15 research outputs found
Linear cryptanalysis of pseudorandom functions
Relatório de projeto de pesquisa.In this paper, we study linear relations propagating across block ciphers from the key input to the ciphertext (for a fixed plaintext block). This is a usual setting of a one-way function, used for instance in modes of operation such as KFB (key feedback). We instantiate the block cipher with the full 16-round DES and -DES, 10-round LOKI91 and 24-round Khufu, for which linear relations with high bias are well known. Other interesting targets include the full 8.5-round IDEA and PES ciphers for which high bias linear relations exist under the assumption of weak keys. Consequences of these findings impact the security of modes of operation such as KFB and of pseudorandom number/bit generators. These analyses were possible due to the linear structure and the poor diffusion of the key schedule algorithms. These findings shall motivate carefull (re)design of current and future key schedule algorithms
Square Attacks on Reduced-Round Variants of the Skipjack Block Cipher
This report surveys on a series of Square attacks on reduced-round
versions of the Skipjack block cipher.
{\bf Skipjack} is an iterated block cipher encrypting 64-bit plaintext
blocks into 64-bit ciphertext blocks, using an 80-bit key. Its
design is based on a generalized Feistel Network making up 32 rounds
of two different types. This cipher was developed by the National Security
Agency for the Clipper chip and Fortezza PC card
Applications of SAT Solvers in Cryptanalysis: Finding Weak Keys and Preimages
info:eu-repo/semantics/publishe
A Note on Weak Keys of PES, IDEA and some Extended Variants
This paper presents an analysis of the PES cipher in a similar setting as done by Daemen et al. at Crypto'93 for IDEA. The following results were obtained for 8.5 round PES: a linear weak-key class of size , two differential weak-key classes of size 2 , and two dierentiallinear weak-key classes of size 2 . For 17-round PES (double PES): a linear weak-key class of size 2 , and a differential weak-key class of size 2 were found. Daemen suggested a modified key schedule for IDEA in order to avoid weak keys. We found a differential weak-key class of size 2 for 2.5-round IDEA under his redesigned key schedule, and differential-linear relations for 3.5-round IDEA