• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.1
• /
• pp.57-66
• /
• 2005

SHACAL-2 is a 256-bit block cipher with various key sizes based on the hash function SHA-2. Recently, it was recommended as one of the NESSIE selections. This paper presents differential-linear type attacks on SHACAL-2 with 512-bit keys up to 32 out of its 64 rounds. Our 32-round attack on the 512-bit keys variants is the best efficient attack on this cipher in published literatures.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1379-1392
• /
• 2018

The complexity of the differential-linear cryptanalysis is strongly influenced by the probability of the differential-linear characteristic computed under the assumption of round independence, linear approximation independence, and uniformity for the trail that does not satisfy differential trail. Therefore, computing the exact probability of the differential-linear characteristic is a very important issue related to the validity of the attack. In this paper, we propose a new concept called DLCT(Differential-Linear Connectivity Table) for the differential-linear cryptanalysis. Additionally, we propose an improved probability computation technique of differential-linear characteristic by applying DLCT. By doing so, we were able to weaken linear approximation independence assumption. We reanalyzed the previous results by applying DLCT to DES and SERPENT. The probability of 7-round differential-linear characteristic of DES is $1/2+2^{-5.81}$, the probability of 9-round differential-linear characteristic of SERPENT is computed again to $1/2+2^{-57.9}$, and data complexity required for the attack is reduced by $2^{0.2}$ and $2^{2.2}$ times, respectively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.3
• /
• pp.45-52
• /
• 2001

In this paper, we examine the method for evaluating the security of SPN structures against differential cryptanalysis and linear cryptanalysis. We present an example of SPN structures in which there is a considerable difference between the differential probabilities and the characteristic probabilities. Then we 7pose an algorithm for estimating the maximum differential probabilities and the maximum linear hull probabilities of SPN structures and an useful method for accelerating the proposed algorithm. By using this method, we obain the maximum differential probabilities and the maximum linear probabilities of round function F of block cipher E2.

• ETRI Journal
• /
• v.39 no.1
• /
• pp.108-115
• /
• 2017

ARIA is a 128-bit block cipher that has been selected as a Korean encryption standard. Similar to AES, it is robust against differential cryptanalysis and linear cryptanalysis. In this study, we analyze the security of ARIA against differential-linear cryptanalysis. We present five rounds of differential-linear distinguishers for ARIA, which can distinguish five rounds of ARIA from random permutations using only 284.8 chosen plaintexts. Moreover, we develop differential-linear attacks based on six rounds of ARIA-128 and seven rounds of ARIA-256. This is the first multidimensional differential-linear cryptanalysis of ARIA and it has lower data complexity than all previous results. This is a preliminary study and further research may obtain better results in the future.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.2
• /
• pp.727-746
• /
• 2018

The hash function RIPEMD-160 is a worldwide ISO/IEC standard and the hash function HAS-160 is the Korean hash standard and is widely used in Korea. On the basis of differential meet-in-the-middle attack and biclique technique, a preimage attack on 34-step RIPEMD-160 with message padding and a pseudo-preimage attack on 71-step HAS-160 without message padding are proposed. The former is the first preimage attack from the first step, the latter increases the best pseudo-preimage attack from the first step by 5 steps. Furthermore, we locate the linear spaces in another message words and exchange the bicliques construction process and the mask vector search process. A preimage attack on 35-step RIPEMD-160 and a preimage attack on 71-step HAS-160 are presented. Both of the attacks are from the intermediate step and satisfy the message padding. They improve the best preimage attacks from the intermediate step on step-reduced RIPEMD-160 and HAS-160 by 4 and 3 steps respectively. As far as we know, they are the best preimage and pseudo-preimage attacks on step-reduced RIPEMD-160 and HAS-160 respectively in terms of number of steps.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.2
• /
• pp.478-493
• /
• 2024

In this paper, the Mixed Integer Linear Programming (MILP) model is improved for searching differential characteristics of block cipher Midori-64, and 4 search strategies of differential path are given. By using strategy IV, set 1 S-box on the top of the distinguisher to be active, and set 3 S-boxes at the bottom to be active and the difference to be the same, then we obtain a 5-round differential characteristics. Based on the distinguisher, we attack 12-round Midori-64 with data and time complexities of 2⁶³ and 2^103.83, respectively. To our best knowledge, these results are superior to current ones.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.8 no.1
• /
• pp.65-70
• /
• 1998

K. Nyberg and L.R. Knudsen showed a prototype of a DES-like cipher$^{[1]}$ which has a provable security against differential cryptanalysis. But in the last year, at FSE'97 T. Jakobsen ane L.R.Knudsen broked it by using higher order differential attack and interpolation attack$^{[2]}$ . Furthermore the cipher was just a theoretically proposed one to demonstrate how to construct a cipher which is procably secure against differential cryptanalysis$^{[3]}$ and it was suspected to have a large complexity for its implementation.Inthis paper the two improved results for the dfficidnt hardware and software implementation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.5 no.1
• /
• pp.25-36
• /
• 1995

Differential Cryptanalysis(DC) and Linear Cryptanalysis(LC) are considered to be efficient attack methods which could be applied to DES and other DES-like private key Cryptosystems. This paper analyzes the DC and LC attack to DES and design a 80-bit block Cipher (80-DES) which could be strong against DC and LC Attack.

• Journal of the Korea Computer Industry Society
• /
• v.4 no.4
• /
• pp.523-532
• /
• 2003

In this paper, we designed a 128-bit block cipher, Lambda, which has 16-round extended Feistel structure and analyzed its secureness by the differential cryptanalysis and linear cryptanalysis. We could have full diffusion effect from the two rounds of the Lambda. Because of the strong diffusion effect of the algorithm, we could get a 8-round differential characteristic with probability $2^{-192}$ and a linear characteristic with probability $2^{-128}$. For the Lambda with 128-bit key, there is no shortcut attack, which is more efficient than the exhaustive key search, for more than 8 rounds of the algorithm.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.1
• /
• pp.77-86
• /
• 2005

Related-Cipher attack was introduced by Hongjun Wu in 2002. We can consider related ciphers as block ciphers with the same round function but different round number and their key schedules do not depend on the total round number. This attack can be applied to block ciphers when one uses some semi-equivalent keys in related ciphers. In this paper we introduce differential related-cipher attacks on block ciphers, which combine related-cipher attacks with differential cryptanalysis. We apply this attack to the block cipher ARIA and SC2000. Furthermore, related-cipher attack can be combined with other block cipher attacks such as linear cryptanalysis, higher-order differential cryptanalysis, and so on. In this point of view we also analyze some other block ciphers which use flexible number of rounds, SAFER++ and CAST-128.