Topic
Differential cryptanalysis
About: Differential cryptanalysis is a research topic. Over the lifetime, 2131 publications have been published within this topic receiving 54681 citations.
Papers published on a yearly basis
Papers
More filters
TL;DR: This paper studies the security of the scheme and reports the following problems: the scheme can be broken by a differential attack with 6 + ⌈logL(MN)⌉ chosen plaintexts, and the two composition maps both do not work as a secure and efficient source of random numbers.
Abstract: Recently, a chaotic cryptographic scheme based on composition maps was proposed. This paper studies the security of the scheme and reports the following findings: 1) the scheme can be broken by a differential attack with $6+\lceil\log_L(MN)\rceil$ chosen-plaintext, where $MN$ is the size of plaintext and $L$ is the number of different elements in plain-text; 2) the scheme is not sensitive to the changes of plaintext; 3) the two composition maps do not work well as a secure and efficient random number source.
44 citations
14 Aug 2016
TL;DR: An attack on the early version of FLIP is presented that exploits the structure of the filter function and the constant internal state of the cipher to allow for a key recovery in basic operations.
Abstract: At Eurocrypt 2016, Meaux et al. proposed FLIP, a new family of stream ciphers intended for use in Fully Homomorphic Encryption systems. Unlike its competitors which either have a low initial noise that grows at each successive encryption, or a high constant noise, the FLIP family of ciphers achieves a low constant noise thanks to a new construction called filter permutator.
In this paper, we present an attack on the early version of FLIP that exploits the structure of the filter function and the constant internal state of the cipher. Applying this attack to the two instantiations proposed by Meaux et al. allows for a key recovery in $$2^{54}$$ basic operations resp. $$2^{68}$$, compared to the claimed security of $$2^{80}$$ resp. $$2^{128}$$.
43 citations
Posted Content•
TL;DR: The framework for finding differential characteristics by adding a new method to construct long characteristics from short ones is developed, which reduces the searching time a lot and makes it possible to search differential characteristics for ARX block ciphers with large word sizes such as n=48,64.
Abstract: In this paper, we focus on the automatic differential cryptanalysis of ARX block ciphers with respect to XOR-difference, and develop Mouha et al.’s framework for finding differential characteristics by adding a new method to construct long characteristics from short ones. The new method reduces the searching time a lot and makes it possible to search differential characteristics for ARX block ciphers with large word sizes such as n = 48, 64. What’s more, we take the differential effect into consideration and find that the differential probability increases by a factor of 4 ∼ 16 for SPECK and about 2 for LEA when multiple characteristics are counted in. The efficiency of our method is demonstrated by improved attacks of SPECK and LEA, which attack 1, 1, 4 and 6 more rounds of SPECK48, SPECK64, SPECK96 and SPECK128, respectively, and 2 more rounds of LEA than previous works.
43 citations
09 Aug 2004
TL;DR: This paper contains two constructions that start with a fixed-input-length block cipher and show how to securely convert it to a variable- input- length block cipher without making any additional cryptographic assumptions.
Abstract: Existing block ciphers operate on a fixed-input-length (FIL) block size (e.g., 64-bits for DES). Often, one needs a variable-input-length (VIL) primitive that can operate on a different size input; it is, however, undesirable to construct this primitive from “scratch.” This paper contains two constructions that start with a fixed-input-length block cipher and show how to securely convert it to a variable-input-length block cipher without making any additional cryptographic assumptions. Both constructions model the FIL block cipher as a pseudorandom permutation (PRP) – that is, indistinguishable from a random permutation against adaptive chosen plaintext attack. The first construction converts it to a VIL PRP and is an efficiency improvement over the scheme of Bellare and Rogaway [4]. The second construction converts it to a VIL super pseudorandom permutation (SPRP) – that is, the resulting VIL block cipher is indistinguishable from a random permutation against adaptive chosen plaintext and ciphertext attack.
43 citations
TL;DR: The matrix method is adapted to find zero-correlation linear approximations for both variants of the LBlock as well as the block ciphers with analogous structures like TWINE and the attack does not exploit the structure of the key schedule or S-boxes used in the cipher.
Abstract: Zero-correlation linear attack is a new method developed by Bogdanov et al. (ASIACRYPT 2012. LNCS, Springer, Berlin, 2012) for the cryptanalysis of block ciphers. In this paper we adapt the matrix method to find zero-correlation linear approximations. Then we present several zero-correlation linear approximations for 14 rounds of LBlock and describe a cryptanalysis for a reduced 22-round version of LBlock. After biclique attacks on LBlock revealed weaknesses in its key schedule, its designers presented a new version of the cipher with a revised key schedule. The attack presented in this paper does not exploit the structure of the key schedule or S-boxes used in the cipher. As a result, it is applicable to both variants of the LBlock as well as the block ciphers with analogous structures like TWINE. Moreover, we performed simulations on a small variant LBlock and present the first experimental results on the theoretical model of the multidimensional zero-correlation linear cryptanalysis method.
42 citations