On Weaknesses of Non—surjective Round Functions

Rijmen, Vincent; Preneel, Bart; Win, Erik De

doi:10.1007/978-1-4615-5489-9_4

Cited by 15 publications

(29 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In other words, the combined function v • F is non-surjective. Rijmen et al [7] identified several attacks on ciphers with nonsurjective round functions, so this property of SPEED is worrisome.…”

Section: Non-surjectivity Of the Round Functionmentioning

confidence: 99%

“…Applying the attack of [7] is not as straightforward as one might hope. There Rijmen et al depend on the fact that the range of the h-function is known and hence one can perform hypothesis testing based upon the combined output of several h-functions.…”

Section: Non-surjectivity Of the Round Functionmentioning

confidence: 99%

“…. , x 7 . This shows that there are non-trivial correlations between successive outputs of F 1 ; this could potentially lead to correlations between successive outputs of h. Similar correlations occur for F 3 and F 4 , though this property does not seem to hold for F 2 .…”

Section: Implications Of Correlated Outputsmentioning

confidence: 99%

“…. , B 0 , as the source block and the modified piece, B 7 , the target block. The number of rounds is a parameter; the paper suggests using at least 48 rounds for adequate security for the block cipher, and at least 32 rounds for the hash function.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Cryptanalysis of SPEED

Hall

Kelsey

Rijmen

et al. 1999

Selected Areas in Cryptography

Self Cite

View full text Add to dashboard Cite

Abstract. The cipher family SPEED (and an associated hashing mode) was recently proposed in Financial Cryptography '97. This paper cryptanalyzes that proposal, in two parts: First, we discuss several troubling potential weaknesses in the cipher. Next, we show how to efficiently break the SPEED hashing mode using differential related-key techniques, and propose a differential attack on 48-round SPEED. These results raise some significant questions about the security of the SPEED design.

show abstract

Section: Non-surjectivity Of the Round Functionmentioning

confidence: 99%

Section: Non-surjectivity Of the Round Functionmentioning

confidence: 99%

Section: Implications Of Correlated Outputsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Cryptanalysis of SPEED

Hall

Kelsey

Rijmen

et al. 1999

Selected Areas in Cryptography

Self Cite

View full text Add to dashboard Cite

show abstract

“…For a new block cipher algorithm, designers must guarantee that it can resist these two attacks. However, even the security against DC and LC can be proved, the algorithm may suffer other attacks, such as truncated differential attack [13], higher-order differential attack [13,18], impossible differential attack [4,14], boomerang attack [27], amplified boomerang attack [16], rectangle attack [5], integral attack [15], interpolation attack [12], non-surjective attack [24], algebraic attack [8], related-key attack [3], slide attack [1] and so on. Among these methods, integral attack and impossible differential attack are of special importance.…”

Section: Introductionmentioning

confidence: 99%

Cryptanalysis of a Generalized Unbalanced Feistel Network Structure

Sun

et al. 2010

Information Security and Privacy

View full text Add to dashboard Cite

Abstract. This paper reevaluates the security of GF-NLFSR, a new kind of generalized unbalanced Feistel network structure that was proposed at ACISP 2009. We show that GF-NLFSR itself reveals a very slow diffusion rate, which could lead to several distinguishing attacks. For GF-NLFSR containing n sub-blocks, we find an n 2 -round integral distinguisher by algebraic methods and further use this integral to construct an (n 2 + n − 2)-round impossible differential distinguisher. Compared with the original (3n − 1)-round integral and (2n − 1)-round impossible differential, ours are significantly better.Another contribution of this paper is to introduce a kind of nonsurjective attack by analyzing a variant structure of GF-NLFSR, whose provable security against differential and linear cryptanalysis can also be provided. The advantage of the proposed non-surjective attack is that traditional non-surjective attack is only applicable to Feistel ciphers with non-surjective (non-uniform) round functions, while ours could be applied to block ciphers with bijective ones. Moreover, its data complexity is O(l) with l the block length.

show abstract

Symmetric-key block cipher for image and text cryptography

Amador

Green

2005

Int. J. Imaging Syst. Technol.

View full text Add to dashboard Cite

Public-key cryptography has been widely accepted as the method in which data is encrypted, using algorithms such as the widely known and popularly used RSA algorithm. However, management of the public-key and its storage is an on-going issue. To avoid these problems the symmetric-key approach can be taken, where there is only one key and it must be kept secret. Presented in this paper is a new cipher based on symmetric-key cryptography, called the NASA/Kennedy Cipher (N/KC), and further designed as a block cipher using 128-bit blocks. The minimum key size is set at 128 bits with a maximum allowable of 2048 bits, modulus 2. The main focus of this work is encryption of image data for the purpose of protecting intellectual properties. However, empirical results are presented on N/KC's ability of encrypting and decrypting text data in the form of vectors and documents as well.

show abstract

On Weaknesses of Non—surjective Round Functions

Cited by 15 publications

References 9 publications

Cryptanalysis of SPEED

Cryptanalysis of SPEED

Cryptanalysis of a Generalized Unbalanced Feistel Network Structure

Symmetric-key block cipher for image and text cryptography

Contact Info

Product

Resources

About