Knudsen and Berson have applied truncated differential attack on 5 round SAFER K-64 successfully. However, their attack is not efficient when applied on 5 round SAFER SK-64 (with the modified key schedule) and can not be applied on 6 round SAFER. In this paper, we improve the truncated differential attack on SAFER by using better truncated differential and additional filtering method. Our attac...

Related-cipher attack was introduced by Hongjun Wu in 2002 [25]. We can consider related ciphers as block ciphers with the same round function but different number of rounds. This attack can be applied to related ciphers by using the fact that their key schedules do not depend on the total number of rounds. In this paper we introduce differential related-cipher attack on block ciphers, which co...

In this paper, we discuss the strong attack model security for public key encryption scheme and digital signature scheme. Recently, Barbosa and Farshim introduced strong chosen ciphertext attack (SCCA) which is stronger than chosen ciphertext attack. The main motivation of this paper is to find an essential mechanism of secure schemes under strong attack model. So, we prove several impossibilit...

Serpent is a 128-bit SP-Network block cipher consisting of 32 rounds with variable key length (up to 256 bits long). It was selected as one of the 5 AES finalists. The best known attack so far is a linear attack on an 11-round reduced variant. In this paper we apply the enhanced differential-linear cryptanalysis to Serpent. The resulting attack is the best known attack on 11-round Serpent. It r...

In this paper, we present a distinguisher for the permutation of SIMD-512 with complexity 2. We extend the attack to a distinguisher for the compression function with complexity 2. The attack is based on the application of the boomerang attack for hash functions. Starting from the middle of the compression function we use techniques from coding theory to search for two differential characterist...

We discuss the security of Message Authentication Code (MAC) schemes from the viewpoint of differential attack, and propose an attack that is effective against DES-MAC and FEAL-MAC. The attack derives the secret authentication key in the chosen plaintext scenario. For example, DES(8-round)-MAC can be broken with 2 pairs of plaintext, while FEAL8-MAC can be broken with 2 pairs. The proposed atta...

In this paper we present a new cryptanalytic technique, based on impossible diierentials, and use it to show that Skipjack reduced from 32 to 31 rounds can be broken by an attack which is faster than exhaustive search.

MARS is one of the AES nalists. The up-to-date analysis of MARS includes the discovery of weak keys, and Biham's estimation that a 12round variant of MARS is breakable. This estimation was partly founded based on a 7-round impossible di erential of the core of MARS. However, no such attack was presented to-date. In this paper we present two new longer impossible di erentials of 8 rounds.

Flame was an advanced malware, used for espionage, which infected computers running a Microsoft Windows operating system. Once a computer in a local network was infected, Flame could spread to the other computers in the network via Windows Update, disguised as a security patch from Microsoft. Windows Update relies on digital signatures to ensure that updates originate from Microsoft. Using an a...