Differential cryptanalysis

About: Differential cryptanalysis is a research topic. Over the lifetime, 2131 publications have been published within this topic receiving 54681 citations.

New Conditional Differential Cryptanalysis for NLFSR-based Stream Ciphers and Application to Grain v1

Abstract: Grain v1 is an NLFSR-based stream cipher designed by Hell, Johansson, and Meier in 2005. This algorithm was selected in the eSTREAM hardware profile. At Asiacrypt 2010, Knellwolf, Meier, and Naya-Plasencia showed a conditional differential cryptanalysis and applied it to Grain v1. They showed distinguishing and key-recovery attacks on Grain v1 with 104 rounds by using 235 chosen IVs. Sarkar then extended the distinguisher up to 106 rounds. Knellwolf et al. also showed a conditional differential cryptanalysis for the related-key setting, where they analyzed both forward and inverse key initializations. Since differences quickly spread to the whole of the state, this technique works in the related-key setting because the key is loaded directly into the state in the NLFSR-based stream ciphers. In this paper, we propose a new method to find conditional differential characteristics on NLFSR-based stream ciphers. Our method is similar to the previous one on the related-key setting, but we look for conditional differential characteristics so as to prevent differences from spreading to the key. Therefore, we can efficiently find characteristics without the related-key setting. On the other hand, since the found characteristic has many conditions, it generally works in the weak-key setting. We apply our technique to Grain v1. We show the conditional differential distinguisher on Grain v1 up to 114 rounds and have 240 weak keys. Our distinguisher can be executed in a practical time by using 232 chosen IVs. Moreover, we propose a key recovery attack. We distinguish the weak key from the randomly chosen key by using our distinguisher. After distinguishing the weak key, we obtain the 1-bit key from the condition on both key and IV.

Secret key specification for a variable-length cryptographic cellular automata model

Abstract: Reverse algorithm was previously evaluated as encryption method concluding that its simple adoption is unviable, since it does not assurance the pre-image existence. Variable-Length Encryption Method (VLE) was proposed where a alternative algorithm with extra bits is adopted when pre-image computation is not possible. If an adequate secret key is used with VLE it is expected that the final ciphertext length is close to plaintext size. Several CA static parameters were calculated for a set formed by all radius 2 right-toggle rules. A database was generated associating rules performance in VLE ciphering with its parameters. A genetic algorithm-based data mining was performed to discover an adequate key specification based on CA parameters. Using such specification, ciphertext length is short, encryption process returns high entropy and VLE has a good protection against differential cryptanalysis.

Improved zero-correlation and impossible differential cryptanalysis of reduced-round SIMECK block cipher

Abstract: SIMECK is a family of three lightweight block ciphers designed by Yang et al., following the framework used by Beaulieu et al. from the United States National Security Agency to design SIMON and SPECK. In this study, the authors employ an improved miss-in-the-middle approach to find zero correlation linear distinguishers and impossible differentials on SIMECK48 and SIMECK64. Based on this novel technique, they will be able to present zero-correlation linear approximations for 15-round SIMECK48 and 17-round SIMECK64 and these zero-correlation linear approximations improve the previous best result by two rounds for SIMECK48 and SIMECK64. Moreover, they attack 27-round SIMECK48 and 31-round SIMECK64 based on these zero-correlation linear distinguishers. In addition, due to the duality of zero-correlation and impossible differential, they search for the impossible differential characteristics for SIMECK48 and SIMECK64 so that they will be able to present 15-round SIMECK48 and 17-round SIMECK64 while the best previously known results were 13-round impossible differentials for SIMECK48 and 15-round impossible differentials for SIMECK64. Moreover, they propose impossible differential attacks on 22-round SIMECK48 and 24-round SIMECK64 based on these impossible differential characteristics. The results significantly improve the previous zero correlation attack and impossible differential characteristic results for these variants of SIMECK to the best of the authors’ knowledge.

Cryptanalysis of Block Ciphers via Improved Simulated Annealing Technique

Abstract: Cryptanalysis of ciphers has been successfully demonstrated through several techniques such as brute force attack, linear and differential cryptanalysis and heuristic optimisation methods. To demonstrate the power of heuristic optimisation techniques for attacks of modern-day ciphers, we present for the first time systematic experiments on heuristic-based attacks of modified versions of data encryption standard (DES) with 48 bits. A novel contribution of this work lies in combining the features of differential cryptanalysis and heuristic optimisation methods. This is possible by using differential cryptanalysis to obtain 42 bits of the key whereas the remaining missing 14 key bits are obtained through heuristic optimisation methods by a choice of suitable composite fitness function to capture this combined use of both these approaches. The studies reported in this paper will be useful for the attacks of other similar ciphers.