Results 1  10
of
50
Unbalanced Feistel Networks and BlockCipher Design
 Fast Software Encryption, 3rd International Workshop Proceedings
, 1996
"... We examine a generalization of the concept of Feistel networks, which we call Unbalanced Feistel Networks (UFNs). Like conventional Feistel networks, UFNs consist of a series of rounds in which one part of the block operates on the rest of the block. However, in a UFN the two parts need not be of eq ..."
Abstract

Cited by 72 (5 self)
 Add to MetaCart
We examine a generalization of the concept of Feistel networks, which we call Unbalanced Feistel Networks (UFNs). Like conventional Feistel networks, UFNs consist of a series of rounds in which one part of the block operates on the rest of the block. However, in a UFN the two parts need not be of equal size. Removing this limitation on Feistel networks has interesting implications for designing ciphers secure against linear and differential attacks. We describe UFNs and a terminology for discussing their properties, present and analyze some UFN constructions, and make some initial observations about their security. It is notable that almost all the proposed ciphers that are based on Feistel networks follow the same design construction: half the bits operate on the other half. There is no inherent reason that this should be so; as we will demonstrate, it is possible to design Feistel networks across a much wider, richer design space. In this paper, we examine the nature of the...
Linear Cryptanalysis Using Multiple Approximations
 Advances in Cryptology  CRYPTO '94 Proceedings
, 1994
"... Abstract. We present a technique which aids in the linear cryptanalysis of a block cipher and allows for a reduction in the amount of data required for a successful attack. We note the limits of this extension when applied to DES, but illustrate that it is generally applicable and might be exception ..."
Abstract

Cited by 67 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We present a technique which aids in the linear cryptanalysis of a block cipher and allows for a reduction in the amount of data required for a successful attack. We note the limits of this extension when applied to DES, but illustrate that it is generally applicable and might be exceptionally successful when applied to other block ciphers. This forces us to reconsider some of the initial attempts to quantify the resistance of block ciphers to linear cryptanalysis, and by taking account of this new technique we cover several issues which have not yet been considered. 1
Twofish: A 128Bit Block Cipher
 in First Advanced Encryption Standard (AES) Conference
, 1998
"... Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bit ..."
Abstract

Cited by 66 (8 self)
 Add to MetaCart
(Show Context)
Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bitwise rotations, and a carefully designed key schedule. A fully optimized implementation of Twofish encrypts on a Pentium Pro at 17.8 clock cycles per byte, and an 8bit smart card implementation encrypts at 1660 clock cycles per byte. Twofish can be implemented in hardware in 14000 gates. The design of both the round function and the key schedule permits a wide variety of tradeoffs between speed, software size, key setup time, gate count, and memory. We have extensively cryptanalyzed Twofish; our best attack breaks 5 rounds with 2 22.5 chosen plaintexts and 2 51 effort.
On Applying Molecular Computation To The Data Encryption Standard
"... this paper we consider the so called plaintextciphertext attack. Here the cryptanalyst obtains a plaintext and its corresponding ciphertext and wishes to determine the key used to perform the encryption. The most naive approach to this problem is to try all 2 ..."
Abstract

Cited by 53 (2 self)
 Add to MetaCart
(Show Context)
this paper we consider the so called plaintextciphertext attack. Here the cryptanalyst obtains a plaintext and its corresponding ciphertext and wishes to determine the key used to perform the encryption. The most naive approach to this problem is to try all 2
SubstitutionPermutation Networks Resistant to Differential and Linear Cryptanalysis
 JOURNAL OF CRYPTOLOGY
, 1996
"... In this paper we examine a class of product ciphers referred to as substitutionpermutation networks. We investigate the resistance of these cryptographic networks to two important attacks: differential cryptanalysis and linear cryptanalysis. In particular, we develop upper bounds on the differenti ..."
Abstract

