Cryptanalysis of Rijmen-Preneel Trapdoor Ciphers

نویسندگان

Hongjun Wu

Feng Bao

Robert H. Deng

Qin-Zhong Ye

چکیده

Rijmen and Preneel recently proposed for the first time a family of trapdoor block ciphers [8]. In this family of ciphers, a trapdoor is hidden in S-boxes and is claimed to be undetectable in [8] for properly chosen parameters. Given the trapdoor, the secret key (used for encryption and decryption) can be recovered easily by applying Matsui’s linear cryptanalysis [6]. In this paper, we break this family of trapdoor block ciphers by developing an attack on the S-boxes. We show how to find the trapdoor in the S-boxes and demonstrate that it is impossible to adjust the parameters of the S-boxes such that detecting the trapdoor is difficult meanwhile finding the secret key by trapdoor information is easy.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A Family of Trapdoor Ciphers

This paper presents several methods to construct trapdoor block ciphers. A trapdoor cipher contains some hidden structure; knowledge of this structure allows an attacker to obtain information on the key or to decrypt certain ciphertexts. Without this trapdoor information the block cipher seems to be secure. It is demonstrated that for certain block ciphers, trapdoors can be built-in that make t...

متن کامل

Improved Characteristics for Diierential Cryptanalysis of Hash Functions Based on Block Ciphers

In this paper we present an improvement of the diierential attack on hash functions based on block ciphers. By using the speciic properties of the collision attack on hash functions, we can greatly reduce the work factor to nd a pair that follows the characteristic. We propose a new family of diierential characteristics that is especially useful in combination with our improvement. Attacks on a...

متن کامل

On Weaknesses of Non-surjective Round Functions

We propose a new attack on Feistel ciphers with a non-surjective round function. CAST and LOKI91 are examples of such ciphers. We extend the attack towards ciphers that use a non–uniformly distributed round function and apply the attack to CAST.

متن کامل

Partition-Based Trapdoor Ciphers

This paper deals with block ciphers embedding a trapdoor which consists in mapping a partition of the plaintext space to a partition of the ciphertext space. In a first part, this issue is reduced to the study of the S-boxes of the cipher satisfying a few criteria. Then, differential and linear properties of such S-boxes are assessed and an algorithm to build optimal S-boxes is provided. Finall...

متن کامل