Results 1  10
of
35
Differential Cryptanalysis of DESlike Cryptosystems
 CRYPTO'91
, 1991
"... The Data Encryption Standard (DES) is the best known and most widely used cryptosystem for civilian applications. It was developed at IBM and adopted by the National Buraeu of Standards in the mid 70's, and has successfully withstood all the attacks published so far in the open literature. In t ..."
Abstract

Cited by 662 (9 self)
 Add to MetaCart
The Data Encryption Standard (DES) is the best known and most widely used cryptosystem for civilian applications. It was developed at IBM and adopted by the National Buraeu of Standards in the mid 70's, and has successfully withstood all the attacks published so far in the open literature. In this paper we develop a new type of cryptanalytic attack which can break the reduced variant of DES with eight rounds in a few minutes on a PC and can break any reduced variant of DES (with up to 15 rounds) in less than 2 56 operations. The new attack can be applied to a variety of DESlike substitution/permutation cryptosystems, and demonstrates the crucial role of the (unpublished) design rules.
Differential Cryptanalysis of the Full 16round DES
, 1993
"... In this paper we develop the first known attack which is capable of breaking the full 16 round DES in less than the 2 55 complexity of exhaustive search. The data analysis phase computes the key by analyzing about 2 36 ciphertexts in 2 37 time. The 2 36 usable ciphertexts are obtained during ..."
Abstract

Cited by 103 (1 self)
 Add to MetaCart
(Show Context)
In this paper we develop the first known attack which is capable of breaking the full 16 round DES in less than the 2 55 complexity of exhaustive search. The data analysis phase computes the key by analyzing about 2 36 ciphertexts in 2 37 time. The 2 36 usable ciphertexts are obtained during the data collection phase from a larger pool of 2 47 chosen plaintexts by a simple bit repetition criteria which discards more than 99.9% of the ciphertexts as soon as they are generated. While earlier versions of differential attacks were based on huge counter arrays, the new attack requires negligible memory and can be carried out in parallel on up to 2 33 disconnected processors with linear speedup. In addition, the new attack can be carried out even if the analyzed ciphertexts are derived from up to 2 33 different keys due to frequent key changes during the data collection phase. The attack can be carried out incrementally with any number of available ciphertexts, and its probabil...
Weak Keys for IDEA
 Advances in Cryptology, CRYPTO 93 Proceedings
, 1993
"... . Large classes of weak keys have been found for the block cipher algorithm IDEA, previously known as IPES [?]. IDEA has a 128bit key and encrypts blocks of 64 bits. For a class of 2 23 keys IDEA exhibits a linear factor. For a certain class of 2 35 keys the cipher has a global characteristic wi ..."
Abstract

Cited by 37 (3 self)
 Add to MetaCart
. Large classes of weak keys have been found for the block cipher algorithm IDEA, previously known as IPES [?]. IDEA has a 128bit key and encrypts blocks of 64 bits. For a class of 2 23 keys IDEA exhibits a linear factor. For a certain class of 2 35 keys the cipher has a global characteristic with probability 1. For another class of 2 51 keys only two encryptions and solving a set of 16 nonlinear boolean equations with 12 variables is sufficient to test if the used key belongs to this class. If it does, its particular value can be calculated efficiently. It is shown that the problem of weak keys can be eliminated by slightly modifying the key schedule of IDEA. 1 Introduction At Eurocrypt '90 the block cipher proposal PES (Proposed Encryption Standard) was presented [?]. At Eurocrypt '91 the same authors presented a modification of PES, called IPES (Improved PES) [?]. The reason for this modification were new insights based on differential cryptanalysis [?]. IPES has become comme...
Likelihood Estimation For Block Cipher Keys
, 1994
"... In this paper, we give a general framework for the analysis of block ciphers using the statistical technique of likelihood estimation. We show how various recent successful cryptanalyses of block ciphers can be regarded in this framework. By analysing the SAFER block cipher in this framework we ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
(Show Context)
In this paper, we give a general framework for the analysis of block ciphers using the statistical technique of likelihood estimation. We show how various recent successful cryptanalyses of block ciphers can be regarded in this framework. By analysing the SAFER block cipher in this framework we expose a cryptographic weakness of that cipher. Key Words. Statistical Inference, Likelihood Estimation, Block Ciphers, DES, SAFER, Cryptanalysis, Differential Cryptanalysis, Linear Cryptanalysis. This author acknowledges the support of the Nuffield Foundation. 1 1 Introduction In this paper we set up a general framework for analysing block ciphers. In this framework the plaintext and ciphertext spaces are partitioned into a number of classes. We consider the probabilities of a plaintext in a given plaintext class being encrypted to a ciphertext in a given ciphertext class under different keys. For a judicious choice of partitions of plaintext and ciphertext spaces, these probabilities ...
Recent Developments in the Design of Conventional Cryptographic Algorithms
 Computer Security and Industrial Cryptography  State of the Art and Evolution, LNCS
, 1998
"... This paper examines proposals for three cryptographic primitives: block ciphers, stream ciphers, and hash functions. It provides an overview of the design principles of a large number of recent proposals, which includes the global structure, the number of rounds, the way of introducing nonlinearity ..."
Abstract

