Security analysis of cryptographic algorithms

Design and security analysis of symmetric algorithms are amongst the most important topics in cryptography. This thesis studies cryptanalysis of symmetric algorithms including block ciphers and hash functions. Block ciphers are symmetric-key encryption algorithms employed in many cryptographic systems to provide confidentiality of data. In a secure symmetric encryption algorithm, decryption of the cipher text should be intractable for parties that do not know the secret key. However, this should be easy for the party who knows the key. Cryptographic hashing algorithms, on the other hand, are predominately used for authentication and integrity verification purposes. Effcient digital signatures are possible when signatures are generated for the message digests instead of for messages themselves. In this case, the security of signatures are tied to the collision resistance of the used hash algorithm. The thesis provides background material that is necessary to understand the topics covered in the work. In particular, the first two chapters explain the basic design structures and describe analytic tools (also called attacks) that are employed to test the security of cryptographic algorithms. Our contributions, presented in subsequent chapters, are three-fold. First we consider the lightweight block cipher LBlock and analyse its resistance against truncated differential attacks. Next we focus our attention on the Feistel networks and analyse them using the rebound attack. Our approach is illustrated on the Camellia block cipher. The last contribution is an analysis of Grøstl hash function against the preimage attack. We employ differential probability distributions to improve the truncated differential cryptanalysis and apply key-recovery attacks to the reduced variants of LBlock. Benefiting from the differential distributions, this technique analyses the security of algorithms with relatively less data compared to other methods. The truncated differential analysis together with the rebound attack is used to improve attacks on generalised Feistel-SP networks. Then, we study randomness of the reduced-round Camellia block cipher. We also examine hash functions based on Camellia with respect to distinguishing and collision attacks. Finally, the security of Grøstl hash function is analysed against preimage and multi-target preimage attacks. We exploit the rebound technique to attack the reduced-round Grøstl compression function and find preimages and multi-target preimages for chosen sets of hash values.