Topic
Differential cryptanalysis
About: Differential cryptanalysis is a research topic. Over the lifetime, 2131 publications have been published within this topic receiving 54681 citations.
Papers published on a yearly basis
Papers
More filters
13 Sep 2004
TL;DR: It is shown by experiments that ciphers with complex key schedules resist both attacks better than ciphern with more straightforward key schedules and there exist cipher for which the differential of the highest probability for one fixed key is also the differential for any other key.
Abstract: This paper considers iterated ciphers and their resistance against linear and differential cryptanalysis. In the theory of these attacks one assumes independence of the round keys in the ciphers. Very often though, the round keys are computed in a key schedule algorithm from a short key in a nonrandom fashion. In this paper it is shown by experiments that ciphers with complex key schedules resist both attacks better than ciphers with more straightforward key schedules. It is well-known that by assuming independent round keys the probabilities of differentials and linear hulls can be modeled by Markov chains and that for most such ciphers the distribution of the probabilities of these converge to the uniform distribution after some number of rounds. The presented experiments illustrate that some iterated ciphers with very simple key schedules will never reach this uniform distribution. Also the experiments show that ciphers with well-designed, complex key schedules reach the uniform distribution faster (using fewer rounds) than ciphers with poorly designed key schedules. As a side result it was found that there exist ciphers for which the differential of the highest probability for one fixed key is also the differential of the highest probability for any other key. It is believed that this is the first such example provided in the literature.
15 citations
21 Aug 1994
TL;DR: It has been confirmed that the entire subkeys used in FEAL-8 can be derived with 225 pairs of known plaintexts and ciphertexts with a success rate approximately 70% spending about 1 hour using a WS.
Abstract: This paper discusses the security of the Fast Data Encipherment Algorithm (FEAL) against Linear Cryptanalysis. It has been confirmed that the entire subkeys used in FEAL-8 can be derived with 225 pairs of known plaintexts and ciphertexts with a success rate approximately 70% spending about 1 hour using a WS (SPARCstation 10 Model 30). This paper also evaluates the security of FEAL-N in comparison with that of the Data Encryption Standard (DES).
15 citations
08 Dec 2003
TL;DR: A simple way of creating new and efficient distinguishers for cryptographic primitives such as block ciphers or hash functions is introduced and is successfully applied over reduced round versions of the block cipher TEA, which is proven to be weak with less than five rounds.
Abstract: A simple way of creating new and efficient distinguishers for cryptographic primitives such as block ciphers or hash functions is introduced. This technique is then successfully applied over reduced round versions of the block cipher TEA, which is proven to be weak with less than five rounds.
15 citations
14 Dec 2008
TL;DR: In this article, the authors proposed modified-HCBC (MHCBC) and modified-CBC (MCBC), which are secure against chosen plaintext adversary and chosen ciphertext adversary, respectively.
Abstract: Online ciphers are those ciphers whose ciphertexts can be computed in real time by using a length-preserving encryption algorithm. HCBC1 and HCBC2 are two known examples of Hash Cipher Block Chaining online ciphers. The first construction is secure against chosen plaintext adversary (or called CPA-secure) whereas the latter is secure against chosen ciphertext adversary (or called CCA-secure). In this paper, we have provided simple security analysis of these online ciphers. We have also proposed two new more efficient chosen ciphertext secure online ciphers modified-HCBC (MHCBC) and modified-CBC (MCBC). If one uses a finite field multiplication based universal hash function, the former needs one less key and one less field multiplication compared to HCBC2. The MCBC does not need any universal hash function and it needs only one blockcipher key unlike the other three online ciphers where two independent keys (hash function and blockcipher) are required.
15 citations
11 Mar 2013
TL;DR: In this paper, related-key differential distinguishers based on the complementation property of Feistel ciphers are proposed, and the authors show that with relaxed requirements on the complementmentation, i.e. the property does not have to hold for all keys and the complements does not need to be on all bits, one can obtain a variety of distinguishers.
Abstract: In this paper, we propose related-key differential distinguishers based on the complementation property of Feistel ciphers. We show that with relaxed requirements on the complementation, i.e. the property does not have to hold for all keys and the complementation does not have to be on all bits, one can obtain a variety of distinguishers. We formulate criteria sufficient for attacks based on the complementation property. To stress the importance of our findings we provide analysis of the full-round primitives:
For the hash mode of Camellia-128 without \(FL,FL^{-1}\) layers, differential multicollisions with \(2^{112}\) time.
For GOST, practical recovery of the full key with 31 related keys and \(2^{38}\) time/data.
15 citations