Cryptanalysis of Mcguun
نویسندگان
چکیده
This paper shows that the actual proposal for an unbalanced Feistel network by Schneier and Blaze is as vulnerable to diierential cryptanalysis as the DES. 1 McGuun Schneier and Blaze introduce in SB95] a new kind of block ciphers: the Generalized Unbalanced Feistel Network. Together with the general architecture they give a complete speciication of an example. The basic idea is to split the input of each round into unequal parts. In the example, the 64-bit input is split into a 48-bit input of the F-function, and a 16-bit part that is exored with the output of the F-function. The F-function consists of the 8 S-boxes of the DES, but the two middle output bits of each S-box are neglected in order to obtain a 16-bit output. 2 Diierential Characteristics In Ma94] Matsui demonstrated that one can nd the best diierential characteristics and linear relations for the DES with a clever search algorithm. This encouraged us to try the same for McGuun. For the DES it is very important to depart from very good starting values in order to obtain the characteristics in relatively short time (a few hours). For McGuun, we had no good guesses for the starting values and became the best characteristics for two to 32 rounds in about the same time. This indicates that McGuun is very vulnerable for diierential cryptanalysis. Table 1 gives the probabilities of the best diierential characteristics of McGuun. It turns out that the probability of the best 2n-round characteristic of McGuun is signiicantly larger than the probability of the best n-round characteristic of the DES. From this viewpoint 32 rounds of McGuun is weaker than 16 rounds of the DES. Figure 1 shows the four-round
منابع مشابه
A new method for accelerating impossible differential cryptanalysis and its application on LBlock
Impossible differential cryptanalysis, the extension of differential cryptanalysis, is one of the most efficient attacks against block ciphers. This cryptanalysis method has been applied to most of the block ciphers and has shown significant results. Using structures, key schedule considerations, early abort, and pre-computation are some common methods to reduce complexities of this attack. In ...
متن کاملImpossible Differential Cryptanalysis on Deoxys-BC-256
Deoxys is a final-round candidate of the CAESAR competition. Deoxys is built upon an internal tweakable block cipher Deoxys-BC, where in addition to the plaintext and key, it takes an extra non-secret input called a tweak. This paper presents the first impossible differential cryptanalysis of Deoxys-BC-256 which is used in Deoxys as an internal tweakable block cipher. First, we find a 4.5-round...
متن کاملTime and Space Complexity Reduction of a Cryptanalysis Algorithm
Binary Decision Diagram (in short BDD) is an efficient data structure which has been used widely in computer science and engineering. BDD-based attack in key stream cryptanalysis is one of the best forms of attack in its category. In this paper, we propose a new key stream attack which is based on ZDD(Zero-suppressed BDD). We show how a ZDD-based key stream attack is more efficient in time and ...
متن کاملA Performance Survey of Meta-Heuristic And Brute-Force Search Algorithms to Cryptanalysis The SDES Encryption Algorithm
For many years, cryptanalysis has been considered as an attractive topic in jeopardizing the security and resistance of an encryption algorithm. The SDES encryption algorithm is a symmetric cryptography algorithm that performs a cryptographic operation using a crypt key. In the world of encryption, there are many search algorithms to cryptanalysis. In these researches, brute force attack algori...
متن کاملTime and Space Complexity Reduction of a Cryptanalysis Algorithm
Binary Decision Diagram (in short BDD) is an efficient data structure which has been used widely in computer science and engineering. BDD-based attack in key stream cryptanalysis is one of the best forms of attack in its category. In this paper, we propose a new key stream attack which is based on ZDD(Zero-suppressed BDD). We show how a ZDD-based key stream attack is more efficient in time and ...
متن کامل