Advanced Slide Attacks

  • Alex Biryukov
  • David Wagner
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1807)

Abstract

Recently a powerful cryptanalytic tool—the slide attack—was introduced [3]. Slide attacks are very successful in breaking iterative ciphers with a high degree of self-similarity and even more surprisingly are independent of the number of rounds of a cipher. In this paper we extend the applicability of slide attacks to a larger class of ciphers. We find very efficient known- and chosen-text attacks on generic Feistel ciphers with a periodic key-schedule with four independent subkeys, and consequently we are able to break a DES variant proposed in [2] using just 128 chosen texts and negligible time for the analysis (for one out of every 216 keys). We also describe known-plaintext attacks on DESX and Even-Mansour schemes with the same complexity as the best previously known chosen-plaintext attacks on these ciphers. Finally, we provide new insight into the design of GOST by successfully analyzing a 20-round variant (GOST⊕) and demonstrating weak key classes for all 32 rounds.

References

  1. 1.
    E. Biham, New Types of Cryptanalytic Attacks Using Related Keys, J. of Cryptology, Vol.7, pp.229–246, 1994.MATHCrossRefGoogle Scholar
  2. 2.
    L. Brown, J. Seberry, Key Scheduling in DES Type Cryptosystems, proceedings of AUSCRYPT’90, LNCS 453, pp.221–228, Springer Verlag, 1990Google Scholar
  3. 3.
    A. Biryukov, D. Wagner, Slide Attacks, proceedings of FSE’99, LNCS 1636, pp.245–259, Springer Verlag, 1999.Google Scholar
  4. 4.
    C. Charnes, L. O’Connor, J. Pieprzyk, R. Safavi-Naini, Y. Zheng, Comments on Soviet Encryption Algorithm, proceedings of EUROCRYPT’94, LNCS 950, pp.433–438, Springer Verlag, 1994.Google Scholar
  5. 5.
    D. Coppersmith, The Real Reason for Rivest’s Phenomenon, proceedings of CRYPTO’85, pp.535–536, Springer Verlag, 1986.Google Scholar
  6. 6.
    J. Daemen, Limitations of the Even-Mansour Construction, proceedings of ASI-ACRYPT’91, pp.495–498, Springer-Verlag 1992.Google Scholar
  7. 7.
    S. Even, Y. Mansour, A Construction of a Cipher from a Single Pseudorandom Permutation, Journal of Cryptology, Vol.10, No.3, pp.151–161, 1997.MATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    E. K. Grossman, B. Tucherman, Analysis of a Weakened Feistel-like Cipher, 1978 International Conference on Communications, pp.46.3.1–46.3.5, Alger Press Limited, 1978.Google Scholar
  9. 9.
    J. Kelsey, B. Schneier, D. Wagner, Key-Schedule Cryptanalysis of IDEA, GDES, GOST, SAFER, and Triple-DES, proceedings of CRYPTO’96, pp.237–251, Springer Verlag, 1996.Google Scholar
  10. 10.
    J. Kilian, P. Rogaway, How to Protect Against Exhaustive Key Search, proceedings of CRYPTO’96, LNCS 1109, pp.252–267, Springer Verlag, 1996.Google Scholar
  11. 11.
    B. Kaliski, M. Robshaw, Multiple encryption: weighing security and performance, Dr. Dobb’s Journal, pp.123–127, Jan. 1996.Google Scholar
  12. 12.
    L. R. Knudsen, Cryptanalysis of LOKI91, proceedings of AUSCRYPT’92, LNCS 718, pp.196–208, Springer Verlag, 1993.Google Scholar
  13. 13.
    M. Luby, C. Rackofi, How to Construct Pseudorandom Permutations from Pseudorandom Functions, SIAM Journal of Computing, Vol. 17, pp.373–386, 1988.MATHCrossRefGoogle Scholar
  14. 14.
    J. H. Moore, G. J. Simmons, Cycle Structure of the DES with Weak and Semi-Weak Keys, proceedings of CRYPTO’86, pp.9–32, Springer Verlag, 1987.Google Scholar
  15. 15.
    B. Preneel, V. Rijmen, A. Bosselears, Principles and Performance of Cryptographic Algorithms, Dr. Dobb’s Journal, Vol. 23, No. 12, pp.126–131, Miller Freeman, Dec. 1998.Google Scholar
  16. 16.
    P. Rogaway, The Security of DESX, RSA Laboratories’ CryptoBytes, Summer 1996.Google Scholar
  17. 17.
    B. Schneier, Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish), proceedings of FSE’94, LNCS 809, pp.191–204, Springer Verlag, 1994.Google Scholar
  18. 18.
    C. Shannon, Communication Theory of Secrecy Systems, Bell Sys. Tech. J., Vol. 28, pp. 656–715, October 1949. (A declassified report from 1945.)MathSciNetGoogle Scholar
  19. 19.
    I. A. Zabotin, G. P. Glazkov, V. B. Isaeva, Cryptographic Protection for Information Processing Systems. Cryptographic Transformation Algorithm, Government Standard of the USSR, GOST 28147-89, 1989. (Translated by A. Malchik, with editorial and typographic assistance of W. Diffie.)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Alex Biryukov
    • 1
    • 2
  • David Wagner
    • 3
  1. 1.Applied Mathematics DepartmentTechnion - Israel Institute of TechnologyHaifaIsrael
  2. 2.Computer Science DepartmentThe Weizmann Institute of ScienceRehovotIsrael
  3. 3.University of CaliforniaBerkeley

Personalised recommendations