Cryptanalyse différentielle impossible

En cryptanalyse, la cryptanalyse différentielle impossible ou cryptanalyse par différentielles impossibles est une technique basée sur la cryptanalyse différentielle (1990), elle a été proposée en 1999 par Eli Biham, Adi Shamir et Alex Biryukov dans le cadre de la cryptanalyse de Skipjack. Le principe en lui-même est apparu quelques années auparavant lors d'attaques différentielles mais il n'y avait pas de méthode formellement définie. Le principe original de la cryptanalyse différentielle est de perturber les entrées du chiffrement et observer le comportement de ces modifications dans la structure de chiffrement pour séparer les bonnes clés des mauvaises. La cryptanalyse différentielle impossible inverse le problème en cherchant des propagations qui ne se produiront assurément pas. Si une clé candidate produit un comportement considéré comme impossible alors la clé peut être écartée. Dans leur papier, Shamir et al. font une analogie avec un crible : l'attaque trie les clés et éli

Lightweight Block Ciphers Revisited: Cryptanalysis of Reduced Round PRESENT and HIGHT

Onur Özen, Cihangir Tezcan, Kerem Varici

Design and analysis of lightweight block ciphers have become more popular due to the fact that the future use of block ciphers in ubiquitous devices is generally assumed to be extensive. In this respect, several lightweight block ciphers are designed, of which PRESENT and HIGHT are two recently proposed ones by Bogdanov et al. and Hong et al. respectively. In this paper, we propose new attacks on PRESENT and HIGHT. Firstly, we present the first related-key cryptanalysis of 128-bit keyed PRESENT by introducing 17-round related-key rectangle attack with time complexity approximately 2^104 memory accesses. Moreover, we further analyze the resistance of HIGHT against impossible differential attacks by mounting new 26-round impossible differential and 31-round related-key impossible differential attacks where the former requires time complexity of 2^119.53 reduced round HIGHT evaluations and the latter is slightly better than exhaustive search.

Springer-Verlag New York, Ms Ingrid Cunningham, 175 Fifth Ave, New York, Ny 10010 Usa2009

New Impossible Differential and Known-Key Distinguishers for the 3D Cipher

Jorge Nakahara

The contributions of this paper are new 6-round impossible-differential (ID) and 9.75-round known-key distinguishers for the 3D block cipher. The former was constructed using the miss-in-the-middle technique, while the latter with an inside-out technique. These are the largest ID and known-key distinguishers obtained for the 3D cipher so far, based on the fact that complete diffusion is achieved after three full rounds. Thus, we exploited the slow diffusion in 3D to attack the largest possible number of rounds. The ID distinguishers lead to improved attacks on 10-round variants of the 3D cipher, in the single-key (non related-key) model. These results represent the currently best attacks reported on reduced-round 3D cipher.

Springer-Verlag Berlin2011

Cryptanalysis of the full MMB block cipher

Jorge Nakahara, Yue Sun

The block cipher MMB was designed by Daemen, Govaerts and Vandewalle, in 1993, as an alternative to the IDEA block cipher. We exploit and describe unusual properties of the modular multiplication in

Z_{2^{32} - 1}

, which lead to a differential attack on the full 6-round MMB cipher (both versions 1.0 and 2.0). Further contributions of this paper include detailed square and linear cryptanalysis of MMB. Concerning differential cryptanalysis (DC), we can break the full MMB with 2^118 chosen plaintexts, 2^95.91 6-round MMB encryptions and 2^64 counters, effectively bypassing the cipher's countermeasures against DC. For the square attack, we can recover the 128-bit user key for 4-round MMB with 2^34 chosen plaintexts, 2^126.32 4-round encryptions and 2^64 memory blocks. Concerning linear cryptanalysis, we present a key-recovery attack on 3-round MMB requiring 2^114.56 known-plaintexts and 2^126 encryptions. Moreover, we detail a ciphertext-only attack on 2-round MMB using 2^93.6 ciphertexts and 2^93.6 parity computations. These attacks do not depend on weak-key or weak-subkey assumptions, and are thus independent of the key schedule algorithm.

2009

Cryptanalysis of the full MMB block cipher

Jorge Nakahara, Yue Sun

The block cipher MMB was designed by Daemen, Govaerts and Vandewalle, in 1993, as an alternative to the IDEA block cipher. We exploit and describe unusual properties of the modular multiplication in

Z_{2^{32} - 1}

2009