Impossible differential cryptanalysis

Impossible differential cryptanalysis: In cryptography, impossible differential cryptanalysis is a form of differential cryptanalysis for block ciphers. While ordinary differential cryptanalysis tracks differences that propagate through the cipher with greater than expected probability, impossible differential cryptanalysis exploits differences that are impossible (having probability 0) at some intermediate state of the cipher algorithm.

Lars Knudsen appears to be the first to use a form of this attack, in the 1998 paper where he introduced his AES candidate, DEAL.^[1] The first presentation to attract the attention of the cryptographic community was later the same year at the rump session of CRYPTO '98, in which Eli Biham, Alex Biryukov, and Adi Shamir introduced the name "impossible differential"^[2] and used the technique to break 4.5 out of 8.5 rounds of IDEA^[3] and 31 out of 32 rounds of the NSA-designed cipher Skipjack.^[4] This development led noted cryptographer Bruce Schneier to speculate that the NSA had no previous knowledge of impossible differential cryptanalysis.^[5] The technique has since been applied to many other ciphers, including IDEA, Khufu and Khafre, E2, variants of Serpent, MARS, Twofish, Rijndael, CRYPTON, Zodiac, Hierocrypt-3, TEA, XTEA, Mini-AES, ARIA, Camellia, and SHACAL-2.

Biham, Biryukov and Shamir also presented a relatively efficient specialized method for finding impossible differentials that they called a miss-in-the-middle attack. This consists of finding "two events with probability one, whose conditions cannot be met together."^[6]

References

^ Lars Knudsen (February 21, 1998) (PDF/PostScript). DEAL - A 128-bit Block Cipher. Technical report no. 151. Department of Informatics, University of Bergen, Norway. http://www2.mat.dtu.dk/people/Lars.R.Knudsen/newblock.html. Retrieved 2007-02-27.

^ Shamir, A. (August 25, 1998) Impossible differential attacks. CRYPTO '98 rump session (video at Google Video—uses Flash)

^ Biryukov, A. (August 25, 1998) Miss-in-the-middle attacks on IDEA. CRYPTO '98 rump session (video at Google Video—uses Flash)

^ Biham, E. (August 25, 1998) Impossible cryptanalysis of Skipjack. CRYPTO '98 rump session (video at Google Video—uses Flash)

^ Bruce Schneier (September 15, 1998). "Impossible Cryptanalysis and Skipjack". Crypto-Gram Newsletter. http://www.schneier.com/crypto-gram-9809.html#impossible.

^ E. Biham, A. Biryukov, A. Shamir (March 1999). "Miss in the Middle Attacks on IDEA, Khufu and Khafre" (gzipped PostScript). 6th International Workshop on Fast Software Encryption (FSE 1999). Rome: Springer-Verlag. pp. pp.124–138. http://www.wisdom.weizmann.ac.il/~albi/fse99idea.ps.gz. Retrieved 2007-02-14.

Further reading

Orr Dunkelman (March 1999). "An Analysis of Serpent-p and Serpent-p-ns" (PDF/PostScript). Rump session, 2nd AES Candidate Conference. Rome: NIST. http://citeseer.ist.psu.edu/284484.html. Retrieved 2007-02-27.

E. Biham, A. Biryukov, A. Shamir (May 1999). "Cryptanalysis of Skipjack Reduced to 31 Rounds using Impossible Differentials" (PDF/PostScript). Advances in Cryptology - EUROCRYPT '99. Prague: Springer-Verlag. pp. pp.12–23. http://citeseer.ist.psu.edu/old/46276.html. Retrieved 2007-02-13.

Kazumaro Aoki, Masayuki Kanda (1999) (PDF/PostScript). Search for Impossible Differential of E2. http://citeseer.ist.psu.edu/315996.html. Retrieved 2007-02-27.

Eli Biham, Vladimir Furman (April 2000). "Impossible Differential on 8-Round MARS' Core" (PDF/PostScript). 3rd AES Candidate Conference. pp. pp.186–194. http://citeseer.ist.psu.edu/biham00impossible.html. Retrieved 2007-02-27.

Eli Biham, Vladimir Furman (December 2000). "Improved Impossible Differentials on Twofish" (PDF/PostScript). INDOCRYPT 2000. Calcutta: Springer-Verlag. pp. pp.80–92. http://citeseer.ist.psu.edu/339990.html. Retrieved 2007-02-27.

