====== Large-scale randomness study of security margins for 100+ cryptographic functions [SECRYPT 2022] ======
~~NOTOC~~

<grid>
<col xs="12" sm="8" lg="8">
<TEXT size="large">

\_{{fa>user}}\_\_//Authors:// [[:publications:authors:dusan-klinec|Dusan Klinec]], [[:publications:authors:marek-sys|Marek Sys]], [[:publications:authors:karel-kubicek|Karel Kubicek]], [[:publications:authors:petr-svenda|Petr Svenda]] and [[:publications:authors:vashek-matyas|Vashek Matyas]]

{{fa>user-circle-o}}\_//Primary contact:// Dusan Klinec %%<%%<dusan.klinec@gmail.com>%%>%%

{{fa>bullhorn}}\_//Conference:// [[https://secrypt.scitevents.org/|19th International Conference on Security and Cryptography 2022]]

\_{{fa>id-badge}}\_\_//DOI:// [[https://doi.org/10.5220/0000163500003283]]
</TEXT>
</col>

<col xs="12" sm="4" lg="4">
<TEXT align="right">

<button type="warning" icon="fa fa-file-pdf-o">[[https://crocs.fi.muni.cz/_media/publications/pdf/2022-securitymargins-secrypt22.pdf|Pre-print PDF]]</button>
<button collapse="bibtex" icon="fa fa-file-code-o">BiBTeX</button>
</TEXT>
</col>
</grid>

<collapse id="bibtex" collapsed="true">
  @Article{2022-securitymargins-secrypt,
    Title = {Large-scale randomness study of security margins for 100+ cryptographic functions},
    author = {Dusan Klinec, Marek Sys, Karel Kubicek, Petr Svenda, Vashek Matyas},
    conference = {19th International Conference on Security and Cryptography (SECRYPT 2022)},
    year = {2022},
    language = {eng},
    location = {Lisabon},
    publisher = {INSTICC},
    isbn = {978-989-758-590-6},
    doi = {10.5220/0000163500003283},
    pages = {134--146},
    publisher = {INSTICC}
  }
</collapse>

<panel type="default" title="Abstract">
The output of cryptographic functions, be it encryption routines or hash functions, should be statistically
indistinguishable from a truly random data for an external observer. The property can be partially tested
automatically using batteries of statistical tests. However, it is not easy in practice: multiple incompatible
test suites exist, with possibly overlapping and correlated tests, making the statistically robust interpretation
of results difficult. Additionally, a significant amount of data processing is required to test every separate
cryptographic function. 

Due to these obstacles, no large-scale systematic analysis of the the round-reduced
cryptographic functions w.r.t their input mixing capability, which would provide an insight into the behaviour
of the whole classes of functions rather than few selected ones, was yet published. We created a framework
to consistently run 414 statistical tests and their variants from the commonly used statistical testing batteries
(NIST STS, Dieharder, TestU01, and BoolTest). 

Using the distributed computational cluster providing required
significant processing power, we analyzed the output of 109 round-reduced cryptographic functions (hash,
lightweight, and block-based encryption functions) in the multiple configurations, scrutinizing the mixing
property of each one. As a result, we established the fraction of a function’s rounds with still detectable bias
(a.k.a. security margin) when analyzed by randomness statistical tests.
</panel>

===== Research artifacts (supplementary material) =====

[[https://github.com/ph4r05/SecurityMarginsPaper | Configuration scripts and details for experiments replication]]