Topic
Differential cryptanalysis
About: Differential cryptanalysis is a research topic. Over the lifetime, 2131 publications have been published within this topic receiving 54681 citations.
Papers published on a yearly basis
Papers
More filters
TL;DR: The objective is to survey what ciphers are suitable for security in Radio Frequency Identification (RFID) and other security applications with demanding area restrictions.
39 citations
05 Feb 2004
TL;DR: In this paper, the authors proposed a new design strategy to avoid the difference cancellation by employing multiple MDS-based matrices in the diffusion layer of the F-function, and the effectiveness of the proposed method is confirmed by an experimental result showing that the percentage of active S-boxes of the newly designed Feistel cipher becomes the same as for the AES.
Abstract: A practical measure to estimate the immunity of block ciphers against differential and linear attacks consists of finding the minimum number of active S-Boxes, or a lower bound for this minimum number. The evaluation result of lower bounds of differentially active S-boxes of AES, Camellia (without FL/FL − − 1) and Feistel ciphers with an MDS based matrix of branch number 9, showed that the percentage of active S-boxes in Feistel ciphers is lower than in AES. The cause is a difference cancellation property which can occur at the XOR operation in the Feistel structure. In this paper we propose a new design strategy to avoid such difference cancellation by employing multiple MDS based matrices in the diffusion layer of the F-function. The effectiveness of the proposed method is confirmed by an experimental result showing that the percentage of active S-boxes of the newly designed Feistel cipher becomes the same as for the AES.
39 citations
08 Dec 2000
TL;DR: A simplified and round reduced version of MISTY1 that does not alter the security provability can be attacked with higher order differential cryptanalysis, and the attacking property is derived from the choice of an atomic component of the algorithm, namely one of the two MISTy1 S-boxes.
Abstract: MISTY1 is a block cipher whose design relies on an assertion of provable security against linear and differential cryptanalysis. Yet, a simplified and round reduced version of MISTY1 that does not alter the security provability can be attacked with higher order differential cryptanalysis. We managed to explain this attack by deriving the attacking property from the choice of an atomic component of the algorithm, namely one of the two MISTY1 S-boxes. This allowed us to classify the good and the bad S-boxes built with the same principles and to show that none of the S-boxes with optimal linear and differential properties has an optimal behaviour with respect to higher order differential cryptanalysis.
39 citations
TL;DR: SLIM is a 32-bit block cipher based on the Feistel structure that has an excellent performance in both hardware and software environments, with a limited implementation area, an acceptable cost/security for RFID systems, and an energy-efficient behaviour.
Abstract: Nowadays, there is a strong demand for increasing the protection of resource-constrained devices such as Radio frequency identification (RFID) systems. Current cryptographic algorithms are sufficient for high-resource desktop computers. RFID systems are commonly used in high-security applications such as access control systems, transaction banking systems, and payment systems. The attacker attempts to mislead RFIDs for unauthorized access to services without payment or to circumvent security mechanisms by detecting a secret password. The biggest challenge in RFID systems is how to ensure successful protection against such infringements. Lightweight cryptography can provide security assurance for protecting RFID systems. This article presents a new ultra-lightweight cryptography algorithm for RFID systems called SLIM. SLIM is a 32-bit block cipher based on the Feistel structure since block ciphers are the most used cryptographic and provide very tight protection for IoT devices. The key challenge in designing a lightweight block cipher is to cope with performance, cost, and security. SLIM, like all symmetric block cipher, uses the same key for encryption and decryption. The proposed algorithm has an excellent performance in both hardware and software environments, with a limited implementation area, an acceptable cost/security for RFID systems, and an energy-efficient behaviour. SLIM has demonstrated high immunity against the most effective linear and differential cryptanalysis attacks and has a sufficient margin of defence against these attacks.
39 citations
20 May 2007
TL;DR: This paper shows that Py and Pypy are practically insecure, with high probability two identical keystreams will appear, and Py6, a variant of Py, is more vulnerable to these attacks.
Abstract: Py and Pypy are efficient array-based stream ciphers designed by Biham and Seberry. Both were submitted to the eSTREAM competition. This paper shows that Py and Pypy are practically insecure. If one key is used with about 216IVs with special differences, with high probability two identical keystreams will appear. This can be exploited in a key recovery attack. For example, for a 16-byte key and a 16-byte IV, 223chosen IVs can reduce the effective key size to 3 bytes. For a 32-byte key and a 32-byte IV, the effective key size is reduced to 3 bytes with 224chosen IVs. Py6, a variant of Py, is more vulnerable to these attacks.
39 citations