#### DMCA

## Block Ciphers and Cryptanalysis (1998)

### Cached

### Download Links

Citations: | 2 - 0 self |

### Citations

3251 | Handbook of Applied Cryptography - Menezes, Oorschot, et al. - 1997 |

533 |
Linear cryptanalysis method for DES cipher
- Matsui
- 1994
(Show Context)
Citation Context ...t recent techniques of analysing block ciphers. It is a known-plaintext (statistical) attack, developed by Mitsuru Matsui, used to break the DES cipher using 50 workstations and 2 43 known plaintexts =-=[10, 11]-=-. Linear cryptanalysis approximates the nonlinear part of a cipher to a linear equation (so that the linear cipher will give the same results as the nonlinear cipher most of the time, but will also gi... |

415 |
Di®erential Cryptanalysis of the Data Encryption Standard
- Biham, Shamir
- 1993
(Show Context)
Citation Context ...epend on the key and hence reveal information about the key. This idea is the principle behind differential cryptanalysis, a general block cipher analysis method developed by Eli Biham and Adi Shamir =-=[2]. A successf-=-ul application of differential cryptanalysis leads to a chosen-plaintext attack. We denote the difference between a pair of messages (M,M ′ ) by ∆M = M ⊗(M ′ ) −1 ,where⊗ is an appropriate... |

159 |
The first experimental cryptanalysis of the Data Encryption Standard
- Matsui
- 1994
(Show Context)
Citation Context ...t recent techniques of analysing block ciphers. It is a known-plaintext (statistical) attack, developed by Mitsuru Matsui, used to break the DES cipher using 50 workstations and 2 43 known plaintexts =-=[10, 11]-=-. Linear cryptanalysis approximates the nonlinear part of a cipher to a linear equation (so that the linear cipher will give the same results as the nonlinear cipher most of the time, but will also gi... |

149 | Truncated and higher order differentials
- Knudsen
- 1994
(Show Context)
Citation Context ... rounds. In general, the best linear approximation in n-round STEA is given by Ln[n/2] ⊕ Rn[n/2] = K1[(n/2) − 1]. Hence, for 16-round STEA, we have the cipher linear approximation L16[8] ⊕ R16[8=-=] = K1[7]. -=-which holds with probability 1 2 +2−17 . To recover one key bit (bit 7 of K1) of 16-round STEA using linear cryptanalysis would require around 2 34 known plaintexts. 9 Weak Key Schedule And Weak Cip... |

145 |
the design and security of block ciphers
- Lai, \On
- 1992
(Show Context)
Citation Context ...ow the distributive law. Furthermore, there is no simple algebraic relationship between addition modulo 2m and exclusive-or of m-bit vectors since the groups (Z2m, ⊞) and (Fm2 , ⊕) are not isomorp=-=hic [8]-=-. The idea of mixing linear and nonlinear operations in order to obscure the relationship between the plaintext, ciphertext and key, is called confusion and is an important principle of cipher design ... |

132 | Markov Ciphers and Differential Cryptanalysis
- Lai, Massey, et al.
- 1991
(Show Context)
Citation Context ... for this purpose; for example, when applying differential cryptanalysis to an iterated 19scipher, it is preferable to use the difference operation which will cause the cipher to be a “Markov cipher=-=” [8, 9]-=-. The example block cipher of equation 3 is not an iterated block cipher, but it is suitable for demonstrating the basic ideas of differential cryptanalysis. We assume the message block length m =32an... |

131 | Analysis and Design of Stream Ciphers - Rueppel - 1986 |

84 |
a Tiny Encryption Algorithm
- Wheeler, Needham, et al.
- 1994
(Show Context)
Citation Context ...es how the subkeys (K1,...,Kn) are derived from the key K. 6 (6)s3 The TEA Block Cipher The TEA (Tiny Encryption Algorithm) block cipher was presented at the Fast Software Encryption workshop in 1994 =-=[15]-=-. It is a 64-round Feistel cipher operating on 64-bit message blocks with a 128bit key. It was designed for software implementation and all its operations are on 32-bit words and use arithmetic and lo... |

65 |
Cipher Systems: The Protection of Communications
- Beker, Piper
- 1982
(Show Context)
Citation Context .... The idea of mixing linear and nonlinear operations in order to obscure the relationship between the plaintext, ciphertext and key, is called confusion and is an important principle of cipher design =-=[1, 8]-=-. An equally important principle of block cipher design is that of diffusion, i.e., the idea that every bit of the ciphertext should depend on every bit of the plaintext and every bit of the key [1, 8... |

58 |
Related-key Cryptanalysis of 3-WAY
- Kelsey, Schneier, et al.
- 1997
(Show Context)
Citation Context ... Their improvements also defeat a “related-key” attack on TEA that requires 2 23 chosen plaintexts encrypted under two related keys (the value of the second key depends on the value of the first k=-=ey) [6]-=-. 4 The STEA Block Cipher The STEA block cipher is a 64-round Feistel cipher operating on 64-bit message blocks with a 64-bit key. It was designed purely as a test block cipher for learning about mode... |

35 |
Tea Extensions
- Needham, Wheeler
- 1997
(Show Context)
Citation Context ...at is based on block ciphers, such as those suggested in [8]. To eliminate the equivalent keys it would be necessary to redesign the TEA key schedule, which is precisely what the designers of TEA did =-=[13]. Their im-=-provements also defeat a "related-key" attack on TEA that requires 2 23 chosen plaintexts encrypted under two related keys (the value of the second key depends on the value of the first key)... |

31 |
Results of an initial attempt to cryptanalyze the NBS Data Encryption Standard
- Hellman, Merkle, et al.
- 1976
(Show Context)
Citation Context ... 64 2 and obtain two possible values of K1. If the two possible 3The first published attack on reduced-round DES was an attack on two rounds, based on this method of attacking 2-round Feistel ciphers =-=[5]. -=-4The probability that a key might be found which satisfies equation 13 for the two known plaintexts but is not the correct key is 2−64 . The correct key can be uniquely identified by testing against... |

4 |
B.: Analysis of a Feistel-Like Cipher Weakened by Having no Rotating Key
- GROSSMAN
- 1977
(Show Context)
Citation Context ...arch report, Edna Grossman and Bryant Tuckerman described a number of attacks on a weak Feistel cipher called NDS (New Data Seal), which appears to be a simplified version of the Lucifer block cipher =-=[1, 4]-=-. The NDS cipher had a weak key schedule and a weak cipher function. The key schedule was practically non-existant; all the round subkeys were the same, which effectively meant that in each round the ... |

1 |
An attack on a weakened version of TEA
- Fleming
- 1996
(Show Context)
Citation Context ...version of TEA with fixed subkey constants δi (e.g., δi = δ, for all i); this version of TEA would have two distinct subkeys (like STEA). The attack on this TEA variant was described by Roger Flemi=-=ng [3]-=-. It has a complexity of O(2 98 ) and requires around 2 32 known plaintexts. Here the complexity of attack is better than that of exhaustive key-search (which was not the case with STEA). An improveme... |