5 research outputs found
A Practical-Time Attack on the A5/3 Cryptosystem Used in Third Generation GSM Telephony
The privacy of most GSM phone conversations is currently protected by the 20+ years old A5/1 and A5/2 stream ciphers, which were repeatedly shown to be cryptographically weak. They will soon be replaced in third generation networks by a new A5/3 block cipher called KASUMI, which is a modified version of the MISTY cryptosystem. In this paper we describe a new type of attack called a sandwich attack, and use it to construct a simple distinguisher for 7 of the 8 rounds of KASUMI with an amazingly high probability of . By using this distinguisher and analyzing the single remaining round, we can derive the complete 128 bit key of the full KASUMI by using only 4 related keys, data, bytes of memory, and time. These complexities are so small that we have actually simulated the attack in less than two hours on a single PC, and experimentally verified its correctness and complexity. Interestingly, neither our technique nor any other published attack can break MISTY in less than the complexity of exhaustive search, which indicates that the changes made by the GSM Association in moving from MISTY to KASUMI resulted in a much weaker cryptosystem
The (related-key) impossible boomerang attack and its application to the AES block cipher
The Advanced Encryption Standard (AES) is a 128-bit block cipher with a user key of 128, 192 or 256 bits, released by NIST in 2001 as the next-generation data encryption standard for use in the USA. It was adopted as an ISO international standard in 2005. Impossible differential cryptanalysis and the boomerang attack are powerful variants of differential cryptanalysis for analysing the security of a block cipher. In this paper, building on the notions of impossible differential cryptanalysis and the boomerang attack, we propose a new cryptanalytic technique, which we call the impossible boomerang attack, and then describe an extension of this attack which applies in a related-key attack scenario. Finally, we apply the impossible boomerang attack to break 6-round AES with 128 key bits and 7-round AES with 192/256 key bits, and using two related keys we apply the related-key impossible boomerang attack to break 8-round AES with 192 key bits and 9-round AES with 256 key bits. In the two-key related-key attack scenario, our results, which were the first to achieve this amount of attacked rounds, match the best currently known results for AES with 192/256 key bits in terms of the numbers of attacked rounds. The (related-key) impossible boomerang attack is a general cryptanalytic technique, and can potentially be used to cryptanalyse other block ciphers
Related-Key Rectangle Attacks on Reduced Versions of SHACAL-1 and AES-192
In this paper we propose a notion of related-key rectangle attack using 4 related keys. It is based on two consecutive related-key differentials which are independent of each other. Using this attack we can break SHACAL-1 with 512-bit keys up to 70 rounds out of 80 rounds and AES with 192-bit keys up to 8 rounds out of 12 rounds, which are faster than exhaustive search.status: publishe
HUC-HISF: A Hybrid Intelligent Security Framework for Human-centric Ubiquitous Computing
制度:新 ; 報告番号:乙2336号 ; 学位の種類:博士(人間科学) ; 授与年月日:2012/1/18 ; 早大学位記番号:新584
Cryptanalysis of Block Ciphers
The block cipher is one of the most important primitives in
modern cryptography, information and network security; one of
the primary purposes of such ciphers is to provide
confidentiality for data transmitted in insecure communication
environments. To ensure that confidentiality is robustly
provided, it is essential to investigate the security of a
block cipher against a variety of cryptanalytic attacks.
In this thesis, we propose a new extension of differential
cryptanalysis, which we call the impossible boomerang attack.
We describe the early abort technique for (related-key)
impossible differential cryptanalysis and rectangle attacks.
Finally, we analyse the security of a number of block ciphers
that are currently being widely used or have recently been
proposed for use in emerging cryptographic applications; our
main cryptanalytic results are as follows.
An impossible differential attack on 7-round AES when used with
128 or 192 key bits, and an impossible differential attack on
8-round AES when used with 256 key bits. An impossible
boomerang attack on 6-round AES when used with 128 key bits,
and an impossible boomerang attack on 7-round AES when used
with 192 or 256 key bits. A related-key impossible boomerang
attack on 8-round AES when used with 192 key bits, and a
related-key impossible boomerang attack on 9-round AES when
used with 256 key bits, both using two keys.
An impossible differential attack on 11-round reduced Camellia
when used with 128 key bits, an impossible differential attack
on 12-round reduced Camellia when used with 192 key bits, and
an impossible differential attack on 13-round reduced Camellia
when used with 256 key bits.
A related-key rectangle attack on the full Cobra-F64a, and a
related-key differential attack on the full Cobra-F64b.
A related-key rectangle attack on 44-round SHACAL-2.
A related-key rectangle attack on 36-round XTEA.
An impossible differential attack on 25-round reduced HIGHT, a
related-key rectangle attack on 26-round reduced HIGHT, and a
related-key impossible differential attack on 28-round reduced
HIGHT.
In terms of either the attack complexity or the numbers of
attacked rounds, the attacks presented in the thesis are better
than any previously published cryptanalytic results for the
block ciphers concerned, except in the case of AES; for AES,
the presented impossible differential attacks on 7-round AES
used with 128 key bits and 8-round AES used with 256 key bits
are the best currently published results on AES in a single key
attack scenario, and the presented related-key impossible
boomerang attacks on 8-round AES used with 192 key bits and
9-round AES used with 256 key bits are the best currently
published results on AES in a related-key attack scenario
involving two keys