On the Decorrelated Fast Cipher (DFC) and Its Theory
In the first part of this paper the decorrelation theory of Vaudenay is analysed. It is shown that the theory behind the proposed constructions does not guarantee security against state-of-the-art differential attacks. In the second part of this paper the proposed Decorrelated Fast Cipher (DFC), a candidate for the Advanced Encryption Standard, is analysed. It is argued that the cipher does not obtain provable security against a differential attack. Also, an attack on DFC reduced to 6 rounds is given.
KeywordsBlock Cipher Advance Encryption Standard Modular Multiplication Round Function Fourth Round
- 1.J. Borst, L.R. Knudsen, V. Rijmen, “Two attacks on reduced IDEA,” Advances in Cryptology, Proceedings Eurocrypt’ 97, LNCS 1233, W. Fumy, Ed., Springer-Verlag, 1997, pp. 1–13.Google Scholar
- 4.X. Lai, J.L. Massey, and S. Murphy. Markov ciphers and differential cryptanalysis. In D.W. Davies, editor, Advances in Cryptology-EUROCRYPT’91, LNCS 547, pages 17–38. Springer Verlag, 1992.Google Scholar
- 6.S. Vaudenay, “Feistel ciphers with L2-decorrelation,” Preproceedings of SAC’98, August’ 98, Kingston (Canada).Google Scholar
- 7.S. Vaudenay. “Provable Security for Block Ciphers by Decorrelation,” In STACS’98, Paris, France, LNCS 1373, Springer-Verlag, 1998, pp. 249–275.Google Scholar
- 8.D. Wagner. The boomerang attack. In these proceedings.Google Scholar