Statistics of Random Permutations and the Cryptanalysis of Periodic Block Ciphers

It has been stated many times that a block cipher is "intended to be'' computationally indistinguishable from a random permutation of appropriate domain and range. But what are the properties of a random permutation? In this article, by the aid of exponential generating functions (EGFs) and ordinary generating functions (OGFs), we derive a series of corollaries of interest to the cryptographic community. While the notion of EGFs and OGFs is known among combinatoricists, we believe that the subject is relatively unfamiliar to those working in cryptography. As an application, we present three cryptanalytic attacks. The first two are on the block cipher Keeloq, used in the remote keyless-entry systems of automobiles. While these attacks have appeared in heuristic form before, we render them rigorous, with exact (instead of experimental) analysis of their running time. Furthermore, we demonstrate that these attacks can succeed with less data available than was previously thought-namely, that less than the entire codebook need be checked, and we give a formula for the probability of success in terms of the fraction of the codebook used. It is hoped that the rigor will also serve as a pedagogical aid for those who wish to understand these attacks at the deepest level. The third attack is against the (roughly) millionth-fold iteration of any block cipher. In particular, we create a distinguishing attack, whereby the iteration of a cipher by a number of times equal to a highly composite number is breakable, but merely one fewer round is considerably more secure. We then extend this to a key-recovery attack in a "Triple-DES'' style construction, but using AES-256 and iterating the middle cipher (roughly) a million-fold. We furthermore show that if a cipher must be iterated, then it should be iterated a prime number of times to avoid this attack. It is hoped that these results will showcase the utility of exponential and ordinary generating functions and will encourage their use in cryptanalytic research, as well as provide an introduction to Keeloq.