Topic
Differential cryptanalysis
About: Differential cryptanalysis is a research topic. Over the lifetime, 2131 publications have been published within this topic receiving 54681 citations.
Papers published on a yearly basis
Papers
More filters
Journal Article•
TL;DR: In this paper, the authors proved that the five-round MISTY type structure is super-pseudorandom and also characterized its round security, and they showed that the four-round Feistel structure is also super pseudorandom if each round function is a random function.
Abstract: The security of an iterated block cipher heavily depends on its structure as well as each round function. Matsui showed that MISTY type structure is faster and more robust than Feistel structure on linear cryptanalysis and differential cryptanalysis. On the other hand, Luby and Rackoff proved that the four round Feistel structure is super-pseudorandom if each round function f i is a random function. This paper proves that the five round MISTY type structure is super-pseudorandom. We also characterize its round security.
20 citations
TL;DR: The experimental result proves that Skinny-64/192 is safe on 11-round differential analysis and validates the effectiveness of the MILP method.
Abstract: With the widespread use of RFID technology and the rapid development of Internet of Things, the research of lightweight block cipher has become one of the hot issues in cryptography research. In recent years, lightweight block ciphers have emerged and are widely used, and their security is also crucial. Skinny-64/192 can be used to protect data security such as the applications of wireless multimedia and wireless sensor networks. In this paper, we use the new method to verify the security of Skinny-64/192. The method is called mixed-integer linear programming (MILP) which can characterize precisely the linear operation and nonlinear operation in a round function. By applying MILP program, we can automatically find a 11-round differential characteristic for Skinny-64/192 with the minimum number of active s-boxes. The probability of differential trail is , that is, far greater than which is the probability of success for an exhaustive search. In addition, comparing this method with the one proposed by Sun et al., we also have a great improvement; that is, no new variables will be added in ShiftRows operation. It can reduce greatly the number of variables and improve the running speed of the computer. Besides, the experimental result proves that Skinny-64/192 is safe on 11-round differential analysis and validates the effectiveness of the MILP method.
20 citations
TL;DR: This work explores the relation between the discrete Lyapunov exponent and the maximum differential probability of a bijective mapping (i.e., an S-box or the mapping defined by a block cipher) and shows that "good" encryption transformations have discrete LyAPunov exponents close to the discrete Lyons exponent of a mapping that has a perfect nonlinearity.
Abstract: Partly motivated by the developments in chaos-based block cipher design, a definition of the discrete Lyapunov exponent for an arbitrary permutation of a finite lattice was recently proposed. We explore the relation between the discrete Lyapunov exponent and the maximum differential probability of a bijective mapping (i.e., an S-box or the mapping defined by a block cipher). Our analysis shows that "good" encryption transformations have discrete Lyapunov exponents close to the discrete Lyapunov exponent of a mapping that has a perfect nonlinearity. The converse does not hold.
20 citations
07 Jul 2014
TL;DR: Knellwolf’s attacks on Grain v1 are revisited and a theoretical framework is provided that will serve to prove the correctness of these attacks is provided.
Abstract: As far as the Differential Cryptanalysis of reduced round Grain v1 is concerned, the best results were those published by Knellwolf et al. in Asiacrypt 2011. In an extended version of the paper, it was shown that it was possible to retrieve (i) 5 expressions in the Secret Key bits for a variant of Grain v1 that employs 97 rounds (in place of 160) in its Key Scheduling process using 227 chosen IVs and (ii) 1 expression in Secret Key bits for a variant that employs 104 rounds in its Key Scheduling using 235 chosen IVs. The authors had arrived at the values of these Secret Key expressions by observing certain biases in the keystream bits generated by the chosen IVs. These biases were observed purely experimentally and no theoretical justification was provided for the same. In this paper, we will revisit Knellwolf’s attacks on Grain v1 and try to provide a theoretical framework that will serve to prove the correctness of these attacks. We will also look at open problems which may possibly pave way for further research on Differential Cryptanalysis of Grain v1.
20 citations
TL;DR: It is reported that some diffusion mechanisms based on modulo addition/multiplication and Exclusive OR are not resistant to plaintext attacks as claimed.
Abstract: As a variant of the substitution–permutation network, the permutation–diffusion structure has received extensive attention in the field of chaotic cryptography over the last three decades. Because of the high implementation speed and nonlinearity over GF(2), the Galois field of two elements, mixing modulo addition/multiplication and Exclusive OR becomes very popular in various designs to achieve the desired diffusion effect. This paper reports that some diffusion mechanisms based on modulo addition/multiplication and Exclusive OR are not resistant to plaintext attacks as claimed. By cracking several recently proposed chaotic ciphers as examples, it is demonstrated that a good understanding of the strength and weakness of these crypto-primitives is crucial for designing more practical chaotic encryption algorithms in the future.
20 citations