A. Biryukov, E. Kushilevitz, From Differential Cryptanalysis to Ciphertext-Only Attacks, Lecture Notes in Computer Science 1462, Advances in Cryptology -- Proceedings of CRYPTO'98, pp.72--88, Springer-Verlag, 1998. Home/Search Document Details and Download
Summary Related Articles Check |
This paper is cited in the following contexts:
Encrypting Virtual Memory - Provos (2000) (13 citations) (Correct)
....This ensures that each page is encrypted uniquely. Caution is indicated because changing the IV in sequential increments for adjacent pages may result in only small input di erences to the encryption function. The attacks described in From Di erential Cryptanalysis to Ciphertext Only Attacks [3] might apply in such a situation. For that reason, we encrypt the block number and use that for the IV . Biryukov and Kushilevitz also state, Another method of IV choice is the encryption of the datagram sequence numbers [ and sending [the] IV in [the] clear (explicit IV method) This ....
Alex Biryukov and Eyal Kushilevitz. From Differential Cryptanalysis to Ciphertext-Only Attacks. In Proceedings of the Advances in Cryptology | CRYPTO '98, pages 72-88. Springer-Verlag, August 1998.
IDEA: A Cipher for Multimedia Architectures? - Lipmaa (1998) (3 citations) (Correct)
....a throughput of 100 Mbits sec in the other modes. An example candidate is the counter mode [MOV96, Sect. 7.2. 2] which allows parallel encryption decryption while providing almost ideal security in the random oracle model [BDJR97] but which is not suited for use with differentially weak ciphers [BK98] One could see the problem also from the viewpoint of a processor designer and ask what (minimal) extensions should be added to an existing generalpurpose processor to achieve significant speedup of industry standard cryptographic primitives. While the general answer seems to be out of our reach ....
Alex Biryukov and Eyal Kushilevitz. From Differential Cryptanalysis to Ciphertext-Only Attacks. In Hugo Krawczyk, editor, Advances in Cryptology --- CRYPTO '98, volume 1462 of Lecture Notes in Computer Science, pages 72--88. Springer-Verlag, 1998.
Miss in the Middle Attacks on IDEA, Khufu and Khafre - Biham, Biryukov, Shamir (2 citations) Self-citation (Biryukov) (Correct)
....is interesting to note that these attacks are particularly sensitive to redundancy in the plaintexts. If the distribution of the plaintexts is not uniform, then in some cases we can efficiently convert these chosen message attacks into known plaintext and even ciphertext only attacks, similarly to [7]. 4 Concluding Remarks Since the introduction of differential cryptanalysis in 1990 various approaches to the design of ciphers with provable security against this attack were suggested (see for example [2, 26, 21] One way of proving a cipher to be secure against differential attack is to show ....
A. Biryukov, E. Kushilevitz, From Differential Cryptanalysis to Ciphertext-Only Attacks, Lecture Notes in Computer Science 1462, Advances in Cryptology -- Proceedings of CRYPTO'98, pp.72--88, Springer-Verlag, 1998.
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC