Differential cryptanalysis

About: Differential cryptanalysis is a research topic. Over the lifetime, 2131 publications have been published within this topic receiving 54681 citations.

The Exchange Attack: How to Distinguish Six Rounds of AES with \(2^{88.2}\)Chosen Plaintexts

Abstract: In this paper we present exchange-equivalence attacks which is a new cryptanalytic attack technique suitable for SPN-like block cipher designs. Our new technique results in the first secret-key chosen plaintext distinguisher for 6-round AES. The complexity of the distinguisher is about \(2^{88.2}\) in terms of data, memory and computational complexity. The distinguishing attack for AES reduced to six rounds is a straight-forward extension of an exchange attack for 5-round AES that requires \(2^{30}\) in terms of chosen plaintexts and computation. This is also a new record for AES reduced to five rounds. The main result of this paper is that AES up to at least six rounds is biased when restricted to exchange-invariant sets of plaintexts.

Symmetric random function generator (SRFG): A novel cryptographic primitive for designing fast and robust algorithms

Abstract: Cryptanalysis analyses various combinations among plaintexts, ciphertexts and random keys; even using differential methods or analog methods, the attackers can interpret the keys depending upon the operations in the round functions or any subset of the algorithm The previous research emphasizes on creation of different cryptographic functions, however the randomness of such functions has not been researched significantly so far In this paper, we have shown a random function generator which can be used for any cryptographic algorithm This generator outputs the combination of functions in random and cannot be traced back due its randomness The objective of our research work is not to identify a particular boolean function that is balanced or symmetric based on its input variables, our proposed work provides a random combination of generic boolean functions as used in MD5 or SHA series, block cipher round functions and stream ciphers Moreover, the random selection of input variables for a particular function also makes it desirable for cryptographic function modules The results of our experimentation show that the functions generated by the proposed generator provide a good non-linearity, resiliency and balanced effect

On P-Ary Bent Functions Defined on Finite Fields

Abstract: It is known that a bent function corresponds to a perfect nonlinear function, which makes it difficult to do the differential cryptanalysis in DES and in many other block ciphers. In this paper, for an odd prime p, quadratic p-ary bent functions defined on finite fields are given from the families of p-ary sequences with optimal correlation property. And quadratic p-ary bent functions, that is, perfect nonlinear functions from the finite field Fp m to its prime field F p are constructed by using the trace functions.

Extended BDD-based cryptanalysis of keystream generators

Abstract: The main application of stream ciphers is online-encryption of arbitrarily long data. Many practically used and intensively discussed stream ciphers consist of a small number of linear feedback shift registers (LFSRs) and a compression function that transforms the bitstreams produced by the LFSRs into the output keystream. In 2002, Krause proposed a Binary Decision Diagram (BDD) based attack on this type of ciphers, which ranges among the best generic short-keystream attacks on practically used ciphers such as the A5/1 generator used in GSM and the E0 generator from the Bluetooth standard. In this paper we show how to extend the BDD-technique to nonlinear feedback shift registers (NFSRs), feedback shift registers with carry (FCSRs), and arbitrary compression functions. We apply our findings to the eSTREAM focus ciphers TRIVIUM, Grain and F-FCSR. In the case of Grain, we obtain the first nontrivial cryptanalytic result besides generic time-memory-data tradeoffs.

Backdoor attacks on black-box ciphers exploiting low-entropy plaintexts

Abstract: There has been much recent research in designing symmetric ciphers with backdoors that have either public designs or black-box designs. Current Digital Rights Management needs have resurrected the use of hidden ciphers (which were traditionally suggested by the government as black-box designs) in the form of obfuscated "white-box" algorithms. A recent backdoor proposal is the Monkey cipher which is intended to have a secret design and that can be implemented using any deterministic trapdoor one-way function. Monkey leaks information about its user's key to the designer. The primary drawback of Monkey is that it requires the designer (attacker) to obtain a sufficient number of ciphertexts all under the same symmetric key, such that each contains one known plaintext bit. In this paper a new design is proposed that eliminates the need for known plaintext entirely. Also, whereas Monkey reveals one plaintext bit of each ciphertext to the reverse-engineer (i.e., an entity that tries to learn the black-box device), our solution only leaks a bound on the message entropy to the reverse-engineer, while requiring that the designer obtain a sufficient number of ciphertexts that encrypt messages with a requisite level of redundancy. The information leakage method we use employs "data compression" as a basic tool for generating a hidden information channel. This highlights the need to only encrypt compressed strings when a block cipher with a secret design must be used.