Author

# M. R. Mirzaee Shamsabad

Other affiliations: Shahid Bahonar University of Kerman

Bio: M. R. Mirzaee Shamsabad is an academic researcher from Shahid Beheshti University. The author has contributed to research in topics: Boolean function & Modulo. The author has an hindex of 3, co-authored 20 publications receiving 32 citations. Previous affiliations of M. R. Mirzaee Shamsabad include Shahid Bahonar University of Kerman.

Topics: Boolean function, Modulo, Square root, Piling-up lemma, Square (algebra)

##### Papers

More filters

•

TL;DR: This paper investigates linearized diffusion layers, which are a generalization of conventional diffusion layers; these diffusion layers are used in symmetric ciphers like SMS4, Loiss and ZUC, and introduces some new families of linearized MDS diffusion layers and presents a method for construction of randomized linear diffusion layers over a finite field.

Abstract: Diffusion layers are crucial components of symmetric ciphers. These components, along with suitable Sboxes, can make symmetric ciphers resistant against statistical attacks like linear and differential cryptanalysis. Conventional MDS diffusion layers, which are defined as matrices over finite fields, have been used in symmetric ciphers such as AES, Twofish and SNOW. In this paper, we study linear, linearized and nonlinear MDS diffusion layers. We investigate linearized diffusion layers, which are a generalization of conventional diffusion layers; these diffusion layers are used in symmetric ciphers like SMS4, Loiss and ZUC. We introduce some new families of linearized MDS diffusion layers and as a consequence, we present a method for construction of randomized linear diffusion layers over a finite field. Nonlinear MDS diffusion layers are introduced in Klimov’s thesis; we investigate nonlinear MDS diffusion layers theoretically, and we present a new family of nonlinear MDS diffusion layers. We show that these nonlinear diffusion layers can be made randomized with a low implementation cost. An important fact about linearized and nonlinear diffusion layers is that they are more resistant against algebraic attacks in comparison to conventional diffusion layers. A special case of diffusion layers are (0,1)-diffusion layers. This type of diffusion layers are used in symmetric ciphers like ARIA. We examine (0,1)-diffusion layers and prove a theorem about them. At last, we study linearized MDS diffusion layers of symmetric ciphers Loiss, SMS4 and ZUC, from the mathematical viewpoint.

8 citations

•

TL;DR: A closed formula for linear probabilities of modular addition modulo a power of two is given, based on what Schulte-Geers presented, which gives a better insight on these probabilities and more information can be extracted from it.

Abstract: Linear approximations of modular addition modulo a power of two was studied by Wallen in 2003. He presented an efficient algorithm for computing linear probabilities of modular addition. In 2013 Schulte-Geers investigated the problem from another viewpoint and derived a somewhat explicit formula for these probabilities. In this note we give a closed formula for linear probabilities of modular addition modulo a power of two, based on what Schulte-Geers presented: our closed formula gives a better insight on these probabilities and more information can be extracted from it.

7 citations

••

22 Dec 2014

TL;DR: This article defines an equivalence relation between rings and based on this definition, MDS matrices are classified and determine over equivalent rings and constructs a family of lightweight M DS matrices with the same implementation cost as their inverses for the use in block ciphers.

Abstract: Diffusion layers are an important part of most symmetric ciphers and MDS matrices can be used to construct perfect diffusion layers. However, there are few techniques for constructing these matrices with low implementation cost in software/hardware. In this article, we try to give some construction methods of MDS matrices with at least the following properties: Easy implementation, dynamic use and constructing a large family of MDS matrices from one 0, 1)-matrix which is a block-wise MDS matrix. For this purpose, we define an equivalence relation between rings and based on this definition, we classify and determine MDS matrices over equivalent rings. At first, we construct a new family of MDS matrices only with XORs and right or left shifts. Then, we construct another family of MDS matrices with XORs and cyclic shifts operations. Finally, we construct a family of lightweight MDS matrices with the same implementation cost as their inverses for the use in block ciphers.

4 citations

••

01 Sep 2012TL;DR: This paper investigates the linear properties of Sboxes, mathematically, and generalizes the criteria used in linear attacks in two aspects: the first aspect introduces nonlinear criteria for Sboxes; the second aspect is generalizing linear criteria in finite fields, and also for balanced linear transformations.

Abstract: Linear cryptanalysis is one of the most important tools in the analysis of symmetric ciphers. This attack makes use of linear properties of Sboxes. In this paper, we investigate the linear properties of Sboxes, mathematically, and generalize the criteria used in linear attacks in two aspects: the first aspect introduces nonlinear criteria for Sboxes; the second aspect is generalizing linear criteria in finite fields, and also for balanced linear transformations. The first aspect, generalizes the works of Harpes, Kramer and Massey in EUROCRYPT'95 and the second aspect is a generalization of the works of Baigneres in his dissertation in 2008. Combining these two generalizations, we study generalized (nonlinear) criteria for distinguishing Sboxes from random ones. At last, we prove a theorem which we could name “Generalized Piling up Lemma”.

