Topic
Slide attack
About: Slide attack is a research topic. Over the lifetime, 521 publications have been published within this topic receiving 15752 citations.
Papers published on a yearly basis
Papers
More filters
11 Aug 1990
TL;DR: A new type of cryptanalytic attack is developed which can break the reduced variant of DES with eight rounds in a few minutes on a personal computer and can break any reduced variantof DES (with up to 15 rounds) using less than 256 operations and chosen plaintexts.
Abstract: The Data Encryption Standard (DES) is the best known and most widely used cryptosystem for civilian applications. It was developed at IBM and adopted by the National Bureau of Standards in the mid 1970s, and has successfully withstood all the attacks published so far in the open literature. In this paper we develop a new type of cryptanalytic attack which can break the reduced variant of DES with eight rounds in a few minutes on a personal computer and can break any reduced variant of DES (with up to 15 rounds) using less than 256 operations and chosen plaintexts. The new attack can be applied to a variety of DES-like substitution/permutation cryptosystems, and demonstrates the crucial role of the (unpublished) design rules.
2,494 citations
[...]
TL;DR: This paper disprove the of t-repeated claim that eliminating all high-probability differentials for the whole cipher is sufficient to guarantee security against differential attacks, and shows how to break COCONUT98, a cipher designed using decorrelation techniques to ensure provable securityagainst differential attacks.
Abstract: This paper describes a new differential-style attack, which we call the boomerang attack. This attack has several interesting applications. First, we disprove the of t-repeated claim that eliminating all high-probability differentials for the whole cipher is sufficient to guarantee security against differential attacks. Second, we show how to break COCONUT98, a cipher designed using decorrelation techniques to ensure provable security against differential attacks, with an advanced differential-style attack that needs just 216 adaptively chosen texts. Also, to illustrate the power of boomerang techniques, we give new attacks on Khufu-16, FEAL-6, and 16 rounds of CAST-256.
611 citations
TL;DR: It is shown that the key-scheduling algorithms of many blockciphers inherit obvious relationships between keys, and use these key relations to attack the blockcips, and that DES is not vulnerable to the related keys attacks.
Abstract: In this paper we study the influence of key-scheduling algorithms on the strength of blockciphers. We show that the key-scheduling algorithms of many blockciphers inherit obvious relationships between keys, and use these key relations to attack the blockciphers. Two new types of attacks are described: New chosen plaintext reductions of the complexity of exhaustive search attacks (and the faster variants based on complementation properties), and new low-complexity chosen key attacks. These attacks are independent of the number of rounds of the cryptosystems and of the details of the F-function and may have very small complexities. These attacks show that the key-scheduling algorithm should be carefully designed and that its structure should not be too simple. These attacks are applicable to both variants of LOKI and to Lucifer. DES is not vulnerable to the related keys attacks since the shift pattern in the key-scheduling algorithm is not the same in all the rounds.
529 citations
11 May 1997
TL;DR: A time-memory trade-off attack based on the birthday paradox which yields the unknown internal state at a known time for a known keystream sequence is pointed out, and a so-called internal state reversion attack is proposed and analyzed by the theory of critical and subcritical branching processes.
Abstract: A binary stream cipher, known as A5, consisting of three short LFSRs of total length 64 that are mutually clocked in the stop/go manner is cryptanalyzed. It is allegedly used in the GSM standard for digital cellular mobile telephones. Very short keystream sequences are generated from different initial states obtained by combining a 64-bit secret session key and a known 22-bit public key. A basic divide-and-conquer attack recovering the unknown initial state from a known keystream sequence is first introduced. It exploits the specific clocking rule used and has average computational complexity around 240. A time-memory trade-off attack based on the birthday paradox which yields the unknown internal state at a known time for a known keystream sequence is then pointed out. The attack is successful if T ċ M ≥ 2633.32, where T and M are the required computational time and memory (in 128-bit words), respectively. The precomputation time is O(M) and the required number of known keystream sequences generated from different public keys is about T/102. For example, one can choose T ≅ 227.67 and M ≅ 235.65. To obtain the secret session key from the determined internal state, a so-called internal state reversion attack is proposed and analyzed by the theory of critical and subcritical branching processes.
415 citations
02 Dec 2009
TL;DR: This paper shows the first key recovery attack that works for all the keys and has 299.5 time and data complexity, while the recent attack by Biryukov-Khovratovich-Nikolic works for a weak key class and has much higher complexity.
Abstract: In this paper we present two related-key attacks on the full AES. For AES-256 we show the first key recovery attack that works for all the keys and has 299.5 time and data complexity, while the recent attack by Biryukov-Khovratovich-Nikolic works for a weak key class and has much higher complexity. The second attack is the first cryptanalysis of the full AES-192. Both our attacks are boomerang attacks, which are based on the recent idea of finding local collisions in block ciphers and enhanced with the boomerang switching techniques to gain free rounds in the middle.
The extended version of this paper is available at http://eprint.iacr.org/2009/317.pdf .
360 citations