Block Ciphers - A Survey

In this paper we give a short overview of the state of the art of secret key block ciphers. We focus on the main application of block ciphers, namely for encryption. The most important known attacks on block ciphers are linear cryptanalysis and differential cryptanalysis. Linear cryptanalysis makes use of so-called linear hulls i.e., the parity of a subset of ciphertext bits with a probability sufficiently far away from one half. Differential cryptanalysis makes use of so-called differentials (A, B),i.e., a pair of plaintexts with difference A, which after a certain number of rounds result in a difference B with a high probability. The hulls and differentials can be used to derive (parts of) the secret key.

[1]  Joe Kilian,et al.  How to Protect DES Against Exhaustive Key Search , 1996, CRYPTO.

[2]  James L. Massey,et al.  SAFER K-64: One Year Later , 1994, FSE.

[3]  Lars R. Knudsen,et al.  Block Ciphers: Analysis, Design and Applications , 1994 .

[4]  Jennifer Seberry,et al.  LOKI - A Cryptographic Primitive for Authentication and Secrecy Applications , 1990, AUSCRYPT.

[5]  Vincent Rijmen,et al.  On Weaknesses of Non–surjective Round Functions , 1997, Des. Codes Cryptogr..

[6]  L. Knudsen Cryptanalysis of LOKI 91 , 1998 .

[7]  Lars R. Knudsen,et al.  Cryptanalysis of LOKI91 , 1992, AUSCRYPT.

[8]  Xuejia Lai,et al.  Markov Ciphers and Differential Cryptanalysis , 1991, EUROCRYPT.

[9]  Paul C. van Oorschot,et al.  Improving Implementable Meet-in-the-Middle Attacks by Orders of Magnitude , 1996, CRYPTO.

[10]  Ingrid Schaumüller-Bichl,et al.  Zur Analyse des Data encryption standard und Synthese verwandter Chiffriersysteme , 1982 .

[11]  Arthur Sorkin,et al.  Lucifer, a Cryptographic Algorithm , 1984, Cryptologia.

[12]  Bruce Schneier,et al.  Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) , 1993, FSE.

[13]  Ivan Damgård,et al.  The Breaking of the AR Hash Function , 1993, EUROCRYPT.

[14]  Willi Meier,et al.  Improved Differential Attacks on RC5 , 1996, CRYPTO.

[15]  Xuejia Lai,et al.  On the design and security of block ciphers , 1992 .

[16]  Joos Vandewalle,et al.  Weak Keys for IDEA , 1994, CRYPTO.

[17]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[18]  Lars R. Knudsen,et al.  The Interpolation Attack on Block Ciphers , 1997, FSE.

[19]  Ivan Damgård,et al.  Two-Key Triple Encryption , 1998, Journal of Cryptology.

[20]  Bruce Schneier,et al.  Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security. A Report by an Ad Hoc Group of Cryptographers and Computer Scientists , 1996 .

[21]  Vincent Rijmen,et al.  Two Attacks on Reduced IDEA , 1997, EUROCRYPT.

[22]  Serge Vaudenay,et al.  On the Weak Keys of Blowfish , 1996, FSE.

[23]  James L. Massey,et al.  SAFER K-64: A Byte-Oriented Block-Ciphering Algorithm , 1993, FSE.

[24]  Lars R. Knudsen,et al.  Practically Secure Feistel Ciphers , 1994 .

[25]  Kaisa Nyberg,et al.  On the Construction of Highly Nonlinear Permutations , 1992, EUROCRYPT.

[26]  Ralph C. Merkle,et al.  Fast Software Encryption Functions , 1990, CRYPTO.

[27]  Stafford E. Tavares,et al.  Constructing Large Cryptographically Strong S-boxes , 1992, AUSCRYPT.

[28]  Bart Preneel,et al.  Cryptographic hash functions , 2010, Eur. Trans. Telecommun..

[29]  Lars R. Knudsen,et al.  Cryptanalysis of LOKI , 1991, ASIACRYPT.

[30]  Kaisa Nyberg,et al.  Linear Approximation of Block Ciphers , 1994, EUROCRYPT.

[31]  Kazuo Ohta,et al.  Differential-Linear Cryptanalysis of FEAL-8 (Special Section on Cryptography and Information Security) , 1996 .

[32]  D. K. Branstad,et al.  Data Encryption Standard: past and future , 1988, Proc. IEEE.

[33]  Oded Goldreich,et al.  On the power of cascade ciphers , 1985, TOCS.

[34]  Vincent Rijmen,et al.  The Cipher SHARK , 1996, FSE.

