Cryptanalysis of Rijmen-Preneel Trapdoor Ciphers
نویسندگان
چکیده
Rijmen and Preneel recently proposed for the first time a family of trapdoor block ciphers [8]. In this family of ciphers, a trapdoor is hidden in S-boxes and is claimed to be undetectable in [8] for properly chosen parameters. Given the trapdoor, the secret key (used for encryption and decryption) can be recovered easily by applying Matsui’s linear cryptanalysis [6]. In this paper, we break this family of trapdoor block ciphers by developing an attack on the S-boxes. We show how to find the trapdoor in the S-boxes and demonstrate that it is impossible to adjust the parameters of the S-boxes such that detecting the trapdoor is difficult meanwhile finding the secret key by trapdoor information is easy.
منابع مشابه
A Family of Trapdoor Ciphers
This paper presents several methods to construct trapdoor block ciphers. A trapdoor cipher contains some hidden structure; knowledge of this structure allows an attacker to obtain information on the key or to decrypt certain ciphertexts. Without this trapdoor information the block cipher seems to be secure. It is demonstrated that for certain block ciphers, trapdoors can be built-in that make t...
متن کاملImproved Characteristics for Diierential Cryptanalysis of Hash Functions Based on Block Ciphers
In this paper we present an improvement of the diierential attack on hash functions based on block ciphers. By using the speciic properties of the collision attack on hash functions, we can greatly reduce the work factor to nd a pair that follows the characteristic. We propose a new family of diierential characteristics that is especially useful in combination with our improvement. Attacks on a...
متن کاملOn Weaknesses of Non-surjective Round Functions
We propose a new attack on Feistel ciphers with a non-surjective round function. CAST and LOKI91 are examples of such ciphers. We extend the attack towards ciphers that use a non–uniformly distributed round function and apply the attack to CAST.
متن کاملPartition-Based Trapdoor Ciphers
This paper deals with block ciphers embedding a trapdoor which consists in mapping a partition of the plaintext space to a partition of the ciphertext space. In a first part, this issue is reduced to the study of the S-boxes of the cipher satisfying a few criteria. Then, differential and linear properties of such S-boxes are assessed and an algorithm to build optimal S-boxes is provided. Finall...
متن کاملDifferential Cryptanalysis of the Stream Ciphers Py, Py6 and Pypy
A multi-year project to identify new stream ciphers that might become suitable for widespread adoption
متن کامل