The Boomerang Attack
David Wagner
- pp 156-170
Reads0
Chats0
TLDR
This paper disprove the of t-repeated claim that eliminating all high-probability differentials for the whole cipher is sufficient to guarantee security against differential attacks, and shows how to break COCONUT98, a cipher designed using decorrelation techniques to ensure provable securityagainst differential attacks.Abstract:
This paper describes a new differential-style attack, which we call the boomerang attack. This attack has several interesting applications. First, we disprove the of t-repeated claim that eliminating all high-probability differentials for the whole cipher is sufficient to guarantee security against differential attacks. Second, we show how to break COCONUT98, a cipher designed using decorrelation techniques to ensure provable security against differential attacks, with an advanced differential-style attack that needs just 216 adaptively chosen texts. Also, to illustrate the power of boomerang techniques, we give new attacks on Khufu-16, FEAL-6, and 16 rounds of CAST-256.read more
Citations
More filters
Book ChapterDOI
HIGHT: a new block cipher suitable for low-resource device
Deukjo Hong,Jaechul Sung,Seokhie Hong,Jongin Lim,Sangjin Lee,Bon-Seok Koo,Changhoon Lee,Donghoon Chang,Jesang Lee,Kitae Jeong,Hyun Kim,Jongsung Kim,Seongtaek Chee +12 more
TL;DR: This paper proposes a new block cipher HIGHT with 64-bit block length and 128-bit key length, which provides low-resource hardware implementation, which is proper to ubiquitous computing device such as a sensor in USN or a RFID tag.
Book ChapterDOI
Biclique cryptanalysis of the full AES
TL;DR: This paper presents the novel technique of block cipher cryptanalysis with bicliques, which leads to the following results: the first key recovery method for the full AES-128 with computational complexity 2126.1.4 and key recovery methods with lower complexity for the reduced-round versions of AES not considered before.
Book ChapterDOI
Piccolo: an ultra-lightweight blockcipher
TL;DR: Piccolo is one of the competitive ultra-lightweight blockciphers which is suitable for extremely constrained environments such as RFID tags and sensor nodes and its efficiency on the energy consumption which is evaluated by energy per bit is also remarkable.
Book ChapterDOI
Camellia: A 128-Bit Block Cipher Suitable for Multiple Platforms - Design and Analysis
Kazumaro Aoki,Tetsuya Ichikawa,Masayuki Kanda,Mitsuru Matsui,Shiho Moriai,Nakajima Junko,Toshio Tokita +6 more
TL;DR: It is confirmed that Camellia provides strong security against differential and linear cryptanalyses and at least comparable encryption speed in software and hardware.
Journal ArticleDOI
Report on the Development of the Advanced Encryption Standard (AES)
James R. Nechvatal,Elaine B. Barker,Lawrence E. Bassham,William E. Burr,Morris J. Dworkin,James Foti,E Roback +6 more
TL;DR: Having reviewed further public analysis of the finalists, NIST has decided to propose Rijndael as the Advanced Encryption Standard (AES).
References
More filters
Book
Differential Cryptanalysis of the Data Encryption Standard
Eli Biham,Adi Shamir +1 more
TL;DR: This book introduces a new cryptographic method, called differential cryptanalysis, which can be applied to analyze cryptosystems, and describes the cryptanalysis of DES, deals with the influence of its building blocks on security, and analyzes modified variants.
Book ChapterDOI
Truncated and higher order differentials
TL;DR: The concept of truncated differentials is introduced and it is shown how to find a minimum nonlinear order of a block cipher using higher order differentials.
Book ChapterDOI
Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials
TL;DR: A new cryptanalytic technique, based on impossible differentials, is presented, and it is shown that Skipjack reduced from 32 to 31 rounds can be broken by an attack which is faster than exhaustive search.
Book ChapterDOI
Higher Order Derivatives and Differential Cryptanalysis
TL;DR: High-order derivatives of multi-variable functions are studied as a natural generalization of the basic concept used in differential cryptanalysis and possible applications of such derivatives in cryptology are discussed.
Journal ArticleDOI
Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials
TL;DR: A cryptanalytic technique based on impossible differentials is used to show that recovering keys of Skipjack reduced from 32 to 31 rounds can be performed faster than exhaustive search.