Diierential-linear Cryptanalysis of Idea
نویسنده
چکیده
In this paper we describe an attack on 3 rounds of IDEA, making use of linear as well as diierential cryptanalytic techniques. The attack is independent of the key schedule. The main attack requires at most 2 29 chosen plaintext pairs and a workload of about 2 49 additions modulo 2 16 + 1 to nd two subkeys or their additive inverses modulo 2 16 + 1. Further we describe a method, which then can nd two more subkeys or their additive inverses modulo 2 16 + 1, which needs less than 10 of the already encrypted pairs and a total workload of at most 2 33 multiplications modulo 2 16 +1. This attack is more powerful than all previously published general attacks on the IDEA structure.
منابع مشابه
Improved Differential Attacks on RC5
In this paper we investigate the strength of the secret-key algorithm RC5 newly proposed by Ron Rivest. The target version of RC5 works on words of 32 bits, has 12 rounds and a user-selected key of 128 bits. At Crypto'95 Kaliski and Yin estimated the strength of RC5 by diierential and linear cryptanalysis. They conjectured that their linear analysis is optimal and that the use of 12 rounds for ...
متن کاملA New Criterion for the Design of 8 8 S-boxes in Private-key Ciphers
In this paper, we examine the security of the class of substitution-permutation private-key block ciphers with respect to linear and diierential crypt-analysis. A new S-box nonlinearity criterion is proposed and it is shown that S-boxes satisfying this criterion and having good diiusion improve remarkably the ability of an SPN to resist linear cryptanalysis and diierential cryptanalysis.
متن کاملResistance of a CAST-Like Encryption Algorithm to Linear and Differential Cryptanalysis
Linear cryptanalysis and diierential cryptanalysis are two recently introduced, powerful methodologies for attacking private-key block ciphers. In this paper, we examine the application of these two cryptanalysis techniques to a CAST-like encryption algorithm based on randomly generated s-boxes. It is shown that, when randomly generated substitution boxes (s-boxes) are used in a CAST-like algor...
متن کاملOn Matsui's Linear Cryptanalysis
to linear cryptanalysis. We also described how to sum up characteristics (which also hold in diierential cryptanalysis). The iteration of this characteristic to seven rounds have probability 1=2 ? 2 ?11. A similar characteristic exist with a reverse order of the bytes in each word. From the tables in 9] we can see that about 4 2 112 = 2 24 known plaintexts are required to attack Feal-8, with su...
متن کاملOn the Design and Security of RC 2 Lars
The block cipher RC2 was designed in 1989 by Ron Rivest for RSA Data Security Inc. In this paper we describe both the cipher and preliminary attempts to use both diierential and linear cryptanalysis.
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 1996