The interpolation attack on block ciphers

  • Thomas Jakobsen
  • Lars R. Knudsen
Conference paper

DOI: 10.1007/BFb0052332

Part of the Lecture Notes in Computer Science book series (LNCS, volume 1267)
Cite this paper as:
Jakobsen T., Knudsen L.R. (1997) The interpolation attack on block ciphers. In: Biham E. (eds) Fast Software Encryption. FSE 1997. Lecture Notes in Computer Science, vol 1267. Springer, Berlin, Heidelberg


In this paper we introduce a new method of attacks on block ciphers, the interpolation attack. This new method is useful for attacking ciphers using simple algebraic functions (in particular quadratic functions) as S-boxes. Also, ciphers of low non-linear order are vulnerable to attacks based on higher order differentials. Recently, Knudsen and Nyberg presented a 6-round prototype cipher which is provably secure against ordinary differential cryptanalysis. We show how to attack the cipher by using higher order differentials and a variant of the cipher by the interpolation attack. It is possible to successfully cryptanalyse up to 32 rounds of the variant using about 232 chosen plaintexts with a running time less than 264. Using higher order differentials, a new design concept for block ciphers by Kiefer is also shown to be insecure. Rijmen et al presented a design strategy for block ciphers and the cipher SHARK. We show that there exist ciphers constructed according to this design strategy which can be broken faster than claimed. In particular, we cryptanalyse 5 rounds of a variant of SHARK, which deviates only slightly from the proposed SHARK.

Copyright information

© Springer-Verlag 1997

Authors and Affiliations

  • Thomas Jakobsen
    • 1
  • Lars R. Knudsen
    • 2
  1. 1.Department of Mathematics, Building 303Technical University of DenmarkLyngbyDenmark
  2. 2.Dept. Electrical Engineering-ESATKatholieke Universiteit LeuvenHeverleeBelgium

Personalised recommendations