A mental model for attacking differential cryptanalytical problems

I’ve generally found that part of the defense of the cryptographic hegemony involves academia and grant-making powers that over-professionalize the subject; make having suitable math skills a barrier that limits who can involve themselves in crypto research; and limit advanced research to only those in the “easy to control” category, given the ability to easily with the “grants” that indirectly control who gets the freedom to do the research and publish.

So, lets de-math the math and frustrate the process.

First the math: In https://yorkporc.wordpress.com/2011/03/04/markov-ciphers-and-differential-cryptanalysis-xuejia-lai-james-l-massey-and-sean-murphy/, we saw folks present some cryptanalytical topics in a math-abstracted manner. Specifically, they discussed differential cryptanalysis. AS is typical in academia the discussion of the topic involved lots of formulas, intending to how reasoning that the differences in input pairs can relate to difference in output pairs, and that differences in the first input compared to the nth-output (after several rounds of computation) can leave a detection trial, called a probability differential. They then argue that a (1940s-era) lookup-table consisting of row keyed on assumed input differences and columns keyed on output differences has entries that are the conditional probability of the output (given the input).. The argue, on complexity analysis, that such table ought to be non-symmetric – i.e. the value of the entry of the column/row lookup vs. the row/column lookup should be different. This property helps address how many encryption operations one needs to do when brute-forcing the cipher (a complexity measure that contrasts with brute-forcing every *key*).

If we de-math all this, you get to first envision the 16 shells of an atom. In each, up to 2 electrons may be seen to appear (and apparently disappear), probably at the radius of the shell. You should imagine now that each of them is one of the two inputs values considered by differential cryptanalysis. In the next shell, assume there are two other electrons too, acting similarly. the two radius are the places in 3d-phase space where the 2 wave functions of the atom maximally reinforce. And 14 more shells have similar properties. Of course each shell is a DES round, and each pair of electrons is the input to each DES round.

The nature of the Pauli exclusion principle is such that electrons are constrained objects, much as “parity-check” matrices in code making (e.g. BCH codes) constrain calculation in the foreground space. Should energy be input into the system (in the form of the entropy of a particular subkey), practically represented by sending in a gamma particle with certain angular momentum, the electron may attempt to reach the next shell as a result. But the atom as a whole (i.e. all the shells) must now re-adjust – since the exclusion principle constrains overall system evolution. Thus a change due to action on the boundary of shell 3 and 4 will impact all shells; and the “future” shells (i.e. 5…16) in particular. This is the analogue of differential trails in which one considers the mutual information between the first pair of inputs and the pair of outputs from the nth round.

What this all means is that we can dump the academic model of differential cryptanalysis and the use of reasoning based on the particular algebra of conditional probability expressions, and markov chains. We can now just think in terms of the wave functions of the atom.


About home_pw

Computer Programmer who often does network administration with focus on security servers. Sometimes plays at slot machine programming.
This entry was posted in crypto. Bookmark the permalink.