Known-Key Distinguishers for Some Block Ciphers.

We present two block cipher distinguishers in a setting where the attacker knows the key. One is a distinguisher for AES reduced the seven rounds. ... The second is a distinguisher for a class of Feistel ciphers with seven rounds. This setting is quite different from traditional settings. ... Secondly, in some cases (mainly for block cipher based hashing) block ciphers are used with a key that is known to the attacker, and at least to a certain extent, the key is under the attacker's control ...

doi:10.1007/978-3-540-76900-2_19 dblp:conf/asiacrypt/KnudsenR07 fatcat:3z4w3bmu2zd7fgbu7ug7v73brq

Known-key distinguishers for block ciphers were proposed by Knudsen and Rijmen at ASIACRYPT 2007 and have been a major research topic in cryptanalysis since then. ... We introduce the notion of known-key indifferentiability to capture the security of such block ciphers under a known key. ... Introduction Known-key attacks and our approach. Known-key distinguishers for block ciphers were introduced by Lars Knudsen and Vincent Rijmen at ASIACRYPT 2007 [25] . ...

doi:10.1007/978-3-662-43933-3_18 fatcat:lp6gui3ie5g4xckqpkrcfbbjwa

Then we present open-key differential distinguishers for some well known round-reduced block ciphers. ... First we show the impact of differential trails for block ciphers on collision attacks for various hash function constructions based on block ciphers. ... The authors would like to thank anonymous reviewers for their helpful comments. ...

doi:10.1007/978-3-642-24209-0_3 fatcat:asi5u6wivbdvnadn3cn77ypwiy

ACKNOWLEDGMENTS The authors thank the anonymous referees for constructive comments and suggestions that have improved this paper significantly. ... For instance, if a cipher can be attacked only by the fact that he knows some plaintexts corresponding to some ciphertexts, he is mounting known-plaintext attacks [31] . ... These middle rounds, i.e., the original block cipher with some outer rounds removed from either end, are called the reduced cipher, G. ...

doi:10.1109/tc.2006.169 fatcat:5rhz4frytne6rajcwty2nbc57y

This study aims to provide a comprehensive survey that summarizes the existing cryptanalysis techniques for stream ciphers. ... It will also facilitate the security analysis of the existing stream ciphers and provide an opportunity to understand the requirements for developing a secure and efficient stream cipher design. ... The internal structure of a cipher has to be analyzed extensively for distinguishing attack. Distinguishing attack is a known keystream attack. ...

doi:10.5120/9721-4187 fatcat:l2mdd2bl3jda5eb5xe2i7c6m5m

Special care has to be taken of some related-key distinguishers since, in the context of reflection ciphers, they may provide attacks in the single-key setting. ... Finally, as an illustration, we provide new variants of the block cipher PRINCE with key schedules corresponding to several coupling permutations. ... Related-key differential distinguishers It is well-known that a given block cipher cannot be secure against all types of related-key distinguishers. ...

doi:10.1007/s10623-015-0143-x fatcat:anvmhignkjcmrppn7s5exwcumu

Experiments show that for not very strong ciphers with block length at most 32 bits this attack is successful. (7) ... Experiments demonstrate that if the embedding data are meaningful text and extraction algorithm is known for the attacker, then a distinguishing between stego and cover objects occur very reliable even ... Heye's 16-bit block cipher with 80-bit key chosen pseudo randomly. ...

doi:10.23919/fruct.2017.8071309 dblp:conf/fruct/KorzhikFC17 fatcat:w3lqnm5lsfdwzax2txvwrtizqa

Algebraic techniques used in this paper may be also applied to other block ciphers to improve their known integral attacks. ... In FSE 2008, bit-based integral attack proposed by Z'aba et al. revealed that integral attacks may be not only suitable for byte-based block ciphers but also still applied to bit-based block ciphers. ... We are grateful to the anonymous reviewers for their valuable comments on this paper. ...

doi:10.1007/978-3-319-02726-5_24 fatcat:xuwonyanpfgubbt4rpn4sadca4

Knudsen and Rijmen introduced the notion of known-key distinguishers in an effort to view block cipher security from an alternative perspective e.g. a block cipher viewed as a primitive underlying some ... In this paper, we give a natural formalization to capture this notion, and present new distinguishers that we then use to construct known-key distinguishers for Rijndael with Large Blocks up to 7 and 8 ... Known-Key Distinguishers for the Rijndael-b Block Cipher with Large Blocks We present in this Section known key distinguishers against the Rijndael-b block cipher. ...

doi:10.1007/978-3-642-02384-2_5 fatcat:h52pjxa2ujferlxypg2vcjreoy

This results in a 12-round chosen-key distinguisher of Feistel-SP block cipher. Second, inspired by the idea of Wang et al., we construct collisions using two blocks. ... Since Knudsen and Rijmen proposed the known-key attacks in ASIACRYPT 2007, the open-key model becomes more and more popular. ... Acknowledgments The authors would like to thank anonymous reviewers of FSE 2016 and FSE 2017 for their helpful comments on this paper. ...

doi:10.13154/tosc.v2016.i1.13-32 dblp:journals/tosc/DongW16 fatcat:nzordex6kzgupo4mytruqho3pe

DOAJ OJS

The security of cascading-based key-length extending constructions for block ciphers in the ideal-cipher model has so far received considerable attention. ... We give the following attacks and security lower bounds for constructions using a block cipher with key length κ and block length n: -For the plain cascade of odd (resp. even) length we present a generic ... I would like to thank Stefano Tessaro for useful discussions and helpful feedback to earlier versions of this work. ...

doi:10.1007/978-3-642-40041-4_30 fatcat:n3qwthqi6zcmdivnbtktmytyae

In due course, I have gauged some eminent contemporary cryptographic algorithms in search for the finest compromise in security. ... In a linear distinguishing attack one can monitor a key stream of some length (known plaintext attack), and presents an answer: whether the stream make steps towards the considered cipher, or certainly ... If more than one plain text/cipher text correspondence is known (for the key pair), then other correspondences could be used to check which of the keys is correct. ...

doi:10.26438/ijsrnsc/v5i5.15 fatcat:ziunq7wolverblzqa3qxagjrey

This paper reviews the fundamental principles behind today's state of the art in block cipher cryptanalysis. ... This has led, over the last decades, to the development of several general techniques to analyze the security of block ciphers. ... Suppose that Eve is able to efficiently distinguish whether or not a given sequence of input/output blocks could have been produced by this reduced function for some secret key. ...

doi:10.1109/jproc.2005.862300 fatcat:7r2f6t67unbo5cu4vb7z4p5loa

We reconsider the formalization of known-key attacks against ideal primitive-based block ciphers. ... settings to fully capture what one might expect from a block cipher informally deemed resistant to known-key attacks. ... be instantiated by a block cipher used with distinct publicly known keys. ...

doi:10.1007/978-3-662-52993-5_25 fatcat:rypzfa76tfcahl22begezds64e

Well known to both academia and industry. A 64-bit block cipher with a user key of 56 bits. Has a Feistel structure, and a total of 16 rounds. Currently still being widely used in reality. ... For the subkey guess with the largest deviation, exhaustively search for the remaining 207 key bits. The Serpent Block Cipher Designed by Anderson, Biham and Knudsen in a rather conservative way. ... Block cipher designers should pay attention to this new methodology when designing ciphers. Summary of our and previous main results ...

doi:10.1007/s10623-014-9985-x fatcat:z7b5mf7lwzbq3cvlnw3nmsbgny

Known-Key Distinguishers for Some Block Ciphers [chapter]

Preserved Fulltext

Towards Understanding the Known-Key Security of Block Ciphers [chapter]

Preserved Fulltext

Known and Chosen Key Differential Distinguishers for Block Ciphers [chapter]

Preserved Fulltext

A Framework for Describing Block Cipher Cryptanalysis

Preserved Fulltext

Cryptanalysis Techniques for Stream Cipher: A Survey

Preserved Fulltext

Reflection ciphers

Preserved Fulltext

Detection of stegosystems using block ciphers for encryption of the embedded messages

Preserved Fulltext

Integral Attacks on Reduced-Round PRESENT [chapter]

Preserved Fulltext

Distinguishers for Ciphers and Known Key Attack against Rijndael with Large Blocks [chapter]

Preserved Fulltext

Chosen-Key Distinguishers on 12-Round Feistel-SP and 11-Round Collision Attacks on Its Hashing Modes

Preserved Fulltext

Plain versus Randomized Cascading-Based Key-Length Extension for Block Ciphers [chapter]

Preserved Fulltext

Synthesis of Cryptography and Security Attacks

Preserved Fulltext

An introduction to Block Cipher Cryptanalysis

Preserved Fulltext

Strengthening the Known-Key Security Notion for Block Ciphers [chapter]

Preserved Fulltext

A methodology for differential-linear cryptanalysis and its applications

Preserved Fulltext