kLvWHFB5RgJW0_fzyBB_iSE-wMtTqFVnP0CPYQfu03UNKg-EquTs5vm13vCotg2dYFJeeFDbIYUKjhBmrE99KzXKeawAXViZ5GlvYFQ1PZCZTbkPrGwsYL5VMBFYLzdkaaQyKgV0nFKA9D0GIEi01t0mcchPoRIdZLmQWMtEkrJ4OZSrOckyd8aCCmtq0Gi6Fw6XccDWJN2n15Dg7fqkfv59pVY7PSnKX2ESxn5u2aqlQlfIPFWI2PwFTUTbJ7qQY1BbvYtKBLUZQRwA2jABdhxt_732HzHZuLy_UxWn3fJPMQUnlSdwijfJ5ZLcAL5V6e6wRbz6OBQo |
| linkToPdf | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwpV1LS8QwEA4-QLz4FtdnBK_Vtkmb9qiri89FRcFbaNIEltXt4nYP-uud2bSLD1TQa5M0aZLJfNPMfEPIXujnOZjSwosE1x7XYO6AUYBhXDpOjMBgSYwdvmrHp_f8_CF6eBfFj26VaENbRxQxOqtRuPu5rT3iDhClBGB8OwLOmOHl4CSZjgGdoFMf89tjk4sFgctIGAceNqmD5755ywfl9IG69MtRPdI_rXmS1SN3bifd_WGp9vXrJ1LH_3zaApmrwCk9dLtpkUyY3hLmda58QJbJDWJTR-1MC0tvoZ_iiV7D6T50V_oDCo8ogErafH7pwzgc5QlWhlqdIu9oegT6s0ubHSQ0GKyQ-9bJXfPUq5IyeJrFSemJyAQWljNOmTYq9Y1QzHKrAFoYkdosMaATNU9FLjJuQuNrAwgvEywKjIoUZ6tkqlf0zBqhAOx5CFsoVUJxkyYZ14FKVZjbSOQhixqE1ashdcVYjokzHmVQE5tW0yVxuqSbrgbxxq36jrHjl_rJ-4WW5ehPiXVpTST7uelmvSlkJfoDiYjNT8FQFA2yOy4GocWbmKxniiHUiQAZxoCtw_W_975DZq6PW_LyrH2xQWahoHIj3iRT5fPQbAFYKtX2SB7eAPYoA64 |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Statistics+of+Random+Permutations+and+the+Cryptanalysis+of+Periodic+Block+Ciphers&rft.jtitle=Cryptologia&rft.au=Bard%2C+Gregory+V.&rft.au=Ault%2C+Shaun+V.&rft.au=Courtois%2C+Nicolas+T.&rft.date=2012-07-01&rft.issn=0161-1194&rft.eissn=1558-1586&rft.volume=36&rft.issue=3&rft.spage=240&rft.epage=262&rft_id=info:doi/10.1080%2F01611194.2011.632806&rft.externalDBID=n%2Fa&rft.externalDocID=10_1080_01611194_2011_632806 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0161-1194&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0161-1194&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0161-1194&client=summon |