Deukjo Hong, Jaechul Sung, Shiho Moriai, Sangjin Lee, and Jongin Lim (April 2001). "Impossible Differential Cryptanalysis of Zodiac" (PDF). 8th International Workshop on Fast Software Encryption (FSE 2001). Yokohama: Springer-Verlag. pp. pp.300–311. http://www.mathmagic.cn/Crypt1998-2003/bibs/2355/23550300.htm. Retrieved 2006-12-30.

Raphael C.-W. Phan and Mohammad Umar Siddiqi (July 2001). "Generalised Impossible Differentials of Advanced Encryption Standard" (PDF). Electronics Letters 37 (14): pp.896–898. doi:10.1049/el:20010619. http://ieeexplore.ieee.org/iel5/2220/20230/00935125.pdf?arnumber=935125. Retrieved 2007-07-17.

Jung Hee Cheon, MunJu Kim, and Kwangjo Kim (September 2001). "Impossible Differential Cryptanalysis of Hierocrypt-3 Reduced to 3 Rounds" (PDF). Proceedings of 2nd NESSIE Workshop. https://docs.google.com/viewer?a=v&pid=explorer&chrome=true&srcid=0B7u7lZfHbsZyNWQ0OGIzYjAtMjE0ZC00NTU4LTk2YTAtYjJlOWI4YzUwZDY5&hl=en. Retrieved 2007-02-27.

Jung Hee Cheon, MunJu Kim, Kwangjo Kim, Jung-Yeun Lee, and SungWoo Kang (December 26, 2001). "Improved Impossible Differential Cryptanalysis of Rijndael and Crypton" (PDF/PostScript). 4th International Conference on Information Security and Cryptology (ICISC 2001). Seoul: Springer-Verlag. pp. pp.39–49. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.15.9966&rep=rep1&type=pdf. Retrieved 2007-02-27.

Dukjae Moon, Kyungdeok Hwang, Wonil Lee, Sangjin Lee, AND Jongin Lim (February 2002). "Impossible Differential Cryptanalysis of Reduced Round XTEA and TEA" (PDF). 9th International Workshop on Fast Software Encryption (FSE 2002). Leuven: Springer-Verlag. pp. pp.49–60. http://www.mathmagic.cn/Crypt1998-2003/bibs/2365/23650049.htm. Retrieved 2007-02-27.

Raphael C.-W. Phan (May 2002). "Classes of Impossible Differentials of Advanced Encryption Standard" (PDF). Electronics Letters 38 (11): pp.508–510. doi:10.1049/el:20020347. http://ieeexplore.ieee.org/iel5/2220/21721/01006787.pdf?arnumber=1006787. Retrieved 2007-07-17.

Raphael C.-W. Phan (October 2003). "Impossible Differential Cryptanalysis of Mini-AES" (PDF). Cryptologia XXVII (4): pp.283–292. ISSN 0161-1194. Archived from the original on 2007-09-26. http://web.archive.org/web/20070926205539/http://www.geocities.com/dearphael/ImpMiniAES.pdf. Retrieved 2007-02-27.

Raphael C.-W. Phan (July 2004). "Impossible Differential Cryptanalysis of 7-round AES" (HTML). Information Processing Letters 91 (1): pp.29–32. doi:10.1016/j.ipl.2004.03.006. http://www.informatik.uni-trier.de/~ley/db/journals/ipl/ipl91.html. Retrieved 2007-07-19.

Wenling Wu, Wentao Zhang, and Dengguo Feng (2006) (PDF). Impossible Differential Cryptanalysis of ARIA and Camellia. http://eprint.iacr.org/2006/350. Retrieved 2007-02-27.

v · d · e Block ciphers (security summary)

Common
algorithms
AES · Blowfish · DES · Triple DES · Serpent · Twofish

Less common
algorithms
Camellia · CAST-128 · IDEA · RC2 · RC5 · SEED · Skipjack · TEA · XTEA

