Advertisement

Differential-Linear Cryptanalysis of Serpent

  • Eli Biham
  • Orr Dunkelman
  • Nathan Keller
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2887)

Abstract

Serpent is a 128-bit SP-Network block cipher consisting of 32 rounds with variable key length (up to 256 bits long). It was selected as one of the 5 AES finalists. The best known attack so far is a linear attack on an 11-round reduced variant.

In this paper we apply the enhanced differential-linear cryptanalysis to Serpent. The resulting attack is the best known attack on 11-round Serpent. It requires 2125.3 chosen plaintexts and has time complexity of 2139.2. We also present the first known attack on 10-round 128-bit key Serpent. These attacks demonstrate the strength of the enhanced differential-linear cryptanalysis technique.

Keywords

Time Complexity Block Cipher Advance Encryption Standard Linear Cryptanalysis Linear Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Anderson, R., Biham, E., Knudsen, L.R.: Serpent: A Proposal for the Advanced Encryption Standard, NIST AES Proposal (1998)Google Scholar
  2. 2.
    Biham, E.: On Matsui’s Linear Cryptanalysis. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 341–355. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  3. 3.
    Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer, Heidelberg (1993)zbMATHGoogle Scholar
  4. 4.
    Biham, E., Dunkelman, O., Keller, N.: The Rectangle Attack – Rectangling the Serpent. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 340–357. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Biham, E., Dunkelman, O., Keller, N.: Linear Cryptanalysis of Reduced Round Serpent. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 16–27. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Biham, E., Dunkelman, O., Keller, N.: New Results on Boomerang and Rectangle Attacks. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 1–16. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Biham, E., Dunkelman, O., Keller, N.: Enhancing Differential-Linear Cryptanalysis. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 254–266. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Dunkelman, O.: An Analysis of Serpent-p and Serpent-p-ns. Presented at the rump session of the Second AES Candidate Conference (1999), Available on-line, at http://vipe.technion.ac.il/~orrd/crypt/
  9. 9.
    Kelsey, J., Kohno, T., Schneier, B.: Amplified Boomerang Attacks Against Reduced-Round MARS and Serpent. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 75–93. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Langford, S.K., Hellman, M.E.: Differential-Linear Cryptanalysis. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 17–25. Springer, Heidelberg (1994)Google Scholar
  11. 11.
    Matsui, M.: Linear Cryptanalysis Method for DES Cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)Google Scholar
  12. 12.
    NESSIE, Performance of Optimized Implementations of the NESSIE Primitives, NES/DOC/TEC/WP6/D21/a, Available on-line, at http://www.nessie.eu.org/nessie
  13. 13.
    NIST, A Request for Candidate Algorithm Nominations for the AES, Available on-line at http://www.nist.gov/aes/
  14. 14.
    Wagner, D.: The Boomerang Attack. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 156–170. Springer, Heidelberg (1999)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Eli Biham
    • 1
  • Orr Dunkelman
    • 1
  • Nathan Keller
    • 2
  1. 1.Computer Science DepartmentTechnionHaifaIsrael
  2. 2.Mathematics DepartmentTechnionHaifaIsrael

Personalised recommendations