Abstract. It is a general belief among the designers of block-ciphers that even a relatively weak cipher may become very strong if its number of rounds is made very large. In this paper we describe a new generic known- (or sometimes chosen-) plaintext attack on product ciphers, which we call the slide attack and which in many cases is independent of the number of rounds of a cipher. We illustrate the power of this new tool by giving practical attacks on several recently designed ciphers: TREYFER, WAKE-ROFB, and variants of DES and Blowsh. 1
|
292
|
cryptanalysis method for DES cipher, in
– Matsui, Linear
- 1994
|
|
265
|
Differential Cryptanalysis of the Data Encryption Standard
– Biham, Shamir
- 1993
|
|
115
|
Description of a New Variable-Length Key, 64-Bit Block Cipher", from "Fast Software Encryption, Cambridge Security Workshop Proceedings
– Schneier
- 1994
|
|
108
|
New types of cryptanalytic attacks using related keys
– Biham
- 1993
|
|
36
|
Key-schedule cryptanalysis of
– Kelsey, Schneier, et al.
- 1996
|
|
29
|
Differential-Linear Cryptanalysis
– Hellman, Langford
- 1994
|
|
24
|
Higher order derivatives and differential cryptanalysis
– Lai
|
|
22
|
Provable Security for Block Ciphers by Decorrelation
– Vaudenay
- 1998
|
|
19
|
Description of a New Variable-Length Key
– Schneier
- 1994
|
|
9
|
Linear Cryptanalysis Method for
– Matsui
- 1994
|
|
8
|
Analysis of a Weakened Feistel-like Cipher
– Grossman, Tuckerman
- 1978
|
|
8
|
Cryptanalysis of some recently-proposed multiple modes of operation
– Wagner
- 1998
|
|
7
|
A chosen plaintext attack of the 16-round Khufu cryptosystem
– Gilbert, Chauvaud
- 1994
|
|
7
|
Higher Order Derivations and Dierential Cryptanalysis," Communications and Cryptography: Two Sides of One Tapestry
– Lai
- 1994
|
|
6
|
Reinventing the Travois: Encryption/MAC
– Yuval
- 1997
|
|
5
|
On the Weak Keys
– Vaudenay
- 1996
|
|
4
|
Optimizing a Fast Stream Cipher for VLIW
– Clapp
- 1997
|
|
4
|
personal communication
– Biham
- 1993
|
|
3
|
From Differential Cryptanalysis to Ciphertext-Only Attacks
– Biryukov, Kushilevitz
- 1998
|
|
2
|
Initial Observations on the Skipjack Encryption Algorithm," SAC'98
– Biham, Biryukov, et al.
- 1998
|
|
2
|
Truncated and Higher Order Differentials", Fast Software Encryption
– Knudsen
- 1995
|
|
2
|
Joint Hardware / Software Design of a Fast Stream Cipher
– Clapp
- 1998
|
|
2
|
Private communication
– Yuval
- 1998
|
|
2
|
Truncated and Higher Order di#erentials," in Fast Software EncrypNv
– Knudsen
- 1995
|
|
2
|
Reinventing the Travois: Encryption
– Yuval
- 1997
|
|
2
|
Related-Key Cryptanalysis of 3-WAY, BihamDES
– Kelsey, Schneier, et al.
- 1997
|
|
1
|
personal communication, Feb 1999. [BBS98
– Adams
|
|
1
|
Fast Software Encryption Functions", CRYPTO'90
– Merkle
- 1990
|
|
1
|
Skipjack and KEA algorithm specifications
– NSA
- 1998
|
|
1
|
A cheap paradigm for block cipher strengthening," LIENS tech report 97-3
– Vaudenay
- 1997
|
|
1
|
From dierential cryptanalysis to ciphertext-only attacks
– Biryukov, Kushilevitz
|
|
1
|
UPdate, FSE'99 rump session
– Clapp, WAKE
- 1999
|
|
1
|
Re-synchronization weaknesses in stream ciphers
– Daemen, Govaerts, et al.
- 1994
|
|
1
|
Notice also, that it is possible to a 448-bit key which will force
– Matsui
- 1994
|
|
1
|
TEA Extensions," unpublished manuscript
– Needham, Wheeler
- 1997
|
|
1
|
Skipjack and KEA algorithm speci
– NSA
- 1998
|
|
1
|
Cryptanalysis of Block Tea," unpublished manuscript
– Saarinen
- 1998
|
|
1
|
Feistel Ciphers with L2-Decorrelation," SAC'98
– Vaudenay
- 1998
|
|
1
|
Editors: Brendan Traw (Intel) brendan traw@ccm.jf.intel.com and Scott Smyers (Sony) scotts@lsi.sel.sony.com
– 17-Feb-1998, Intel, et al.
|
|
