Differential cryptanalysis

About: Differential cryptanalysis is a research topic. Over the lifetime, 2131 publications have been published within this topic receiving 54681 citations.

New approaches to the design of self-synchronizing stream ciphers

Abstract: Self-synchronizing stream ciphers (SSSC) are a commonly used encryption technique for channels with low bit error rate but for which bit synchronization can present a problem. Most presently used such ciphers are based on a block cipher (e.g. DES) in 1-bit cipher feedback mode. In this paper, several alternative design approaches for SSSCs are proposed that are superior to the design based on a block cipher with respect to encryption speed and potentially also with respect to security. A method for combining several SSSCs is presented that allows to prove that the combined SSSC is at least as secure as any of the component ciphers. The problem of designing SSSCs is contrasted with the problem of designing conventional synchronous additive stream ciphers and it is shown that different security criteria must be applied. Furthermore, an efficient algorithm is presented for finding a function of low degree that approximates a given Boolean function, if such an approximation exists. Its significance for the cryptographic security of SSSCs and its applications in coding theory are discussed.

Narrow-Bicliques: cryptanalysis of full IDEA

Abstract: We apply and extend the recently introduced biclique framework to IDEA and for the first time describe an approach to noticeably speed-up key-recovery for the full 8.5 round IDEA. We also show that the biclique approach to block cipher cryptanalysis not only obtains results on more rounds, but also improves time and data complexities over existing attacks. We consider the first 7.5 rounds of IDEA and demonstrate a variant of the approach that works with practical data complexity. The conceptual contribution is the narrow-bicliques technique: the recently introduced independent-biclique approach extended with ways to allow for a significantly reduced data complexity with everything else being equal. For this we use available degrees of freedom as known from hash cryptanalysis to narrow the relevant differential trails. Our cryptanalysis is of high computational complexity, and does not threaten the practical use of IDEA in any way, yet the techniques are practically verified to a large extent.

Linear (Hull) and Algebraic Cryptanalysis of the Block Cipher PRESENT

Abstract: The contributions of this paper include the first linear hull and a revisit of the algebraic cryptanalysis of reduced-round variants of the block cipher PRESENT, under known-plaintext and ciphertext-only settings. We introduce a pure algebraic cryptanalysis of 5-round PRESENT and in one of our attacks we recover half of the bits of the key in less than three minutes using an ordinary desktop PC. The PRESENT block cipher is a design by Bogdanov et al. , announced in CHES 2007 and aimed at RFID tags and sensor networks. For our linear attacks, we can attack 25-round PRESENT with the whole code book, 296.68 25-round PRESENT encryptions, 240 blocks of memory and 0.61 success rate. Further we can extend the linear attack to 26-round with small success rate. As a further contribution of this paper we computed linear hulls in practice for the original PRESENT cipher, which corroborated and even improved on the predicted bias (and the corresponding attack complexities) of conventional linear relations based on a single linear trail.

Cryptanalysis of LOKI 91

Abstract: In this paper we examine the redesign of LOKI, LOKI 91 proposed in [5]. First it is shown that there is no characteristic with a probability high enough to do a successful differential attack on LOKI 91. Secondly we show that the size of the image of the F-function in LOKI 91 is 8/13×232. Finally we introduce a chosen plaintext attack that reduces an exhaustive key search on LOKI 91 by almost a factor 4 using 233+2 chosen plaintexts.

Key-Dependent S-Box Generation in AES Block Cipher System

Abstract: Advanced Encryption Standard (AES) block cipher system is widely used in cryptographic applications. A nonlinear substitution operation is the main factor of the AES cipher system strength. The purpose of the proposed approach is to generate the random S-boxes changing for every change of the secret key. The fact that the S-boxes are randomly key-dependent and unknown is the main strength of the new approach, since both linear and differential cryptanalysis require known S-boxes. In the paper, we briefly analyze the AES algorithm, substitution S-boxes, linear and differential cryptanalysis, and describe a randomly key-dependent S-box and inverse S-box generation algorithm. After that, we introduce the independency measure of the S-box elements, and experimentally investigate the quality of the generated S-boxes.