Concept# Block cipher

Summary

In cryptography, a block cipher is a deterministic algorithm that operates on fixed-length groups of bits, called blocks. Block ciphers are the elementary building blocks of many cryptographic protocols. They are ubiquitous in the storage and exchange of data, where such data is secured and authenticated via encryption.
A block cipher uses blocks as an unvarying transformation. Even a secure block cipher is suitable for the encryption of only a single block of data at a time, using a fixed key. A multitude of modes of operation have been designed to allow their repeated use in a secure way to achieve the security goals of confidentiality and authenticity. However, block ciphers may also feature as building blocks in other cryptographic protocols, such as universal hash functions and pseudorandom number generators.
Definition
A block cipher consists of two paired algorithms, one for encryption, , and the other for decryption, . Both algorithms accept two inputs: an input blo

Official source

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Related publications

Loading

Related people

Loading

Related units

Loading

Related concepts

Loading

Related courses

Loading

Related lectures

Loading

Related publications (80)

Loading

Loading

Loading

Related people (8)

Related concepts (59)

Related courses (7)

Data Encryption Standard

The Data Encryption Standard (DES ˌdiːˌiːˈɛs,_dɛz) is a symmetric-key algorithm for the encryption of digital data. Although its short key length of 56 bits makes it too insecure for modern applicat

Cryptography

Cryptography, or cryptology (from κρυπτός "hidden, secret"; and γράφειν graphein, "to write", or -λογία -logia, "study", respectively), is the practice and study of techniques for secure communicatio

Advanced Encryption Standard

The Advanced Encryption Standard (AES), also known by its original name Rijndael (ˈrɛindaːl), is a specification for the encryption of electronic data established

COM-301: Computer security

This is an introductory course to computer security and privacy. Its goal is to provide students with means to reason about security and privacy problems, and provide them with tools to confront them.

COM-401: Cryptography and security

This course introduces the basics of cryptography. We review several types of cryptographic primitives, when it is safe to use them and how to select the appropriate security parameters. We detail how they work and sketch how they can be implemented.

COM-501: Advanced cryptography

This course reviews some failure cases in public-key cryptography. It introduces some cryptanalysis techniques. It also presents fundamentals in cryptography such as interactive proofs. Finally, it presents some techniques to validate the security of cryptographic primitives.

Related units (3)

The block cipher MMB was designed by Daemen, Govaerts and Vandewalle, in 1993, as an alternative to the IDEA block cipher. We exploit and describe unusual properties of the modular multiplication in ZZ232 −1 , which lead to a diﬀerential attack on the full 6-round MMB cipher (both versions 1.0 and 2.0). Further contributions of this paper include detailed square and linear cryptanalysis of MMB. Concerning diﬀerential cryptanalysis (DC), we can break the full MMB with 2118 chosen plaintexts, 295.91 6-round MMB encryptions and 264 counters, eﬀectively bypassing the cipher’s countermeasures against DC. For the square attack, we can recover the 128-bit user key for 4-round MMB with 234 chosen plaintexts, 2126.32 4-round encryptions and 264 mem- ory blocks. Concerning linear cryptanalysis, we present a key-recovery attack on 3-round MMB requiring 2114.56 known-plaintexts and 2126 en- cryptions. Moreover, we detail a ciphertext-only attack on 2-round MMB using 293.6 ciphertexts and 293.6 parity computations. These attacks do not depend on weak-key or weak-subkey assumptions, and are thus in- dependent of the key schedule algorithm.

Jorge Nakahara, Pouyan Sepehrdad

This paper presents the first results on AIDA/cube, algebraic and side-channel attacks on variable number of rounds of all members of the KATAN family of block ciphers. Our cube attacks reach 60, 40 and 30 rounds of KATAN32, KATAN48 and KATAN64, respectively. In our algebraic attacks, we use SAT solvers as a tool to solve the quadratic equations representation of all KATAN ciphers. We introduced a novel pre-processing stage on the equations system before feeding it to the SAT solver. This way, we could break 79, 64 and 60 rounds of KATAN32, KATAN48, KATAN64, respectively. We show how to perform side channel attacks on the full 254-round KATAN32 with one-bit information leak- age from the internal state by cube attacks. Finally, we show how to reduce the attack complexity by combining the cube attack with the algebraic attack to re- cover the full 80-bit key. Further contributions include new phenomena observed in cube, algebraic and side-channel attacks on the KATAN ciphers. For the cube attacks, we observed that the same maxterms suggested more than one cube equation, thus reducing the overall data and time complexities. For the algebraic at- tacks, a novel pre-processing step led to a speed up of the SAT solver program. For the side-channel attacks, 29 linearly independent cube equations were recovered after 40-round KATAN32. Finally, the combined algebraic and cube attack, a leakage of key bits after 71 rounds led to a speed up of the algebraic attack.

The main contribution of this paper is a new approach to χ2 analyses of block ciphers in which plaintexts are chosen in a manner similar to that in a square/saturation attack. The consequence is a faster detection of χ2 correlation when compared to conventional χ2 cryptanal- ysis. Using this technique we (i) improve the previously best-known χ2 attacks on 2- and 4-round RC6, and (ii) mount the ﬁrst attacks on the MRC6 and ERC6 block ciphers. The analyses of these fast primitives were also motivated by their low diﬀusion power and, in the case of MRC6 and ERC6, their large block sizes, that favour their use in the construction of compression functions. Our analyses indicate that up to 98 rounds of MRC6 and 44 rounds of ERC6 could be attacked.

Related lectures (28)