Differential cryptanalysis

About: Differential cryptanalysis is a research topic. Over the lifetime, 2131 publications have been published within this topic receiving 54681 citations.

Cryptanalysis of the CFB Mode of the DES with a Reduced Number of Rounds

Abstract: Three attacks on the DES with a reduced number of rounds in the Cipher Feedback Mode (CFB) are studied, namely a meet in the middle attack, a differential attack, and a linear attack. These attacks are based on the same principles as the corresponding attacks on the ECB mode, They are compared to the three basic attacks on the CFB mode. In 8-bit CFB and with 8 rounds in stead of 16, a differential attack with 239.4 chosen ciphertexts can find 3 key bits, and a linear attack with 231 known plaintexts can find 7 key bits. This suggests that it is not safe to reduce the number of rounds in order to improve the performance. Moreover, it is shown that the final permutation has some cryptographic significance in the CFB mode.

Differential Cryptanalysis of GOST.

Abstract: GOST 28147-89 is a well-known block cipher and the official encryption standard of the Russian Federation. A 256-bit block cipher considered as an alternative for AES-256 and triple DES, having an amazingly low implementation cost and thus increasingly popular and used [22, 23, 30, 24, 41]. Until 2010 researchers unanimously agreed that: “despite considerable cryptanalytic efforts spent in the past 20 years, GOST is still not broken”, see [30] and in 2010 it was submitted to ISO 18033 to become a worldwide industrial encryption standard. In 2011 it was suddenly discovered that GOST is insecure on more than one account. There is an amazing variety of recent attacks on GOST [8, 15]. We have reflection attacks [26, 15], attacks with double reflection [15], and various attacks which does not use reflections [15, 8]. All these methods follow a certain general framework called “Algebraic Complexity Reduction”, a new general “umbrella” paradigm introduced in [15, 8]. The final key recovery step is in most cases a software algebraic attack [15, 8] and sometimes a Meet-In-The-Middle attack [26, 15]. In this paper we show that GOST is NOT SECURE even against (advanced forms of) differential cryptanalysis (DC), Previously Russian researchers postulated that GOST will be secure against DC for as few as 7 rounds out of 32 [18, 38] and Japanese researchers were already able to break about 13 rounds [37]. In this paper we show a first advanced differential attack faster than brute force on full 32round GOST. This paper is just a sketch and a proof of concept. More results of this kind will be published soon.

Trade-Off Between Security and Performance in Block Ciphered Systems With Erroneous Ciphertexts

Abstract: It has long been held that errors in received noisy ciphertexts should be eliminated using as many as possible powerful error correcting codes in order to reduce the avalanche effect on legitimate users' performance in block ciphered systems. However, the negative effect of erroneous ciphertexts on cryptanalysis by an eavesdropper has not been well understood, nor the possible measurable trade-off between security enhancement and performance degradation under noisy ciphertexts. To address these questions, we have launched a case study in this paper using Data Encryption Standard (DES)-based block ciphers operating in cipher feedback (CFB) mode to show quantitatively the pros and cons of exploiting voluntarily or nonvoluntarily introduced binary errors in ciphertexts of block ciphered systems using our proposed comparison metrics. A serially concatenated scheme with both outer and inner encoder-encipher pairs is proposed which allows us to quantitatively reveal the sacrifice made by legitimate users in its postdecryption capacity, as well as the security improvement factor (SIF) which reflects the additionally required plaintext-ciphertext pairs for eavesdropper's known plaintext attack, in the presence of noise in ciphertexts. Simulation results demonstrate the accuracy of derived approximations of the postdecryption performance for the legitimate receiver.

ANU: an ultra lightweight cipher design for security in IoT

Abstract: This paper proposes an ultra lightweight cipher ANU. ANU is a balanced Feistel-based network. ANU supports 64 bit plaintext and 128/80 bit key length, and it has total 25 rounds. It needs only 1015 gate equivalents for 128 bit key length that is less as compared with all existing lightweight ciphers. Its memory size is minimal, and power consumption is very less. It needs only 22 mW of dynamic power, while PRESENT cipher consumes 39 mW of power. This paper furnishes the complete security analysis of the ANU cipher design. Our security analysis shows that ANU can attain ample security level against linear and differential cryptanalysis, biclique attack, zero-correlation attack, and algebraic attack. Biclique cryptanalysis provides maximal data complexity of 264. ANU cipher not only needs less gate equivalents but also it consumes very less power and has less memory requirement. ANU cipher is best suited for applications like Internet of Things. The design of ANU cipher will have a positive impact in the field of lightweight cryptography. Copyright © 2016 John Wiley & Sons, Ltd.

Improved Rectangle Attacks on SKINNY and CRAFT

Abstract: The boomerang and rectangle attacks are adaptions of differential cryptanalysis that regard the target cipher E as a composition of two sub-ciphers, i.e., E = E1 ∘ E0, to construct a distinguisher for E with probability p2q2 by concatenating two short differential trails for E0 and E1 with probability p and q respectively. According to the previous research, the dependency between these two differential characteristics has a great impact on the probability of boomerang and rectangle distinguishers. Dunkelman et al. proposed the sandwich attack to formalise such dependency that regards E as three parts, i.e., E = E1 ∘ Em ∘ E0, where Em contains the dependency between two differential trails, satisfying some differential propagation with probability r. Accordingly, the entire probability is p2q2r. Recently, Song et al. have proposed a general framework to identify the actual boundaries of Em and systematically evaluate the probability of Em with any number of rounds, and applied their method to accurately evaluate the probabilities of the best SKINNY’s boomerang distinguishers. In this paper, using a more advanced method to search for boomerang distinguishers, we show that the best previous boomerang distinguishers for SKINNY can be significantly improved in terms of probability and number of rounds. More precisely, we propose related-tweakey boomerang distinguishers for up to 19, 21, 23, and 25 rounds of SKINNY-64-128, SKINNY-128-256, SKINNY-64-192 and SKINNY-128-384 respectively, which improve the previous boomerang distinguishers of these variants of SKINNY by 1, 2, 1, and 1 round respectively. Based on the improved boomerang distinguishers for SKINNY, we provide related-tweakey rectangle attacks on 23 rounds of SKINNY-64-128, 24 rounds of SKINNY-128-256, 29 rounds of SKINNY-64-192, and 30 rounds of SKINNY-128-384. It is worth noting that our improved related-tweakey rectangle attacks on SKINNY-64-192, SKINNY-128-256 and SKINNY-128-384 can be directly applied for the same number of rounds of ForkSkinny-64-192, ForkSkinny-128-256 and ForkSkinny-128-384 respectively. CRAFT is another SKINNY-like tweakable block cipher for which we provide the security analysis against rectangle attack for the first time. As a result, we provide a 14-round boomerang distinguisher for CRAFT in the single-tweak model based on which we propose a single-tweak rectangle attack on 18 rounds of this cipher. Moreover, following the previous research regarding the evaluation of switching in multiple rounds of boomerang distinguishers, we also introduce new tools called Double Boomerang Connectivity Table (DBCT), LBCT⫤, and UBCT⊨ to evaluate the boomerang switch through the multiple rounds more accurately.