Impossible Differential Attacks on Reduced-Round SAFER Ciphers∗ NES/DOC/KUL/WP5/30/1
نویسندگان
چکیده
This report describes impossible differential (ID) attacks on 3.75round SAFER SK-64, using 2 chosen texts, 2 memory, and 2 time. Moreover, an ID attack on both 2.75-round SAFER+ and on 2.75-round SAFER++ uses 2 data, 2 memory, and 2 time. We used the miss-in-the-middle technique developed by Biham et al. These attacks do not endanger the security of SAFER ciphers, and indicate that ID attacks work better on ciphers with slow diffusion such as Skipjack.
منابع مشابه
Impossible Differential Cryptanalysis of Reduced-Round Midori64 Block Cipher (Extended Version)
Impossible differential attack is a well-known mean to examine robustness of block ciphers. Using impossible differ- ential cryptanalysis, we analyze security of a family of lightweight block ciphers, named Midori, that are designed considering low energy consumption. Midori state size can be either 64 bits for Midori64 or 128 bits for Midori128; however, both vers...
متن کاملA new method for accelerating impossible differential cryptanalysis and its application on LBlock
Impossible differential cryptanalysis, the extension of differential cryptanalysis, is one of the most efficient attacks against block ciphers. This cryptanalysis method has been applied to most of the block ciphers and has shown significant results. Using structures, key schedule considerations, early abort, and pre-computation are some common methods to reduce complexities of this attack. In ...
متن کاملNew Impossible Differential Attack on SAFER + and SAFER + +
SAFER+ was a candidate block cipher for AES with 128-bit block size and a variable key sizes of 128, 192 or 256 bits. Bluetooth uses customized versions of SAFER+ for security. The numbers of rounds for SAFER+ with key sizes of 128, 192 and 256 are 8, 12 and 16, respectively. SAFER++, a variant of SAFER+, was among the cryptographic primitives selected for the second phase of the NESSIE project...
متن کاملImpossible Differential Cryptanalysis of the Lightweight Block Ciphers TEA, XTEA and HIGHT
TEA, XTEA and HIGHT are lightweight block ciphers with 64-bit block sizes and 128-bit keys. The round functions of the three ciphers are based on the simple operations XOR, modular addition and shift/rotation. TEA and XTEA are Feistel ciphers with 64 rounds designed by Needham and Wheeler, where XTEA is a successor of TEA, which was proposed by the same authors as an enhanced version of TEA. HI...
متن کاملNew Observations on Impossible Differential Cryptanalysis of Reduced-Round Camellia
Camellia is one of the widely used block ciphers, which has been selected as an international standard by ISO/IEC. In this paper, by exploiting some interesting properties of the key-dependent layer, we improve previous results on impossible differential cryptanalysis of reduced-round Camellia and gain some new observations. First, we introduce some new 7-round impossible differentials of Camel...
متن کامل