New Combined Attacks on Block Ciphers

Differential cryptanalysis and linear cryptanalysis are the most widely used techniques for block ciphers cryptanalysis. Several attacks combine these cryptanalytic techniques to obtain new attacks, e.g., differential-linear attacks, miss-in-the-middle attacks, and boomerang attacks. In this paper we present several new combinations: we combine differentials with bilinear approximations, higher-order differentials with linear approximations, and the boomerang attack with linear, with differential-linear, with bilinear, and with differential-bilinear attacks. We analyze these combinations and present examples of their usefulness. For example, we present a 6-round differential-bilinear approximation of s5DES with a bias of 1/8, and use it to attack 8-round s5DES using only 384 chosen plaintexts. We also enlarge a weak key class of IDEA by a factor of 512 using the higher-order differential-linear technique. We expect that these attacks will be useful against larger classes of ciphers.

[1]  Eli Biham,et al.  Enhancing Differential-Linear Cryptanalysis , 2002, ASIACRYPT.

[2]  Bruce Schneier,et al.  Improved Cryptanalysis of Rijndael , 2000, FSE.

[3]  Nicolas Courtois Feistel Schemes and Bi-linear Cryptanalysis , 2004, CRYPTO.

[4]  David A. Wagner,et al.  The Boomerang Attack , 1999, FSE.

[5]  Vincent Rijmen,et al.  The Block Cipher Square , 1997, FSE.

[6]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[7]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[8]  Shoji Miyaguchi,et al.  Fast Data Encipherment Algorithm FEAL , 1987, EUROCRYPT.

[9]  Tor Helleseth,et al.  Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.

[10]  Eli Biham,et al.  Differential-Linear Cryptanalysis of Serpent , 2003, FSE.

[11]  Lars R. Knudsen,et al.  DES-X (or DESX) , 2005, Encyclopedia of Cryptography and Security.

[12]  Susan K. Langford Differential-linear cryptanalysis and threshold signatures , 1995 .

[13]  Eyal Kushilevitz,et al.  From Differential Cryptanalysis to Ciphertext-Only Attacks , 1998, CRYPTO.

[14]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[15]  Eli Biham,et al.  Miss in the Middle Attacks on IDEA and Khufu , 1999, FSE.

[16]  David A. Wagner,et al.  Integral Cryptanalysis , 2002, FSE.

[17]  Xuejia Lai,et al.  A Proposal for a New Block Encryption Standard , 1991, EUROCRYPT.

[18]  Nicolas T. Courtois Feistel Schemes and Bi-linear Cryptanalysis (Extended Abstract) , 2004, CRYPTO 2004.

[19]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[20]  Serge Vaudenay,et al.  Decorrelation: A Theory for Block Cipher Security , 2003, Journal of Cryptology.

[21]  Joos Vandewalle,et al.  New Weak-Key Classes of IDEA , 2002, ICICS.

[22]  Douglas R. Stinson,et al.  Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.

[23]  Kaisa Nyberg,et al.  Advances in Cryptology — EUROCRYPT'98 , 1998 .

[24]  Eli Biham,et al.  Introduction to Differential Cryptanalysis , 1993 .

[25]  Eli Biham,et al.  Cryptanalysis of Ladder-DES , 1997, FSE.

[26]  Ivan Bjerre Damgård,et al.  Advances in Cryptology — EUROCRYPT ’90 , 2001, Lecture Notes in Computer Science.

[27]  Eli Biham,et al.  Differential Cryptanalysis of the Data Encryption Standard , 1993, Springer New York.

[28]  Jongsung Kim,et al.  Differential-Linear Type Attacks on Reduced Rounds of SHACAL-2 , 2004, ACISP.

[29]  Ralph Howard,et al.  Data encryption standard , 1987 .

[30]  Eli Biham,et al.  On Matsui's Linear Cryptanalysis , 1994, EUROCRYPT.

[31]  Alfredo De Santis,et al.  Advances in Cryptology — EUROCRYPT'94 , 1994, Lecture Notes in Computer Science.

[32]  Nicolas Courtois,et al.  The Inverse S-Box, Non-linear Polynomial Relations and Cryptanalysis of Block Ciphers , 2004, AES Conference.

[33]  Lars R. Knudsen,et al.  Truncated and Higher Order Differentials , 1994, FSE.

[34]  Yvo Desmedt,et al.  Advances in Cryptology — CRYPTO ’94 , 2001, Lecture Notes in Computer Science.

[35]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[36]  Mitsuru Matsui,et al.  A New Method for Known Plaintext Attack of FEAL Cipher , 1992, EUROCRYPT.

[37]  Rainer A. Rueppel Advances in Cryptology — EUROCRYPT’ 92 , 2001, Lecture Notes in Computer Science.

[38]  Serge Vaudenay,et al.  Provable Security for Block Ciphers by Decorrelation , 1998, STACS.

[39]  Stefan Lucks The Saturation Attack - A Bait for Twofish , 2000, FSE.

[40]  Xuejia Lai Higher Order Derivatives and Differential Cryptanalysis , 1994 .

[41]  J. Massey,et al.  Communications and Cryptography: Two Sides of One Tapestry , 1994 .

[42]  Walter Fumy,et al.  Advances in Cryptology — EUROCRYPT ’97 , 2001, Lecture Notes in Computer Science.

[43]  Joos Vandewalle,et al.  Weak Keys for IDEA , 1994, CRYPTO.

[44]  Yuliang Zheng,et al.  Advances in Cryptology — ASIACRYPT 2002 , 2002, Lecture Notes in Computer Science.

[45]  Philip Hawkes,et al.  Differential-Linear Weak Key Classes of IDEA , 1998, EUROCRYPT.

[46]  Alex Biryukov,et al.  Structural Cryptanalysis of SASAS , 2001, Journal of Cryptology.

[47]  Ross Anderson,et al.  Serpent: A Proposal for the Advanced Encryption Standard , 1998 .

[48]  David Chaum,et al.  Advances in Cryptology — EUROCRYPT’ 87 , 2000, Lecture Notes in Computer Science.

[49]  Vincent Rijmen,et al.  Two Attacks on Reduced IDEA , 1997, EUROCRYPT.

[50]  Susan K. Langford,et al.  Differential-Linear Cryptanalysis , 1994, CRYPTO.

[51]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[52]  Eli Biham,et al.  Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials , 1999, Journal of Cryptology.