Members of the defence committee:
- Chairman: Prof. Dr Jean-Sébastien Coron, University of Luxembourg
- Vice-chairman: Prof. Dr Volker Müller, University of Luxembourg
- Supervisor: Prof. Dr Alex Biryukov, University of Luxembourg
- Member: Prof. Dr Gregor Leander, Ruhr-Universität Bochum, Germany
- Member: Dr Matthieu Rivain, CryptoExperts, Paris, France
Abstract:
Cryptography studies secure communications. In symmetric-key cryptography, the communicating parties have a shared secret key which allows both to encrypt and decrypt messages. The encryption schemes used are very efficient but have no rigorous security proof. In order to design a symmetric-key primitive, one has to ensure that the primitive is secure at least against known attacks. During 4 years of my doctoral studies at the University of Luxembourg under the supervision of Prof. Alex Biryukov, I studied symmetric-key cryptography and contributed to several of its topics.
Part 1 is about the structural and decomposition cryptanalysis. This type of cryptanalysis aims to exploit properties of the algorithmic structure of a cryptographic function. The first goal is to distinguish a function with a particular structure from random, structure-less functions. The second goal is to recover components of the structure in order to obtain a decomposition of the function. Decomposition attacks are also used to uncover secret structures of S-Boxes, cryptographic functions over small domains. In this part, I describe structural and decomposition cryptanalysis of the Feistel Network structure, decompositions of the S-Box used in the recent Russian cryptographic standard, and a decomposition of the only known APN permutation in even dimension.
Part 2 is about the invariant-based cryptanalysis. This method became recently an active research topic. It happened mainly due to recent “extreme” cryptographic designs, which turned out to be vulnerable to this cryptanalysis method. In this part, I describe an invariant-based analysis of NORX, an authenticated cypher. Further, I show a theoretical study of linear layers that preserve low-degree invariants of a particular form used in the recent attacks on block cyphers.
Part 3 is about the white-box cryptography. In the white-box model, an adversary has full access to the cryptographic implementation, which in particular may contain a secret key. The possibility of creating implementations of symmetric-key primitives secure in this model is a long-standing open question. Such implementations have many applications in industry; in particular, in mobile payment systems. In this part, I study the possibility of applying masking, a side-channel countermeasure, to protect white-box implementations. I describe several attacks on direct application of masking and provide a provably-secure countermeasure against a strong class of the attacks.
Part 4 is about the design of symmetric-key primitives. I contributed to design of the block cypher family SPARX and to the design of a suite of cryptographic algorithms, which includes the cryptographic permutation family SPARKLE, the cryptographic hash function family ESCH, and the authenticated encryption family SCHWAEMM. In this part, I describe the security analysis that I made for these designs.