Related-Key Differential Attacks on Cobra-S128, Cobra-F64a, and Cobra-F64b

  • Changhoon Lee
  • Jongsung Kim
  • Seokhie Hong
  • Jaechul Sung
  • Sangjin Lee
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3715)

Abstract

Data-dependent permutations (DDPs) which are very suitable for cheap hardware implementations have been introduced as a cryptographic primitive. Cobra-S128 and Cobra-F64 (which is a generic name for Cobra-F64a and Cobra-F64b) are 128-bit and 64-bit iterated block ciphers with a 128-bit key size based on such DDPs, respectively. Unlike the predecessor DDP-based ciphers [16,5], Cobra-S128 is a software-oriented cipher and Cobra-F64 is a firmware-suitable cipher. In this paper, we derive several structural properties of Cobra-S128 and Cobra-F64 and then use them to devise key recovery attacks on Cobra-S128 and Cobra-F64. These works are the first known attacks on Cobra-S128 and Cobra-F64.

Keywords

Cobra-S128 Cobra-F64 Block Cipher Related-Key Attack Data-Dependent Permutation 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer, Heidelberg (1993)MATHGoogle Scholar
  2. 2.
    Goots, N.D., Izotov, B.V., Moldovyan, A.A., Moldovyan, N.A.: Modern cryptography: Protect Your Data with Fast Block Ciphers. Wayne, A-LIST Publish. (2003)Google Scholar
  3. 3.
    Goots, N.D., Izotov, B.V., Moldovyan, A.A., Moldovyan, N.A.: Fast Ciphers for Cheap Hardware: Differential Analysis of SPECTR-H64. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 449–452. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Goots, N.D., Moldovyan, N.A., Moldovyanu, P.A., Summerville, D.H.: Fast DDP-Based Ciphers: From Hardware to Software. In: 46th IEEE Midwest International Symposium on Circuits and Systems (2003)Google Scholar
  5. 5.
    Goots, N.D., Moldovyan, A.A., Moldovyan, N.A.: Fast Encryption ALgorithm Spectr-H64. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds.) MMM-ACNS 2001. LNCS, vol. 2052, pp. 275–286. Springer, Heidelberg (2001)Google Scholar
  6. 6.
    Kavut, S., Yücel, M.D.: Slide Attack on Spectr-H64. In: Menezes, A., Sarkar, P. (eds.) INDOCRYPT 2002. LNCS, vol. 2551, pp. 34–47. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Kelsey, J., Schneier, B., Wagner, D.: Key Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 237–251. Springer, Heidelberg (1996)Google Scholar
  8. 8.
    Kelsey, J., Schneier, B., Wagner, D.: Related-Key Cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 233–246. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  9. 9.
    Kim, J., Kim, G., Hong, S., Lee, S., Hong, D.: The Related-Key Rectangle Attack - Application to SHACAL-1. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 123–136. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Kim, J., Kim, G., Lee, S., Lim, J., Song, J.: Related-Key Attacks on Reduced Rounds of SHACAL-2. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 175–190. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  11. 11.
    Ko, Y., Hong, D., Hong, S., Lee, S., Lim, J.: Linear Cryptanalysis on SPECTR-H64 with Higher Order Differential Property. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 298–307. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Ko, Y., Lee, C., Hong, S., Lee, S.: Related Key Differential Cryptanalysis of Full-Round SPECTR-H64 and CIKS-1. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 137–148. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  13. 13.
    Ko, Y., Lee, C., Hong, S., Sung, J., Lee, S.: Related-Key Attacks on DDP based Ciphers: CIKS-128 and CIKS-128H. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 191–205. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  14. 14.
    Lee, C., Hong, D., Lee, S., Lee, S., Yang, H., Lim, J.: A Chosen Plaintext Linear Attack on Block Cipher CIKS-1. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 456–468. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. 15.
    Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)Google Scholar
  16. 16.
    Moldovyan, A.A., Moldovyan, N.A.: A cipher Based on Data-Dependent Permutations. Journal of Cryptology 15(1), 61–72 (2002)CrossRefMathSciNetGoogle Scholar
  17. 17.
    Phan, R.C.-W., Handschuh, H.: On Related-Key and Collision Attacks: The case for the IBM 4758 Cryptoprocessor. In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 111–122. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Changhoon Lee
    • 1
  • Jongsung Kim
    • 2
  • Seokhie Hong
    • 1
  • Jaechul Sung
    • 3
  • Sangjin Lee
    • 1
  1. 1.Center for Information Security Technologies(CIST)Korea UniversitySeoulKorea
  2. 2.Katholieke Universiteit Leuven, ESAT/SCD-COSICBelgium
  3. 3.Department of MathematicsUniversity of SeoulSeoulKorea

Personalised recommendations