Improving the higher order differential attack and cryptanalysis of the KN cipher
Since the proposal of differential cryptanalysis and linear cryptanalysis in 1991 and 1993, respectively, the resistance to these cryptanalyses have been studied for many cryptosystems. Moreover, some block ciphers with provable security against differential and linear cryptanalysis have been proposed. One of them is the KN cipher proposed by Knudsen and Nyberg. The KN cipher is a prototype cipher with provable security against ordinary differential cryptanalysis, and has been proved to be secure against linear cryptanalysis, too. Recently a new method of attacking block ciphers, the higher order differential attack, was proposed, and Jakobsen and Knudsen showed that the KN cipher can be attacked by this method in FSE4. In this paper, we improve this attack to reduce both of the required chosen plaintexts and running time, and apply it to the cryptanalysis of the KN cipher. We show that, for the attacking of the KN cipher with 6 rounds, the number of required chosen plaintexts can be reduced by half and running time reduced from 241 to 214, and that all round keys can be derived in only 0.02 seconds on a Sun Ultra 1 (UltraSPARC 170MHz).
KeywordsBoolean Function Lookup Table Block Cipher Round Function Linear Cryptanalysis
Unable to display preview. Download preview PDF.
- [BS91]E.Biham and A.Shamir, “Differential Cryptanalysis of DES-like Cryptosystems,” Journal of Cryptology, Volume 4, Number 1, pp.3–72, Springer Verlag, 1991.Google Scholar
- [JK97]T.Jakobsen and L.R.Knudsen, “The Interpolation Attack on Block Ciphers,” Fast Software Encryption — Fourth International Workshop, Lecture Note in Computer Science 1267, pp.28–40, Springer Verlag, 1997.Google Scholar
- [K95]L.R.Knudsen, “Truncated and Higher Order Differentials,” Fast Software Encryption — Second International Workshop, Lecture Note in Computer Science 1008, pp.196–211, Springer Verlag, 1995.Google Scholar
- [L94]X.Lai, “Higher Order Derivatives and Differential Cryptanalysis,” Communications and Cryptography, pp.227–233, Kluwer Academic Publishers, 1994.Google Scholar
- [NK95]K.Nyberg and L.R.Knudsen, “Provable Security Against a Differential Attack,” Journal of Cryptology, Volume 8, Number 1, pp.27–37, Springer Verlag, 1995.Google Scholar
- [N94]K.Nyberg, “Linear Approximations of Block Ciphers,” Advances in Cryptology — EUROCRYPT'94, Lecture Note in Computer Science 950, pp.439–444, Springer Verlag, 1995.Google Scholar
- [M93]M.Matsui, “Linear Cryptanalysis Method for DES Cipher,” Advances in Cryptology — EUROCRYPT'93, Lecture Notes in Computer Science 765, pp.386–397, Springer-Verlag, 1994.Google Scholar
- [MS97]S.Moriai and T.Shimoyama, “Performance and Security of Block Ciphers Using Operations in GF(2n),” Proceedings of SAC'97, pp.117–130, 1997.Google Scholar