论文信息 - On the Need for Multipermutations: Cryptanalysis of MD4 and SAFER

On the Need for Multipermutations: Cryptanalysis of MD4 and SAFER

Cryptographic primitives are usually based on a network with boxes. At EUROCRYPT'94, Schnorr and the author of this paper claimed that all boxes should be multipermutations. Here, we investigate a few combinatorial properties of multipermutations. We argue that boxes which fail to be multipermutations can open the way to unsuspected attacks. We illustrate this statement with two examples.

Serge Vaudenay | S. Vaudenay

[1] Ivan Damgård,et al. A Design Principle for Hash Functions , 1989, CRYPTO.

[2] Mitsuru Matsui,et al. The First Experimental Cryptanalysis of the Data Encryption Standard , 1994, CRYPTO.

[3] J. Dénes,et al. Latin squares and their applications , 1974 .

[4] Matthew J. B. Robshaw,et al. Linear Cryptanalysis Using Multiple Approximations , 1994, CRYPTO.

[5] Luke O'Connor,et al. Properties of Linear Approximation Tables , 1994, FSE.

[6] F. MacWilliams,et al. The Theory of Error-Correcting Codes , 1977 .

[7] Antoon Bosselaers,et al. An Attack on the Last Two Rounds of MD4 , 1991, CRYPTO.

[8] Feller William,et al. An Introduction To Probability Theory And Its Applications , 1950 .

[9] L. Paige,et al. Complete mappings of finite groups. , 1951 .

[10] Mitsuru Matsui,et al. Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[11] James L. Massey,et al. SAFER K-64: A Byte-Oriented Block-Ciphering Algorithm , 1993, FSE.

[12] Ronald L. Rivest,et al. The MD4 Message-Digest Algorithm , 1990, RFC.

[13] O. Antoine,et al. Theory of Error-correcting Codes , 2022 .

[14] Serge Vaudenay,et al. Black Box Cryptanalysis of Hash Networks Based on Multipermutations , 1994, EUROCRYPT.

[15] Ralph C. Merkle,et al. One Way Hash Functions and DES , 1989, CRYPTO.