Cryptanalysis of Patarin's 2-Round Public Key System with S Boxes (2R)
نویسنده
چکیده
In a series of papers Patarin proposes new efficient public key systems. A very interesting proposal, called 2-Round Public Key System with S Boxes, or 2R, is based on the difficulty of decomposing the structure of several rounds of unknown linear transformations and S boxes. This difficulty is due to the difficulty of decomposing compositions of multivariate binary functions. In this paper we present a novel attack which breaks the 64-bit block variant with complexity about 2 steps, and the more secure 128-bit blocks variant with complexity about 2 steps. It is interesting to note that this cryptanalysis uses only the ciphertexts of selected plaintexts, and does not analyze the details of the supplied encryption code.
منابع مشابه
Cryptanalysis of 2R- Schemes
In this paper, we study the security of 2R− schemes [17, 18], which are the “minus variant” of two-round schemes. This variant consists in removing some of the n polynomials of the public key, and permits to thwart an attack described at Crypto’99 [25] against two-round schemes. Usually, the “minus variant” leads to a real strengthening of the considered schemes. We show here that this is actua...
متن کاملImpossible Differential Cryptanalysis on Deoxys-BC-256
Deoxys is a final-round candidate of the CAESAR competition. Deoxys is built upon an internal tweakable block cipher Deoxys-BC, where in addition to the plaintext and key, it takes an extra non-secret input called a tweak. This paper presents the first impossible differential cryptanalysis of Deoxys-BC-256 which is used in Deoxys as an internal tweakable block cipher. First, we find a 4.5-round...
متن کاملTruncated and Multiple Differential Cryptanalysis of Reduced Round Midori128
Midori is a family of SPN-based lightweight block ciphers designed to optimize the hardware energy consumption per bit during the encryption and decryption operations. At ASIACRYPT 2015, two variants of the cipher, namely Midori128 and Midori64, which support a 128-bit secret key and a 64/128-bit block, respectively, were proposed. Recently, a meet-in-the-middle attack and an invariant subspace...
متن کاملCryptanalysis of a Perturbated White-Box AES Implementation
In response to various cryptanalysis results on white-box cryptography, Bringer et al. presented a novel white-box strategy. They propose to extend the round computations of a block cipher with a set of random equations and perturbations, and complicate the analysis by implementing each such round as one system that is obfuscated with annihilating linear input and output encodings. The improved...
متن کاملAsymmetric cryptography with S-Boxes
In [12], T. Matsumoto and H. Imai designed an asymmetric cryptosystem, called C∗, for authentication, encryption and signature. This C∗ scheme was broken in [13] due to unexpected algebraic properties. In this paper, we study some new “candidate” asymmetric cryptosystems based on the idea of hiding one or two rounds of small S-box computations with secret functions of degree one or two. The pub...
متن کامل