Book ChapterDOI
Counting Active S-Boxes is not Enough
Orr Dunkelman,Abhishek Kumar,Eran Lambooij,Somitra Kumar Sanadhya +3 more
- pp 332-344
Reads0
Chats0
TLDR
The wide trail strategy as discussed by the authors suggests to ensure that the number of active S-boxes in a differential characteristic or a linear approximation is sufficiently high, thus, offering security against differential and linear attacks.Abstract:
Inspired by the works of Nyberg and Knudsen, the wide trail strategy suggests to ensure that the number of active S-boxes in a differential characteristic or a linear approximation is sufficiently high, thus, offering security against differential and linear attacks. Many cipher designers are relying on this strategy, and most new designs include analysis based on counting the number of active S-boxes.read more
References
More filters
Book ChapterDOI
On the diffusion of generalized Feistel structures regarding differential and linear cryptanalysis
TL;DR: The results enable us to design a more efficient symmetric key primitive and show that the improved GFS proposed by Suzaki and Minematsu at FSE 2010 have more active S-boxes than the standard GFS.
Book ChapterDOI
Linear cryptanalysis using multiple approximations and FEAL
TL;DR: The results of experiments on the use of multiple approximations in a linear cryptanalytic attack on FEAL are described, with particular attention to FEAL-8.
Book ChapterDOI
Cryptanalysis of SP Networks with Partial Non-Linear Layers
Achiya Bar-On,Itai Dinur,Orr Dunkelman,Orr Dunkelman,Virginie Lallemand,Nathan Keller,Nathan Keller,Boaz Tsaban +7 more
TL;DR: Design of SP networks in which the non-linear layer is applied to only a part of the state in each round allows for more efficient masking techniques that can mitigate side-channel attacks with a small performance overhead.
Book ChapterDOI
The delicate issues of addition with respect to XOR differences
TL;DR: In this paper, the authors analyzed the previous attacks on the block cipher SHACAL-1 and showed that all the differential-based attacks fail due to mistreatment of XOR differences through addition.
Total break of Zorro using linear and differential attacks
TL;DR: Wang et al. as discussed by the authors presented new differential and linear attacks on Zorro, both of which recover the full secret key with practical complexities, based on very efficient distinguishers that have only two active S-boxes per four rounds.