Defesa de Tese de Doutorado: Cryptographic Algorithms Based on Ramanujan Graphs

Orientadores:
Fábio Borges de Oliveira - Laboratório Nacional de Computação Científica - LNCC

Banca Examinadora:
Fábio Borges de Oliveira - Laboratório Nacional de Computação Científica - LNCC (presidente)
Renato Portugal - Laboratório Nacional de Computação Científica - LNCC
Raphael Machado - Universidade Federal Fluminense - UFF
Leonardo Augusto Martucci - KAU

Suplentes:
Bruno Richard Schulze - Laboratório Nacional de Computação Científica - LNCC
Max Mühlhäuser - TU Darmstadt

Resumo:

Ramanujan graphs are optimal expanders, and expander graphs are sparse graphs that have very important properties such as low diameter, high connectivity, and high chromatic number. These graphs are also applied to block ciphers, such a s Advanced Encryption Standard (AES). Much of the security of AES is present in its Substitution-Box (S-Box), in the same way that other block ciphers. In the literature, several methods have been proposed to create strong S-Boxes for AES. A strong S-Box should satisfy several cryptographic properties to resist linear and differential cryptanalysis. An S-Box is a Boolean function. If a Boolean function is bent, then its S-Box associated has maximum nonlinearity, a relevant cryptographic property for construction of S-Boxes resistant to linear cryptanalysis. Ramanujan graph is related to bent functions, namely, a Cayley graph associated with bent function is always a Ramanujan graph. Although, the AES S-Box is not bent, we identified that its circulant matrix in the subbytes is an adjacency matrix of a Ramanujan graph and propose an algorithm to verify the relationship found. Recently, we proposed a theorem and demonstrated the relationship between the Ramanujan graph and the circula nt matrix used in AES. We define a B-Ramanujan matrix as a (0,1)-circulant adjacency matrix of a Ramanujan graph. We also verified that B-Ramanujan matrices guarantee strong S-Boxes. For the case of AES-256, we should choose a matrix in a set with approximately 10^18 nonsingular binary matrices. However, our result reduces the search to a set of 247 B-Ramanujan matrices. Grover’s Algorithm could attack AES with a 256-bit key length in approximately 2^128 iterations. This algorithm is a quantum algorithm with complexity O(Raiz(N)), where N is the domain size of the function. For the case of a 1024-bit key, Grover’s algorithm could brutally force AES into approximately 2^512 iterations. However, this big AES would avoid quantum attacks and its S-Box can be construct using the proposed theorem. Indeed, we can use this technique in every block cipher. In addition, we obtain a numerical sequence consisting of the number of n x n B-Ramanujan matrices. The relevance of Ramanujan graphs app lied in cryptography motivated our study in the search for a post-quantum and homomorphic algorithm based on such graphs. In 2011, Jao and De Feo proposed a key-agreement isogeny-based algorithm supposed to be resistant to quantum attacks. It is based on supersingular isogeny (Ramanujan) graph walks. Recently, the Supersingular Isogeny Key Encapsulation (SIKE) reached the fourth round of the NIST’s standardization process on post-quantum cryptography. However, these algorithms were attacked by Wouter Castryck and Thomas Decru with Kani's theorem a few months ago. This attack does not threaten all cryptosystems based on isogeny graphs. In the first semester of this year, we propose a SIKE-like considering the degrees of isogeny in the encryption and decryption process. Our SIKE-like is additive homomorphic. Unfortunately, the recent attack on SIKE also exposed vulnerability in our algorithm. Currently, we are analyzing the attack to propose a version resistant to the current attack.< br />