3 citations

••

01 Sep 2012

TL;DR: The distribution of every single bit of modular multiplication is obtained and an explicit formula in the case of two component bits is determined and for the joint distribution of any number of component bits the authors prove a theorem.

Abstract: In this paper, we investigate statistical properties of modular multiplication modulo a power of two. In fact, we obtain the distribution of every single bit of modular multiplication. Moreover, we determine the distribution of modular multiplication as a vectorial Boolean function. Then, the joint distribution of modular multiplication component bits is discussed: an explicit formula in the case of two component bits is determined and for the joint distribution of any number of component bits we prove a theorem. As a result of this theorem, we calculate the joint distribution of any number of component bits of modular multiplication modulo a power of two with reasonable computational complexity.

3 citations

##### Cited by

More filters

••

Qualcomm

^{1}TL;DR: It is argued that QARMA provides sufficient security margins within the constraints determined by the mentioned applications, while still achieving best-in-class latency, and a technique to extend the length of the tweak by using, for instance, a universal hash function, which can also be used to strengthen the security of QARma.

Abstract: This paper introduces QARMA, a new family of lightweight tweakable block ciphers targeted at applications such as memory encryption, the generation of very short tags for hardware-assisted prevention of software exploitation, and the construction of keyed hash functions. QARMA is inspired by reflection ciphers such as PRINCE, to which it adds a tweaking input, and MANTIS. However, QARMA differs from previous reflector constructions in that it is a three-round Even-Mansour scheme instead of a FX-construction, and its middle permutation is non-involutory and keyed . We introduce and analyse a family of Almost MDS matrices defined over a ring with zero divisors that allows us to encode rotations in its operation while maintaining the minimal latency associated to {0, 1}-matrices. The purpose of all these design choices is to harden the cipher against various classes of attacks. We also describe new S-Box search heuristics aimed at minimising the critical path. QARMA exists in 64- and 128-bit block sizes, where block and tweak size are equal, and keys are twice as long as the blocks. We argue that QARMA provides sufficient security margins within the constraints determined by the mentioned applications, while still achieving best-in-class latency. Implementation results on a state-of-the art manufacturing process are reported. Finally, we propose a technique to extend the length of the tweak by using, for instance, a universal hash function, which can also be used to strengthen the security of QARMA.

125 citations

••

04 Dec 2016TL;DR: In this article, the authors proposed the long trail design strategy (LTS), a dual of the wide-trail design strategy that is applicable (but not limited) to ARX constructions, which advocates the use of large S-boxes together with sparse linear layers.

Abstract: We present, for the first time, a general strategy for designing ARX symmetric-key primitives with provable resistance against single-trail differential and linear cryptanalysis. The latter has been a long standing open problem in the area of ARX design. The wide-trail design strategy (WTS), that is at the basis of many S-box based ciphers, including the AES, is not suitable for ARX designs due to the lack of S-boxes in the latter. In this paper we address the mentioned limitation by proposing the long trail design strategy (LTS) – a dual of the WTS that is applicable (but not limited) to ARX constructions. In contrast to the WTS, that prescribes the use of small and efficient S-boxes at the expense of heavy linear layers with strong mixing properties, the LTS advocates the use of large (ARX-based) S-Boxes together with sparse linear layers. With the help of the so-called long-trail argument, a designer can bound the maximum differential and linear probabilities for any number of rounds of a cipher built according to the LTS.

78 citations

•

TL;DR: This paper presents, for the first time, a general strategy for designing ARX symmetric-key primitives with provable resistance against single-trail differential and linear cryptanalysis and advocates the use of large (ARX-based) S-Boxes together with sparse linear layers.

76 citations

••

20 Mar 2016TL;DR: The first adaptation of Matsui's algorithm for finding the best differential and linear trails to the class of ARX ciphers is proposed, based on a branch-and-bound search strategy, does not use any heuristics and returns optimal results.

Abstract: We propose the first adaptation of Matsui's algorithm for finding the best differential and linear trails to the class of ARX ciphers. It is based on a branch-and-bound search strategy, does not use any heuristics and returns optimal results. The practical application of the new algorithm is demonstrated on reduced round variants of block ciphers from the Speck family. More specifically, we report the probabilities of the best differential trails for upi¾?to 10, 9, 8, 7, and 7 rounds of Speck32, Speck48, Speck64, Speck96 and Speck128 respectively, together with the exact number of differential trails that have the best probability. The new results are used to compute bounds, under the Markov assumption, on the security of Speck against single-trail differential cryptanalysis. Finally, we propose two new ARX primitives with provable bounds against single-trail differential and linear cryptanalysisi¾?--- a long standing open problem in the area of ARX design.

57 citations