Stochastic Cryptanalysis of Crypton
نویسندگان
چکیده
Crypton is a 12-round blockcipher proposed as an AES candidate by C.H. Lim in 1998. In this paper, we show how to exploit some statistical deficiencies of the Crypton round function to mount stochastic attacks on round-reduced versions of Crypton. Though more efficient than the best differential and linear attacks, our attacks do not endanger the practical security offered by Crypton.
منابع مشابه
Related-Key Impossible Differential Attacks on Crypton
Crypton is a 12-round block cipher proposed as an AES candidate and Crtpton v1.0 is the revised version. In this paper, we present two related-key impossible differential attacks to reduced-round Crypton and Crypton v1.0. By carefully choosing the relations of keys, constructing some 6round related-key differential trials and using some observations on the cipher, we first break 9-round Crypton...
متن کاملImproved Meet-in-the-Middle Attacks on Round-Reduced Crypton-256
The meet-in-the-middle (MITM) attack has prove to be efficient in analyzing the AES block cipher. Its efficiency has been increasing with the introduction of various techniques such as differential enumeration, key-dependent sieve, super-box etc. The recent MITM attack given by Li and Jin has successfully mounted to 10-round AES-256. Crypton is an AES-like block cipher. In this paper, we apply ...
متن کاملImproved Impossible Differential Cryptanalysis of Rijndael and Crypton
Impossible differential attacks against Rijndael and Crypton have been proposed up to 5-round. In this paper we expand the impossible differential attacks to 6-round. Although we use the same 4-round impossible differential as in five round attacks, we put this impossible differential in the middle of 6-round. That is, we will consider one round before the impossible differential and one more r...
متن کاملAttack on Six Rounds of Crypton
In this paper we present an attack on a reduced round version of Crypton. The attack is based on the dedicated Square attack. We explain why the attack also works on Crypton and prove that the entire 256-bit user key for 6 rounds of Crypton can be recovered with a complexity of 2 encryptions, whereas for Square 2 encryptions are required to recover the 128-bit user key.
متن کاملReport on the AES Candidates
This document reports the activities of the AES working group organized at the Ecole Normale Supérieure. Several candidates are evaluated. In particular we outline some weaknesses in the designs of some candidates. We mainly discuss selection criteria between the candidates, and make case-by-case comments. We finally recommend the selection of Mars, RC6, Serpent, ... and DFC. As the report is b...
متن کامل