Differential cryptanalysis

Summary

Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in information input can affect the resultant difference at the output. In the case of a block cipher, it refers to a set of techniques for tracing differences through the network of transformation, discovering where the cipher exhibits non-random behavior, and exploiting such properties to recover the secret key (cryptography key). History The discovery of differential cryptanalysis is generally attributed to Eli Biham and Adi Shamir in the late 1980s, who published a number of attacks against various block ciphers and hash functions, including a theoretical weakness in the Data Encryption Standard (DES). It was noted by Biham and Shamir that DES was surprisingly resistant to differential cryptanalysis but small modifications to the algorithm would make it mu

Official source

https://en.wikipedia.org/wiki/Differential_cryptanalysis

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Related publications (41)

Related publications

Related people (6)

Related people

Related units (1)

Related units

Related concepts (17)

In cryptography, a block cipher is a deterministic algorithm that operates on fixed-length groups of bits, called blocks. Block ciphers are the elementary building blocks of many cryptographic protoc

Cryptanalysis (from the Greek kryptós, "hidden", and analýein, "to analyze") refers to the process of analyzing information systems in order to understand hidden aspects of the systems. Cryptanalysi

The Data Encryption Standard (DES ˌdiːˌiːˈɛs,_dɛz) is a symmetric-key algorithm for the encryption of digital data. Although its short key length of 56 bits makes it too insecure for modern applicat

Related concepts

Related courses (4)

This course reviews some failure cases in public-key cryptography. It introduces some cryptanalysis techniques. It also presents fundamentals in cryptography such as interactive proofs. Finally, it presents some techniques to validate the security of cryptographic primitives.

This course introduces the basics of cryptography. We review several types of cryptographic primitives, when it is safe to use them and how to select the appropriate security parameters. We detail how they work and sketch how they can be implemented.

This is an introductory course to computer security and privacy. Its goal is to provide students with means to reason about security and privacy problems, and provide them with tools to confront them.

Related courses

Related lectures (7)

Related lectures

Related publications (41)

Cryptanalysis of the full MMB block cipher

Jorge Nakahara, Yue Sun

The block cipher MMB was designed by Daemen, Govaerts and Vandewalle, in 1993, as an alternative to the IDEA block cipher. We exploit and describe unusual properties of the modular multiplication in

Z_{2^{32} - 1}

, which lead to a differential attack on the full 6-round MMB cipher (both versions 1.0 and 2.0). Further contributions of this paper include detailed square and linear cryptanalysis of MMB. Concerning differential cryptanalysis (DC), we can break the full MMB with 2^118 chosen plaintexts, 2^95.91 6-round MMB encryptions and 2^64 counters, effectively bypassing the cipher's countermeasures against DC. For the square attack, we can recover the 128-bit user key for 4-round MMB with 2^34 chosen plaintexts, 2^126.32 4-round encryptions and 2^64 memory blocks. Concerning linear cryptanalysis, we present a key-recovery attack on 3-round MMB requiring 2^114.56 known-plaintexts and 2^126 encryptions. Moreover, we detail a ciphertext-only attack on 2-round MMB using 2^93.6 ciphertexts and 2^93.6 parity computations. These attacks do not depend on weak-key or weak-subkey assumptions, and are thus independent of the key schedule algorithm.

2009

Cryptanalysis of the full MMB Block Cipher

Jorge Nakahara, Yue Sun

The block cipher MMB was designed by Daemen, Govaerts and Vandewalle, in 1993, as an alternative to the IDEA block cipher. We exploit and describe unusual properties of the modular multiplication in ZZ232 −1 , which lead to a diﬀerential attack on the full 6-round MMB cipher (both versions 1.0 and 2.0). Further contributions of this paper include detailed square and linear cryptanalysis of MMB. Concerning diﬀerential cryptanalysis (DC), we can break the full MMB with 2118 chosen plaintexts, 295.91 6-round MMB encryptions and 264 counters, eﬀectively bypassing the cipher’s countermeasures against DC. For the square attack, we can recover the 128-bit user key for 4-round MMB with 234 chosen plaintexts, 2126.32 4-round encryptions and 264 mem- ory blocks. Concerning linear cryptanalysis, we present a key-recovery attack on 3-round MMB requiring 2114.56 known-plaintexts and 2126 en- cryptions. Moreover, we detail a ciphertext-only attack on 2-round MMB using 293.6 ciphertexts and 293.6 parity computations. These attacks do not depend on weak-key or weak-subkey assumptions, and are thus in- dependent of the key schedule algorithm.

Springer2009

DES S-box generator

Lauren De Meyer, Serge Vaudenay

The Data Encryption Standard (DES) is a cryptographic algorithm, designed by IBM, that was selected to be the national standard in 1977 by the National Bureau of Standards. The algorithm itself was entirely published but the design criteria were kept secret until 1994 when Coppersmith, one of the designers of DES, published them. He states that the IBM team already knew about the attack called Differential cryptanalysis during the design of the algorithm and that it had an effect on choosing the S-boxes. To be more specific, he mentions eight design criteria that all the S-boxes of DES are based on. How the S-boxes were generated is a mystery, as the legend says this was outsourced to the NSA. Indeed, building a set of S-boxes respecting these criteria is a non-trivial task. In this paper we present an efficient S-box generator respecting all criteria and even more. Coppersmith's design criteria served as a basis but were strengthened for better resistance to Linear Cryptanalysis. While other researchers have already proposed S-box generators for DES satisfying either non-linearity or good diffusion, our generator offers both. Moreover, apart from suggesting a new set of 8 S-boxes, it can also very quickly produce a large pool of S-boxes to be used in further research.

Taylor & Francis Inc2016

Cryptanalysis of the full MMB block cipher

Jorge Nakahara, Yue Sun

The block cipher MMB was designed by Daemen, Govaerts and Vandewalle, in 1993, as an alternative to the IDEA block cipher. We exploit and describe unusual properties of the modular multiplication in

Z_{2^{32} - 1}

2009