Topic
Differential cryptanalysis
About: Differential cryptanalysis is a research topic. Over the lifetime, 2131 publications have been published within this topic receiving 54681 citations.
Papers published on a yearly basis
Papers
More filters
14 Aug 2014
TL;DR: The Simon and Speck block ciphers as mentioned in this paper were designed by the U.S. National Security Agency and published in 2013, and each of the families contains 10 variants, supporting a wide range of block and key sizes.
Abstract: Simon and Speck are families of lightweight block ciphers designed by the U.S. National Security Agency and published in 2013. Each of the families contains 10 variants, supporting a wide range of block and key sizes. Since the publication of Simon and Speck, several research papers analyzed their security using various cryptanalytic techniques. The best previously published attacks on all the 20 round-reduced ciphers are differential attacks, and are described in two papers (presented at FSE 2014) by Abed et al. and Biryukov et al.
54 citations
TL;DR: A general framework for error detection in symmetric ciphers based on an operation-centered approach is proposed and recommended based on the arithmetic and logic operations included in the cipher and the efficacy and hardware complexity of several error-detecting codes for each such operation.
Abstract: One of the most effective ways of attacking a cryptographic device is by deliberate fault injection during computation, which allows retrieving the secret key with a small number of attempts. Several attacks on symmetric and public-key cryptosystems have been described in the literature and some dedicated error-detection techniques have been proposed to foil them. The proposed techniques are ad hoc ones and exploit specific properties of the cryptographic algorithms. In this paper, we propose a general framework for error detection in symmetric ciphers based on an operation-centered approach. We first enumerate the arithmetic and logic operations included in the cipher and analyze the efficacy and hardware complexity of several error-detecting codes for each such operation. We then recommend an error-detecting code for the cipher as a whole based on the operations it employs. We also deal with the trade-off between the frequency of checking for errors and the error coverage. We demonstrate our framework on a representative group of 11 symmetric ciphers. Our conclusions are supported by both analytical proofs and extensive simulation experiments
54 citations
21 Feb 2005
TL;DR: The theory of T-functions is used to construct new types of primitives, such as MDS mappings, and self-synchronizing hash functions (which can be used in self- synchronizing stream ciphers or in “fuzzy” string matching applications).
Abstract: A T-function is a mapping from n-bit words to n-bit words in which for each 0 ≤ i
53 citations
18 Aug 1996
TL;DR: The differential analysis made by Kaliski and Yin is not optimal and is shown to give differential attacks better by up to a factor of 512 and to show that RC5 has many weak keys with respect to differential attacks.
Abstract: In this paper we investigate the strength of the secret-key algorithm RC5 newly proposed by Ron Rivest. The target version of RC5 works on words of 32 bits, has 12 rounds and a user-selected key of 128 bits. At Crypto'95 Kaliski and Yin estimated the strength of RC5 by differential and linear cryptanalysis. They conjectured that their linear analysis is optimal and that the use of 12 rounds for RC5 is sufficient to make both differential and linear cryptanalysis impractical. In this paper we show that the differential analysis made by Kaliski and Yin is not optimal. We give differential attacks better by up to a factor of 512. Also we show that RC5 has many weak keys with respect to differential attacks. This weakness relies on the structure of the cipher and not on the key schedule.
53 citations
22 Aug 1993
TL;DR: This paper introduces a new extension of differential cryptanalysis, devised to extend the class of vulnerable cryptosystems, and suggests key-dependent characteristics, called conditional characteristics, selected to enlarge the characteristics' probabilities for keys in subsets of the key space.
Abstract: Differential cryptanalysis was introduced as an approach to analyze the security of DES-like cryptosystems. The first example of a DES-like cryptosystem was Lucifer, the direct predecessor of DES, which is still believed by many people to be much more secure than DES, since it has 128 key bits, and since no attacks against (the full variant of) Lucifer were ever reported in the cryptographic literature. In this paper we introduce a new extension of differential cryptanalysis, devised to extend the class of vulnerable cryptosystems. This new extension suggests key-dependent characteristics, called conditional characteristics, selected to enlarge the characteristics' probabilities for keys in subsets of the key space. The application of conditional characteristics to Lucifer shows that more than half of the keys of Lucifer are insecure, and the attack requires about 236 complexity and chosen plaintexts to find these keys. The same extension can also be used to attack a new variant of DES, called RDES, which was designed to be immune against differential cryptanalysis. These new attacks flash new light on the design of DES, and show that the transition of Lucifer to DES strengthened the later cryptosystem.
53 citations