How Fast Can Be Algebraic Attacks on Block Ciphers (original) (raw)
Related papers
CTC2 and Fast Algebraic Attacks on Block Ciphers Revisited
The cipher CTC (Courtois Toy Cipher) described in (4) has been designed to demonstrate that it is possible to break on a PC a block cipher with good diusion and very small number of known (or chosen) plaintexts. It has however never been designed to withstand all known attacks on block ciphers and Dunkelman and Keller have shown (13) that a few bits of the key can be recovered by Linear Cryptanalysis (LC) - which cannot however compromise the security of a large key. This weakness can easily be avoided: in this paper we give a specification of CTC2, a tweaked version of CTC. The new cipher is MUCH more secure than CTC against LC and the key scheduling of CTC has been extended to use any key size, independently from the block size. Otherwise, there is little dierence between CTC and CTC2. We will show that up to 10 rounds of CTC2 can be broken by simple algebraic attacks.
Attacks on Block Ciphers of Low Algebraic Degree
Journal of Cryptology, 2001
In this paper an attack on block ciphers is introduced, the interpolation attack. This method is useful for attacking ciphers that use simple algebraic functions (in particular quadratic functions) as S-boxes. Also, attacks based on higher-order differentials are introduced. They are special and important cases of the interpolation attacks. The attacks are applied to several block ciphers, the six-round prototype cipher by Nyberg and Knudsen, which is provably secure against ordinary differential cryptanalysis, a modified version of the block cipher SHARK, and a block cipher suggested by Kiefer.
Algebraic and side-channel analysis of lightweight block ciphers
2012
The design and analysis of lightweight block ciphers is gaining increasing popularity due to the general assumption that in the future extensive use will be made of block ciphers in ubiquitous devices. In this PhD thesis we address cryptanalysis of several lightweight block ciphers using algebraic and side channel attacks. In the first part of the thesis, we investigate the security of the NOEKEON block cipher. We provide the first result of side channel attack on NOEKEON using side channel cube attack. In the second part of this thesis, we improve the original cube attack by Dinur and Shamir in EUROCRYPT 2009 by introducing an efficient method called extended cube for extracting low-degree nonlinear equations. We apply our extended cube method on PRESENT-80 and PRESENT-128. We show that using our extended cube method, we have been able to improve the previous side channel cube attack on PRESENT-80 from CANS 2009. However our attack on PRESENT-128 was the first attack in the side ch...
General Principles of Algebraic Attacks and New Design Criteria for Cipher Components
Advanced Encryption StandardAES, 2005
This paper is about the design of multivariate public key schemes, as well as block and stream ciphers, in relation to recent attacks that exploit various types of multivariate algebraic relations. We survey these attacks focusing on their common fundamental principles and on how to avoid them. From this we derive new very general design criteria, applicable for very different cryptographic components. These amount to avoiding (if possible) the existence of, in some sense "too simple" algebraic relations. Though many ciphers that do not satisfy this new paradigm probably still remain secure, the design of ciphers will never be the same again.
Rewriting variables: The complexity of fast algebraic attacks on stream ciphers
Advances in CryptologyCRYPTO 2004, 2004
Abstract. Recently proposed algebraic attacks [2, 6] and fast algebraic attacks [1,5] have provided the best analyses against some deployed LFSR-based ciphers. The process complexity is exponential in the de-gree of the equations. Fast algebraic attacks were introduced [5] as a way of ...
A New Type of Attacks on Block Ciphers
Problems of Information Transmission, 2005
A new attack (called "gradient statistical") on block ciphers is suggested and experimentally investigated. We demonstrate the possibility of applying it to ciphers for which no attacks are known except for the exhaustive key search.
Block Ciphers: Analysis, Design and Applications
DAIMI Report Series, 1994
In this thesis we study cryptanalysis, applications and design of secret key block ciphers. In particular, the important class of <em> Feistel ciphers</em> is studied, which has a number of rounds, where in each round one applies a cryptographically weak function.
New constructions in linear cryptanalysis of block ciphers
2000
At the beginning of the paper we describe the state of art in linear cryptanalysis of block ciphers. We present algorithms for finding best linear expressions proposed by Matsui [9] and Ohta . We sketch basic linear cryptanalysis (0R, 1R, 2R attacks) and the known extensions. We explain the advantages and the limitations of applying linear cryptanalysis and its extensions to block ciphers. In the second part of the paper we describe our proposal of a new extension to linear attack based on the application of a probabilistic counting method. It allows the reduction of two consecutive rounds and form the basis for mounting e.g. 3R attacks. We present experimental results of the implementation of this attack to the Data Encryption Standard.
Algebraic attacks on the crypto-1 stream cipher in mifare classic and oyster …
Early announcement of a research in …, 2008
Abstract. MiFare Crypto 1 is a lightweight stream cipher used in Lon- don's Oyster card, Netherland's OV-Chipcard, US Boston's CharlieCard, and in numerous wireless access control and ticketing systems worldwide. Recently, researchers have been able to recover this algorithm by ...