Advertisement

Multiplicative Differentials

  • Nikita Borisov
  • Monica Chew
  • Rob Johnson
  • David Wagner
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2365)

Abstract

We present a new type of differential that is particularly suited to analyzing ciphers that use modular multiplication as a primitive operation. These differentials are partially inspired by the differential used to break Nimbus, and we generalize that result. We use these differentials to break the MultiSwap cipher that is part of the Microsoft Digital Rights Management subsystem, to derive a complementation property in the xmx cipher using the recommended modulus, and to mount a weak key attack on the xmx cipher for many other moduli. We also present weak key attacks on several variants of IDEA. We conclude that cipher designers may have placed too much faith in multiplication as a mixing operator, and that it should be combined with at least two other incompatible group operations.

Keywords

Block Cipher Modular Multiplication Differential Pair Round Function Differential Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Eli Biham and Adi Shamir. Differential cryptanalysis of DES-like cryptosystems. Journal of Cryptology, 4(1):3–72, 1991.MATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Joan Daemen, Rene Govaerts, and Joos Vandewalle. Weak keys for IDEA. In CRYPTO, pages 224–231, 1993.Google Scholar
  3. 3.
    Joan Daemen, Luc van Linden, Rene Govaerts, and Joos Vandewalle. Propagation properties of multiplication modulo 2n-1. In G. H. L. M. Heideman et.al., editor, Thirteenth Symp. on Information Theory in the Benelux, pages 111–118, Enschede (NL), 1–2 1992. Werkgemeen-schap Informatieen Communicatietheorie, Enschede (NL).Google Scholar
  4. 4.
    Vladimir Furman. Differential cryptanalysis of Nimbus. In Fast Software Encryption. Springer-Verlag, 2001.Google Scholar
  5. 5.
    Carlo Harpes, Gerhard G. Kramer, and James L. Massey. A Generalization of Linear Cryptanalysis and the Applicability of Matsui’s Piling-up Lemma. In EUROCRYPT’ 95. Springer-Verlag, May 1995.Google Scholar
  6. 6.
    John Kelsey, Bruce Schneier, and David Wagner. Mod n cryptanalysis, with applications against RC5P and M6. In Fast Software Encryption, pages 139–155, 1999.Google Scholar
  7. 7.
    Xuejia Lai, James L. Massey, and Sean Murphy. Markov ciphers and differential cryptanalysis. In EUROCRYPT’ 91. Springer-Verlag, 1991.Google Scholar
  8. 8.
    Alexis Warner Machado. The Nimbus cipher: A proposal for NESSIE. NESSIE Proposal, September 2000.Google Scholar
  9. 9.
    Mitsuru Matsui. Linear cryptanalysis method for DES cipher. In T. Helleseth, editor, EUROCRYPT’ 93, volume 765, pages 386–397, Berlin, 1994. Springer-Verlag.Google Scholar
  10. 10.
    Willi Meier. On the security of the IDEA block cipher. In EUROCRYPT’ 93, pages 371–385. Springer-Verlag, 1994.Google Scholar
  11. 11.
    David M’Raihi, David Naccache, Jacques Stern, and Serge Vaudenay. XMX: a firmware-oriented block cipher based on modular multiplications. In Fast Software Encryption. Springer-Verlag, 1997.Google Scholar
  12. 12.
    Beale Screamer. Microsoft’s digital rights management scheme—technical details. http://cryptome.org/ms-drm.htm, October 2001.

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Nikita Borisov
    • 1
  • Monica Chew
    • 1
  • Rob Johnson
    • 1
  • David Wagner
    • 1
  1. 1.University of California at BerkeleyUSA

Personalised recommendations