Truncated differentials of SAFER

  • Lars R. Knudsen
  • Thomas A. Berson
Block Ciphers — Analysis
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1039)


In this paper we do differential cryptanalysis of SAFER. We consider “truncated differentials” and apply them in an attack on 5-round SAFER, which finds the secret key in time much faster than by exhaustive search.


  1. 1.
    E. Biham and A. Shamir. Differential Cryptanalysis of the Data Encryption Standard. Springer Verlag, 1993.Google Scholar
  2. 2.
    C. Harpes, G.G. Kramer, and J.L. Massey. A generalization of linear cryptanalysis and the applicability of Matsui's piling-up lemma. In L. Guillou and J.-J. Quisquater, editors, Advances in Cryptology — Eurocrypt'95, LNCS 921, pages 24–38. Springer Verlag, 1995.Google Scholar
  3. 3.
    Hoel, Port, and Stone. Introduction to Probability Theory. Houghton Mifflin Company, 1979.Google Scholar
  4. 4.
    L.R. Knudsen. A key-schedule weakness in SAFER K-64. In D. Coppersmith, editor, Advances in Cryptology — CRYPTO'95, LNCS 963, pages 274–286. Springer Verlag, 1995.Google Scholar
  5. 5.
    L.R. Knudsen. Truncated and higher order differentials. In B. Preneel, editor, Fast Software Encryption, LNCS 1008, pages 196–211, Springer Verlag, 1995.Google Scholar
  6. 6.
    J.L. Massey. SAFER K-64: A byte-oriented block-ciphering algorithm. In Fast Software Encryption — Proc. Cambridge Security Workshop, Cambridge, U.K., LNCS 809, pages 1–17. Springer Verlag, 1994.Google Scholar
  7. 7.
    J.L. Massey. SAFER K-64: One year later. In B. Preneel, editor, Fast Software Encryption, LNCS 1008, pages 212–241, Springer Verlag, 1995.Google Scholar
  8. 8.
    S. Murphy. An analysis of SAFER. Private communication, 1995.Google Scholar
  9. 9.
    S. Vaudenay. On the need for multipermutations: Cryptanalysis of MD4 and SAFER. In B. Preneel, editor, Fast Software Encryption, LNCS 1008, pages 286–297, Springer Verlag, 1995.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1996

Authors and Affiliations

  • Lars R. Knudsen
    • 1
  • Thomas A. Berson
    • 2
  1. 1.Laboratoire d'InformatiqueÉcole Normale SupérieureParisFrance
  2. 2.Anagram LaboratoriesPalo AltoUSA

Personalised recommendations