scispace - formally typeset
Search or ask a question
Topic

Differential cryptanalysis

About: Differential cryptanalysis is a research topic. Over the lifetime, 2131 publications have been published within this topic receiving 54681 citations.


Papers
More filters
Journal ArticleDOI
TL;DR: In this paper a fully-automated attack on two XORed plaintext strings is implemented using only knowledge of the statistical properties of the plaintext language.
Abstract: In this paper a fully-automated attack on two XORed plaintext strings is implemented using only knowledge of the statistical properties of the plaintext language.

47 citations

Book ChapterDOI
13 Feb 2011
TL;DR: A chosen-IV, chosen-message attack that can recover the full secret key with a few million chosen messages processed under two related IVs has been proposed in this article, which requires at most 264 off-line computational effort.
Abstract: Hummingbird-1 is a lightweight encryption and message authentication primitive published in RISC '09 and WLC '10. Hummingbird-1 utilizes a 256-bit secret key and a 64-bit IV. We report a chosen-IV, chosen-message attack that can recover the full secret key with a few million chosen messages processed under two related IVs. The attack requires at most 264 off-line computational effort. The attack has been implemented and demonstrated to work against a reallife implementation of Hummingbird-1. By attacking the differentially weak E component, the overall attack complexity can be reduced by a significant factor. Our cryptanalysis is based on a differential divide-and-conquer method with some novel techniques that are uniquely applicable to ciphers of this type.

47 citations

Journal ArticleDOI
TL;DR: Two constructions of on-line ciphers are provided, HCBC1 and HCBC2, based on a given block cipher E and a family of computationally AXU functions, which are proven secure against chosen-plaintext attacks and security definitions for this primitive are provided.
Abstract: We initiate a study of on-line ciphers. These are ciphers that can take input plaintexts of large and varying lengths and will output the i th block of the ciphertext after having processed only the first i blocks of the plaintext. Such ciphers permit length-preserving encryption of a data stream with only a single pass through the data. We provide security definitions for this primitive and study its basic properties. We then provide attacks on some possible candidates, including CBC with fixed IV. We then provide two constructions, HCBC1 and HCBC2, based on a given block cipher E and a family of computationally AXU functions. HCBC1 is proven secure against chosen-plaintext attacks assuming that E is a PRP secure against chosen-plaintext attacks, while HCBC2 is proven secure against chosen-ciphertext attacks assuming that E is a PRP secure against chosen-ciphertext attacks.

47 citations

Journal ArticleDOI
TL;DR: Improve upon existing approaches in order to derive better bounds on the EDP for two and four rounds of AES based on a slightly simplified S-box and methods to improve the estimates for the E DP in the case of six active S-boxes are improved.
Abstract: In this paper we study the security of the Advanced Encryption Standard (AES) and AES-like block ciphers against differential cryptanalysis. Differential cryptanalysis is one of the most powerful methods for analyzing the security of block ciphers. Even though no formal proofs for the security of AES against differential cryptanalysis have been provided to date, some attempts to compute the maximum expected differential probability (MEDP) for two and four rounds of AES have been presented recently. In this paper, we will improve upon existing approaches in order to derive better bounds on the EDP for two and four rounds of AES based on a slightly simplified S-box. More precisely, we are able to provide the complete distribution of the EDP for two rounds of this AES variant with five active S-boxes and methods to improve the estimates for the EDP in the case of six active S-boxes.

47 citations

Book ChapterDOI
20 Jan 1997
TL;DR: It is demonstrated that for certain block ciphers, trapdoors can be built-in that make the cipher susceptible to linear cryptanalysis; however, finding these trapdoor can be made very hard, even if one knows the general form of the trapdoor.
Abstract: This paper presents several methods to construct trapdoor block ciphers. A trapdoor cipher contains some hidden structure; knowledge of this structure allows an attacker to obtain information on the key or to decrypt certain ciphertexts. Without this trapdoor information the block cipher seems to be secure. It is demonstrated that for certain block ciphers, trapdoors can be built-in that make the cipher susceptible to linear cryptanalysis; however, finding these trapdoors can be made very hard, even if one knows the general form of the trapdoor. In principle such a trapdoor can be used to design a public key encryption scheme based on a conventional block cipher.

47 citations


Network Information
Related Topics (5)
Cryptography
37.3K papers, 854.5K citations
93% related
Encryption
98.3K papers, 1.4M citations
90% related
Public-key cryptography
27.2K papers, 547.7K citations
89% related
Hash function
31.5K papers, 538.5K citations
88% related
Key (cryptography)
60.1K papers, 659.3K citations
85% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
202337
202271
202133
202053
201942
201850