Hellman Chains Analysis Base on Graph of Random Function

Abstract

Despite several studies and attempts, in time-memory trade-off attacks on cryptographic algorithms, the coverage of Hellman tables and similar methods are practically much less than half and their probability of success is low. In fact, Hellman chains are paths with given starting and end vertices on a functional graph. In this paper, behavior of these chains is investigated with this approach. In the beginning of the paper, parameters of the functional graph for a random mapping are defined and based on these parameters, Hellman chains are analyzed. Our results show that the coverage of such tables can’t be high, for the following reasons: First, there exist some remarkable terminal vertices (37%) on the functional graph such that the possible occurrence of these vertices on chains (except in the starting vertices) is zero. Secondly, appropriate parameters for constructing chains exist in graph for about half of all hidden states of cipher function. Thirdly, for construction of noncyclic chains and collision of chains, we must pay attention to the obtained probabilities in this note.Practically, above reasons show that after some point the coverage of a Hellman table tends to zero quickly, and so construction of them will be ineffective. Our results are implemented on mAES algorithm where validate our theatrical results .
 

Keywords


[1]        M. E. Hellman, “A Cryptanalytic Time-Memory Trade      Off,” IEEE Transactions on Information Theory, vol. IT-26, no.4, JULY 1980.##
[2]        E. P. Barkan, “Cryptanalysis of Ciphers and Protocols,”       Research Thesis for the Degree of Doctor of Philosophy, Submitted to the Senate of the Technion-Computer Science Department, Ph.D. Thesis, 2006.##
[3]        D. E. Denning, “Cryptography and Data Security,” p. 100, Addison-Wesley, Publishing Company, Boston, 1st edition, 1982.##
[4]        P. Oechslin, “Making a F. Aster Cryptanalytic                   Time-Memory Trade-Off,” in Advances in              Cryptology-CRYPTO 2003, vol. 2729 of Lecture Notes in Computer Science, pp. 617-630, Springer 2003.##
[5]        E. Barkan, E. Biham, and A. Shamir, “Rigorous bounds on cryptanalytic time/memory tradeoff,” S. Inc. Dwork, editor, CRYPTO, vol. 4117 of Lecture Notes in Computer Science, pp. 1–21, Springer 2006.##
[6]        K. Nohl and C. Paget, “GSM-SRSLY,” Congress slides during CCC 2009, retrieved from http:/events.ccc.de/congress/2009/F. Ahrplan/attachments/1519_26C3,  Karsten. Nohl. GSM. Pdf, December 2009.##
[7]        K. Nohl, “Attacking phone privacy,” Convention slides during Black Hat USA 2010, retrieved from https://media.blackhat.com/bh-us-10/whitepapers/Nohl/BlackHat-USA-2010-Nohl-Attacking- Phone.Privacy-wp.pdf, 2010.##
[8]        R. Chung-Wei Phan, “Mini Advanced Encryption Standard (Mini-AES): A Testbed for Cryptanalysis Students,” Published in Cryptologia, XXVI (4), 2002.##
[9]        C. Cid, S. Murphy, and M. J. B. Robshaw, “Small Scale Variants of the AES,” Information Security Group, Royal Holloway, University of London, Egham, Surrey, TW20 0EX, U.K, 2005.##
[10]     P. Flajolet and A. M. Odlyzko, “Random Mapping Statistics”, in Advances in Cryptology- Eurocrypt'89, LNCS 434, pp. 329-354, 1990, Springer-Verlag Berlin Heidelberg 1990.##
[11]     R. Sedgewick and P. Flajolet, “An Introduction to the Analysis of Algorithms,” Second Edition, Princeton University, INRIA Rocquencourt, Addison-Wesley, Library of Congress Control Number: 2012955493, 2013.##
  • Receive Date: 21 November 2015
  • Revise Date: 12 August 2020
  • Accept Date: 19 September 2018
  • Publish Date: 20 April 2016