Cryptographic algorithms based on Ramanujan graphs
| Ano de defesa: | 2023 |
|---|---|
| Autor(a) principal: | |
| Orientador(a): | |
| Banca de defesa: | |
| Tipo de documento: | Tese |
| Tipo de acesso: | Acesso aberto |
| Idioma: | eng |
| Instituição de defesa: |
Laboratório Nacional de Computação Científica
Coordenação de Pós-Graduação e Aperfeiçoamento (COPGA) Brasil LNCC Programa de Pós-Graduação em Modelagem Computacional |
| Programa de Pós-Graduação: |
Não Informado pela instituição
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Não Informado pela instituição
|
| Palavras-chave em Português: | |
| Link de acesso: | https://tede.lncc.br/handle/tede/367 |
Resumo: | Ramanujan graphs are optimal expanders, and expander graphs are sparse graphs that have very important properties such as low diameter, high connectivity, and high chromatic number. These graphs are also applied to block ciphers, such as Advanced Encryption Standard (AES). Much of the security of AES is present in its Substitution-Box (S- Box), in the same way that other block ciphers. In the literature, several methods have been proposed to create strong S-Boxes for AES. A strong S-Box should satisfy several cryptographic properties to resist linear and differential cryptanalysis. An S-Box is a Boolean function. If a Boolean function is bent, then its S-Box associated has maximum nonlinearity, a relevant cryptographic property for construction of S-Boxes resistant to linear cryptanalysis. Ramanujan graph is related to bent functions, namely, a Cayley graph associated with bent function is always a Ramanujan graph. Although, the AES S-Box is not bent, we identified that its circulant matrix in the subbytes is an adjacency matrix of a Ramanujan graph and propose an algorithm to verify the relationship found. We proposed a theorem and demonstrated the relationship between the Ramanujan graph and the circulant matrix used in AES. We define a B-Ramanujan matrix as a {0, 1}-circulant adjacency matrix of a Ramanujan graph. We also verified that B-Ramanujan matrices guarantee strong S-Boxes. For the case of AES-256, we should choose a matrix in a set with approximately 1018 nonsingular binary matrices. However, our result reduces the search to a set of 247 B-Ramanujan matrices, where only 152 are nonsingular. Grover’s Algorithm could attack AES with a 256-bit key length in approximately 2128 iterations. This algorithm is a quantum algorithm with complexity O(√N ), where N is the domain size of the function. For the case of a 1024-bit key, Grover’s algorithm could brutally force AES into approximately 2512 iterations. However, this big AES would avoid quantum attacks and its S-Box can be construct using the proposed theorem. Indeed, we can use this technique in every block cipher. In addition, we obtain a numerical sequence consisting of the number of n × n B-Ramanujan matrices. The relevance of Ramanujan graphs applied in cryptography motivated our study in the search for a post-quantum and homomorphic algorithm based on such graphs. In 2011, Jao and De Feo proposed a key-agreement isogeny-based algorithm supposed to be resistant to quantum attacks. It is based on supersingular isogeny (Ramanujan) graph walks. Recently, the Supersingular Isogeny Key Encapsulation (SIKE) reached the fourth round of the NIST’s standardization process on post-quantum cryptography. However, these algorithms were attacked by Wouter Castryck and Thomas Decru with Kani’s theorem a few months ago. This attack does not threaten all cryptosystems based on isogeny graphs. In the first half of 2022, we propose a SIKE- like considering the degrees of isogenies in the encryption and decryption process. Our SIKE-like is additive homomorphic. The recent attack on SIKE exposed vulnerability in our algorithm only in the explicit part about the degrees of isogenies. We are analyzing the attack to propose a version resistant to the current attack. |