4.3 Modiied Variants and Weaknesses 4 the Attack on Lucifer 3 Conditional Characteristics
نویسندگان
چکیده
Round output diierence input diierence p icb key fraction P = (f7g; 0) 1 A = 0 a = 0 1 1 2 B = f45g b = f7g p = 1=8 0 1/2 3 C = f6g c = f45g p = 1=8 1 1/2 4 f45g f6; 7g p = 1=8 0 1/2 5 0 0 1 1 6 f45g f6; 7g p = 1=8 0 1/2 7 f6g f45g p = 1=8 1 1/2 8 f45g f7g p = 1=8 0 1/2 9 0 0 1 1 8 f39g f7g p = 1=8 1 1/2 9 f7g f39g p = 1=8 1 1/2 T = (0; f39g) 17 ent fractions of the key space. Round output diierence input diierence p icb key fraction P = (f7g; 0) 1 A = 0 a = 0 1 1 2 B = f45g b = f7g p = 1=8 0 1/2 3 C = f6g c = f45g p = 1=8 1 1/2 4 f45g f6; 7g p = 1=8 0 1/2 5 0 0 1 1 6 f45g f6; 7g p = 1=8 0 1/2 7 f6g f45g p = 1=8 1 1/2 8 f45g f7g p = 1=8 0 1/2 9 0 0 1 1 10 f45g f7g p = 1=8 0 1/2 11 f6g f45g p = 1=8 1 1/2 T = (f6; 7g; f45g) where fm; ng denotes a 64-bit value whose mth and nth bits have the value one and all the others have value zero. Round output diierence input diierence p icb key fraction P = (f7g; 0) 1 A = 0 a = 0 1 1 2 B = f39g b = f7g p = 1=8 1 1/2 3 C = f7g c = f39g p = 1=8 1 1/2 4 0 0 1 1 5 f13g f39g p = 1=8 0 1/2 6 f38g f13g p = 1=8 1 1/2 7 f13g f38; 39g p = 1=8 0 1/2 8 0 0 1 1 9 f13g f38; 39g p = 1=8 0 1/2 10 f38g f13g p = 1=8 1 1/2 11 f13g f39g p = 1=8 0 1/2 6 Appendix In this appendix we show conditional characteristics with the same P but with diierent T 's, which cover diierent fractions of the key space. Many conditional characteristics of Lucifer have this property of their P. These characteristics are actually used by …
منابع مشابه
Conditional Estimators: An Effective Attack on A5/1
Irregularly-clocked linear feedback shift registers (LFSRs) are commonly used in stream ciphers. We propose to harness the power of conditional estimators for correlation attacks on these ciphers. Conditional estimators compensate for some of the obfuscating effects of the irregular clocking, resulting in a correlation with a considerably higher bias. On GSM’s cipher A5/1, a factor two is gaine...
متن کاملApplying Conditional Linear Cryptanalysis to Ciphers with Key- Dependant Operations
Linear cryptanalysis has been proven to be a powerful attack that can be applied to a number of symmetric block ciphers. However, conventional linear cryptanalysis is ineffective in attacking ciphers that use key-dependent operations, such as ICE, Lucifer and SAFER. In this paper conditional linear cryptanalysis, which uses characteristics that depend on some key-bit values, is introduced. This...
متن کاملInvestigation of Some Attacks on GAGE (v1), InGAGE (v1), (v1.03), and CiliPadi (v1) Variants
In this paper, we present some attacks on GAGE, InGAGE, and CiliPadi which are candidates of the first round of the NIST-LWC competition. GAGE and InGAGE are lightweight sponge based hash function and Authenticated Encryption with Associated Data (AEAD), respectively and support different sets of parameters. The length of hash, key, and tag are always 256, 128, and 128 bits, respec...
متن کاملCryptanalysis of some first round CAESAR candidates
ΑΕS _ CMCCv₁, ΑVΑLΑNCHEv₁, CLΟCv₁, and SILCv₁ are four candidates of the first round of CAESAR. CLΟCv₁ is presented in FSE 2014 and SILCv₁ is designed upon it with the aim of optimizing the hardware implementation cost. In this paper, structural weaknesses of these candidates are studied. We present distinguishing attacks against ΑES _ CMCCv₁ with the complexity of two queries and the success ...
متن کاملThe Rectangle Attack - Rectangling the Serpent
Serpent is one of the 5 AES finalists. The best attack published so far analyzes up to 9 rounds. In this paper we present attacks on 7-round, 8-round, and 10-round variants of Serpent. We attack a 7round variant with all key lengths, and 8and 10-round variants with 256-bit keys. The 10-round attack on the 256-bit keys variants is the best published attack on the cipher. The attack enhances the ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007