Search Results

You are looking at 1 - 4 of 4 items for :

  • "differential cryptanalysis" x
Clear All
Authors: Nicolas T. Courtois, Theodosis Mourouzis, Anna Grocholewska-Czuryło and Jean-Jacques Quisquater

References [1] Albrecht , Martin and Leander , Gregor , An All-In-One Approach to Differential Cryptanalysis for Small Block Ciphers , preprint available at

Restricted access

Abstract  

In this paper we look at the security of two block ciphers which were both claimed in the published literature to be secure against differential crypt-analysis (DC). However, a more careful examination shows that none of these ciphers is very secure against... differential cryptanalysis, in particular if we consider attacks with sets of differentials. For both these ciphers we report new perfectly periodic (iterative) aggregated differential attacks which propagate with quite high probabilities. The first cipher we look at is GOST, a well-known Russian government encryption standard. The second cipher we look at is PP-1, a very recent Polish block cipher. Both ciphers were designed to withstand linear and differential cryptanalysis. Unhappily, both ciphers are shown to be much weaker than expected against advanced differential attacks. For GOST, we report better and stronger sets of differentials than the best currently known attacks presented at SAC 2000 [32] and propose the first attack ever able to distinguish 16 rounds of GOST from random permutation. For PP-1 we show that in spite of the fact, that its S-box has an optimal theoretical security level against differential cryptanalysis [17], [29], our differentials are strong enough to allow to break all the known versions of the PP-1 cipher.

Restricted access

Multiplicative complexity is the minimum number of AND-gates required to implement a given Boolean function in (AND, XOR) algebra. It is a good measure of a hardware complexity of an S-box, but an S-box cannot have too low multiplicative complexity due to security constraints. In this article we focus on generic constructions that can be used to find good n×n S-boxes with low multiplicative complexity. We tested these constructions in the specific case when n = 8. We were able to find 8 × 8 S-boxes with multiplicative complexity at most 16 (which is half of the known bound on multiplicative complexity of the AES S-box), while providing a reasonable resistance against linear and differential cryptanalysis.

Restricted access

. , Security of E2 against Truncated Differential Cryptanalysis , in: H. Heys and C. Adams , editors, Selected Areas in Cryptography — 6th Annual International Workshop , SAC′99, Volume 1758 of Lecture Notes in Computer Science, pp. 106 – 117 , Berlin

Restricted access