Variants of the Distinguished Point Method for Cryptanalytic Time Memory Trade-offs (Full version).

Variants of the Distinguished Point Method for Cryptanalytic Time Memory Trade-offs (Full version) Jin Hong† , Kyung Chul Jeong‡ , Eun Young ... Variants of DP for Cryptanalytic TMTO 5 2.2 Distinguished points The distinguished point method was suggested by Rivest and issues concerning its practical use were investigated in [8, 15]. ...

doi:10.1007/978-3-540-79104-1_10 dblp:conf/ispec/HongJKLM08 fatcat:2vmepow4d5dihoahb5k4dbvvlu

Cryptanalytic time-memory trade-offs have been studied for twenty five years and have benefited from several improvements since the original work of Hellman. ... The idea of a time-memory trade-off is to find a trade-off between the exhaustive search and the exhaustive storage. ... Thus, if there are N possible solutions to a given problem, a time-memory trade-off can solve it with This journal paper is an extended version of Time-Memory Trade-Offs: False Alarm Detection Using Checkpoints ...

doi:10.1145/1380564.1380565 fatcat:tmo3dvtinrd2bbkuhmrapolgxm

In 1980 Martin Hellman described a cryptanalytic time-memory trade-off which reduces the time of cryptanalysis by using precalculated data stored in memory. ... Moreover, since the method does not make use of distinguished points, it reduces the overhead due to the variable chain length, which again significantly reduces the number of calculations. ... Acknowledgements The author wishes to thank Maxime Mueller for implementing a first version of the experiment. ...

doi:10.1007/978-3-540-45146-4_36 fatcat:nnusgxkdqreklpwu5zrz2sp744

One of the most celebrated and useful cryptanalytic algorithms is Hellman's time/memory tradeoff (and its Rainbow Table variant), which can be used to invert random-looking functions on N possible values ... When we generalize the cryptanalytic problem to a time/memory/data tradeoff attack (in which one has to invert f for at least one of D given values), we get the generalized curve T 4/3 M 2 D 2 = N 2 . ... We thank the following people for the insightful discussions: Rotem Arnon-Friedman, Gustavo Banegas, Daniel J. Bernstein, Tal Mor, and María Naya-Plasencia. ...

dblp:journals/iacr/DunkelmanKRS21 fatcat:mfm63zhcn5a4lnjdqjztzkntpu

Cryptanalytic time-memory trade-offs are techniques introduced by Hellman in 1980 to speed up exhaustive searches. ... We stress that the optimal width of each rainbow table should be individually -although not independently -calculated. So it goes for the memory allocated to each table. ... Acknowledgments Xavier Carpent was supported, in part, by a fellowship of the Belgian American Educational Foundation. ...

doi:10.1145/3052973.3053030 dblp:conf/ccs/AvoineC17 fatcat:esihh2cr3vcevjtqfcdhs4zvji

We find that the cryptanalysis time of their attack is too high to be practical. We also propose a more general time memory trade-off by combining the distinguished points strategy with TY attack. ... Both theoretical analysis and experimental results show that our new design can save about 53.7% cryptanalysis time compared to TY attack and can reduce about 35.2% storage requirement compared to the ... Cryptanalytic time memory trade-off (TMTO) is a technique that comes between these two extremes. ...

doi:10.1007/978-3-642-34129-8_28 fatcat:r5lwvqassjhspibxanfool3zlq

An open question about the asymptotic cost of connecting many processors to a large memory using three dimensions for wiring is answered, and this result is used to find the full cost of several cryptanalytic ... The full costs of several cryptanalytic attacks are determined, including Shanks' method for computing discrete logarithms in cyclic groups of prime order n, which requires n 1/2+o(1) processor steps, ... Acknowledgments I thank Eran Tromer, Arnold Rosenberg, Arjen Lenstra, Bart Preneel, and the anonymous referees for helpful comments on drafts of this paper. ...

doi:10.1007/s00145-003-0213-5 fatcat:betpvbsrozhpxa2fz2kryc6au4

For n the cardinality of the space that each half of the secret is chosen from (n=256 for double-DES), and w the number of words of memory available for an attack, a technique based on parallel collision ... For the example of double-DES, an attacker with 16 Gbytes of memory could recover a pair of DES keys in a knownplaintext attack with 570 times fewer encryptions and 3.7~106 times fewer memory accesses ... We would also like to thank anonymous members of the Crypto'96 Program Committee whose comments contributed to an improved presentation of this material. ...

doi:10.1007/3-540-68697-5_18 fatcat:myzu5vfpwbfdhc3saexjnycx2m

Over time the resulting data points will provide valuable insight in the selection of cryptographic key sizes. 3 ... allowing for improvements such as of new algorithmic approaches. ... The best generic algorithm for collision search is the parallel "distinguished points" method of van Oorschot and Wiener [28] . ...

