Core Concepts
Cellular automata have been extensively used to implement symmetric cryptographic primitives, but the research in this field has been published mostly in non-cryptographic venues, raising questions about their relevance for cryptographers. This paper provides insights into this issue by outlining the history of CA-based cryptography, identifying shortcomings in the research, and providing recommendations for future work.
Abstract
The paper provides an overview of the research on cellular automata (CA)-based cryptography, focusing on the design of stream ciphers and block ciphers.
The early works in this field include Wolfram's proposal of a pseudorandom number generator (PRG) based on the chaotic dynamics of a one-dimensional CA with rule 30. However, this PRG was later shown to be vulnerable to attacks exploiting the poor cryptographic properties of rule 30.
Subsequent research aimed to find CA local rules with better cryptographic properties, such as nonlinearity and correlation immunity, to mitigate these attacks. This involved exhaustive searches, metaheuristic optimization, and algebraic constructions. The paper also discusses the use of CA for the design of S-boxes, both by iterating the CA for multiple time steps and by considering single-step CA mappings.
The paper identifies four main shortcomings in the CA-based cryptography literature:
Overreliance on empirical and statistical tests to make security claims, rather than analyzing the cryptographic properties of the underlying primitives.
Misalignment between the PRG models studied in cryptography and Wolfram's PRG model, leading to attacks that are not relevant in the CA setting.
Adoption of non-standard paradigms for block ciphers, such as iterating CA as dynamical systems, which hinders the security analysis.
Poor diffusion inherent to the CA model, making them less suitable for the diffusion layer of block ciphers.
The paper then provides corresponding insights to mitigate these shortcomings, emphasizing the need to:
Focus on the cryptographic properties of the underlying primitives, rather than just statistical tests.
Consistently link the proposed CA model with the security properties and related attacks.
Work with well-established design paradigms for block ciphers and use CA as building blocks.
Abandon the CA approach for certain components of a block cipher, such as the diffusion layer, in favor of non-local transformations.
The paper concludes by highlighting the broad avenues for future collaborations between the CA and cryptography research communities, as they often work on closely related problems.