Mathematical Backdoors in Symmetric Encryption Systems - Proposal for a Backdoored AES-like Block Cipher

摘要

Recent years have shown that more than ever governments and intelligenceagencies try to control and bypass the cryptographic means used for theprotection of data. Backdooring encryption algorithms is considered as the bestway to enforce cryptographic control. Until now, only implementation backdoors(at the protocol/implementation/management level) are generally considered. Inthis paper we propose to address the most critical issue of backdoors:mathematical backdoors or by-design backdoors, which are put directly at themathematical design of the encryption algorithm. While the algorithm may betotally public, proving that there is a backdoor, identifying it and exploitingit, may be an intractable problem. We intend to explain that it is probablypossible to design and put such backdoors. Considering a particular family(among all the possible ones), we present BEA-1, a block cipher algorithm whichis similar to the AES and which contains a mathematical backdoor enabling anoperational and effective cryptanalysis. The BEA-1 algorithm (80-bit blocksize, 120-bit key, 11 rounds) is designed to resist to linear and differentialcryptanalyses. A challenge will be proposed to the cryptography community soon.Its aim is to assess whether our backdoor is easily detectable and exploitableor not.