187 research outputs found
The (related-key) impossible boomerang attack and its application to the AES block cipher
The Advanced Encryption Standard (AES) is a 128-bit block cipher with a user key of 128, 192 or 256 bits, released by NIST in 2001 as the next-generation data encryption standard for use in the USA. It was adopted as an ISO international standard in 2005. Impossible differential cryptanalysis and the boomerang attack are powerful variants of differential cryptanalysis for analysing the security of a block cipher. In this paper, building on the notions of impossible differential cryptanalysis and the boomerang attack, we propose a new cryptanalytic technique, which we call the impossible boomerang attack, and then describe an extension of this attack which applies in a related-key attack scenario. Finally, we apply the impossible boomerang attack to break 6-round AES with 128 key bits and 7-round AES with 192/256 key bits, and using two related keys we apply the related-key impossible boomerang attack to break 8-round AES with 192 key bits and 9-round AES with 256 key bits. In the two-key related-key attack scenario, our results, which were the first to achieve this amount of attacked rounds, match the best currently known results for AES with 192/256 key bits in terms of the numbers of attacked rounds. The (related-key) impossible boomerang attack is a general cryptanalytic technique, and can potentially be used to cryptanalyse other block ciphers
Improved cryptanalysis of skein
The hash function Skein is the submission of Ferguson et
al. to the NIST Hash Competition, and is arguably a serious candidate
for selection as SHA-3. This paper presents the rst third-party analysis
of Skein, with an extensive study of its main component: the block
cipher Three sh. We notably investigate near collisions, distinguishers,
impossible di erentials, key recovery using related-key di erential and
boomerang attacks. In particular, we present near collisions on up to 17
rounds, an impossible di erential on 21 rounds, a related-key boomerang
distinguisher on 34 rounds, a known-related-key boomerang distinguisher
on 35 rounds, and key recovery attacks on up to 32 rounds, out of 72 in
total for Threefish-512. None of our attacks directly extends to the full
Skein hash. However, the pseudorandomness of Threefish is required to
validate the security proofs on Skein, and our results conclude that at
least 3
A Survey of ARX-based Symmetric-key Primitives
Addition Rotation XOR is suitable for fast implementation symmetric –key primitives, such as stream and block ciphers. This paper presents a review of several block and stream ciphers based on ARX construction followed by the discussion on the security analysis of symmetric key primitives where the best attack for every cipher was carried out. We benchmark the implementation on software and hardware according to the evaluation metrics. Therefore, this paper aims at providing a reference for a better selection of ARX design strategy
Polytopic Cryptanalysis
Standard differential cryptanalysis uses statistical dependencies between the difference of two plaintexts and the difference of the respective two ciphertexts to attack a cipher. Here we introduce polytopic cryptanalysis which considers interdependencies between larger sets of texts as they traverse through the cipher. We prove that the methodology of standard differential cryptanalysis can unambiguously be extended and transferred to the polytopic case including impossible differentials. We show that impossible polytopic transitions have generic advantages over impossible differentials. To demonstrate the practical relevance of the generalization, we present new low-data attacks on round-reduced DES and AES using impossible polytopic transitions that are able to compete with existing attacks, partially outperforming these
- …