Results 1 
8 of
8
Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials
, 1999
"... Abstract. In this paper we present a new cryptanalytic technique, based on impossible differentials, and use it to show that Skipjack reduced from 32 to 31 rounds can be broken by an attack which is faster than exhaustive search. ..."
Abstract

Cited by 146 (12 self)
 Add to MetaCart
Abstract. In this paper we present a new cryptanalytic technique, based on impossible differentials, and use it to show that Skipjack reduced from 32 to 31 rounds can be broken by an attack which is faster than exhaustive search.
A Fast New DES Implementation in Software
, 1997
"... . In this paper we describe a fast new DES implementation. This implementation is about five times faster than the fastest known DES implementation on a (64bit) Alpha computer, and about three times faster than than our new optimized DES implementation on 64bit computers. This implementation uses ..."
Abstract

Cited by 83 (2 self)
 Add to MetaCart
. In this paper we describe a fast new DES implementation. This implementation is about five times faster than the fastest known DES implementation on a (64bit) Alpha computer, and about three times faster than than our new optimized DES implementation on 64bit computers. This implementation uses a nonstandard representation, and view the processor as a SIMD computer, i.e., as 64 parallel onebit processors computing the same instruction. We also discuss the application of this implementation to other ciphers. We describe a new optimized standard implementation of DES on 64bit processors, which is about twice faster than the fastest known standard DES implementation on the same processor. Our implementations can also be used for fast exhaustive search in software, which can find a key in only a few days or a few weeks on existing parallel computers and computer networks. 1 Introduction In this paper we describe a new implementation of DES[4], which can be very efficiently executed ...
Differential Cryptanalysis of Feal and NHash
, 1991
"... In [1,2] we introduced the notion of differential cryptanalysis and described its application to DES[11] and several of its variants. In this paper we show the applicability of differential cryptanalysis to the Feal family of encryption algorithms and to the NHash hash function. In addition, we sho ..."
Abstract

Cited by 33 (2 self)
 Add to MetaCart
(Show Context)
In [1,2] we introduced the notion of differential cryptanalysis and described its application to DES[11] and several of its variants. In this paper we show the applicability of differential cryptanalysis to the Feal family of encryption algorithms and to the NHash hash function. In addition, we show how to transform differential cryptanalytic chosen plaintext attacks into known plaintext attacks. 1 Introduction Feal is a family of encryption algorithms, which are designed to have simple and efficient software implementations on eightbit microprocessors. The original member of this family, called Feal4[13], had four rounds. This version was broken by Den Boer[3] using a chosen plaintext attack with 100 to 10000 ciphertexts. The designers of Feal reacted by creating a second version, called Feal8[12,9] in which the number of rounds was increased to eight, while the F function was not changed. Feal8 was broken by the differential cryptanalytic chosen plaintext attack described in thi...
Resistance of a CASTLike Encryption Algorithm to Linear and Differential Cryptanalysis
, 1997
"... Linear cryptanalysis and differential cryptanalysis are two recently introduced, powerful methodologies for attacking privatekey block ciphers. In this paper, we examine the application of these two cryptanalysis techniques to a CASTlike encryption algorithm based on randomly generated sboxes. It ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
Linear cryptanalysis and differential cryptanalysis are two recently introduced, powerful methodologies for attacking privatekey block ciphers. In this paper, we examine the application of these two cryptanalysis techniques to a CASTlike encryption algorithm based on randomly generated sboxes. It is shown that, when randomly generated substitution boxes (sboxes) are used in a CASTlike algorithm, the resulting cipher is resistant to both the linear attack and the differential attack. 1 Introduction As the need for privacy and authentication is now generally recognized by the telecommunications community, a widely adopted privatekey encryption algorithm is becoming an increasingly important objective in the development and analysis of cryptographic algorithms. For some time, the Data Encryption Standard (DES) [16] has been the most widely used and trusted encryption algorithm. However, DES is about twenty years old and has recently become vulnerable to cryptanalysis due to its smal...
Differential Cryptanalysis of DES
, 2000
"... this paper we will describe DES and briefly present TDEA. Furthermore, we will describe an attack (differential cryptanalysis) that can be applied not only to DES but to many DESlike iterated cryptosystems (such as Lucifer, FEAL [12] and GDES [11]). This is a chosen plaintext attack which uses only ..."
Abstract
 Add to MetaCart
this paper we will describe DES and briefly present TDEA. Furthermore, we will describe an attack (differential cryptanalysis) that can be applied not only to DES but to many DESlike iterated cryptosystems (such as Lucifer, FEAL [12] and GDES [11]). This is a chosen plaintext attack which uses only the resultant ciphertexts. The basic tool of the attack is the ciphertext pair: a pair of ciphertexts whose plaintexts have particular differences (thus the name differential). The two plaintexts can be chosen at random, as long as they satisfy the difference condition, and the cryptanalyst does not have to know their values. The attack is statistical in nature and can fail in rare instances.
Cryptologic Research A SoftwareOptimized Encryption Algorithm∗
, 1996
"... Abstract. We describe the softwareefficient encryption algorithm SEAL 3.0. Computational cost on a modern 32bit processor is about 4 clock cycles per byte of text. The cipher is a pseudorandom function family: under control of a key (first preprocessed into an internal table) it stretches a 32bi ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. We describe the softwareefficient encryption algorithm SEAL 3.0. Computational cost on a modern 32bit processor is about 4 clock cycles per byte of text. The cipher is a pseudorandom function family: under control of a key (first preprocessed into an internal table) it stretches a 32bit position index into a long, pseudorandom string. This string can be used as the keystream of a Vernam cipher.
unknown title
"... this paper we are interested in characteristics for which the probability that a random pair is a right pair varies between different keys. We call these characteristics conditional characteristics ..."
Abstract
 Add to MetaCart
this paper we are interested in characteristics for which the probability that a random pair is a right pair varies between different keys. We call these characteristics conditional characteristics