scispace - formally typeset
Search or ask a question
Topic

Block cipher

About: Block cipher is a research topic. Over the lifetime, 7267 publications have been published within this topic receiving 163586 citations. The topic is also known as: block ciphers.


Papers
More filters
Book
24 Dec 2009
TL;DR: The Advanced Encryption Standard (AES) is an encryption standard adopted by the U.S. government as mentioned in this paper, which has a 128-bit block size with key sizes of 128, 192 and 256 bits.
Abstract: In cryptography, the Advanced Encryption Standard (AES) is an encryption standard adopted by the U.S. government. The standard comprises three block ciphers, AES-128, AES-192 and AES-256, adopted from a larger collection originally published as Rijndael. Each AES cipher has a 128-bit block size, with key sizes of 128, 192 and 256 bits, respectively. The AES ciphers have been analyzed extensively and are now used worldwide, as was the case with its predecessor, the Data Encryption Standard (DES). AES was announced by National Institute of Standards and Technology (NIST) as U.S. FIPS PUB 197 (FIPS 197) on November 26, 2001 after a 5-year standardization process in which fifteen competing designs were presented and evaluated before Rijndael was selected as the most suitable . It became effective as a Federal government standard on May 26, 2002 after approval by the Secretary of Commerce. It is available in many different encryption packages. AES is the first publicly accessible and open cipher approved by the NSA for top secret information.

593 citations

Journal ArticleDOI
Don Coppersmith1
TL;DR: Some of the safeguards against differential cryptanalysis that were built into the DES system from the beginning are shown, with the result that more than 10 15 bytes of chosen plaintext are required for this attack to succeed.
Abstract: The Data Encryption Standard (DES) was developed by an IBM team around 1974 and adopted as a national standard in 1977. Since that time, many cryptanalysts have attempted to find shortcuts for breaking the system. In this paper, we examine one such attempt, the method of differential cryptanalysis, published by Biham and Shamir. We show some of the safeguards against differential cryptanalysis that were built into the system from the beginning, with the result that more than 10 15 bytes of chosen plaintext are required for this attack to succeed.

560 citations

Book ChapterDOI
04 Dec 2011
TL;DR: This paper presents the novel technique of block cipher cryptanalysis with bicliques, which leads to the following results: the first key recovery method for the full AES-128 with computational complexity 2126.1.4 and key recovery methods with lower complexity for the reduced-round versions of AES not considered before.
Abstract: Since Rijndael was chosen as the Advanced Encryption Standard (AES), improving upon 7-round attacks on the 128-bit key variant (out of 10 rounds) or upon 8-round attacks on the 192/256-bit key variants (out of 12/14 rounds) has been one of the most difficult challenges in the cryptanalysis of block ciphers for more than a decade. In this paper, we present the novel technique of block cipher cryptanalysis with bicliques, which leads to the following results: The first key recovery method for the full AES-128 with computational complexity 2126.1. The first key recovery method for the full AES-192 with computational complexity 2189.7. The first key recovery method for the full AES-256 with computational complexity 2254.4. Key recovery methods with lower complexity for the reduced-round versions of AES not considered before, including cryptanalysis of 8-round AES-128 with complexity 2124.9. Preimage search for compression functions based on the full AES versions faster than brute force. In contrast to most shortcut attacks on AES variants, we do not need to assume related-keys. Most of our techniques only need a very small part of the codebook and have low memory requirements, and are practically verified to a large extent. As our cryptanalysis is of high computational complexity, it does not threaten the practical use of AES in any way.

543 citations

Book ChapterDOI
10 Apr 2000
TL;DR: New attacks on A5/1 are described, which are based on subtle flaws in the tap structure of the registers, their noninvertible clocking mechanism, and their frequent resets, which make it vulnerable to hardware-based attacks by large organizations, but not to software- based attacks on multiple targets by hackers.
Abstract: A5/1 is the strong version of the encryption algorithm used by about 130 million GSM customers in Europe to protect the over-the-air privacy of their cellular voice and data communication. The best published attacks against it require between 240 and 245 steps. This level of security makes it vulnerable to hardware-based attacks by large organizations, but not to software-based attacks on multiple targets by hackers. In this paper we describe new attacks on A5/1, which are based on subtle flaws in the tap structure of the registers, their noninvertible clocking mechanism, and their frequent resets. After a 248 parallelizable data preparation stage (which has to be carried out only once), the actual attacks can be carried out in real time on a single PC. The first attack requires the output of the A5/1 algorithm during the first two minutes of the conversation, and computes the key in about one second. The second attack requires the output of the A5/1 algorithm during about two seconds of the conversation, and computes the key in several minutes. The two attacks are related, but use different types of time-memory tradeoffs. The attacks were verified with actual implementations, except for the preprocessing stage which was extensively sampled rather than completely executed. REMARK: We based our attack on the version of the algorithm which was derived by reverse engineering an actual GSM telephone and published at http://www.scard.org. We would like to thank the GSM organization for graciously confirming to us the correctness of this unofficial description. In addition, we would like to stress that this paper considers the narrow issue of the cryptographic strength of A5/1, and not the broader issue of the practical security of fielded GSM systems, about which we make no claims.

508 citations

Book ChapterDOI
02 Dec 2012
TL;DR: In this paper, a block cipher called PRINCE is proposed that allows encryption of data within one clock cycle with a very competitive chip area compared to known solutions. But it does not have the α-reflection property, which holds that decryption for one key corresponds to encryption with another key.
Abstract: This paper presents a block cipher that is optimized with respect to latency when implemented in hardware. Such ciphers are desirable for many future pervasive applications with real-time security needs. Our cipher, named PRINCE, allows encryption of data within one clock cycle with a very competitive chip area compared to known solutions. The fully unrolled fashion in which such algorithms need to be implemented calls for innovative design choices. The number of rounds must be moderate and rounds must have short delays in hardware. At the same time, the traditional need that a cipher has to be iterative with very similar round functions disappears, an observation that increases the design space for the algorithm. An important further requirement is that realizing decryption and encryption results in minimum additional costs. PRINCE is designed in such a way that the overhead for decryption on top of encryption is negligible. More precisely for our cipher it holds that decryption for one key corresponds to encryption with a related key. This property we refer to as α-reflection is of independent interest and we prove its soundness against generic attacks.

507 citations


Network Information
Related Topics (5)
Cryptography
37.3K papers, 854.5K citations
95% related
Public-key cryptography
27.2K papers, 547.7K citations
95% related
Encryption
98.3K papers, 1.4M citations
92% related
Hash function
31.5K papers, 538.5K citations
92% related
Key (cryptography)
60.1K papers, 659.3K citations
89% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
2023227
2022503
2021244
2020368
2019388
2018379