Partitioning Cryptanalysis
نویسندگان
چکیده
Matsui's linear cryptanalysis for iterated block ciphers is generalized to an attack called . This attack exploits a weakness that can be described by an e ective partition-pair, i.e., a partition of the plaintext set and a partition of the next-to-last-round output set such that, for every key, the next-to-last-round outputs are non-uniformly distributed over the blocks of the second partition when the plaintexts are chosen uniformly at random from a particular block of the rst partition. The last-round attack by is formalized and requirements for it to be successful are stated. The success probability is approximated and a procedure for nding e ective partition-pairs is formulated. The usefulness of is demonstrated by applying it successfully to six rounds of the DES.
منابع مشابه
Security Against Generalized Linear Cryptanalysis and Partitioning Cryptanalysis
In this work we give some bounds which can be used to determine if a block cipher is secure against generalized linear cryptanalysis and partitioning cryptanalysis. For this purpose, we give a new de nition of imbalance which has some nice properties, and we show that an equivalent of Matsui's piling-up lemma holds for this de nition. The bounds are illustrated with examples. We prove that it s...
متن کاملBounds on Non-uniformity Measures for Generalized Linear Cryptanalysis and Partitioning Cryptanalysis
The paper presents a general setting which is used to describe generalized linear and partitioning cryptanalysis. A measure of non-uniformity called imbalance similar to Matsui's bias is deened. Some upper bounds for this measure are presented and used to estimate a cipher's resistance to each of the two attacks. The bounds reveal that there exists a uniied measure which reeects the resistance ...
متن کاملImproved Differential-Linear Cryptanalysis of 7-Round Chaskey with Partitioning
In this work we study the security of Chaskey, a recent lightweight MAC designed by Mouha et al., currently being considered for standardization by ISO/IEC and ITU-T. Chaskey uses an ARX structure very similar to SipHash. We present the first cryptanalysis of Chaskey in the single user setting, with a differential-linear attack against 6 and 7 rounds, hinting that the full version of Chaskey wi...
متن کاملDifferential and Linear Cryptanalysis of ARX with Partitioning - Application to FEAL and Chaskey
In this work, we refine a partitioning technique recently proposed by Biham and Carmeli to improve the linear cryptanalysis of addition operations, and we propose an analogue improvement of differential cryptanalysis of addition operations. These two technique can reduce the data complexity of linear and differential attacks, at the cost of more processing time. Our technique can be seen of the...
متن کاملSolving Weakened Cryptanalysis Problems for the Bivium Keystream Generator in the Volunteer Computing Project SAT@home
In this paper, a cryptanalysis of the Bivium keystream generator in the SAT form is considered. For encoding the initial cryptanalysis problem into SAT a special program system TRANSALG was used. For an obtained SAT instance we use Monte Carlo method to search for a partitioning with good time estimation. Several weakened cryptanalysis instances of the Bivium generator were successfully solved ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 1997