Differential cryptanalysis

About: Differential cryptanalysis is a research topic. Over the lifetime, 2131 publications have been published within this topic receiving 54681 citations.

Algebraic cryptanalysis of curry and flurry using correlated messages

Abstract: In this paper, we present an algebraic attack against the Flurry and Curry block ciphers [12,13]. Usually, algebraic attacks against block ciphers only require one message/ciphertext pair to be mounted. In this paper, we investigate a different approach. Roughly, the idea is to generate an algebraic system from the knowledge of several well chosen correlated message/ciphertext pairs. Flurry and Curry are two families of ciphers which fully parametrizable and having a sound design strategy against the most common statistical attacks; i.e. linear and differential attacks. These ciphers are then targets of choices for algebraic attacks. It turns out that our new approach permits to go one step further in the (algebraic) cryptanalysis of difficult instances of Flurry and Curry. To explain the behavior of our attack, we have established an interesting connection between algebraic attacks and high order differential cryptanalysis [32]. From extensive experiments, we estimate that our approach - that we will call "algebraic-high order differential" cryptanalysis - is polynomial when the Sbox is a power function. As a proof of concept, we have been able to break Flurry/Curry - up to 8 rounds - in few hours. We have also investigated the more difficult (and interesting case) of the inverse function. For such function, we have not been able to bound precisely the theoretical complexity, but our experiments indicate that our approach permits to obtain a significant practical gain. We have attacked Flurry/Curry using the inverse Sbox up to 8 rounds.

Advances in cryptology -- ASIACRYPT 2010 : 16th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 5-9, 2010 : proceedings

Abstract: Hash Attacks.- Rotational Rebound Attacks on Reduced Skein.- Finding Second Preimages of Short Messages for Hamsi-256.- Non-full-active Super-Sbox Analysis: Applications to ECHO and Grostl.- Advanced Meet-in-the-Middle Preimage Attacks: First Results on Full Tiger, and Improved Results on MD4 and SHA-2.- Collision Attacks against the Knudsen-Preneel Compression Functions.- Symmetric-Key Cryptosystems.- Improved Generic Attacks on Unbalanced Feistel Schemes with Expanding Functions.- The World Is Not Enough: Another Look on Second-Order DPA.- Block and Stream Ciphers.- Conditional Differential Cryptanalysis of NLFSR-Based Cryptosystems.- A Byte-Based Guess and Determine Attack on SOSEMANUK.- Improved Single-Key Attacks on 8-Round AES-192 and AES-256.- Protocols.- Constant-Size Commitments to Polynomials and Their Applications.- Computationally Secure Pattern Matching in the Presence of Malicious Adversaries.- Linear-Complexity Private Set Intersection Protocols Secure in Malicious Model.- Key Exchange.- Generic Compilers for Authenticated Key Exchange.- A Forward-Secure Symmetric-Key Derivation Protocol.- Foundation.- Efficient String-Commitment from Weak Bit-Commitment.- On the Static Diffie-Hellman Problem on Elliptic Curves over Extension Fields.- Random Oracles with(out) Programmability.- Zero-Knowledge.- Short Pairing-Based Non-interactive Zero-Knowledge Arguments.- Short Non-interactive Zero-Knowledge Proofs.- Optimistic Concurrent Zero Knowledge.- Lattice-Based Cryptography.- Faster Fully Homomorphic Encryption.- A Group Signature Scheme from Lattice Assumptions.- Lattice-Based Blind Signatures.- Secure Communication and Computation.- The Round Complexity of Verifiable Secret Sharing: The Statistical Case.- General Perfectly Secure Message Transmission Using Linear Codes.- On Invertible Sampling and Adaptive Security.- Multiparty Computation for Modulo Reduction without Bit-Decomposition and a Generalization to Bit-Decomposition.- Models, Notions, and Assumptions.- A Closer Look at Anonymity and Robustness in Encryption Schemes.- Limitations on Transformations from Composite-Order to Prime-Order Groups: The Case of Round-Optimal Blind Signatures.- The Semi-Generic Group Model and Applications to Pairing-Based Cryptography.- Public-Key Encryption.- The Degree of Regularity of HFE Systems.- Structured Encryption and Controlled Disclosure.- Leakage Resilient ElGamal Encryption.- Efficient Public-Key Cryptography in the Presence of Key Leakage.

