Improved Related-key Attacks on Desx and Desx+
نویسندگان
چکیده
In this paper, we present improved related-key attacks on the original DESX, and DESX+, a variant of the DESX with its preand post-whitening XOR operations replaced with addition modulo 2. Compared to previous results, our attack on DESX has reduced text complexity, while our best attack on DESX+ eliminates the memory requirements at the same processing complexity.
منابع مشابه
Related-Key Attacks on Triple-DES and DESX Variants
In this paper, we present related-key slide attacks on 2-key and 3-key triple DES, and related-key differential and slide attacks on two variants of DESX. First, we show that 2-key and 3-key triple-DES are susceptible to related-key slide attacks. The only previously known such attacks are related-key differential attacks on 3-key triple-DES. Second, we present a related-key differential attack...
متن کاملHow to Protect DES Against Exhaustive Key Search
The block cipher DESX is de ned by DESXk:k1:k2(x) = k2 DESk(k1 x), where denotes bitwise exclusive-or. This construction was rst suggested by Ron Rivest as a computationally-cheap way to protect DES against exhaustive key-search attacks. This paper proves, in a formal model, that the DESX construction is sound. We show that, when F is an idealized block cipher, FXk:k1:k2(x) = k2 Fk(k1 x) is sub...
متن کاملAttacking Triple Encryption
The standard technique to attack triple encryption is the meet-in-the-middle attack. In this paper, more eecient attacks are presented. Compared to meet-in-the-middle, our attacks either greatly reduce the number of single encryptions to be done, or somewhat reduce the overall number of steps. Especially, about 2 108 steps of computation are suucient to break three-key triple DES. If one concen...
متن کاملSecond Preimages for Iterated Hash Functions Based on a b-Block Bypass
In this article, we present a second preimage attack on a double block-length hash proposal presented at FSE 2006. If the hash function is instantiated with DESX as underlying block cipher, we are able to construct second preimages deterministically. Nevertheless, this second preimage attack does not render the hash scheme insecure. For the hash scheme, we only show that it should not be instan...
متن کاملAdvanced Slide Attacks
Recently a powerful cryptanalytic tool—the slide attack— was introduced [3]. Slide attacks are very successful in breaking iterative ciphers with a high degree of self-similarity and even more surprisingly are independent of the number of rounds of a cipher. In this paper we extend the applicability of slide attacks to a larger class of ciphers. We find very efficient knownand chosen-text attac...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Cryptologia
دوره 32 شماره
صفحات -
تاریخ انتشار 2008