Abstract
This paper deals with truncated differential cryptanalysis of the 128-bit block cipher E2, which is an AES candidate designed and submitted by NTT. Our analysis is based on byte characteristics, where a difference of two bytes is simply encoded into one bit information “0” (the same) or “1” (not the same). Since E2 is a strongly byte-oriented algorithm, this bytewise treatment of characteristics greatly simplifies a description of its probabilistic behavior and noticeably enables us an analysis independent of the structure of its (unique) lookup table. As a result, we show a non-trivial seven round byte characteristic, which leads to a possible attack of E2 reduced to eight rounds without IT and FT by a chosen plaintext scenario.We also show that by a minor modification of the byte order of output of the round function — which does not reduce the complexity of the algorithm nor violates its design criteria at all —, a non-trivial nine round byte characteristic can be established, which results in a possible attack of the modified E2 reduced to ten rounds without IT and FT, and reduced to nine rounds with IT and FT. Our analysis does not have a serious impact on the full E2, since it has twelve rounds with IT and FT; however, our results show that the security level of the modified version against differential cryptanalysis is lower than the designers’ estimation.
Chapter PDF
Similar content being viewed by others
References
NTT-Nippon Telegraph and Telephone Corporation: E2: Effcient Encryption algorithm. http://info.isl.ntt.co.jp/e2
Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer Verlag (1993)
Knudsen, L.R, Berson, T.A.: Truncated Differentials of SAFER. Third International Workshop of Fast Software Encryption, Lecture Notes in Computer Science 1039, Springer-Verlag(1996).
Lai, X., Massey, J.L., Murphy, S.: Markov Ciphers and Differential Cryptanalysis. Advances in Cryptology-Eurocrypt’91, Lecture Notes in Computer Science 547, Springer-Verlag (1991).
Moriai, S.: A talk at rump session in sixth international workshop of Fast Software Encryption (1999).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Matsui, M., Tokita, T. (1999). Cryptanalysis of a Reduced Version of the Block Cipher E2. In: Knudsen, L. (eds) Fast Software Encryption. FSE 1999. Lecture Notes in Computer Science, vol 1636. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48519-8_6
Download citation
DOI: https://doi.org/10.1007/3-540-48519-8_6
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66226-6
Online ISBN: 978-3-540-48519-3
eBook Packages: Springer Book Archive