Stjepan Picek

Cryptographic Boolean functions

Graphical abstractDisplay Omitted HighlightsAnalysis on the efficiency of EAs when evolving cryptographic Boolean functions.Three fitness functions, four evolutionary algorithms.Wide set of experiments with different algorithm parameter values.The best results are obtained with GP and CGP.We show the problem representation plays a crucial role for reaching top solutions. Boolean functions represent an important primitive in the design of various cryptographic algorithms. There exist several well-known schemes where a Boolean function is used to add nonlinearity to the cipher. Thus, methods to generate Boolean functions that possess good cryptographic properties present an important research goal. Among other techniques, evolutionary computation has proved to be a well-suited approach for this problem. In this paper, we present three different objective functions, where each inspects important cryptographic properties of Boolean functions, and examine four evolutionary algorithms. Our research confirms previous results, but also sheds new insights on the effectiveness and comparison of different evolutionary algorithms for this problem.

Confused by Confusion: Systematic Evaluation of DPA Resistance of Various S-boxes

When studying the DPA resistance of S-boxes, the research community is divided in their opinions on what properties should be considered. So far, there exist only a few properties that aim at expressing the resilience of S-boxes to side-channel attacks. Recently, the confusioncoefficient property was defined with the intention to characterize the resistance of an S-box. However, there exist no experimental results or methods for creating S-boxes with a “good” confusion coefficient property. In this paper, we employ a novel heuristic technique to generate S-boxes with “better” values of the confusion coefficient in terms of improving their side-channel resistance. We conduct extensive side-channel analysis and detect S-boxes that exhibit previously unseen behavior. For the (4times 4) size we find S-boxes that belong to optimal classes, but they exhibit linear behavior when running a CPA attack, therefore preventing an attacker from achieving 100% success rate on recovering the key.

On using genetic algorithms for intrinsic side-channel resistance: the case of AES S-box

Finding balanced S-boxes with high nonlinearity and low transparency order is a difficult problem. The property of transparency order is important since it specifies the resilience of an S-box against differential power analysis. Better values for transparency order and hence improved side-channel security often imply less in terms of nonlinearity. Therefore, it is impossible to find an S-box with all optimal values. Currently, there are no algebraic procedures that can give the preferred and complete set of properties for an S-box. In this paper, we employ evolutionary algorithms to find S-boxes with desired cryptographic properties. Specifically, we conduct experiments for the 8×8 S-box case as used in the AES standard. The results of our experiments proved the feasibility of finding S-boxes with the desired properties in the case of AES. In addition, we show preliminary results of side-channel experiments on different versions of improved S-boxes.

Evolutionary Methods for the Construction of Cryptographic Boolean Functions

Boolean functions represent an important primitive when constructing many stream ciphers. Since they are often the only nonlinear element of such ciphers, without them the algorithm would be trivial to break. Therefore, it is not surprising there exist a substantial body of work on the methods of constructing Boolean functions. Among those methods, evolutionary computation (EC) techniques play a significant role. Previous works show it is possible to use EC methods to generate high-quality Boolean functions that even surpass those built by algebraic constructions. However, up to now, there was no work investigating the use of Cartesian Genetic Programming (CGP) for producing Boolean functions suitable for cryptography. In this paper we compare Genetic Programming (GP) and CGP algorithms in order to reach the conclusion which algorithm is better suited to evolve Boolean functions suitable for cryptographic usage. Our experiments show that CGP performs much better than the GP when the goal is obtaining as high as possible nonlinearity. Our results indicate that CGP should be further tested with different fitness objectives in order to check the boundaries of its performance.