Cited by 32 (11 self)
 Add to MetaCart
(Show Context)
In this paper we examine a class of product ciphers referred to as substitutionpermutation networks. We investigate the resistance of these cryptographic networks to two important attacks: differential cryptanalysis and linear cryptanalysis. In particular, we develop upper bounds on the differential characteristic probability and on the probability of a linear approximation as a function of the number of rounds of substitutions. Further, it is shown that using large Sboxes with good diffusion characteristics and replacing the permutation between rounds by an appropriate linear transformation is effective in improving the cipher security in relation to these two attacks.
Recent Developments in the Design of Conventional Cryptographic Algorithms
 Computer Security and Industrial Cryptography  State of the Art and Evolution, LNCS
, 1998
"... This paper examines proposals for three cryptographic primitives: block ciphers, stream ciphers, and hash functions. It provides an overview of the design principles of a large number of recent proposals, which includes the global structure, the number of rounds, the way of introducing nonlinearity ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
This paper examines proposals for three cryptographic primitives: block ciphers, stream ciphers, and hash functions. It provides an overview of the design principles of a large number of recent proposals, which includes the global structure, the number of rounds, the way of introducing nonlinearity and diffusion, and the key schedule. The software performance of about twenty primitives is compared based on highly optimized implementations for the Pentium. The goal of the paper is to provided a technical perspective on the wide variety of primitives that exist today.
Wheedham: An Automatically Designed Block Cipher by means of Genetic Programming
"... Abstract — In this work, we present a general scheme for the design of block ciphers by means of Genetic Programming. In this vein, we try to evolve highly nonlinear and efficient functions to be used for the key expansion and the Ffunction of a Feistel network. Following this scheme, we propose a ..."
Abstract

Cited by 7 (4 self)
 Add to MetaCart
(Show Context)
Abstract — In this work, we present a general scheme for the design of block ciphers by means of Genetic Programming. In this vein, we try to evolve highly nonlinear and efficient functions to be used for the key expansion and the Ffunction of a Feistel network. Following this scheme, we propose a new block cipher design called Wheedham, that operates on 512 bit blocks and keys of 256 bits, of which we offer its C code (directly translated from the GP Trees) and some preliminary security results. I.
Linear cryptanalysis of substitutionpermutation networks
, 2003
"... The subject of this thesis is linear cryptanalysis of substitutionpermutation networks (SPNs). We focus on the rigorous form of linear cryptanalysis, which requires the concept of linear hulls. First, we consider SPNs in which the sboxes are selected independently and uniformly from the set of al ..."
Abstract

Cited by 7 (3 self)
 Add to MetaCart
(Show Context)
The subject of this thesis is linear cryptanalysis of substitutionpermutation networks (SPNs). We focus on the rigorous form of linear cryptanalysis, which requires the concept of linear hulls. First, we consider SPNs in which the sboxes are selected independently and uniformly from the set of all bijective n × n sboxes. We derive an expression for the expected linear probability values of such an SPN, and give evidence that this expression converges to the corresponding value for the true random cipher. This adds quantitative support to the claim that the SPN structure is a good approximation to the true random cipher. We conjecture that this convergence holds for a large class of SPNs. In addition, we derive a lower bound on the probability that an SPN with randomly selected sboxes is practically secure against linear cryptanalysis after a given number of rounds. For common block sizes, experimental evidence indicates that this probability rapidly approaches 1 with an increasing number of rounds.
On the Use of Encryption in Cryptographic Protocols
 Codes and Cyphers
, 1995
"... In the past few years the International Organisation for Standardization (ISO) and International ElectroTechnical Commission (IEC) have been jointly developing several standards for entity authentication and/or encryption key exchange. Some of the mechanisms proposed use a symmetric block encryption ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
In the past few years the International Organisation for Standardization (ISO) and International ElectroTechnical Commission (IEC) have been jointly developing several standards for entity authentication and/or encryption key exchange. Some of the mechanisms proposed use a symmetric block encryption algorithm, in a particular mode of operation, to achieve security. In this paper a general property of the algorithm is explained. It is shown that some of the protocols in the ISO/IEC draft documents for standardisation are vulnerable to an attack which exploits this property.