Aleksei Udovenko
University of Luxembourg
Network
Latest external collaboration on country level. Dive into details by clicking on the dots.
Publication
Featured researches published by Aleksei Udovenko.
international conference on the theory and application of cryptology and information security | 2016
Daniel Dinu; Léo Paul Perrin; Aleksei Udovenko; Vesselin Velichkov; Johann Großschädl; Alex Biryukov
We present, for the first time, a general strategy for designing ARX symmetric-key primitives with provable resistance against single-trail differential and linear cryptanalysis. The latter has been a long standing open problem in the area of ARX design. The wide-trail design strategy (WTS), that is at the basis of many S-box based ciphers, including the AES, is not suitable for ARX designs due to the lack of S-boxes in the latter. In this paper we address the mentioned limitation by proposing the long trail design strategy (LTS) – a dual of the WTS that is applicable (but not limited) to ARX constructions. In contrast to the WTS, that prescribes the use of small and efficient S-boxes at the expense of heavy linear layers with strong mixing properties, the LTS advocates the use of large (ARX-based) S-Boxes together with sparse linear layers. With the help of the so-called long-trail argument, a designer can bound the maximum differential and linear probabilities for any number of rounds of a cipher built according to the LTS.
international cryptology conference | 2016
Alex Biryukov; Léo Paul Perrin; Aleksei Udovenko
The Russian Federations standardization agency has recently published a hash function called Streebog and a 128-bit block cipher called Kuznyechik. Both of these algorithms use the same 8-bit S-Box but its design rationale was never made public. In this paper, we reverse-engineer this S-Box and reveal its hidden structure. It is based on a sort of 2-round Feistel Network where exclusive-or is replaced by a finite field multiplication. This structure is hidden by two different linear layers applied before and after. In total, five different 4-bit S-Boxes, a multiplexer, two 8-bit linear permutations and two finite field multiplications in a field of size
international cryptology conference | 2016
Léo Paul Perrin; Aleksei Udovenko; Alex Biryukov
fast software encryption | 2016
Léo Paul Perrin; Aleksei Udovenko
2^{4}
IACR Transactions on Symmetric Cryptology | 2017
Léo Paul Perrin; Aleksei Udovenko
smart card research and advanced application conference | 2017
Alex Biryukov; Daniel Dinu; Yann Le Corre; Aleksei Udovenko
are needed to compute the S-Box. The knowledge of this decomposition allows a much more efficient hardware implementation by dividing the area and the delay by 2.5 and 8 respectively. However, the small 4-bit S-Boxes do not have very good cryptographic properties. In fact, one of them has a probability 1 differential. We then generalize the method we used to partially recover the linear layers used to whiten the core of this S-Box and illustrate it with a generic decomposition attack against 4-round Feistel Networks whitened with unknown linear layers. Our attack exploits a particular pattern arising in the Linear Approximations Table of such functions.
IACR Cryptology ePrint Archive | 2015
Alex Biryukov; Léo Paul Perrin; Aleksei Udovenko
The existence of Almost Perfect Non-linear APN permutations operating on an even number of bits has been a long standing open question until Dillon et al., who work for the NSA, provided an example on 6 bits in 2009. In this paper, we apply methods intended to reverse-engineer S-Boxes with unknown structure to this permutation and find a simple decomposition relying on the cube function over
IACR Cryptology ePrint Archive | 2018
Alex Biryukov; Aleksei Udovenko
IACR Cryptology ePrint Archive | 2017
Alex Biryukov; Aleksei Udovenko; Vesselin Velichkov
GF2^3
IACR Cryptology ePrint Archive | 2016
Daniel Dinu; Léo Paul Perrin; Aleksei Udovenko; Vesselin Velichkov; Johann Großschädl; Alex Biryukov