Results 1 
4 of
4
Differential Cryptanalysis of Feal and NHash
, 1991
"... In [1,2] we introduced the notion of differential cryptanalysis and described its application to DES[11] and several of its variants. In this paper we show the applicability of differential cryptanalysis to the Feal family of encryption algorithms and to the NHash hash function. In addition, we sho ..."
Abstract

Cited by 34 (2 self)
 Add to MetaCart
In [1,2] we introduced the notion of differential cryptanalysis and described its application to DES[11] and several of its variants. In this paper we show the applicability of differential cryptanalysis to the Feal family of encryption algorithms and to the NHash hash function. In addition, we show how to transform differential cryptanalytic chosen plaintext attacks into known plaintext attacks. 1 Introduction Feal is a family of encryption algorithms, which are designed to have simple and efficient software implementations on eightbit microprocessors. The original member of this family, called Feal4[13], had four rounds. This version was broken by Den Boer[3] using a chosen plaintext attack with 100 to 10000 ciphertexts. The designers of Feal reacted by creating a second version, called Feal8[12,9] in which the number of rounds was increased to eight, while the F function was not changed. Feal8 was broken by the differential cryptanalytic chosen plaintext attack described in thi...
A Study on the Construction and Analysis of Substitution Boxes for Symmetric Cryptosystems
, 1990
"... S(ubstitution)boxes are quite important components of modern symmetric cryptosystems (in particular, block ciphers) in the sense that Sboxes bring nonlinearity to block ciphers and strengthen their cryptographic security. An Sbox is said to satisfy the strict avalanche criterion (SAC), if and onl ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
S(ubstitution)boxes are quite important components of modern symmetric cryptosystems (in particular, block ciphers) in the sense that Sboxes bring nonlinearity to block ciphers and strengthen their cryptographic security. An Sbox is said to satisfy the strict avalanche criterion (SAC), if and only if for any single input bit of the Sbox, the inversion of it changes each output bit with probability one half. In this thesis, with the concrete proof of cryptographical properties of Sboxes satisfying the SAC, we propose a variety of provable construction methods for Sboxes satisfying the SAC. For Boolean Sboxes satisfying the SAC, we can construct and enlarge them by using concatenation, Kronecker (or direct) product, and dyadic shift. For bijective Sboxes satisfying the SAC, when an nbit input Boolean function and an nbit input bijective function satisfying the SAC are given, the combined function is proved to become an (n+1)bit bijective function satisfying the SAC as well. A...
Nondegenerate Functions and Permutations
"... One of the basic design criteria for a block encryption function is to ensure that for each fixed key, each ciphertext bit depends nonlinearly on each plaintext bit. When the ciphertext is represented using boolean equations depending on the key and plaintext, these equations should then be nondegen ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
One of the basic design criteria for a block encryption function is to ensure that for each fixed key, each ciphertext bit depends nonlinearly on each plaintext bit. When the ciphertext is represented using boolean equations depending on the key and plaintext, these equations should then be nondegenerate so that it is possible that each bit of the key and plaintext can influence each ciphertext bit. We prove that nondegeneracy in a boolean function can be verified in linear time on average. We study higher order nondegeneracy and prove that for balanced nbit functions, on average, at least n \Gamma dlog ne \Gamma 2 input bits must be held constant before a degenerate subfunction is induced. We also prove that the fraction of nbit permutations within the symmetric group that are realized by nondegenerate boolean functions tends to one as n increases. Letting N n;n be the set of nondegenerate permutations, we formally prove that 1 \Gamma L n ! jN n;n j 2 n ! ! 1 \Gamma L n + ...
The Security of MacGuffin
"... . This paper examines MacGuffin, a recently proposed block cipher based on a new DESlike architecture. The strength of MacGuffin against differential cryptanalysis is investigated: DES is more resistant to these attacks. A differential attack requiring 2 51:5 chosen plaintexts is described. In ad ..."
Abstract
 Add to MetaCart
(Show Context)
. This paper examines MacGuffin, a recently proposed block cipher based on a new DESlike architecture. The strength of MacGuffin against differential cryptanalysis is investigated: DES is more resistant to these attacks. A differential attack requiring 2 51:5 chosen plaintexts is described. In addition, the internal components of MacGuffin are shown to be suboptimal with respect to differential cryptanalysis. Finally, a weakness in the key schedule is discussed. 1 MacGuffin DES is a balanced Feistel network which divides the input into two equalsized registers, modifying one half every round. Blaze and Schneier have proposed a variation on the basic DES design. Their generalized unbalanced Feistel network (GUFN) splits the block unevenly. To illustrate the power of this model and incite debate on its merits, Blaze and Schneier have offered an example design called MacGuffin [1]. The most conspicuous disadvantage of a GUFN is that each round modifies less than half of the block. O...