Modified Transparency Order Property: Solution or Just Another Attempt

S-boxes are usual targets of side-channel attacks and it is an open problem to develop design techniques for S-boxes with improved DPA resistance. One result along that line is the transparency order, a property that attempts to characterize the resilience of S-boxes against DPA attacks. Recently, it was shown there exist flaws with the original definition of transparency, which resulted in the new definition - modified transparency order. This paper develops techniques for constructions using the modified transparency as a guiding metric. For the 4×4 size, we significantly improve modified transparency order while remaining in the optimal classes. Experimental results are provided assuming a noisy HW leakage model to show the proposed S-boxes are more resistant than the original one of the PRESENT algorithm. We conclude with reports on 4×4 and 8×8 S-boxes where the results indicate that the modified transparency order could be a more useful metric than the transparency order. However, both measures are far from definitive solution on how to improve the DPA resistance.

On the recombination operator in the real-coded genetic algorithms

Crossover is the most important operator in real-coded genetic algorithms. However, the choice of the best operator for a specific problem can be a difficult task. In this paper we compare 16 crossover operators on a set of 24 benchmark functions. A detailed statistical analysis is performed in an effort to find the best performing operators. The results show that there are significant differences in efficiency of different crossover operators, and that the efficiency may also depend on the distinctive properties of the fitness function. Additionally, the results point out that the combination of crossover operators yields the best results.

Combining Evolutionary Computation and Algebraic Constructions to Find Cryptography-Relevant Boolean Functions

Boolean functions play a central role in security applications because they constitute one of the basic primitives for modern cryptographic services. In the last decades, research on Boolean functions has been boosted due to the importance of security in many diverse public systems relying on such technology. A main focus is to find Boolean functions with specific properties. An open problem in this context is to find a balanced Boolean function with an 8-bit input and nonlinearity 118. Theoretically, such a function has been shown to exist, but it has not been found yet. In this work we focus on specific classes of Boolean functions, and analyze the landscape of results obtained by integrating algebraic and evolutionary computation (EC) based approaches. Results indicate that combinations of these approaches give better results although not reaching 118 nonlinearity.

Optimality and beyond: The case of 4×4 S-boxes

S-boxes with better transparency order are expected to have higher side-channel resistance. For 8×8 S-boxes this is not practical, considering the costs of lookup-table implementations and deterioration of many properties like nonlinearity or delta uniformity. However, if we concentrate on the 4×4 S-box size we can observe that it is possible to obtain S-boxes with better transparency order while maintaining proper “classical” properties. To prove this, we experiment with PRINCE and PRESENT S-boxes. We use various methods and show that evolutionary algorithms are also viable in obtaining the lowest known transparency order value for the nonlinearity value of 4. Next, we show that affine transformation changes the transparency order while keeping “classical” properties intact. By using this technique, it is possible to generate optimal S-boxes with improved DPA-related properties.

Homomorphic encryption in the cloud

Since the first notions of fully homomorphic encryption more than 30 years ago, there has been numerous attempts to develop such a system. Finally, in 2009 Craig Gentry succeeded. Homomorphic encryption brings great advantages but it seems that, at least for now, it also brings many practical difficulties. Furthermore, in the last couple of years, several other fully homomorphic systems arose where each has its one advantages and drawbacks. However, with the developments in cloud computing, we need it more than ever to become practical for real-world usages. In this paper we are discussing the strengths and weaknesses of homomorphic encryption and we give a brief description of several promising fully homomorphic encryption systems. Next, we give a special attention to the homomorphic encryption systems for cloud computing. Finally, we discuss some recent developments by IBM and their open-source library for homomorphic encryption.

Glitch It If You Can: Parameter Search Strategies for Successful Fault Injection

Fault analysis poses a serious threat to embedded security devices, especially smart cards. In particular, modeling faults and finding effective practical approaches that are also generic is considered to be of interest for smart card industry. In this work we propose a novel methodology to deal with a difficult question of choosing multiple parameters required for effective faults. To this aim, we investigate several algorithms and find a new promising direction using evolutionary computation. Our experimental results on some of the smart cards used today show the potential of this new approach. Our best algorithm is a tailored search strategy especially developed for the purpose of finding the best choice of parameters for glitching. With this approach we found some of off-the-shelf devices, although secured against this type of attacks, still vulnerable.