BibTeX
@MISC{Knudsen96truncateddifferentials,
author = {Lars R. Knudsen and Thomas A. Berson},
title = {Truncated Differentials of SAFER},
year = {1996}
}
Bookmark
 |
 |
 |
 |
 |
 |
OpenURL
Abstract
. In this paper we do differential cryptanalysis of SAFER. We consider "truncated differentials" and apply them in an attack on 5round SAFER, which finds the secret key in time much faster than by exhaustive search. 1 Introduction In [6] a new encryption algorithm, SAFER K-64, hereafter denoted SAFER, was proposed. Both the block and the key size is 64. The algorithm is an iterated cipher, such that encryption is done by iteratively applying the same function to the plaintext in a number of rounds. The suggested number of rounds is minimum 6 and maximum 10 [6, 7]. Finally an output transformation is applied to produce the ciphertext. Strong evidence has been given that the scheme is secure against differential cryptanalysis after 5 rounds [7] and against linear cryptanalysis after 2 rounds [2]. In [9] it was shown that by replacing the S-boxes in SAFER by random permutations, about 6% of the resulting ciphers can be broken faster than by exhaustive search. In [4] a weakness in the key...
Citations
| 293 | Differential Cryptanalysis of the Data Encryption Standard. NewYork - Biham, Shamir - 1993 |
| 71 | Truncated and higher order differentials - Knudsen |
| 49 | An Introduction to Probability Theory - Hoel - 1971 |
| 42 | K-64: A byte-oriented blockciphering algorithm - SAFER - 1994 |
| 41 | A generalization of linear cryptanalysis and the applicability of Matsuiās piling-up lemma - Harpes, Kramer, et al. |
| 30 | On the Need for Multipermutations: Cryptanalysis of MD4 and SAFER - Vaudenay - 1994 |
| 19 | A key-schedule weakness in SAFER-K64 - Knudsen - 1995 |
| 4 | K-64: One year later - SAFER - 1995 |
| 2 | An analysis of SAFER. Private communication - Murphy - 1995 |