Cited by 12 (3 self)
 Add to MetaCart
This paper examines proposals for three cryptographic primitives: block ciphers, stream ciphers, and hash functions. It provides an overview of the design principles of a large number of recent proposals, which includes the global structure, the number of rounds, the way of introducing nonlinearity and diffusion, and the key schedule. The software performance of about twenty primitives is compared based on highly optimized implementations for the Pentium. The goal of the paper is to provided a technical perspective on the wide variety of primitives that exist today.
Improved meetinthemiddle attacks on reducedround DES
 In INDOCRYPT’07
, 2007
"... Abstract. The Data Encryption Standard (DES) is a 64bit block cipher. Despite its short key size of 56 bits, DES continues to be used to protect financial transactions valued at billions of Euros. In this paper, we investigate the strength of DES against attacks that use a limited number of plaint ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
(Show Context)
Abstract. The Data Encryption Standard (DES) is a 64bit block cipher. Despite its short key size of 56 bits, DES continues to be used to protect financial transactions valued at billions of Euros. In this paper, we investigate the strength of DES against attacks that use a limited number of plaintexts and ciphertexts. By mounting meetinthemiddle attacks on reducedround DES, we find that up to 6round DES is susceptible to this kind of attacks. The results of this paper lead to a better understanding on the way DES can be used. 1
Cryptanalysis of the CFB mode of the DES with a reduced number of rounds
 In Advances in Cryptology, Proceedings of CRYPTO 93
, 1993
"... . Three attacks on the DES with a reduced number of rounds in the Cipher Feedback Mode (CFB) are studied, namely a meet in the middle attack, a differential attack, and a linear attack. These attacks are based on the same principles as the corresponding attacks on the ECB mode. They are compared to ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
(Show Context)
. Three attacks on the DES with a reduced number of rounds in the Cipher Feedback Mode (CFB) are studied, namely a meet in the middle attack, a differential attack, and a linear attack. These attacks are based on the same principles as the corresponding attacks on the ECB mode. They are compared to the three basic attacks on the CFB mode, namely an exhaustive key search, a comparison attack, and a tabulation attack. In 8bit CFB and with 8 rounds in stead of 16, a differential attack with 2 39:4 chosen ciphertexts can find 3 key bits, and a linear attack with 2 31 known plaintexts can find 7 key bits. This suggests that it is not safe to reduce the number of rounds in order to improve the performance. Moreover, it is shown that the final permutation has some cryptographic significance in the CFB mode. 1 Introduction The Data Encryption Standard (DES) was developed in the seventies at IBM (together with NSA) and was published by the National Bureau of Standards in 1977 [9]. Its int...
Improved Attacks on Full GOST
"... Abstract. GOST is a well known block cipher which was developed in the Soviet Union during the 1970’s as an alternative to the USdeveloped DES. In spite of considerable cryptanalytic effort, until very recently there were no published single key attacks against its full 32round version which were ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
(Show Context)
Abstract. GOST is a well known block cipher which was developed in the Soviet Union during the 1970’s as an alternative to the USdeveloped DES. In spite of considerable cryptanalytic effort, until very recently there were no published single key attacks against its full 32round version which were faster than the 2 256 time complexity of exhaustive search. In February 2011, Isobe used in a novel way the previously discovered reflection property in order to develop the first such attack, which requires 2 32 data, 2 64 memory and 2 224 time. Shortly afterwards, Courtois and Misztal used a different technique to attack the full GOST using 2 64 data, 2 64 memory and 2 226 time. In this paper we introduce a new fixed point property and a better way to attack 8round GOST in order to find improved attacks on full GOST: Given 2 32 data we can reduce the memory complexity from an impractical 2 64 to a practical 2 36 without changing the 2 224 time complexity, and given 2 64 data we can simultaneously reduce the time complexity to 2 192 and the memory complexity to 2 36.
A Survey of Confidential Data Storage and Deletion Methods
"... As the amount of digital data grows, so does the theft of sensitive data through the loss or misplacement of laptops, thumb drives, external hard drives, and other electronic storage media. Sensitive data may also be leaked accidentally due to improper disposal or resale of storage media. To protect ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
As the amount of digital data grows, so does the theft of sensitive data through the loss or misplacement of laptops, thumb drives, external hard drives, and other electronic storage media. Sensitive data may also be leaked accidentally due to improper disposal or resale of storage media. To protect the secrecy of the entire data lifetime, we must have confidential ways to store and delete data. This survey summarizes and compares existing methods of providing confidential storage and deletion of data in personal computing environments. 1.