Cryptanalysis of SAFER++

Linear Cryptanalysis of the SAFER Block Cipher Family

This paper presents a linear cryptanalytic attack against the SAFER family of block ciphers. Linear cryptanalysis is a statistical well-known-plaintext attack that explores (approximate) linear relations between plaintext, ciphertext and subkey bits. These linear relations apply only to certain key classes. The results show that by considering nonhomomorphic linear relations, more rounds of the...

Linear Cryptanalysis of Reduced-Round Versions of the SAFER Block Cipher Family

This paper presents a linear cryptanalytic attack against reduced round variants of the SAFER family of block ciphers. Compared with the 1.5 round linear relations by Harpes et al., the following new linear relations were found: a 3.75-round non-homomorphic linear relation for both SAFER-K and SAFER-SK with bias = 2−29; a 2.75 round relation for SAFER+ with bias = 2−49. For a 32-bit block mini-...

Improved Truncated Differential Attacks on SAFER

Knudsen and Berson have applied truncated differential attack on 5 round SAFER K-64 successfully. However, their attack is not efficient when applied on 5 round SAFER SK-64 (with the modified key schedule) and can not be applied on 6 round SAFER. In this paper, we improve the truncated differential attack on SAFER by using better truncated differential and additional filtering method. Our attac...

Characterizations of the Degraded Boolean Function and Cryptanalysis of the SAFER Family

This paper investigates the degradation properties of Boolean functions from the aspects of the distributions of differences and linear masks, and shows two characterizations of the degraded Boolean function. One is that there exists a linear space of the input differences, where the differentials with the zero output difference have probability 1; Another one is that the input linear masks of ...

On the Need for Multipermutations: Cryptanalysis of MD4 and SAFER