- Differential-linear attack
The attack utilises a differential characteristic over part of the cipher with a probability of 1 (for a few rounds—this probability would be much lower for the whole cipher). The rounds immediately following the differential characteristic have a linear approximation defined, and we expect that for each chosen plaintext pair, the probability of the linear approximation holding for one chosen plaintext but not the other will be lower for the correct key. Hellman and Langford have shown that this attack can recover 10 key bits of an 8-round DES with only 512 chosen plaintexts and an 80% chance of success.
The attack was generalised by Eli Biham et al. to use differential characteristics with probability less than 1. Besides DES, it has been applied to FEAL, IDEA, Serpent, Camellia, and even the stream cipher Phelix.
- Johan Borst (February 1997) (PDF/PostScript). Differential-Linear Cryptanalysis of IDEA. http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.49.5084. Retrieved 2007-03-08.
- Johan Borst, Lars R. Knudsen, Vincent Rijmen (May 1997). "Two Attacks on Reduced IDEA" (PDF). Advances in Cryptology - EUROCRYPT '97. Konstanz: Springer-Verlag. pp. pp.1–13. http://www.cosic.esat.kuleuven.be/publications/article-155.pdf. Retrieved 2007-03-08.
- Biham, E.; Dunkelman, O.; & Keller, N. (December 2002). "Enhancing Differential-Linear Cryptanalysis" (PDF/gzipped PostScript). Advances in Cryptology, proceeding of ASIACRYPT 2002, Lecture Notes in Computer Science 2501. Queenstown, New Zealand: Springer-Verlag. pp. pp.254–266. http://vipe.technion.ac.il/~orrd/crypt/. Retrieved 2006-12-07.
- Biham, Dunkelman, Keller (February 2003). "Differential-Linear Cryptanalysis of Serpent" (PDF/PostScript). 10th International Workshop on Fast Software Encryption (FSE '03). Lund: Springer-Verlag. pp. pp.9–21. http://citeseer.ist.psu.edu/698845.html. Retrieved 2007-03-08.
- Hongjun Wu, Bart Preneel (December 12, 2006). "Differential-Linear Attacks against the Stream Cipher Phelix" (PDF). 14th International Workshop on Fast Software Encryption (FSE '07). Luxembourg City: Springer-Verlag. http://www.ecrypt.eu.org/stream/papersdir/2006/056.pdf. Retrieved 2007-03-08.
- Eli Biham, Orr Dunkelman, Nathan Keller (December 12, 2006). "A New Attack on 6-round IDEA". 14th International Workshop on Fast Software Encryption (FSE '07). Luxembourg City: Springer-Verlag.
Block ciphers (security summary) Common
algorithms3-Way · ABC · Akelarre · Anubis · ARIA · BaseKing · BassOmatic · BATON · BEAR and LION · CAST-256 · CIKS-1 · CIPHERUNICORN-A · CIPHERUNICORN-E · CLEFIA · CMEA · Cobra · COCONUT98 · Crab · Cryptomeria/C2 · CRYPTON · CS-Cipher · DEAL · DES-X · DFC · E2 · FEAL · FEA-M · FROG · G-DES · GOST · Grand Cru · Hasty Pudding cipher · Hierocrypt · ICE · IDEA NXT · Intel Cascade Cipher · Iraqi · KASUMI · KeeLoq · KHAZAD · Khufu and Khafre · KN-Cipher · Ladder-DES · Libelle · LOKI97 · LOKI89/91 · Lucifer · M6 · M8 · MacGuffin · Madryga · MAGENTA · MARS · Mercy · MESH · MISTY1 · MMB · MULTI2 · MultiSwap · New Data Seal · NewDES · Nimbus · NOEKEON · NUSH · Q · RC6 · REDOC · Red Pike · S-1 · SAFER · SAVILLE · SC2000 · SHACAL · SHARK · SMS4 · Spectr-H64 · Square · SXAL/MBAL · Threefish · Treyfer · UES · Xenon · xmx · XXTEA · Zodiac
Standardization Misc Cryptography
Wikimedia Foundation. 2010.
Look at other dictionaries:
Differential cryptanalysis — is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in an input can affect the resultant difference at… … Wikipedia
Linear cryptanalysis — In cryptography, linear cryptanalysis is a general form of cryptanalysis based on finding affine approximations to the action of a cipher. Attacks have been developed for block ciphers and stream ciphers. Linear cryptanalysis is one of the two… … Wikipedia
Differential analyser — This article is about analogue differential analysers. For the digital implementation, see Digital Differential Analyzer. Thomson disc and sphere analyser for studying tides The differential analyser is a mechanical analogue computer designed to… … Wikipedia
Differential equations of addition — In cryptography, differential equations of addition (DEA) are one of the most basic equations related to differential cryptanalysis that mix additions over two different groups (e.g. addition modulo 232 and addition over GF(2)) and where input… … Wikipedia
Cube attack — Cryptography portal The cube attack is a method of cryptanalysis applicable to a wide variety of symmetric key algorithms, published by Itai Dinur and Adi Shamir in a September 2008 preprint. A revised version of this preprint was placed online… … Wikipedia
XSL attack — In cryptography, the XSL attack is a method of cryptanalysis for block ciphers. The attack was first published in 2002 by researchers Nicolas Courtois and Josef Pieprzyk. It has caused some controversy as it was claimed to have the potential to… … Wikipedia
Impossible differential cryptanalysis — In cryptography, impossible differential cryptanalysis is a form of differential cryptanalysis for block ciphers. While ordinary differential cryptanalysis tracks differences that propagate through the cipher with greater than expected… … Wikipedia
Correlation attack — In cryptography, correlation attacks are a class of known plaintext attacks for breaking stream ciphers whose keystream is generated by combining the output of several linear feedback shift registers (called LFSRs for the rest of this article)… … Wikipedia
Meet-in-the-middle attack — Not to be confused with man in the middle attack. The meet in the middle attack is a cryptographic attack which, like the birthday attack, makes use of a space time tradeoff. While the birthday attack attempts to find two values in the domain of… … Wikipedia
Cipher security summary — This article summarizes publicly known attacks against ciphers. Note that not all entries may be up to date. Table color key No known successful attacks Theoretical break Attack demonstrated in practice The Best attack column lists the complexity … Wikipedia