See this document in CiteSeerX!

A Key-schedule Weakness in SAFER K-64 (1995)  (Make Corrections)  (12 citations)
Lars R. Knudsen
Lecture Notes in Computer Science



  Home/Search   Context   Related

 
View or download:
esat.kuleuven.ac.be/pub...saferkey.ps.Z
esat.kuleuven.ac.be/cos...saferkey.ps.Z
Cached:  PS.gz  PS  PDF   Image  Update  Help

From:  cryptosoft.com/html/secpub (more)
(Enter author homepages)

Rate this article: (best)
  Comment on this article  
(Enter summary)

Abstract: . In this paper we analyse SAFER K-64 and show a weakness in the key schedule. It has the effect that for almost every key K, there exists at least one different key K , such that for many plaintexts the outputs after 6 rounds of encryption are equal. The output transformation causes the ciphertexts to differ in one of the 8 bytes. Also, the same types of keys encrypt even more pairs of plaintexts different in one byte to ciphertexts different only in the same byte. This enables us to do a... (Update)

Context of citations to this paper:   More

...of four. Later Biham [2] introduced the second kind of related key attacks. Later Knudsen described a related key attack on SAFER K [12] and Kelsey, Schneier, and Wagner [8] applied the related key attacks to a wide range of block ciphers. It may be argued that the attacks...

.... by Knudsen and Berson [17] later improved by Wu et al. 7] an algebraic attack by Murphy [20] key schedule attacks by Knudsen [15] and by Kelsey et al. 9] and observations on the PHT design by Vaudenay [21] and Brincat et al. 2] Linear cryptanalysis has been...

Cited by:   More
Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER.. - Kelsey, Schneier, Wagner (1996)   (Correct)
Related-Key Cryptanalysis of 3-WAY, Biham-DES,CAST.. - Kelsey, Schneier, Wagner   (Correct)
NESSIE D13 - Security Evaluation of NESSIE First Phase - Preneel, Van Rompay.. (2001)   (Correct)

Similar documents (at the sentence level):
51.8%:   Why SAFER K Changed Its Name - Knudsen (1996)   (Correct)
6.8%:   Truncated Differentials of SAFER - Knudsen, Berson (1996)   (Correct)

Active bibliography (related documents):   More   All
0.5:   Block Ciphers - Robshaw (1995)   (Correct)
0.2:   Cryptographic Hash Functions: A Survey - Bakhtiari, Safavi-Naini, Pieprzyk (1995)   (Correct)
0.1:   Supporting Document on E2 - Corporation (1998)   (Correct)

Similar documents based on text:   More   All
0.8:   Integral Cryptanalysis on reduced-round Safer++ - A way to.. - Piret, Quisquater (2003)   (Correct)
0.5:   Key Schedule Weaknesses in SAFER+ - Kelsey, Schneier, Wagner (1999)   (Correct)
0.3:   Linear Cryptanalysis of Reduced-Round Versions of.. -..   (Correct)

Related documents from co-citation:   More   All
8:   New Types of Cryptanalytic Attacks Using Related Keys - Biham - 1994
8:   Linear cryptanalysis method for DES cipher (context) - Matsui - 1994
7:   a byte-oriented block-ciphering algorithm (context) - Massey - 1994

BibTeX entry:   (Update)

L.R. Knudsen. A key-schedule weakness in SAFER K-64. In Advances in Cryptology - Proc. Crypto'95, LNCS 963, pages 274--286. Springer Verlag, 1995. http://citeseer.ist.psu.edu/knudsen95keyschedule.html   More

@article{ knudsen95keyschedule,
    author = "Lars R. Knudsen",
    title = "A Key-Schedule Weakness in {SAFER K-64}",
    journal = "Lecture Notes in Computer Science",
    volume = "963",
    pages = "274--??",
    year = "1995",
    url = "citeseer.ist.psu.edu/knudsen95keyschedule.html" }
Citations (may not include all citations):
84   New types of cryptanalytic attacks using related keys - Biham - 1994
50   Analysis and Design of Cryptographic Hash Functions (context) - Preneel - 1993
44   the Design and Security of Block Ciphers (context) - Lai - 1992
34   A generalization of linear cryptanalysis and the applicabili.. - Harpes, Kramer et al.
32   A byte-oriented block-ciphering algorithm (context) - Massey - 1994
24   Hash functions based on block ciphers: A synthetic approach (context) - Preneel - 1993
22   Cryptanalysis of LOKI - Knudsen - 1993
21   Block Ciphers -- Analysis (context) - Knudsen - 1994
19   How easy is collision search (context) - Quisquater, Delescaille - 1990
14   the need for multipermutations: Cryptanalysis of MD4 and SAF.. - Vaudenay - 1994
4   One year later (context) - Massey - 1995



The graph only includes citing articles where the year of publication is known.

Documents on the same site (http://www.cryptosoft.com/html/secpub.htm):   More
A New Approach for Delegation Using Hierarchical Delegation.. - Ding, Petersen (1995)   (Correct)
A Uniform-Complexity Treatment of Encryption and Zero-Knowledge - Goldreich (1991)   (Correct)
On Signature Schemes With Threshold Verification Detecting.. - Petersen, Michels (1997)   (Correct)

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC