Diierential Cryptanalysis of Khf
نویسنده
چکیده
Bakhtiari et al recently proposed a fast message authentica-tion primitive called KHF. This paper shows that KHF is highly vulnerable to diierential cryptanalysis: it can be broken with about 37 chosen message queries. This suggests that the KHF design should be reconsidered .
منابع مشابه
Diierential Cryptanalysis of Feal and N-hash
In 1,2] we introduced the notion of diierential cryptanalysis and described its application to DESS11] and several of its variants. In this paper we show the applicability of diierential cryptanalysis to the Feal family of encryption algorithms and to the N-Hash hash function. In addition, we show how to transform diierential cryptanalytic chosen plaintext attacks into known plaintext attacks.
متن کاملApplying Diierential Cryptanalysis to Des Reduced to 5 Rounds
Diierential cryptanalysis is a powerful attack developed by Eli Biham and Adi Shamir. It has been successfully applied to many DES-like cryptosystems. We provide a brief introduction to their paper BS91] and show how to apply diierential cryptanalysis to attack the Data Encryption Standard (DES) reduced to 5 rounds.
متن کاملDifferential Cryptanalysis of Snefru, Khafre, REDOC-II, LOKI and Lucifer
In 1,2] we introduced the notion of diierential cryptanalysis based on chosen plaintext attacks. In 3,4] we described the application of diierential crypt-analysis to Feall12,11] and extended the method to known plaintext attacks. In this paper diierential cryptanalysis methods are applied to the hash function Snefruu9] and to the cryptosystems Khafree10], REDOC-III14,6], LOKII5] and Luciferr7].
متن کاملImproved Differential Attacks on RC5
In this paper we investigate the strength of the secret-key algorithm RC5 newly proposed by Ron Rivest. The target version of RC5 works on words of 32 bits, has 12 rounds and a user-selected key of 128 bits. At Crypto'95 Kaliski and Yin estimated the strength of RC5 by diierential and linear cryptanalysis. They conjectured that their linear analysis is optimal and that the use of 12 rounds for ...
متن کاملA New Criterion for the Design of 8 8 S-boxes in Private-key Ciphers
In this paper, we examine the security of the class of substitution-permutation private-key block ciphers with respect to linear and diierential crypt-analysis. A new S-box nonlinearity criterion is proposed and it is shown that S-boxes satisfying this criterion and having good diiusion improve remarkably the ability of an SPN to resist linear cryptanalysis and diierential cryptanalysis.
متن کامل