Decorrelated Fast Cipher: an AES Candidate well suited for low cost smart card applications (1998) [7 citations — 3 self]

Download:

by Guillaume Poupard, Serge Vaudenay

Third Smart Card Research and Advanced Applications Conference Proceedings

http://www.dmi.ens.fr/~vaudenay/doc/PV98.ps

Add To MetaCart

Popular Tags

No tags have been applied to this document.

BibTeX | Add To MetaCart

@INPROCEEDINGS{Poupard98decorrelatedfast,
    author = {Guillaume Poupard and Serge Vaudenay},
    title = {Decorrelated Fast Cipher: an AES Candidate well suited for low cost smart card applications},
    booktitle = {Third Smart Card Research and Advanced Applications Conference Proceedings},
    year = {1998},
    pages = {pp.},
    publisher = {Springer-Verlag}
}

Abstract:

Abstract. In response to the call for candidates issued by the National Institute for Standards and Technologies (the Advanced Encryption Standard project) the Ecole Normale Sup'erieure proposed a candidate called DFC as for "Decorrelated Fast Cipher", based on the decorrelation technique that provides provable security against several classes of attacks (in particular the basic version of Biham and Shamir's Differential Cryptanalysis as well as Matsui's Linear Cryptanalysis). From a practical point of view, this algorithm is naturally very efficient when it is implemented on 64-bit processors. In this paper, we describe the implementation we made of DFC on a very low cost smart card based on the Motorola 6805 processor. The performances we obtain prove that DFC is also well suited for low cost devices applications. Since the beginning of commercial use of symmetric encryption (with block ciphers) in the seventies, construction design used to be heuristic-based and security was empiric: a given block cipher was considered to be secure until some researcher published an attack on. The Data Encryption Standard [1] initiated an important open research area, and some important cryptanalysis methods emerged, namely Biham and Shamir's differential cryptanalysis [4] and Matsui's linear cryptanalysis [11], as well as further generalizations. Nyberg and Knudsen [14] showed how to build toy block ciphers which provably resist differential cryptanalysis (and linear cryptanalysis as well as has been shown afterward [3]). This paradigm has successfully been used by Matsui in the MISTY cipher [12, 13]. However Nyberg and Knudsen 's method does not provide much freedom for the design, and actually, this paradigm leads to algebraic constructions. This may open the way to other kind of weaknesses as shown by Jakobsen and Knudsen [8]. In response to the call for candidates for the Advanced Encryption Standard (AES) which has been issued by the National Institute of Standards and Technology (NIST) the ENS proposed in [6] the Decorrelated Fast Cipher (DFC)

Citations

265	Differential Cryptanalysis of the Data Encryption Standard – Biham, Shamir - 1993
196	Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems – Kocher - 1996
100	Cryptography and computer privacy – Feistel
92	The first experimental cryptanalysis of the Data Encryption Standard – Matsui - 1994
51	L.R.Knudsen, “The Interpolation Attack on Block Ciphers,” Fast Software Encryption – Jakobsen - 1997
29	Timing attacks on implementations of Die-Hellman, RSA, DSS, and other systems – Kocher - 1996
13	Strict Evaluation of the Maximum Average of Differential Probability and the Maximum Average of Linear Probability – Aoki, Ohta - 1997
9	Decorrelated Fast Cipher: an AES Candidate. Submitted to the Advanced Encryption Standard process – Gilbert, Girault, et al. - 1998
8	Cryptography and Computer Privacy. Scienti c – Feistel - 1973
7	Fast and secure hashing based on codes – Knudsen, Preneel - 1997
5	Strict Evaluation of the Maximum Average of Di#erential Probability and the Maximum Average of Linear Probability – Aoki, Ohta - 1997

View or Download | Add to My Collection | Correct Errors