scispace - formally typeset
Search or ask a question
Topic

Differential cryptanalysis

About: Differential cryptanalysis is a research topic. Over the lifetime, 2131 publications have been published within this topic receiving 54681 citations.


Papers
More filters
Journal ArticleDOI
TL;DR: A related key chosen IV attack on Grain-128a is proposed, and the result shows that this attack is much better than an exhaustive key search in the related key setting.
Abstract: The well-known stream cipher Grain-128 is a variant version of Grain v1 with 128-bit secret key. Grain v1 is a stream cipher which has successfully been chosen as one of seven finalists by European eSTREAM project. Yet Grain-128 is vulnerable against some recently introduced attacks. A new version of Grain-128 with authentication, named Grain-128a, is proposed by Agren, Hell, Johansson, and Meier. The designers claimed that Grain-128a is strengthened against all known attacks and observations on the original Grain-128. So far there exists no attack on Grain-128a except a differential fault attack by Banik, Maitra, and Sarkar. In this paper, we give some observations on Grain-128a, and then propose a related key chosen IV attack on Grain-128a based on these observations. Our attack can recover the 128-bit secret key of Grain-128a with a computational complexity of $2^{96.322} $ , requiring $2^{96} $ chosen IVs and $2^{103.613} $ keystream bits. The success probability of our attack is 0.632. This related key attack is “minimal” in the sense that it only requires two related keys. The result shows that our attack is much better than an exhaustive key search in the related key setting.

25 citations

01 Jan 2004
TL;DR: The Q cipher, an SPN submitted to the European Commission's NESSIE cryptographic competition, is analyzed and it is proved that Q can be broken using linear cryptanalysis based onlinear hulls, the first use of linear hulls to break a proposed cipher.
Abstract: The subject of this thesis is linear cryptanalysis of substitution-permutation networks (SPNs). We focus on the rigorous form of linear cryptanalysis, which requires the concept of linear hulls. First, we consider SPNs in which the s-boxes are selected independently and uniformly from the set of all bijective n x n s-boxes. We derive an expression for the expected linear probability values of such an SPN, and give evidence that this expression converges to the corresponding value for the true random cipher. This adds quantitative support to the claim that the SPN structure is a good approximation to the true random cipher. We conjecture that this convergence holds for a large class of SPNs. In addition, we derive a lower bound on the probability that an SPN with randomly selected s-boxes is practically secure against linear cryptanalysis after a given number of rounds. For common block sizes, experimental evidence indicates that this probability rapidly approaches 1 with an increasing number of rounds. We then consider SPNs with fixed s-boxes. We present two new algorithms for upper bounding the maximum average linear hull probability for SPNs. These algorithms, named KMT1 and KMT2, are the first completely general algorithms for this purpose—they can be applied to any SPN, and they compute an upper bound that is a function of the number of encryption rounds being evaluated. In contrast, other approaches to this problem either require that the SPN linear transformation have a specific structure, or compute a single value independent of the number of rounds. By applying KMT1 and KMT2 to the AES, we establish the provable security of the AES against linear cryptanalysis. As a straightforward application of our work with linear hulls, we analyze the Q cipher, an SPN submitted to the European Commission's NESSIE cryptographic competition. By using linear characteristics, not linear hulls, the designer of Q evaluates the cipher to be secure against linear cryptanalysis. However, we prove that Q can be broken using linear cryptanalysis based on linear hulls. To our knowledge, this is the first use of linear hulls to break a proposed cipher.

25 citations

Proceedings ArticleDOI
01 Jan 2017
TL;DR: This work investigates six authenticated encryption schemes from the CAESAR competition and reveals that they provide strong resistance against SAT-based state recoveries, including round-reduced variants and versions with higher security claims.
Abstract: Free to read on publisher website We investigate six authenticated encryption schemes (ACORN, ASCON-128a, ICEPOLE-128a, Ketje Jr, MORUS, and NORX-32) from the CAESAR competition. We aim at state recovery attacks using a SAT solver as a main tool. Our analysis reveals that these schemes, as submitted to CAESAR, provide strong resistance against SAT-based state recoveries. To shed a light on their security margins, we also analyse modified versions of these algorithms, including round-reduced variants and versions with higher security claims. Our attacks on such variants require only a few known plaintext-ciphertext pairs and small memory requirements (to run the SAT solver), whereas time complexity varies from very practical (few seconds on a desktop PC) to ‘theoretical’ attacks.

25 citations

Book ChapterDOI
TL;DR: The theory behind the design and analysis of modern block ciphers is explained, and the most important known attacks are outlined.
Abstract: This paper considers modern secret-key block ciphers. The theory behind the design and analysis of modern block ciphers is explained, and the most important known attacks are outlined. Finally the Advanced Encryption Standard is discussed.

25 citations

Journal ArticleDOI
TL;DR: Using a block cipher instead of a stream cipher to encrypt data for WSN applications and using a cipher feedback scheme for the cipher operation, thereby achieving energy efficiency without compromising the security in WSNs is recommended.
Abstract: In this paper, we focus on the energy efficiency of secure communication in wireless sensor networks (WSNs). Our research considers link layer security of WSNs, investigating both the ciphers and the cryptographic implementation schemes, including aspects such as the cipher mode of operation and the establishment of initialization vectors (IVs). We evaluate the computational energy efficiency of different symmetric key ciphers considering both the algorithm characteristics and the effect of channel quality on cipher synchronization. Results show that the computational energy cost of block ciphers is less than that of stream ciphers when data are encrypted and transmitted through a noisy channel. We further investigate different factors affecting the communication energy cost of link layer cryptographic schemes, such as the size of payload, the mode of operation applied to a cipher, the distribution of the IV, and the quality of the communication channel. A comprehensive performance comparison of different cryptographic schemes is undertaken by developing an energy analysis model of secure data transmission at the link layer. This model is constructed considering various factors affecting both the computational cost and communication cost, and its appropriateness is verified by simulation results. In conclusion, we recommend using a block cipher instead of a stream cipher to encrypt data for WSN applications and using a cipher feedback scheme for the cipher operation, thereby achieving energy efficiency without compromising the security in WSNs. Copyright © 2011 John Wiley & Sons, Ltd. (This study is based on “An analysis of link layer encryption schemes in wireless sensor networks” by X. Zhang, H. M. Heys, and C. Li, which appeared in the Proceedings of IEEE International Conference on Communications (ICC 2010), Cape Town, South Africa, May 2010, and “Energy efficiency of symmetric key cryptographic algorithms in wireless sensor networks” by X. Zhang, H. M. Heys, and C. Li, which appeared in the Proceedings of Biennial Symposium on Communications (QBSC 2010), Kingston, Canada, May 2010. ©2010 IEEE.)

25 citations


Network Information
Related Topics (5)
Cryptography
37.3K papers, 854.5K citations
93% related
Encryption
98.3K papers, 1.4M citations
90% related
Public-key cryptography
27.2K papers, 547.7K citations
89% related
Hash function
31.5K papers, 538.5K citations
88% related
Key (cryptography)
60.1K papers, 659.3K citations
85% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
202337
202271
202133
202053
201942
201850