The S-box lookup is one of the most important operations in cipher algorithm design, and also is the most effective part to prevent traditional linear and differential attacks, however, when the physical implementation of the algorithm is considered, it becomes the weakest part of cryptosystems. This paper studies an active fault based implementation attack on block ciphers with S-box. Firstly,...

In about every book about cryptography, we learn that the plaintext complexity of differential cryptanalysis on DES is 2, as reported by Biham and Shamir in [2]. Yet few people realise that in a typical setting this estimation is not exact and too optimistic. In this note we show that the two “best” differentials for DES used by Biham and Shamir [1, 2], are not the best differentials that exist...

SMS4 is a 128-bit block cipher with a 128-bit user key and 32 rounds, which is used in WAPI, the Chinese WLAN national standard. In this paper, we present a linear attack and a differential attack on a 22round reduced SMS4; our 22-round linear attack has a data complexity of 2 known plaintexts, a memory complexity of 2 bytes and a time complexity of 2 22-round SMS4 encryptions and 2 arithmetic ...

This paper presents an improved impossible differential attack on the new block cipher CLEFIA which is proposed by Sony Corporation at FSE 2007. Combining some observations with new tricks, we can filter out the wrong keys more efficiently, and improve the impossible differential attack on 11-round CLEFIA-192/256, which also firstly works for CLEFIA-128. The complexity is about 2 encryptions an...

Impossible boomerang attack [5] (IBA) is a new variant of differential cryptanalysis against block ciphers. Evident from its name, it combines the ideas of both impossible differential cryptanalysis and boomerang attack. Though such an attack might not be the best attack available, its complexity is still less than that of the exhaustive search. In impossible boomerang attack, impossible boomer...

We present an internal collision attack against the new hash function Maraca which has been submitted to the SHA-3 competition. This attack requires 2 calls to the round function and its complexity is lower than the complexity of the generic collision attack when the length of the message digest is greater than or equal to 512. It is shown that this cryptanalysis mainly exploits some particular...

We consider highly structured truncated differential paths to mount a new rebound attack on Grøstl-512, a hash functions based on two AES-like permutations, P1024 and Q1024, with non-square input and output registers. We explain how such differential paths can be computed using a Mixed-Integer Linear Programming approach. Together with a SuperSBox description, this allows us to build a rebound ...

We describe a new tool for the search of collisions for hash functions. The tool is applicable when an attack is based on a differential trail, whose probability determines the complexity of the attack. Using the linear algebra methods we show how to organize the search so that many (in some cases — all) trail conditions are always satisfied thus significantly reducing the number of trials and ...

abstract introduction moyamoya is a rare chronic progressive occlusive cerebrovascular disease that its manifestation varies from stroke, progressive learning impairment and transient ischemic attack to headache and seizure. there is no known medical treatment and surgery usually is needed. the incidence of this disease is about 1 person in 10 million people and angiographic picture of this dis...

Three attacks on the DES with a reduced number of rounds in the Cipher Feedback Mode (CFB) are studied, namely a meet in the middle attack, a differential attack, and a linear attack. These attacks are based on the same principles as the corresponding attacks on the ECB mode. They are compared to the three basic attacks on the CFB mode. In 8-bit CFB and with 8 rounds in stead of 16, a different...