Differential cryptanalysis

About: Differential cryptanalysis is a research topic. Over the lifetime, 2131 publications have been published within this topic receiving 54681 citations.

New Directions in Cryptanalysis of Self-Synchronizing Stream Ciphers

Abstract: In cryptology we commonly face the problem of finding an unknown key K from the output of an easily computable keyed function F (C , K ) where the attacker has the power to choose the public variable C . In this work we focus on self-synchronizing stream ciphers. First we show how to model these primitives in the above-mentioned general problem by relating appropriate functions F to the underlying ciphers. Then we apply the recently proposed framework presented at AfricaCrypt'08 by Fischer et. al. for dealing with this kind of problems to the proposed T-function based self-synchronizing stream cipher by Klimov and Shamir at FSE'05 and show how to deduce some non-trivial information about the key. We also open a new window for answering a crucial question raised by Fischer et. al. regarding the problem of finding weak IV bits which is essential for their attack.

Improved Top-Down Techniques in Differential Cryptanalysis

Abstract: The fundamental problem of differential cryptanalysis is to find the highest entries in the Difference Distribution Table DDT of a given mapping F over n-bit values, and in particular to find the highest diagonal entries which correspond to the best iterative characteristics of F. The standard bottom-up approach to this problem is to consider all the internal components of the mapping along some differential characteristic, and to multiply their transition probabilities. However, this can provide seriously distorted estimates since the various events can be dependent, and there can be a huge number of low probability characteristics contributing to the same high probability entry. In this paper we use a top-down approach which considers the given mapping as a black box, and uses only its input/output relations in order to obtain direct experimental estimates for its DDT entries which are likely to be much more accurate. In particular, we describe three new techniques which reduce the time complexity of three crucial aspects of this problem: Finding the exact values of all the diagonal entries in the DDT for small values of n, approximating all the diagonal entries which correspond to low Hamming weight differences for large values of n, and finding an accurate approximation for any DDT entry whose large value is obtained from many small contributions. To demonstrate the potential contribution of our new techniques, we apply them to the SIMON family of block ciphers, show experimentally that most of the previously published bottom-up estimates of the probabilities of various differentials are off by a significant factor, and describe new differential properties which can cover more rounds with roughly the same probability for several of its members.

Provable security for an RC6-like structure and a MISTY-FO-like structure against differential cryptanalysis

Abstract: In this paper we introduce two new block cipher structures, named RC6-like structure and MISTY-FO-like structure, and show that these structures are provably resistant against differential attack. The main results of this paper are that the 5-round differential probabilities of these structures are upperbounded by p4+2p5 and p4, respectively, if the maximum differential probability of a round function is p. We also discuss a provable security for the RC6-like structure against LC. Our results are attained under the assumption that all of components in our proposed structures are bijective.

Automated Cryptanalysis of Transposition Ciphers Using Cuckoo Search Algorithm

Abstract: An approach of information security is Cryptography.Cryptanalysis is the science study to break cryptography without the encryption key. The present paper shows the benefits of the implementation of a novel genetic algorithm, the "Cuckoo Search" Algorithm (CSA) with new fitness function for the cryptanalysis of transposition cipher. The fitness function is evaluated based on the most common bigrams and trigrams. Results show that the algorithm proposed in this paper is effective for cryptanalysis of transposition cipher with long key lengths up to 30 due to its strong reliability and fast convergence speed.

Advanced Differential Cryptanalysis of Reduced-Round SIMON64/128 Using Large-Round Statistical Distinguishers

Abstract: Lightweight cryptography is a rapidly evolving area of research and it has great impact especially on the new computing environment called the Internet of Things (IoT) or the Smart Object networks (Holler et al., 2014), where lots of constrained devices are connected on the Internet and exchange information on a daily basis. Every year there are many new submissions of cryptographic primitives which are optimized towards both software and hardware implementation so that they can operate in devices which have limited resources of hardware and are subject to both power and energy consumption constraints. In 2013, two families of ultra-lightweight block ciphers were proposed, SIMON and SPECK, which come in a variety of block and key sizes and were designed to be optimized in hardware and software implementation respectively (Beaulieu et al., 2013). In this paper, we study the security of the 64-bit SIMON with 128-bit key against advanced forms of differential cryptanalysis using truncated differentials (Knudsen, 1995; Courtois et al., 2014a). We follow similar method as the one proposed in SECRYPT 2013 (Courtois and Mourouzis, 2013) in order to heuristically discover sets of differences that propagate with sufficiently good probability and allow us to combine them efficiently in order to construct large-round statistical distinguishers. We present a 22-round distinguisher which we use it in a depth-first key search approach to develop an attack against 24 and 26 rounds with complexity 2^{124.5} and 2^{126} SIMON encryptions respectively. Our methodology provides a framework for extending distinguishers to attacks to a larger number of rounds assuming truncated differential properties of relatively high probability were discovered.