Known-Key Distinguishers for Some Block Ciphers

  • Lars R. Knudsen
  • Vincent Rijmen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4833)


We present two block cipher distinguishers in a setting where the attacker knows the key. One is a distinguisher for AES reduced the seven rounds. The second is a distinguisher for a class of Feistel ciphers with seven rounds. This setting is quite different from traditional settings. We present an open problem: the definition of a new notion of security that covers attacks like the ones we present here, but not more.


Block Cipher Cryptanalysis Distinguishing algorithms  AES Feistel ciphers 


  1. 1.
    Specification for the Advanced Encryption Standard (AES), Federal Information Processing Standards Publication (FIPS) 197 (2001)Google Scholar
  2. 2.
    Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. Journal of Cryptology 4(1), 3–72 (1991)zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Canetti, R., Goldreich, O., Halevi, S.: The random oracle model, revisited. Journal of the ACM 51(4), 557–594 (2004)CrossRefMathSciNetGoogle Scholar
  4. 4.
    Daemen, J., Knudsen, L., Rijmen, V.: The block cipher Square. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–165. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  5. 5.
    Ferguson, N., Kelsey, J., Lucks, S., Schneier, B., Stay, M., Wagner, D., Whiting, D.: Improved cryptanalysis of Rijndael. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 213–230. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Knudsen, L.R.: DEAL - a 128-bit block cipher. Technical Report 151, Department of Informatics, University of Bergen, Norway, February 1998. Submitted as an AES candidate by Richard OuterbridgeGoogle Scholar
  7. 7.
    Knudsen, L.R., Wagner, D.: Integral cryptanalysis. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 112–127. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Lee, H.J., Lee, S.J., Yoon, J.H., Cheon, D.H., Lee, J.I.: The SEED encryption algorithm. RFC 4269 (2005)Google Scholar
  9. 9.
    Matyas, S.M., Meyer, C.H., Oseas, J.: Generating strong one-way functions with cryptographic algorithm. IBM Technical Disclosure Bulletin 27, 5658–5659 (1985)Google Scholar
  10. 10.
    Wagner, D.: A generalized birthday problem. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 288–303. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Lars R. Knudsen
    • 1
  • Vincent Rijmen
    • 2
  1. 1.Technical University of Denmark, Department of Mathematics, Building 303S, DK-2800 LyngbyDenmark
  2. 2.Graz University of Technology, Institute for Applied Information Processing and Communications, Inffeldgasse 16a, A-8010 GrazAustria

Personalised recommendations