scispace - formally typeset
Search or ask a question
Topic

Cipher

About: Cipher is a research topic. Over the lifetime, 9409 publications have been published within this topic receiving 110309 citations. The topic is also known as: cypher & cryptographic algorithm.


Papers
More filters
Book ChapterDOI
08 Dec 2019
TL;DR: An algebraic cryptanalysis of Jarvis and Friday is described and it is shown that the proposed number of rounds is not sufficient to provide adequate security and that block cipher designs for “algebraic platforms” such as STARKs, FHE or MPC may be particularly vulnerable to algebraic attacks.
Abstract: The block cipher Jarvis and the hash function Friday, both members of the MARVELlous family of cryptographic primitives, are among the first proposed solutions to the problem of designing symmetric-key algorithms suitable for transparent, post-quantum secure zero-knowledge proof systems such as ZK-STARKs. In this paper we describe an algebraic cryptanalysis of Jarvis and Friday and show that the proposed number of rounds is not sufficient to provide adequate security. In Jarvis, the round function is obtained by combining a finite field inversion, a full-degree affine permutation polynomial and a key addition. Yet we show that even though the high degree of the affine polynomial may prevent some algebraic attacks (as claimed by the designers), the particular algebraic properties of the round function make both Jarvis and Friday vulnerable to Grobner basis attacks. We also consider MiMC, a block cipher similar in structure to Jarvis. However, this cipher proves to be resistant against our proposed attack strategy. Still, our successful cryptanalysis of Jarvis and Friday does illustrate that block cipher designs for “algebraic platforms” such as STARKs, FHE or MPC may be particularly vulnerable to algebraic attacks.

48 citations

Book ChapterDOI
16 Aug 2015
TL;DR: In this paper, a divide-and-conqueried evolved technique was proposed to exploit the non-linear influence of the key bits on the update function of a stream cipher.
Abstract: A new method for reducing the internal state size of stream cipher registers has been proposed in FSE 2015, allowing to reduce the area in hardware implementations. Along with it, an instantiated proposal of a cipher was also proposed: Sprout. In this paper, we analyze the security of Sprout, and we propose an attack that recovers the whole key more than \(2^{10}\) times faster than exhaustive search and has very low data complexity. The attack can be seen as a divide-and-conquer evolved technique, that exploits the non-linear influence of the key bits on the update function. We have implemented the attack on a toy version of Sprout, that conserves the main properties exploited in the attack. The attack completely matches the expected complexities predicted by our theoretical cryptanalysis, which proves its validity. We believe that our attack shows that a more careful analysis should be done in order to instantiate the proposed design method.

48 citations

Book ChapterDOI
04 Feb 2002
TL;DR: A new attack is presented - the Slicing Attack - on the 4-round version of the block cipher MISTY1, which makes use of the special structure and position of these key-dependent linear FL functions.
Abstract: The block cipher MISTY1 [9] proposed for the NESSIE project [11] is a Feistel network augmented with key-dependent linear FL functions. The proposal allows a variable number of rounds provided that it is a multiple of four.Here we present a new attack - the Slicing Attack - on the 4-round version, which makes use of the special structure and position of these key-dependent linear FL functions. While the FL functions were introduced to make attacks harder, they also present a subtle weakness in the 4-round version of the cipher.

48 citations

Journal Article
TL;DR: This paper applies a new compositional attack to the reduced version of the hash function Skein, a finalist of the SHA-3 competition, and formally proves that such a property cannot be found for an ideal cipher within the complexity limits of the attack.
Abstract: In this paper we combine two powerful methods of symmetric cryptanalysis: rotational cryptanalysis and the rebound attack. Rotational cryptanalysis was designed for the analysis of bit-oriented designs like ARX (Addition-Rotation-XOR) schemes. It has been applied to several hash functions and block ciphers, including the new standard SHA-3 (Keccak). The rebound attack is a start-from-the-middle approach for finding differential paths and conforming pairs in byte-oriented designs like Substitution-Permutation networks and AES. We apply our new compositional attack to the reduced version of the hash function Skein, a finalist of the SHA-3 competition. Our attack penetrates more than two thirds of the Skein core--the cipher Threefish, and made the designers to change the submission in order to prevent it. The rebound part of our attack has been significantly enhanced to deliver results on the largest number of rounds. We also use neutral bits and message modification methods from the practice of collision search in MD5 and SHA-1 hash functions. These methods push the rotational property through more rounds than previous analysis suggested, and eventually establish a distinguishing property for the reduced Threefish cipher. We formally prove that such a property cannot be found for an ideal cipher within the complexity limits of our attack. The complexity estimates are supported by extensive experiments.

47 citations

Book ChapterDOI
11 Aug 2005
TL;DR: In this paper, the power of conditional estimators was harnessed for correlation attacks on GSM's A5/1 stream ciphers, resulting in a correlation with a considerably higher bias.
Abstract: Irregularly-clocked linear feedback shift registers (LFSRs) are commonly used in stream ciphers. We propose to harness the power of conditional estimators for correlation attacks on these ciphers. Conditional estimators compensate for some of the obfuscating effects of the irregular clocking, resulting in a correlation with a considerably higher bias. On GSM's cipher A5/1, a factor two is gained in the correlation bias compared to previous correlation attacks. We mount an attack on A5/1 using conditional estimators and using three weaknesses that we observe in one of A5/1's LFSRs (known as R2). The weaknesses imply a new criterion that should be taken into account by cipher designers. Given 1500–2000 known-frames (about 4.9–9.2 conversation seconds of known keystream), our attack completes within a few tens of seconds to a few minutes on a PC, with a success rate of about 91%. To complete our attack, we present a source of known-keystream in GSM that can provide the keystream for our attack given 3–4 minutes of GSM ciphertext, transforming our attack to a ciphertext-only attack.

47 citations


Network Information
Related Topics (5)
Cryptography
37.3K papers, 854.5K citations
90% related
Encryption
98.3K papers, 1.4M citations
89% related
Authentication
74.7K papers, 867.1K citations
85% related
Public-key cryptography
27.2K papers, 547.7K citations
85% related
Key (cryptography)
60.1K papers, 659.3K citations
83% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
2023155
2022309
2021343
2020415
2019509
2018487