@MISC{Knudsen96truncateddifferentials, author = {Lars R. Knudsen and Thomas A. Berson}, title = {Truncated Differentials of SAFER}, year = {1996} }

Bookmark

OpenURL

Abstract

. In this paper we do differential cryptanalysis of SAFER. We consider "truncated differentials" and apply them in an attack on 5round SAFER, which finds the secret key in time much faster than by exhaustive search. 1 Introduction In [6] a new encryption algorithm, SAFER K-64, hereafter denoted SAFER, was proposed. Both the block and the key size is 64. The algorithm is an iterated cipher, such that encryption is done by iteratively applying the same function to the plaintext in a number of rounds. The suggested number of rounds is minimum 6 and maximum 10 [6, 7]. Finally an output transformation is applied to produce the ciphertext. Strong evidence has been given that the scheme is secure against differential cryptanalysis after 5 rounds [7] and against linear cryptanalysis after 2 rounds [2]. In [9] it was shown that by replacing the S-boxes in SAFER by random permutations, about 6% of the resulting ciphers can be broken faster than by exhaustive search. In [4] a weakness in the key...