Topic
Differential cryptanalysis
About: Differential cryptanalysis is a research topic. Over the lifetime, 2131 publications have been published within this topic receiving 54681 citations.
Papers published on a yearly basis
Papers
More filters
••
17 Aug 1998TL;DR: This paper shows how to achieve similar decorrelation with a prime p = 2n(1 - δ) and proposes a new practical block cipher which is provably resistant against Differential and linear cryptanalysis.
Abstract: Recently, we showed how to strengthen block ciphers by decorrelation techniques. In particular, we proposed two practical block ciphers, one based on the GF(2n)-arithmetics, the other based on the x mod p mod 2n primitive with a prime p = 2n(1 + δ). In this paper we show how to achieve similar decorrelation with a prime p = 2n(1 - δ). For this we have to change the choice of the norm in the decorrelation theory and replace the L∞ norm by the L2 norm. We propose a new practical block cipher which is provably resistant against Differential and linear cryptanalysis.
25 citations
••
07 Apr 2008TL;DR: Algebraic cryptanalysis of Grain, a non-linear feedback shift register (NLFSR) based stream cipher, aims to recover the internal states of cipher rather than the key-bits.
Abstract: Among recent developments on stream ciphers, the algebraic attack has gained much attention In this paper we concentrate on algebraic cryptanalysis of Grain, a non-linear feedback shift register (NLFSR) based stream cipher The target here is to analyze generic key generating structure of Grain, that is why, we aim to recover the internal states of cipher rather than the key-bits Experiments are carried out to solve these varying degree equations, with some guessed bits using Groebner basis technique Our approach succeeds in recovering (approx) 1/2 of the internal stateAmong recent developments on stream ciphers, the algebraic attack has gained much attention In this paper we concentrate on algebraic cryptanalysis of Grain, a non-linear feedback shift register (NLFSR) based stream cipher The target here is to analyze generic key generating structure of Grain, that is why, we aim to recover the internal states of cipher rather than the key-bits Experiments are carried out to solve these varying degree equations, with some guessed bits using Groebner basis technique Our approach succeeds in recovering (approx) 1/2 of the internal state bits of Grain-1, while other half are guessed While, in case of Grain-128, only 1/4 of the state bits can be obtained bits of Grain-1, while other half are guessed While, in case of Grain-128, only 1/4 of the state bits can be obtained
25 citations
••
04 Jul 2016TL;DR: This paper searches out Simeck's differentials with low Hamming weight and high probability using Kolbl's tool, then exploits the links between differentials and linear characteristics to construct linear hulls for Simeke, giving improved linear hull attack with dynamic key-guessing techniques on Simek on the basis of round function's property.
Abstract: Simeck is a new family of lightweight block cipher proposed by Yang $$et\ al.$$ in CHES'15, which performs efficiently in hardware implementation. In this paper, we search out Simeck's differentials with low Hamming weight and high probability using Kolbl's tool, then exploit the links between differentials and linear characteristics to construct linear hulls for Simeck. We give improved linear hull attack with dynamic key-guessing techniques on Simeck on the basis of round function's property. Our results cover Simeck 32/64 reduced to 23 rounds, Simeck 48/96 reduced to 30 rounds, Simeck 64/128 reduced to 37 rounds, which are the best known results so far for any variant of Simeck.
25 citations
••
21 Aug 1994TL;DR: A chosen plaintext attack of the 16-round version of Khufu, which is based on differential properties of this algorithm, and the estimate of the resources required for breaking the entire scheme is about 243 chosen plain texts and about 243 operations.
Abstract: In 1990, Merkle proposed two fast software encryption functions, Khafre and Khufu, as possible replacements for DES [l]. In 1991, Biham and Shamir applied their differential cryptanalysis technique to Khafre [2], and obtained an efficient attack of the 16-round version and some bounds on the 24-round version. However, these attacks take advantage of the fact that the S-boxes used for Khafre are public; they cannot be applied to Khufu, which uses secret S-boxes, and no attack of Khufu has been proposed so far. In this paper, we present a chosen plaintext attack of the 16-round version of Khufu, which is based on differential properties of this algorithm. The derivation of first information concerning the secret key requires about 231 chosen plaintexts and 231 operations. Our estimate of the resources required for breaking the entire scheme is about 243 chosen plaintexts and about 243 operations.
25 citations
•
TL;DR: In this paper, a key recovery attack with complexity of about 2 steps is proposed (one step is equivalent to a single KeeLoq encryption operation) In our attack we use the techniques of guess-and-determine, slide, and distinguishing attacks Several real-world applications are vulnerable to the attack.
Abstract: KeeLoq is a block cipher used in numerous widespread passive entry and remote keyless entry systems as well as in various component identification applications The KeeLoq algorithm has a 64-bit key and operates on 32-bit blocks It is based on an NLFSR with a nonlinear feedback function of 5 variables In this paper a key recovery attack with complexity of about 2 steps is proposed (one step is equivalent to a single KeeLoq encryption operation) In our attack we use the techniques of guess-and-determine, slide, and distinguishing attacks Several real-world applications are vulnerable to the attack To our best knowledge this is the first paper to describe and cryptanalyze the KeeLoq block cipher
25 citations