Distinguisher for Shabal's Permutation Function
نویسنده
چکیده
In this note we consider the Shabal permutation function P as a block cipher with input Ap,Bp and key C,M and describe a distinguisher with a data complexity of 2 random inputs with a given difference. If the attacker can control one chosen bit of Bp, only 2 21 inputs with a given difference are required on average. This distinguisher does not appear to lead directly to an attack on the full Shabal construction.
منابع مشابه
Boomerang Distinguisher for the SIMD-512 Compression Function
In this paper, we present a distinguisher for the permutation of SIMD-512 with complexity 2. We extend the attack to a distinguisher for the compression function with complexity 2. The attack is based on the application of the boomerang attack for hash functions. Starting from the middle of the compression function we use techniques from coding theory to search for two differential characterist...
متن کاملFinding Efficient Distinguishers for Cryptographic Mappings, with an Application to the Block Cipher TEA
The construction of a distinguisher (Knudsen and Meier 2000) (i.e., an algorithm that is able of distinguishing a random permutation or random mapping from a given cryptographic primitive, such as a block cipher or hash function) is one of the main objectives of a cryptanalyst. Although a distinguisher may or may not be used to recover some of the plaintext or key bits, the existence of an effi...
متن کاملNew Integral Distinguisher for Rijndael-256
The known 3-round distinguisher of Rijndael-256 is byteoriented and 2 plaintexts are needed to distinguish 3-round Rijndael from a random permutation. In this paper, we consider the influence of the order of the plaintexts and present a new 3-round distinguisher which only needs 32 plaintexts.
متن کاملImproved zero-sum distinguisher for full round Keccak-f permutation
Keccak is one of the five hash functions selected for the final round of the SHA-3 competition and its inner primitive is a permutation called Keccakf . In this paper, we find that for the inverse of the only one nonlinear transformation of Keccak-f , the algebraic degrees of any output coordinate and of the product of any two output coordinates are both 3 and also 2 less than its size 5. Combi...
متن کاملMixture Differential Cryptanalysis: New Approaches for Distinguishers and Attacks on round-reduced AES
At Eurocrypt 2017 the first secret-key distinguisher for 5-round AES has been presented. Although it allows to distinguish a random permutation from an AES-like one, it seems (rather) hard to exploit such a distinguisher in order to implement a key-recovery attack different than brute-force like. In this paper we introduce “Mixture Differential Cryptanalysis”, a new technique to set up new secr...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2010 شماره
صفحات -
تاریخ انتشار 2010