Slide Attacks

  • Alex Biryukov
  • David Wagner
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1636)


It is a general belief among the designers of block-ciphers that even a relatively weak cipher may become very strong if its number of rounds is made very large. In this paper we describe a new generic known- (or sometimes chosen-) plaintext attack on product ciphers, which we call the slide attack and which in many cases is independent of the number of rounds of a cipher. We illustrate the power of this new tool by giving practical attacks on several recently designed ciphers: TREYFER, WAKE-ROFB, and variants of DES and Blowfish.


Block Cipher Stream Cipher Round Function Choose Plaintext Attack Birthday Paradox 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    E. Biham, A. Shamir, Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993.Google Scholar
  2. 2.
    E. Biham, New Types of Cryptanalytic Attacks Using Related Keys, J. of Cryptology, Vol.7, pp.229–246, 1994.zbMATHCrossRefGoogle Scholar
  3. 3.
    E. Biham, A. Biryukov, N. Ferguson, L. R. Knudsen, B. Schneier, A. Shamir, Cryptanalysis of Magenta, Second AES Conference, 1999.Google Scholar
  4. 4.
    A. Biryukov, E. Kushilevitz, From differential cryptanalysis to ciphertext-only attacks, LNCS 1462, Advances in Cryptology CRYPTO’98, pp.72–88, Springer-Verlag, 1998.Google Scholar
  5. 5.
    C. Clapp, Optimizing a Fast Stream Cipher for VLIW, SIMD, and Superscalar Processors, LNCS 1267, FSE’97 Proceedings, pp.273–287, Springer-Verlag, 1997.Google Scholar
  6. 6.
    C. Clapp, Joint Hardware / Software Design of a Fast Stream Cipher, LNCS 1373, FSE’98 Proceedings, pp.75–92, Springer-Verlag, 1998.Google Scholar
  7. 7.
    C. Clapp, WAKE UPdate, FSE’99 rump session, 1999.Google Scholar
  8. 8.
    J. Daemen, R. Govaerts, J. Vanderwalle, Re-synchronization weaknesses in stream ciphers, LNCS 765, Advances in Cryptology EUROCRYPT’93, pp.159–169, Springer-Verlag, 1994.Google Scholar
  9. 9.
    E. K. Grossman, B. Tuckerman, Analysis of a Weakened Feistel-like Cipher, 1978 International Conference on Communications, pp.46.3.1–46.3.5, Alger Press Limited, 1978.Google Scholar
  10. 10.
    G. Yuval, Reinventing the Travois: Encryption/MAC in 30 ROM Bytes, LNCS 1267, FSE’97 Proceedings, pp.205–209, Springer-Verlag, 1997.Google Scholar
  11. 11.
    G. Yuval, Private communication, August 1998.Google Scholar
  12. 12.
    L. R. Knudsen, Cryptanalysis of LOKI91, LNCS 718, Advances in Cryptology AUSCRYPT’92, pp.196–208, Springer-Verlag, 1993.Google Scholar
  13. 13.
    M. Matsui, Linear Cryptanalysis Method of DES Cipher, LNCS 765, Advances in Cryptology EUROCRYPT’93, pp.386–397, Springer-Verlag, 1994.Google Scholar
  14. 14.
    B. Schneier, Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish), LNCS 809, FSE’94 Proceedings, pp.191–204, Springer-Verlag, 1994.Google Scholar
  15. 15.
    S. Vaudenay, On the Weak Keys in Blowfish, LNCS 1039, FSE’96 Proceedings, pp.27–32, Springer-Verlag, 1996.Google Scholar
  16. 16.
    D. Wagner, Cryptanalysis of some recently-proposed multiple modes of operation, LNCS 1373, FSE’98 Proceedings, pp.254–269, Springer-Verlag, 1998.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Alex Biryukov
    • 1
  • David Wagner
    • 2
  1. 1.Applied Mathematics DepartmentTechnion - Israel Institute of TechnologyHaifaIsrael
  2. 2.University of CaliforniaBerkeley

Personalised recommendations