Secrecy and Performance Analysis of Symmetric Key Encryption Algorithms

Abstract: There can be two vital criteria of selecting an algorithm to fulfil one’s encryption requirement. The security level of the cipher (secrecy) and the encryption time (performance). There is less focus on secrecy of ciphers as a security measurement, thus in this research, Shannon’s theories on secrecy of ciphers are used in-order to calculate the average secrecy of each cipher. Depending on the secrecy level and performance of the algorithm, suitable algorithm for encryption can be selected. This paper presents an analysis of some of the widely used symmetric key algorithms which fall under the categories of block and stream ciphers together with the two combined algorithms. [DES, TripleDES, AES, RC2, RC4, Hybrid1 (TripleDES+RC4) and Hybrid2 (AES+RC4) are used]. Analysis is done based on two measurement criteria under two circumstances which is described later in this paper. All the algorithms are implemented in Java using classes available in JAVA package javax.crypto. Separate classes are written to calculate the secrecy of ciphers and the encryption time. Performances of all stream ciphers are higher than that of block ciphers and the combined algorithms have similar performance level to block ciphers. Secrecy level of block ciphers are comparatively higher than that of stream ciphers but there are drastic changes as the data size increases. Hybrid ones have more stable secrecy level.

Analysis of lightweight stream ciphers

Abstract: Stream ciphers are fast cryptographic primitives to provide confidentiality of electronically transmitted data. They can be very suitable in environments with restricted resources, such as mobile devices or embedded systems. Practical examples are cell phones, RFID transponders, smart cards or devices in sensor networks. Besides efficiency, security is the most important property of a stream cipher. In this thesis, we address cryptanalysis of modern lightweight stream ciphers. We derive and improve cryptanalytic methods for different building blocks and present dedicated attacks on specific proposals, including some eSTREAM candidates. As a result, we elaborate on the design criteria for the development of secure and efficient stream ciphers. The best-known building block is the linear feedback shift register (LFSR), which can be combined with a nonlinear Boolean output function. A powerful type of attacks against LFSR-based stream ciphers are the recent algebraic attacks, these exploit the specific structure by deriving low degree equations for recovering the secret key. We efficiently determine the immunity of existing and newly constructed Boolean functions against fast algebraic attacks. The concept of algebraic immunity is then generalized by investigating the augmented function of the stream cipher. As an application of this framework, we improve the cryptanalysis of a well-known stream cipher with irregularly clocked LFSR's. Algebraic attacks can be avoided by substituting the LFSR with a suitable nonlinear driving device, such as a feedback shift register with carry (FCSR) or the recently proposed class of T-functions. We investigate both replacement schemes in view of their security, and devise different practical attacks (including linear attacks) on a number of specific proposals based on T-functions. Another efficient method to amplify the nonlinear behavior is to use a round-based filter function, where each round consists of simple nonlinear operations. We use differential methods to break a reduced-round version of eSTREAM candidate Salsa20. Similar methods can be used to break a related compression function with a reduced number of rounds. Finally, we investigate the algebraic structure of the initialization function of stream ciphers and provide a framework for key recovery attacks. As an application, a key recovery attack on simplified versions of eSTREAM candidates Trivium and Grain-128 is given.

Differential Cryptanalysis and Linear Distinguisher of Full-Round Zorro

Abstract: Zorro is an AES-like lightweight block cipher proposed in CHES 2013, which only uses 4 S-boxes per round. The designers showed the resistance of the cipher against various attacks and concluded the cipher has a large security margin. Recently, Guo et. al [1] have given a key recovery attack on full-round Zorro by using the internal differential characteristics. However, the attack only works for 264 out of 2128 keys. In this paper, the secret key selected randomly from the whole key space can be recovered much faster than the brute-force attack. We first observe that the fourth power of the MDS matrix used in Zorro(or AES) equals to the identity matrix. Moveover, several iterated differential characteristics and iterated linear trails are found due to the interesting property. We select three characteristics with the largest probability to give the key recovery attack on Zorro and a linear trail with the largest correlation to show a linear distinguishing attack with 2105.3 known plaintexts. The results show that the security of Zorro against linear and differential cryptanalysis evaluated by designers is insufficient and the security margin of Zorro is not enough.