Provable Security for the Skipjack-like Structure against Differential Cryptanalysis and Linear Cryptanalysis (original) (raw)
Related papers
Impossible differential and square attacks: Cryptanalytic link and application to Skipjack
This paper shows a surprising similarity between the construction of, respectively, impossible differentials and square distinguishers. This observation is illustrated by comparing two attacks on IDEA (Biham & al., FSE'99 [2], Nakahara & al., 2001 [7]). Using this similarity, we also derive a 16-round square distinguisher on Skipjack, directly based on the impossible differential attack presented in (Biham & al., Eurocrypt'99 [1]). However it is not the best square distinguisher we can find for Skipjack; this one is 19 rounds long. We use it to attack up to 24 rounds of Skipjack. Although this result is clearly not as good as those obtained by impossible differential on Skipjack, it must be pointed out that it is the first time that so big a part (24 rounds out of 32) of a non-square-like cipher is attacked using the square attack. Finally, we discuss the strong and weak points of respectively impossible differential and square attacks.
Provable security for 13 round Skipjack-like structure
Information Processing Letters, 2002
To prove a block cipher is secure against Differential Cryptanalysis one should show the maximum differential probability is a small enough value. We will prove that the maximum differential probability of a 13 round Skipjack-like structure is bounded by p 4 , where p is the maximum differential probability of round function.
Impossible Differential Cryptanalysis for Block Cipher Structures
2003
Impossible Differential Cryptanalysis(IDC) [4] uses impossible differential characteristics to retrieve a subkey material for the first or the last several rounds of block ciphers. Thus, the security of a block cipher against IDC can be evaluated by impossible differential characteristics. In this paper, we study impossible differential characteristics of block cipher structures whose round functions are bijective. We introduce a widely applicable method to find various impossible differential characteristics of block cipher structures. Using this method, we find various impossible differential characteristics of known block cipher structures: Nyberg’s generalized Feistel network, a generalized CAST256-like structure [14], a generalized MARS-like structure [14], a generalized RC6-like structure [14], and Rijndael structure.
Provable security against a differential attack
Journal of Cryptology, 1995
The purpose of this paper is to show that there exist DESlike iterated ciphers, which are provably resistant against di erential attacks. The main result on the security of a DES-like cipher with independent round keys is Theorem 1, which gives an upper bound to the probability o f s-round di erentials, as de ned in 4 and this upper bound depends only on the round function of the iterated cipher. Moreover, it is shown that there exist functions such that the probabilities of differentials are less than or equal to 2 3,n , where n is the length of the plaintext block. We also show a prototype of an iterated block cipher, which is compatible with DES and has proven security against di erential attacks.
On the Security of Rijndael-Like Structures against Differential and Linear Cryptanalysis
2002
Rijndael-like structure is a special case of SPN structure. The linear transformation of Rijndael-like structures consists of linear transformations of two types, the one is byte permutation π and the other is linear transformation θ = (θ1, θ2, θ3, θ4), where each of θi separately operates on each of the four columns of a state. Furthermore, π and θ have some interesting properties. In this paper, we present a new method for upper bounding the maximum differential probability and the maximum linear hull probability for Rijndael-like structures. By applying our method to Rijndael, we obtain that the maximum differential probability and the maximum linear hull probability for 4 rounds of Rijndael are bounded by 1.06 × 2 −96 .
A unified method for finding impossible differentials of block cipher structures
Information Sciences, 2014
In this paper, we propose a systematic method for finding impossible differentials for block cipher structures, better than the Umethod introduced by Kim et al [4]. It is referred as a unified impossible differential finding method (UID-method). We apply the UID-method to some popular block ciphers such as Gen-Skipjack, Gen-CAST256, Gen-MARS, Gen-RC6, Four-Cell, SMS4 and give the detailed impossible differentials. By the UID-method, we find a 16-round impossible differential on Gen-Skipjack and a 19-round impossible differential on Gen-CAST256. Thus we disprove the Conjecture 2 proposed in Asiacrypt'00 [9] and the theorem in FSE'09 rump session presentation [8]. On Gen-MARS and SMS4, the impossible differentials find by the UID-method are much longer than that found by the U-method. On the Four-Cell block cipher, our result is the same as the best result previously obtained by case-bycase treatment.
Cryptanalysis of Block Ciphers Using Almost-Impossible Differentials
In this paper, inspired from the notion of impossible differentials, we present a model to use differentials that are less probable than a random permutation. We introduce such a distinguisher for 2 rounds of Crypton, and present an attack on 6 rounds of this predecessor AES candidate. As a special case of this idea, we embed parts of the additional rounds around the impossible differential into the distinguisher to make a probabilistic distinguisher with more rounds. We show that with this change, the data complexity is increased but the time complexity may be reduced or increased. Then we discuss that this change in the impossible differential cryptanalysis is commodious and rational when the data complexity is low and time complexity is marginal.
Provable Security against Impossible Differential Cryptanalysis Application to CS-Cipher
In this document we present a new way to bound the probability of occurrence of an n-round differential in the context of differential cryptanalysis. Hence this new model allows us to claim proof of resistance against impossible differential cryptanalysis, as defined by Biham and al. in 1999. This work will be described through the example of CS-Cipher, to which, assuming some non-trivial hypothesis, provable security against impossible differential cryptanalysis is obtained.
On computational complexity of impossible differential cryptanalysis
Information Processing Letters, 2014
Impossible differential cryptanalysis is one of the conventional methods in the field of cryptanalysis of block ciphers. In this paper, a general model of an impossible differential attack is introduced. Then, according to this model, the concept of an ideal impossible differential attack is defined and it is proven that the time complexity of an ideal attack only depends on the number of involved round key bits in the attack.