doi:10.1007/978-3-642-34931-7_3 fatcat:q2gdyrgspbgrni567kz2rqgzl4

computing and memory costs that are needed for cryptanalysis. ... In this effort, we design especiallytailored hardware accelerators for the time-critical isogeny computations that we use to model an ASIC-powered instance of the van Oorschot-Wiener (vOW) parallel collision ... Finally, we thank Craig Costello and Michael Naehrig for proofreading an early version of this paper and for their valuable feedback. ...

dblp:journals/iacr/LongaWS20 fatcat:4denq3sax5e73g3iwqn42mmtry

In this paper, we propose a new attack for block ciphers by applying the well known time-memory-data (TMD) trade-off to plaintext recovery attack (PRA), thus creating two new schemes: TMD-PRA-I and TMD-PRA-II ... Compared with the traditional trade-off attacks, these two schemes possess several robust properties which can greatly increase the success probability and enhance the process of analysis. ... The basic idea of a time-memory trade-off (TMTO) is to find a trade-off between the exhaustive search and the exhaustive storage. ...

doi:10.1007/978-3-642-34129-8_29 fatcat:4vrvloq2n5axlgyvcp3vonndxa

Furthermore, we describe time-memory trade-off techniques that can, e.g., be used for attacking the popular A5/1 algorithm used in GSM voice encryption. ... ratio than off-the-shelf computers. ... and Stefan Spitz, for their tremendous help on our work with COPACOBANA and its applications. ...

doi:10.1109/tc.2008.80 fatcat:pl4gthjisjgond3au5qrracuju

For key schedule of DBlock, it basically employs the same module used in encryption, except the choice of different byte permutations, which can improve its suitability for various implementation environments ... In this paper, we propose a new family of block ciphers named DBlock. It consists of three variants which are specified as respectively. DBlock-n has the equal n-bit block length and key length. ... The choice of SA structure in function T represents our consideration on performance and security trade-off. ...

doi:10.1007/s11432-014-5219-0 fatcat:kmj5v65jijgmpa3kygk25geyh4

, we show that this method provides distinguishers for a full-round block cipher SAT_Jo. ... By specifying integral distinguishers for the full-round SAT_Jo algorithm using this method, we essentially disapprove its use in intended applications. ... Table 5 shows other cryptanalytic results for SAT_Jo. e key recovery attack on SAT_Jo: in order to perform a key recovery attack on the full-round SAT_Jo cipher, one can use the 30-round distinguisher ...

doi:10.1155/2021/5310545 fatcat:shkiztfqqjh37lukklkwbergja

DOAJ

This leakage reveals memory access patterns, which can be used for cryptanalysis of cryptographic primitives that employ data-dependent table lookups. ... We describe several software side-channel attacks based on inter-process leakage through the state of the CPU's memory cache. ... Bernstein for suggesting the investigation of remote attacks, and to Eli Biham and Paul Karger for directing us to references [8] and [7] respectively. ...

doi:10.1007/11605805_1 fatcat:u3yllq7abfaqthhwfl6dbm3k5a

Variants of the Distinguished Point Method for Cryptanalytic Time Memory Trade-Offs [chapter]

Preserved Fulltext

Characterization and Improvement of Time-Memory Trade-Off Based on Perfect Tables

Preserved Fulltext

Making a Faster Cryptanalytic Time-Memory Trade-Off [chapter]

Preserved Fulltext

Quantum Time/Memory/Data Tradeoff Attacks [article]

Preserved Fulltext

Heterogeneous Rainbow Table Widths Provide Faster Cryptanalyses

Preserved Fulltext

A New Variant of Time Memory Trade-Off on the Improvement of Thing and Ying's Attack [chapter]

Preserved Fulltext

The Full Cost of Cryptanalytic Attacks

Preserved Fulltext

Improving Implementable Meet-in-the-Middle Attacks by Orders of Magnitude [chapter]

Preserved Fulltext

Using the Cloud to Determine Key Strengths [chapter]

Preserved Fulltext

The Cost to Break SIKE: A Comparative Hardware-Based Analysis with AES and SHA-3 [article]

Preserved Fulltext

Applying Time-Memory-Data Trade-Off to Plaintext Recovery Attack [chapter]

Preserved Fulltext

Cryptanalysis with COPACOBANA

Preserved Fulltext

The DBlock family of block ciphers

Preserved Fulltext

Integral Distinguishers of the Full-Round Lightweight Block Cipher SAT_Jo

Preserved Fulltext

Cache Attacks and Countermeasures: The Case of AES [chapter]

Preserved Fulltext