Linear Cryptanalysis of Reduced Round Serpent
Conference paper First Online: 21 June 2002 DOI:
2355 of the book series
Lecture Notes in Computer Science (LNCS) Abstract
Serpent is one of the 5 AES finalists. In this paper we present a 9-round linear approximation for Serpent with probability of 1/2+2
-52. We use it to attack 10-round Serpent with all key lengths with data complexity of 2 118 and running time of 2 89. A variant of this approximation is used in the first attack against an 11-round Serpent with 192-bit and 256-bit keys, which require the same amount of data and 2 187 running time.
This work was supported by the European Union fund IST-1999-12324 - NESSIE
Download to read the full conference paper text References
R. Anderson, E. Biham and L. Knudsen,
Serpent: A Proposal for the Advanced Encryption Standard, NIST AES Proposal1998.
A Note on Comparing the AES Candidates, Second AES Candidate Conference, 1999.
E. Biham and A. Shamir,
Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993.
E. Biham, O. Dunkelman, N. Keller,
The Rectangle Attack-Rectangling the Serpent
, To appear in proceedings of Eurocrypt 2001. Available on-line at
An Analysis of Serpent-p and Serpent-p-ns, rump session, Second AES Candidate Conference, 1999.
T. Kohno, J. Kelsey and B. Schneier,
Preliminary Cryptanalysis of Reduced-Round Serpent, Third AES Candidate Conferece, 2000.
J. Kelsey, T. Kohno and B. Schneier,
Amplified Boomerang Attacks Against Reduced-Round MARS and Serpent, FSE 7, to appear.
Linear Cryptanalysis Method for DES Cipher
, Eurocrypt 93, Springer Verlag LNCS 765, pp. 386–397.
A Request for Candidate Algorithm Nominations for the AES
, available on-line at
http://www.nist.gov/aes/ Copyright information
© Springer-Verlag Berlin Heidelberg 2002