Filters








20 Hits in 7.6 sec

On the (In)Equivalence of Impossible Differential and Zero-Correlation Distinguishers for Feistel- and Skipjack-Type Ciphers [chapter]

Céline Blondeau, Andrey Bogdanov, Meiqin Wang
2014 Lecture Notes in Computer Science  
practice, the considered spaces are smaller (In)Equivalence of ID and ZC Distinguishers 7/22 Outline Impossible Differential and Zero-Correlation Linear Distinguishers The Distinguishers Previously  ...  Known Relation Feistel and Skipjack-Type Ciphers Constructions The Matrix Method Main Results Illustration of the Proof Examples and Conclusion Example of (In)Equivalence Conclusion (In)Equivalence  ... 
doi:10.1007/978-3-319-07536-5_17 fatcat:ndapx44cbfhprijsagk5hx4dla

Integral and Multidimensional Linear Distinguishers with Correlation Zero [chapter]

Andrey Bogdanov, Gregor Leander, Kaisa Nyberg, Meiqin Wang
2012 Lecture Notes in Computer Science  
In this paper, we reveal fundamental links of zero-correlation distinguishers to integral distinguishers and multidimensional linear distinguishers.  ...  We show that an integral implies zero-correlation linear approximations and that a zero-correlation linear distinguisher is actually a special case of multidimensional linear distinguishers.  ...  Thus, the zero-correlation property for CAST-256 is at least 4 rounds longer than the one of impossible differential.  ... 
doi:10.1007/978-3-642-34961-4_16 fatcat:o4lavhs4ujebbniqgeb6dcgwa4

Links Among Impossible Differential, Integral and Zero Correlation Linear Cryptanalysis [chapter]

Bing Sun, Zhiqiang Liu, Vincent Rijmen, Ruilin Li, Lei Cheng, Qingju Wang, Hoda Alkhzaimi, Chao Li
2015 Lecture Notes in Computer Science  
More specifically, constructing a zero correlation linear hull of a Feistel structure with SP -type round function where P is invertible, is equivalent to constructing an impossible differential of the  ...  In the case that E and E ⊥ are linearly equivalent, we derive a direct link between impossible differentials and integral distinguishers of E .  ...  Blondeau et al. proposed a practical relation between these two distinguishers for Feistel-type and Skipjack-type ciphers and showed some equivalence between impossible differentials and zero correlation  ... 
doi:10.1007/978-3-662-47989-6_5 fatcat:opgemjrhl5hhrp5hbtrdww56da

Integrals Go Statistical: Cryptanalysis of Full Skipjack Variants [chapter]

Meiqin Wang, Tingting Cui, Huaifeng Chen, Ling Sun, Long Wen, Andrey Bogdanov
2016 Lecture Notes in Computer Science  
As an illustration, we successfully attack the full-round Skipjack-BABABABA for the first time, which is the variant of NSA's Skipjack block cipher.  ...  In this paper, we aim to address these limitations and propose a novel statistical integral distinguisher where only a part of value sets for these input bit selections are taken into consideration instead  ...  Skipjack is a 64-bit block cipher with 80-bit key adopting an unbalanced Feistel network with 32 rounds of two types, namely Rule A and Rule B.  ... 
doi:10.1007/978-3-662-52993-5_20 fatcat:562wqtcgrbaw5b3ugiwnx6jilm

Improved Results on Integral and Zero-correlation Linear Cryptanalysis of the Block Cipher MIBS [article]

Wentan Yi, Shaozhen Chen
2014 arXiv   pre-print
In this paper, we focus on improved key-recovery attacks on reduced-round MIBS with integral and zero-correlation linear cryptanalysis.  ...  Furthermore, we deduced some integral distinguishers from 8-round zero-correlation linear approximations using the relations between them, and as applications, we applied these integral distinguishers  ...  In Asiacrypt 2012 [10] , the relations between the zero-correlation linear approximations and integral distinguishers had been showed, and they were applied in the integral attack on 31-Round Skipjack-BABABABA  ... 
arXiv:1407.2733v2 fatcat:f57qs45c7rhpzax7obqwewu2dy

Cryptographic Properties and Application of a Generalized Unbalanced Feistel Network Structure [chapter]

Jiali Choy, Guanhan Chew, Khoongming Khoo, Huihui Yap
2009 Lecture Notes in Computer Science  
Based on the 7-round impossible differential and 11-round integral attack distinguisher, we set the number of rounds of Four-Cell to be 25 for protection against these attacks.  ...  In this paper, we study GF-NLFSR, a Generalized Unbalanced Feistel Network (GUFN) which can be considered as an extension of the outer function F O of the KASUMI block cipher.  ...  Acknowledgement The authors would like to thank the anonymous reviewer of CT-RSA who pointed out the integral attack on Four-Cell.  ... 
doi:10.1007/978-3-642-02620-1_6 fatcat:74gqew2p75ffdd53deieweujce

Simpira v2: A Family of Efficient Permutations Using the AES Round Function [chapter]

Shay Gueron, Nicky Mouha
2016 Lecture Notes in Computer Science  
.: Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials. J. Cryptology 18(4), 291–311 (2005) 11.  ...  In the case of integral cryptanalysis, of particular interest are the recently proposed integral distinguishers on Feistel and Generalized Feistel Networks by Todo [76] and by Zhang and Wenling [81].  ... 
doi:10.1007/978-3-662-53887-6_4 fatcat:3wjksrkgqzgo3pg57fpdq6cffu

Cryptographic properties and application of a Generalized Unbalanced Feistel Network structure