Other
algorithms
3-Way · ABC · Akelarre · Anubis · ARIA · BaseKing · BassOmatic · BATON · BEAR and LION · CAST-256 · CIKS-1 · CIPHERUNICORN-A · CIPHERUNICORN-E · CLEFIA · CMEA · Cobra · COCONUT98 · Crab · Cryptomeria/C2 · CRYPTON · CS-Cipher · DEAL · DES-X · DFC · E2 · FEAL · FEA-M · FROG · G-DES · GOST · Grand Cru · Hasty Pudding cipher · Hierocrypt · ICE · IDEA NXT · Intel Cascade Cipher · Iraqi · KASUMI · KeeLoq · KHAZAD · Khufu and Khafre · KN-Cipher · Ladder-DES · Libelle · LOKI97 · LOKI89/91 · Lucifer · M6 · M8 · MacGuffin · Madryga · MAGENTA · MARS · Mercy · MESH · MISTY1 · MMB · MULTI2 · MultiSwap · New Data Seal · NewDES · Nimbus · NOEKEON · NUSH · Q · RC6 · REDOC · Red Pike · S-1 · SAFER · SAVILLE · SC2000 · SHACAL · SHARK · SMS4 · Spectr-H64 · Square · SXAL/MBAL · Threefish · Treyfer · UES · Xenon · xmx · XXTEA · Zodiac

Design
Feistel network · Key schedule · Product cipher · S-box · P-box · SPN

Attack
(cryptanalysis)
Brute force · Linear · Differential (Impossible · Truncated) · Integral · Boomerang · Mod n · Related-key · Slide · Rotational · Timing · XSL

Standardization
AES process · CRYPTREC · NESSIE

Misc
Avalanche effect · Block size · Initialization vector · Key size · Modes of operation · Padding · Piling-up lemma · Weak key · EFF DES cracker · Key whitening

v · d · e Cryptography

History of cryptography · Cryptanalysis · Cryptography portal · Outline of cryptography

Symmetric-key algorithm · Block cipher · Stream cipher · Public-key cryptography · Cryptographic hash function · Message authentication code · Random numbers · Steganography

Categories:
Cryptographic attacks
Cryptography stubs

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

Differential cryptanalysis — is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in an input can affect the resultant difference at… … Wikipedia
Cryptanalysis — Close up of the rotors in a Fialka cipher machine Cryptanalysis (from the Greek kryptós, hidden , and analýein, to loosen or to untie ) is the study of methods for obtaining the meaning of encrypted information, without access to the secret… … Wikipedia
Differential-linear attack — Introduced by Martin Hellman and Susan K. Langford in 1994, the differential linear attack is a mix of both linear cryptanalysis and differential cryptanalysis. The attack utilises a differential characteristic over part of the cipher with a… … Wikipedia
Differential equations of addition — In cryptography, differential equations of addition (DEA) are one of the most basic equations related to differential cryptanalysis that mix additions over two different groups (e.g. addition modulo 232 and addition over GF(2)) and where input… … Wikipedia
Mod n cryptanalysis — In cryptography, mod n cryptanalysis is an attack applicable to block and stream ciphers. It is a form of partitioning cryptanalysis that exploits unevenness in how the cipher operates over equivalence classes (congruence classes) modulo n. The… … Wikipedia
Cipher security summary — This article summarizes publicly known attacks against ciphers. Note that not all entries may be up to date. Table color key No known successful attacks Theoretical break Attack demonstrated in practice The Best attack column lists the complexity … Wikipedia
Block cipher — In cryptography, a block cipher is a symmetric key cipher operating on fixed length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take (for example) a 128 bit block of plaintext as… … Wikipedia
Блочный шифр — Общая схема работы блочного шифра Блочный шифр разновидность симметричного шифра … Википедия
Skipjack (cipher) — Infobox block cipher name = Skipjack designers = NSA publish date = 1998 (declassifed) key size = 80 bits block size = 64 bits structure = unbalanced Feistel network rounds = 32 cryptanalysis = 31 rounds are susceptible to impossible differential … Wikipedia
CLEFIA — General Designers Sony First published 2007 Cipher detail Key sizes 128, 192, or 256 bits Block sizes 128 bits Structure … Wikipedia

Academic Dictionaries and Encyclopedias

Impossible differential cryptanalysis

References

Further reading

Look at other dictionaries:

Share the article and excerpts

Academic Dictionaries and Encyclopedias

Wikipedia

Impossible differential cryptanalysis

References

Further reading

Look at other dictionaries:

Share the article and excerpts

Direct link