Abstract
This paper presents a linear cryptanalytic attack against reduced round variants of the SAFER family of block ciphers. Compared with the 1.5 round linear relations by Harpes et al., the following new linear relations were found: a 3.75-round non-homomorphic linear relation for both SAFER-K and SAFER-SK with bias ∈ = 2-29; a 2.75 round relation for SAFER+ with bias ∈ = 2-49. For a 32-bit block mini-version of SAFER a 4.75-round relation with bias ∈ = 2-16 has been identified. These linear relations apply only to certain weak key classes. The results show that by considering non-homomorphic linear relations, more rounds of the SAFER block cipher family can be attacked. The new attacks pose no threat to any member of the SAFER family.
F.W.O. research associate, sponsored by the Fund for Scientific Research, Flanders (Belgium).
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Brincat, K., Meijer, A., “On the SAFER cryptosystem,” Cryptography and Coding, Proceedings of 6th IMA Conference, LNCS 1355, M. Darnell, Ed., Springer-Verlag, 1997, pp. 59–68.
C. Harpes, “Cryptanalysis of Iterated Block Ciphers,” ETH series in Information Processing, J. L. Massey, Ed., Vol. 7, Hartung-Gorre Verlag, