• Title/Summary/Keyword: cryptanalysis

Search Result 209, Processing Time 0.022 seconds

Research on the Security Level of µ2 against Impossible Differential cryptanalysis

  • Zhang, Kai;Lai, Xuejia;Guan, Jie;Hu, Bin
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.16 no.3
    • /
    • pp.972-985
    • /
    • 2022
  • In the year 2020, a new lightweight block cipher µ2 is proposed. It has both good software and hardware performance, and it is especially suitable for constrained resource environment. However, the security evaluation on µ2 against impossible differential cryptanalysis seems missing from the specification. To fill this gap, an impossible differential cryptanalysis on µ2 is proposed. In this paper, firstly, some cryptographic properties on µ2 are proposed. Then several longest 7-round impossible differential distinguishers are constructed. Finally, an impossible differential cryptanalysis on µ2 reduced to 10 rounds is proposed based on the constructed distinguishers. The time complexity for the attack is about 269.63 10-round µ2 encryptions, the data complexity is O(248), and the memory complexity is 263.57 Bytes. The reported result indicates that µ2 reduced to 10 rounds can't resist against impossible differential cryptanalysis.

Multidimensional Differential-Linear Cryptanalysis of ARIA Block Cipher

  • Yi, Wentan;Ren, Jiongjiong;Chen, Shaozhen
    • ETRI Journal
    • /
    • v.39 no.1
    • /
    • pp.108-115
    • /
    • 2017
  • ARIA is a 128-bit block cipher that has been selected as a Korean encryption standard. Similar to AES, it is robust against differential cryptanalysis and linear cryptanalysis. In this study, we analyze the security of ARIA against differential-linear cryptanalysis. We present five rounds of differential-linear distinguishers for ARIA, which can distinguish five rounds of ARIA from random permutations using only 284.8 chosen plaintexts. Moreover, we develop differential-linear attacks based on six rounds of ARIA-128 and seven rounds of ARIA-256. This is the first multidimensional differential-linear cryptanalysis of ARIA and it has lower data complexity than all previous results. This is a preliminary study and further research may obtain better results in the future.

An Encryption Algorithm Based on DES or Composition Hangul Syllables (DES에 기반한 조합형 한글 암호 알고리즘)

  • 박근수
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.9 no.3
    • /
    • pp.63-74
    • /
    • 1999
  • In this paper we present a Hangul Encryption Algorithm (HEA) which encrypts composition Hangul syllables into composition Hangul syllables using the non-linear structure of Hangul. Since ciphertexts generated by HEA are displayable characters HEA can be used in applications such as Privacy Enhanced mail (PEM) where ciphertexts should be displayable characters. HEA is based on DES and it can be shown that HEA is as safe as DES against the exhaustive key search differential cryptanalysis and linear cryptanalysis. HEA also has randomness of phonemes of ciphertexts and satisfies plaintext-ciphetext avalanche effect and key-ciphertext avalanche effect.

Novel Technique in Linear Cryptanalysis

  • Sun, Wen-Long;Guan, Jie
    • ETRI Journal
    • /
    • v.37 no.1
    • /
    • pp.165-174
    • /
    • 2015
  • In this paper, we focus on a novel technique called the cube-linear attack, which is formed by combining cube attacks with linear attacks. It is designed to recover the secret information in a probabilistic polynomial and can reduce the data complexity required for a successful attack in specific circumstances. In addition to the different combination strategies of the two attacks, two cube-linear schemes are discussed. Applying our method of a cube-linear attack to a reduced-round Trivium, as an example, we get better linear cryptanalysis results. More importantly, we believe that the improved linear cryptanalysis technique introduced in this paper can be extended to other ciphers.

Conditional Re-encoding Method for Cryptanalysis-Resistant White-Box AES

  • Lee, Seungkwang;Choi, Dooho;Choi, Yong-Je
    • ETRI Journal
    • /
    • v.37 no.5
    • /
    • pp.1012-1022
    • /
    • 2015
  • Conventional cryptographic algorithms are not sufficient to protect secret keys and data in white-box environments, where an attacker has full visibility and control over an executing software code. For this reason, cryptographic algorithms have been redesigned to be resistant to white-box attacks. The first white-box AES (WB-AES) implementation was thought to provide reliable security in that all brute force attacks are infeasible even in white-box environments; however, this proved not to be the case. In particular, Billet and others presented a cryptanalysis of WB-AES with 230 time complexity, and Michiels and others generalized it for all substitution-linear transformation ciphers. Recently, a collision-based cryptanalysis was also reported. In this paper, we revisit Chow and others's first WB-AES implementation and present a conditional re-encoding method for cryptanalysis protection. The experimental results show that there is approximately a 57% increase in the memory requirement and a 20% increase in execution speed.

A Design and Analysis of the Block Cipher Circle-g Using the Modified Feistel Structure (변형된 Feistel 구조를 이용한 Circle-g의 설계와 분석)

  • 임웅택;전문석
    • Journal of the Korea Computer Industry Society
    • /
    • v.5 no.3
    • /
    • pp.405-414
    • /
    • 2004
  • In this paper, we designed a 128-bits block cipher, Circle-g, which has 18-rounds modified Feistel structure and analyzed its secureness by the differential cryptanalysis and linear cryptanalysis. We could have full diffusion effect from the two rounds of the Circle-g. Because of the strong diffusion effect of the F-function of the algorithm, we could get a 9-rounds DC characteristic with probability 2^{-144} and a 12-rounds LC characteristic with probability 2^{-144}. For the Circle-g with 128-bit key, there is no shortcut attack, which is more efficient than the exhaustive key search, for more than 12 rounds of the algorithm.

  • PDF

Provable Security for New Block Cipher Structures against Differential Cryptanalysis and Linear Cryptanalysis (새로운 블록 암호 구조에 대한 차분/선형 공격의 안전성 증명)

  • Kim, Jong-Sung;Jeong, Ki-Tae;Lee, Sang-Jin;Hong, Seok-Hie
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.1
    • /
    • pp.121-125
    • /
    • 2007
  • Differential cryptanalysis and linear cryptanalysis are the most powerful approaches known for attacking many block ciphers and used to evaluating the security of many block ciphers. So designers have designed secure block ciphers against these cryptanalyses. In this paper, we present new three block cipher structures. And for given r, we prove that differential(linear) probabilities for r-round blockcipher structures are upper bounded by $p^2(q^2),\;2p^2(2q^2)$ if the maximum differential(linear) probability is p(q) and the round function is a bijective function.

Differential Cryptanalysis of DES-Like Block Cipher HEA (블록 암호 알고리즘 HEA에 대한 차분분석)

  • 현진수;송정환;강형석
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.10 no.4
    • /
    • pp.107-112
    • /
    • 2000
  • In this paper, we study a security of HEA(Hangul Encryption Algorithm) against differential cryptanalysis. HEA, which is 1,024bits input/output and 56bits key size, has the same structure as DES(Data Encyption Standard) only for Korean characters to be produced in ciphertexts. An encryption algorithm should be developed to meet certain critria such as input/ouput dependencies, correlation, avalanche effects, etc. However HEA uses the same S-Boxes as DES does and just expands the plaintext/ciphertext sizes . We analysize HEA with a differential cryptanalysis and present two results. The number of rounds of HEA has not been determined in a concrete basis of cryptanalysis and we show a chosen plintext attack of 10 round reduced HEA with a diffe- rential cryptanalysis characteristic.

Deep Learning Assisted Differential Cryptanalysis for the Lightweight Cipher SIMON

  • Tian, Wenqiang;Hu, Bin
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.15 no.2
    • /
    • pp.600-616
    • /
    • 2021
  • SIMON and SPECK are two families of lightweight block ciphers that have excellent performance on hardware and software platforms. At CRYPTO 2019, Gohr first introduces the differential cryptanalysis based deep learning on round-reduced SPECK32/64, and finally reduces the remaining security of 11-round SPECK32/64 to roughly 38 bits. In this paper, we are committed to evaluating the safety of SIMON cipher under the neural differential cryptanalysis. We firstly prove theoretically that SIMON is a non-Markov cipher, which means that the results based on conventional differential cryptanalysis may be inaccurate. Then we train a residual neural network to get the 7-, 8-, 9-round neural distinguishers for SIMON32/64. To prove the effectiveness for our distinguishers, we perform the distinguishing attack and key-recovery attack against 15-round SIMON32/64. The results show that the real ciphertexts can be distinguished from random ciphertexts with a probability close to 1 only by 28.7 chosen-plaintext pairs. For the key-recovery attack, the correct key was recovered with a success rate of 23%, and the data complexity and computation complexity are as low as 28 and 220.1 respectively. All the results are better than the existing literature. Furthermore, we briefly discussed the effect of different residual network structures on the training results of neural distinguishers. It is hoped that our findings will provide some reference for future research.

Design and Analysis of the Block Cipher Using Extended Feistel Structure (확장된 Feistel 구조를 이용한 Block Cipher의 설계와 분석)

  • 임웅택;전문석
    • Journal of the Korea Computer Industry Society
    • /
    • v.4 no.4
    • /
    • pp.523-532
    • /
    • 2003
  • In this paper, we designed a 128-bit block cipher, Lambda, which has 16-round extended Feistel structure and analyzed its secureness by the differential cryptanalysis and linear cryptanalysis. We could have full diffusion effect from the two rounds of the Lambda. Because of the strong diffusion effect of the algorithm, we could get a 8-round differential characteristic with probability $2^{-192}$ and a linear characteristic with probability $2^{-128}$. For the Lambda with 128-bit key, there is no shortcut attack, which is more efficient than the exhaustive key search, for more than 8 rounds of the algorithm.

  • PDF