Jiali Choy, Guanhan Chew, Khoongming Khoo, Huihui Yap
2011 Cryptography and Communications  
Based on the 7-round impossible differential and 11-round integral attack distinguisher, we set the number of rounds of Four-Cell to be 25 for protection against these attacks.  ...  In this paper, we study GF-NLFSR, a Generalized Unbalanced Feistel Network (GUFN) which can be considered as an extension of the outer function F O of the KASUMI block cipher.  ...  Acknowledgement The authors would like to thank the anonymous reviewer of CT-RSA who pointed out the integral attack on Four-Cell.  ... 
doi:10.1007/s12095-011-0042-6 fatcat:dqzeipuhvbcrldlzd4mmrsjjau

Differential Cryptanalysis of Round-Reduced Sparx-64/128 [chapter]

Ralph Ankele, Eik List
2018 Lecture Notes in Computer Science  
However, the only third-party cryptanalysis on Sparx-64/128 to date was given by Abdelkhalek et al. at AFRICACRYPT'17 who proposed impossible-differential attacks on 15 and 16 (out of 24) rounds.  ...  In this paper, we present chosen-ciphertext differential attacks on 16 rounds of Sparx-64/128.  ...  We can observe a strong clustering effects of many differential characteristics in our studies and exploit them in all our attacks; it remains subject to further studies to employ them for further rounds  ... 
doi:10.1007/978-3-319-93387-0_24 fatcat:3z2pluomizf7dnqfvdoosuneaa

Survey and benchmark of block ciphers for wireless sensor networks

Yee Wei Law, Jeroen Doumen, Pieter Hartel
2006 ACM transactions on sensor networks  
Finally, based on the evaluation results, we select the most suitable ciphers for WSNs, namely Skipjack, MISTY1, and Rijndael, depending on the combination of available memory and required security (energy  ...  We construct an evaluation framework in which we first identify the candidates of block ciphers suitable for WSNs, based on existing literature and authoritative recommendations.  ...  ACKNOWLEDGMENTS The authors would like to thank Adrian Perrig and the anonymous reviewers for their inspiring comments, which have vastly improved this article.  ... 
doi:10.1145/1138127.1138130 fatcat:jlm77sv6rvdi3jzgmbnumg6pua

Feistel Schemes and Bi-linear Cryptanalysis [chapter]

Nicolas T. Courtois
2004 Lecture Notes in Computer Science  
In this paper we introduce the method of bi-linear cryptanalysis (BLC), designed specifically to attack Feistel ciphers.  ...  In particular, we present a practical attack on DES based on a 1-round invariant, the fastest known based on such invariant, and about as fast as the best Matsui's attack.  ...  halves of different size, but also to generalised Feistel schemes with more than two branches, as used in SHA x and related block ciphers, or Skipjack.  ... 
doi:10.1007/978-3-540-28628-8_2 fatcat:45swm7brhra5dd7tk4adwr2d5y

Polynomials in the Nation's Service: Using Algebra to Design the Advanced Encryption Standard

Susan Landau
2004 The American mathematical monthly  
on DES, showing how they shaped future ciphers, and explain the reasoning that led to Rijndael, and explain the role that each of Rijndael's polynomials play.  ...  (Of course, x −1 is not strictly a polynomial, but in the finite field GF(2 8 ) x −1 = x 254 and so we will consider it one.)  ...  In order to make decryption a genuine inverse of encryption, the final round of a Feistel cipher switches the two halves. DES is a 16-round Feistel cipher (see Figure 1 ).  ... 
doi:10.2307/4145212 fatcat:57fabdawj5ad7e2xhxcbef7vsq

Polynomials in the Nation's Service: Using Algebra to Design the Advanced Encryption Standard

Susan Landau
2004 The American mathematical monthly  
on DES, showing how they shaped future ciphers, and explain the reasoning that led to Rijndael, and explain the role that each of Rijndael's polynomials play.  ...  (Of course, x −1 is not strictly a polynomial, but in the finite field GF(2 8 ) x −1 = x 254 and so we will consider it one.)  ...  In order to make decryption a genuine inverse of encryption, the final round of a Feistel cipher switches the two halves. DES is a 16-round Feistel cipher (see Figure 1 ).  ... 
doi:10.1080/00029890.2004.11920055 fatcat:yf2gazszynaffh474w6qppdoeu

Applied cryptography: Protocols, algorithms, and source code in C

1994 Computer Law and Security Review  
After all of this, a, b, c, and d are added to A, B, C, D, respectively, and the algorithm continues with the next block of data. The final output is the concatenation of A, B, C, and D.  ...  FF (a, b, c, d, M 12 , 7, 0x6b901122) FF (d, a, b, c, M 13 Those constants, t i , were chosen as follows: In step i, t i is the integer part of 2 32 *abs(sin(i)), where i is in radians.  ...  One, it is impossible for Victor to convince a third party of the proof's validity. And two, it proves that the protocol is zero-knowledge.  ... 
doi:10.1016/0267-3649(94)90017-5 fatcat:y5tchirflfdwno7dm4dv6ljx2a

A New Method for Accelerating Impossible Differential Cryptanalysis and its Application on LBlock $

Akram Khalesi, Hossein Bahramgiri, Davod Mansuri
2016 unpublished
In this paper, we present a new method for decreasing the time complexity of impossible differential cryptanalysis through breaking down the target key space into subspaces, and extending the results on  ...  Impossible differential cryptanalysis, an extension of the differential cryptanalysis, is one of the most efficient attacks against block ciphers.  ...  Impossible differential cryptanalysis was introduced independently by Knudsen on DEAL block cipher [7] and Biham et al. on Skipjack block cipher [2] .  ... 
fatcat:sth2wlqumndz7nku7lru4p2kei
« Previous Showing results 1 — 15 out of 20 results