Indifferentiability analysis of symmetric key ciphers

Abstract

The thesis presented here analyses the security of certain selected symmetric key ciphers - The ciphers analyzed are the 2 and 3-round Confusion-Diffusion Network, the 3-round Cascade Cipher with two independent keys, and the Feistel Construction with 7 and 8 rounds. Substitution Permutation Networks (SPNs) are widely used in the design of modern symmetric cryptographic building blocks. Attacks against the 2-round Confusion-Diffusion Network construction have been exhibited by Dodis et al. (2016a) in their Eurocrypt 2016 paper titled ‘Indifferentiability of Confusion-Diffusion Networks’, and by Da, Xu and Guo (2021b) in their paper ‘Sequential Indifferentiability of Confusion-Diffusion Networks’. Both attacks mentioned above were incomplete/erroneous. As part of our first result, we provide a corrected attack on the 2-round NLCDN. Our attack on the 2-round CDN is primitive-construction-sequential, implying that the construction is not secure even in the weaker sequential indifferentiability setting of Mandal, Patarin and Seurin (2012a). The second part of our first results focuses on Cascade Ciphers. We present an attack on the 3-round cascade construction employing any 2n-bit to 3n-bit non-idealized key scheduling function, generalising the heuristic attack based on ’certain’ stronger key schedules as described by Guo, Lin and Liu (2016) in ‘Revisiting Cascade Ciphers in Indifferentiability Setting’. Next, as a follow up of the above work, we show that the 3-round Confusion-Diffusion Network construction with linear diffusion layers is indifferentiable from an ideal permutation. This, in conjunction with the previous negative result, shows the tightness of our indifferentiability result. The final work in this thesis explores the Feistel construction. There have been a series of studies on whether an ideal cipher can be built from a random oracle using a Feistel network. We present a general proof framework that lets us prove the indifferentiability of 7 or more rounds of Feistel. In particular, this is the first indifferentiability proof for 7-round Feistel, and in addition, the 8-round proof is considerably simpler than the previously-known proof.