SQUARE attack on block ciphers with low algebraic degree

By using an algebraic method, the mathematical foundation of SQUARE attack is studied in this paper. We point out that a SQUARE distinguisher exists if and only if the degree of the polynomial function between n-bit input which is active and n-bit output which is balanced is ⩽ 2n − 2. And the algebraic method can also be used to determine the property of a balanced set after passed through a nonlinear S-box, by which in some cases we can find a SQUARE distinguisher with more rounds. The validity of SQUARE attack and the influence of the choice of S-box are also studied. If the round function of a Feistel cipher has a low algebraic degree, a SQUARE attack cannot recover the right keys in some special cases. However, SQUARE attack on SPN ciphers always holds. The relations among SQUARE attack and some other cryptanalytic method are studied, showing that if a cipher is breakable by SQUARE attack, then it is also breakable by the interpolation attack.

[1]  Bruce Schneier,et al.  Improved Cryptanalysis of Rijndael , 2000, FSE.

[2]  Dengguo Feng,et al.  Integral Cryptanalysis of Reduced FOX Block Cipher , 2005, ICISC.

[3]  David A. Wagner,et al.  Integral Cryptanalysis , 2002, FSE.

[4]  Martijn Stam,et al.  Blockcipher-Based Hashing Revisited , 2009, FSE.

[5]  Dengguo Feng,et al.  New Results on Impossible Differential Cryptanalysis of Reduced AES , 2007, ICISC.

[6]  Chao Li,et al.  New Cryptanalysis of Block Ciphers with Low Algebraic Degree , 2009, FSE.

[7]  W. J. Thron,et al.  Encyclopedia of Mathematics and its Applications. , 1982 .

[8]  Vincent Rijmen,et al.  The Block Cipher Square , 1997, FSE.

[9]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[10]  Rudolf Lide,et al.  Finite fields , 1983 .

[11]  J. Massey,et al.  Communications and Cryptography: Two Sides of One Tapestry , 1994 .

[12]  Alex Biryukov,et al.  Structural Cryptanalysis of SASAS , 2001, Journal of Cryptology.

[13]  Chao Li,et al.  New Observation on Camellia , 2005, Selected Areas in Cryptography.

[14]  Seungjoo Kim,et al.  Information Security and Cryptology - ICISC 2005 , 2005, Lecture Notes in Computer Science.

[15]  Stefan Lucks The Saturation Attack - A Bait for Twofish , 2000, FSE.

[16]  Kil-Hyun Nam,et al.  Information Security and Cryptology - ICISC 2007, 10th International Conference, Seoul, Korea, November 29-30, 2007, Proceedings , 2007, ICISC.

[17]  Wang Xiao-yun Saturation cryptanalysis of CLEFIA , 2008 .

[18]  Vincent Rijmen,et al.  The Design of Rijndael , 2002, Information Security and Cryptography.

[19]  Eli Biham,et al.  Differential Cryptanalysis of the Data Encryption Standard , 1993, Springer New York.

[20]  Ralph Howard,et al.  Data encryption standard , 1987 .

[21]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[22]  Xuejia Lai Higher Order Derivatives and Differential Cryptanalysis , 1994 .

[23]  Lars R. Knudsen,et al.  The Interpolation Attack on Block Ciphers , 1997, FSE.