Improved Slide Attacks

  • Eli Biham
  • Orr Dunkelman
  • Nathan Keller
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4593)


The slide attack is applicable to ciphers that can be represented as an iterative application of the same keyed permutation. The slide attack leverages simple attacks on the keyed permutation to more complicated (and time consuming) attacks on the entire cipher.

In this paper we extend the slide attack by examining the cycle structures of the entire cipher and of the underlying keyed permutation. Our method allows to find slid pairs much faster than was previously known, and hence reduces the time complexity of the entire slide attack significantly. In addition, since our attack finds as many slid pairs as the attacker requires, it allows to leverage all types of attacks on the underlying permutation (and not only simple attacks) to an attack on the entire cipher.

We demonstrate the strength of our technique by presenting an attack on 24-round reduced GOST whose S-boxes are unknown. Our attack retrieves the unknown S-boxes as well as the secret key with a time complexity of about 263 encryptions. Thus, this attack allows an easier attack on other instances of GOST that use the same S-boxes. When the S-boxes are known to the attacker, our attack can retrieve the secret key of 30-round GOST (out of the 32 rounds).


Time Complexity Block Cipher Round Function Cycle Structure Data Encryption Standard 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Biham, E.: New Types of Cryptanalytic Attacks Using Related Keys. Journal of Cryptology 7(4), 229–246 (1994)zbMATHCrossRefGoogle Scholar
  2. 2.
    Biham, E., Biryukov, A., Shamir, A.: Miss in the Middle Attacks on IDEA and Khufu. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 124–138. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  3. 3.
    Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer, Heidelberg (1993)zbMATHGoogle Scholar
  4. 4.
    Biryukov, A., Wagner, D.: Slide Attacks. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 245–259. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  5. 5.
    Biryukov, A., Wagner, D.: Advanced Slide Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 586–606. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  6. 6.
    Brown, L., Seberry, J.: Key Scheduling in DES Type Cryptosystems. In: Seberry, J., Pieprzyk, J.P. (eds.) AUSCRYPT 1990. LNCS, vol. 453, pp. 221–228. Springer, Heidelberg (1990)CrossRefGoogle Scholar
  7. 7.
    Daemen, J., Knudsen, L.R., Rijmen, V.: The Block Cipher Square. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–165. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  8. 8.
    Davies, D.W., Parkin, G.I.P.: The Average Cycle Size of the Key Stream in Output Feedback Encipherment (Abstract). In: McCurley, K.S., Ziegler, C.D. (eds.) CRYPTO 1982. LNCS, vol. 1440, pp. 97–98. Springer, Heidelberg (1982)Google Scholar
  9. 9.
    Furuya, S.: Slide Attacks with a Known-Plaintext Cryptanalysis. In: Kim, K.-c. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 214–225. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    GOST: Gosudarstvennei Standard 28147-89, Cryptographic Protection for Data Processing Systems, Government Committee of the USSR for Standards (1989)Google Scholar
  11. 11.
    Granville, A.: Cycle lengths in a permutation are typically Poisson distributed. Electronic Journal of Combinatorics 13(1), 107 (2006), MathSciNetGoogle Scholar
  12. 12.
    Kelsey, J., Schneier, B., Wagner, D.: Key-Schedule Cryptoanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 237–251. Springer, Heidelberg (1996)Google Scholar
  13. 13.
    Kelsey, J., Schneier, B., Wagner, D.: Related-Key Cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 233–246. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  14. 14.
    Knudsen, L.R.: Cryptanalysis of LOKI91. In: Zheng, Y., Seberry, J. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 196–208. Springer, Heidelberg (1993)Google Scholar
  15. 15.
    Ko, Y., Hong, S., Lee, W., Lee, S., Kang, J.-S.: Related Key Differential Attacks on 27 Rounds of XTEA and Full-Round GOST. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 299–316. Springer, Heidelberg (2004)Google Scholar
  16. 16.
    Matsui, M.: Linear Cryptanalysis Method for DES Cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)Google Scholar
  17. 17.
    National Bureau of Standards: Data Encryption Standard, Federal Information Processing Standards Publications No. 46 (1977)Google Scholar
  18. 18.
    Saarinen, M.-J.: A Chosen Key Attack against the Secret S-boxes of GOST (1998),
  19. 19.
    Schneier, B.: Applied Cryptography, 2nd edn. John Wiley & Sons, Chichester (1996)Google Scholar
  20. 20.
    Seki, H., Kaneko, T.: Differential Cryptanalysis of Reduced Rounds of GOST. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 315–323. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  21. 21.
    Yuval, G.: Reinventing the wheel–—— Travois: Encryption/MAC in 30 ROM Bytes. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 205–209. Springer, Heidelberg (1997)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Eli Biham
    • 1
  • Orr Dunkelman
    • 2
  • Nathan Keller
    • 3
  1. 1.Computer Science Department, Technion, Haifa 32000Israel
  2. 2.Katholieke Universiteit Leuven, Dept. of Electrical Engineering ESAT/SCD-COSIC, Kasteelpark Arenberg 10, B-3001 Leuven-HeverleeBelgium
  3. 3.Einstein Institute of Mathematics, Hebrew University, Jerusalem 91904Israel

Personalised recommendations