[35]  Kaisa Nyberg,et al.  Differentially Uniform Mappings for Cryptography , 1994, EUROCRYPT.

[36]  Eli Biham,et al.  Differential Cryptanalysis of Lucifer , 1993, CRYPTO.

[37]  Matthew J. B. Robshaw,et al.  Non-Linear Approximations in Linear Cryptanalysis , 1996, EUROCRYPT.

[38]  Mitsuru Matsui,et al.  A New Method for Known Plaintext Attack of FEAL Cipher , 1992, EUROCRYPT.

[39]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[40]  Martin E. Hellman,et al.  On the security of multiple encryption , 1981, CACM.

[41]  D. Garling,et al.  Algebra, Volume 1 , 1969, Mathematical Gazette.

[42]  Don Coppersmith,et al.  The Real Reason for Rivest's Phenomenon , 1985, CRYPTO.

[43]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[44]  H. Feistel Cryptography and Computer Privacy , 1973 .

[45]  Paul C. van Oorschot,et al.  A Known Plaintext Attack on Two-Key Triple Encryption , 1991, EUROCRYPT.

[46]  Lars R. Knudsen,et al.  Truncated and Higher Order Differentials , 1994, FSE.

[47]  Ronald L. Rivest,et al.  The RC5 Encryption Algorithm , 1994, FSE.

[48]  Walter Tuchman,et al.  IV. `Hellman presents no shortcut solutions to the DES¿ , 1979, IEEE Spectrum.

[49]  Bruce Schneier,et al.  Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES , 1996, CRYPTO.

[50]  Charles Cresson Wood,et al.  Security for computer networks : D.W. Davies and W.L. Price New York: John Wiley and Sons, 1984. 386 + xix pages, $19.50 , 1985, Computers & security.

[51]  Vincent Rijmen,et al.  Recent Developments in the Design of Conventional Cryptographic Algorithms , 1997, State of the Art in Applied Cryptography.

[52]  Lars R. Knudsen,et al.  Practically Secure Feistel Cyphers , 1993, FSE.

[53]  Shoji Miyaguchi,et al.  The FEAL Cipher Family , 1990, CRYPTO.

[54]  Lars R. Knudsen,et al.  Truncated Differentials of SAFER , 1996, FSE.

[55]  Thomas W. Cusick,et al.  The REDOC II Cryptosystem , 1990, CRYPTO.

[56]  Susan K. Langford,et al.  Differential-Linear Cryptanalysis , 1994, CRYPTO.

[57]  Martin E. Hellman,et al.  A cryptanalytic time-memory trade-off , 1980, IEEE Trans. Inf. Theory.

[58]  Lars R. Knudsen,et al.  Provable Security Against Differential Cryptanalysis , 1992, CRYPTO.

[59]  Matthew J. Weiner,et al.  Efficient DES Key Search , 1994 .

[60]  Eli Biham,et al.  Differential Cryptanalysis of the Full 16-Round DES , 1992, Annual International Cryptology Conference.

[61]  Vincent Rijmen,et al.  The Block Cipher Square , 1997, FSE.

[62]  Ivan Damgård,et al.  Multiple Encryption with Minimum Key , 1995, Cryptography: Policy and Algorithms.

[63]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[64]  Shoji Miyaguchi,et al.  Fast Data Encipherment Algorithm FEAL , 1987, EUROCRYPT.

[65]  Lars R. Knudsen,et al.  A Key-schedule Weakness in SAFER K-64 , 1995, CRYPTO.

[66]  Eli Biham,et al.  Differential Cryptanalysis of the Data Encryption Standard , 1993, Springer New York.

[67]  Cunsheng Ding,et al.  On Almost Perfect Nonlinear Permutations , 1994, EUROCRYPT.

[68]  Mitsuru Matsui,et al.  New Structure of Block Ciphers with Provable Security against Differential and Linear Cryptanalysis , 1996, FSE.

[69]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[70]  Xuejia Lai Higher Order Derivatives and Differential Cryptanalysis , 1994 .

[71]  Donald W. Davies,et al.  Security for computer networks - an introduction to data security in teleprocessing and electronic funds transfer (2. ed.) , 1989, Wiley series in communication and distributed systems.

[72]  Mitsuru Matsui,et al.  The First Experimental Cryptanalysis of the Data Encryption Standard , 1994, CRYPTO.

[73]  Matthew J. B. Robshaw,et al.  Linear Cryptanalysis Using Multiple Approximations , 1994, CRYPTO.