Interpolation Attacks of the Block Cipher: SNAKE

  • Shiho Moriai
  • Takeshi Shimoyama
  • Toshinobu Kaneko
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1636)


This paper presents an efficient interpolation attack using a computer algebra system. The interpolation attack proposed by Jakobsen and Knudsen was shown to be effective for attacking ciphers that use simple algebraic functions. However, there was a problem that the complexity and the number of pairs of plaintexts and ciphertexts required for the attack can be overestimated. We solve this problem by first, finding the actual number of coefficients in the polynomial (or rational expression) used in the attack by using a computer algebra system, and second, by finding the polynomial (or rational expression) with fewest coefficients by choosing the plaintexts. We apply this interpolation attack to the block cipher SNAKE proposed by Lee and Cha at JW-ISC’97. In the SNAKE family there are two types of Feistel ciphers, SNAKE(1) and SNAKE(2), with different round functions. Both of them use the inverse function in Galois Field GF(2m) as S-box. We show that when the block size is 64 bits and m = 8, all round keys are recovered for SNAKE(1) and SNAKE(2) with up to 11 rounds. Moreover, when the block size is 128 bits and m = 16, all round keys are recovered for SNAKE(1) with up to 15 rounds and SNAKE(2) with up to 16 rounds.


Block Size Rational Expression Block Cipher Computer Algebra System Round Function 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    E. Biham and A. Shamir, “Differential Cryptanalysis of DES-like Cryptosystems,” Journal of Cryptology, Volume 4, Number 1, pp.3–72, Springer-Verlag, 1991.zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    T. Jakobsen, “Cryptanalysis of Block Ciphers with Probabilistic Non-Linear Relations of Low Degree,” Advances in Cryptology-CRYPTO’98, Lecture Notes in Computer Science 1462, pp.212–222, Springer-Verlag, 1998.CrossRefGoogle Scholar
  3. 3.
    T. Jakobsen and L.R. Knudsen, “The Interpolation Attack on Block Ciphers,” Fast Software Encryption, FSE’97, Lecture Notes in Computer Science 1267, pp.28–40, Springer-Verlag, 1997.CrossRefGoogle Scholar
  4. 4.
    L.R. Knudsen, “Block Ciphers-Analysis, Design and applications,” phD thesis, Aarhus University, Denmark, 1994.Google Scholar
  5. 5.
    C. Lee and Y. Cha, “The Block Cipher: SNAKE with Provable Resistance against DC and LC attacks,” In Proceedings of 1997 Korea-Japan Joint Workshop on Information Security and Cryptology (JW-ISC’97), pp.3–17, 1997.Google Scholar
  6. 6.
    M. Matsui, “Linear Cryptanalysis Method for DES Cipher,” Advances in Cryptology-EUROCRYPT’93, Lecture Notes in Computer Science 765, pp.386–397, Springer-Verlag, 1994.Google Scholar
  7. 7.
    M. Noro and T. Takeshima, “Risa/Asir-a computer algebra system,” Proceedings of ISSAC’92, pp.387–396, ACM Press, 1992.Google Scholar
  8. 8.
    K. Nyberg and L.R. Knudsen, “Provable Security Against a Differential Attack,” Journal of Cryptology, Volume 8, Number 1, pp.27–37, Springer-Verlag, 1995.zbMATHMathSciNetCrossRefGoogle Scholar
  9. 9.
    V. Rijmen, J. Daemen, B. Preneel, A. Bosselaers, and E. De Win, “The cipher SHARK,” Fast Software Encryption, FSE’96, Lecture Notes in Computer Science 1039, pp.99–112, Springer-Verlag, 1996.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Shiho Moriai
    • 1
  • Takeshi Shimoyama
    • 2
  • Toshinobu Kaneko
    • 3
  1. 1.NTT LaboratoriesYokosukaJapan
  2. 2.Fujitsu Laboratories LTDKamikodanaka Nakahara-ku KawasakiJapan
  3. 3.Science University of TokyoNoda, ChibaJapan

Personalised recommendations