|
Since the development of cryptology in the industrial and
academic worlds in the seventies, public knowledge and expertise
have grown in a tremendous way, notably because of the increasing,
nowadays almost ubiquitous, presence of electronic communication means
in our lives. Block ciphers are inevitable building blocks of the security
of various electronic systems. Recently, many advances have been published
in the field of public-key cryptography, being in the understanding of
involved security models or in the mathematical security proofs applied
to precise cryptosystems. Unfortunately, this is still not the case in the
world of symmetric-key cryptography and the current state of knowledge is
far from reaching such a goal. However, block and stream ciphers tend to
counterbalance this lack of ``provable security'' by other advantages, like
high data throughput and ease of implementation.
In the first part of this thesis, we would like to add a (small) stone to
the wall of provable security of block ciphers with the (theoretical and
experimental) statistical analysis of the mechanisms behind Matsui's linear
cryptanalysis as well as more abstract models of attacks. For this purpose,
we consider the underlying problem as a statistical hypothesis testing
problem and we make a heavy use of the Neyman-Pearson paradigm. Then, we
generalize the concept of linear distinguisher and we discuss the power of
such a generalization. Furthermore, we introduce the concept of sequential
distinguisher, based on sequential sampling, and of aggregate distinguishers,
which allows to build sub-optimal but efficient distinguishers. Finally, we
propose new attacks against reduced-round version of the block cipher IDEA.
In the second part, we propose the design of a new family of block
ciphers named FOX. First, we study the efficiency of optimal diffusive
components when implemented on low-cost architectures, and we present
several new constructions of MDS matrices; then, we precisely describe FOX
and we discuss its security regarding linear and differential cryptanalysis,
integral attacks, and algebraic attacks. Finally, various implementation
issues are considered.
|
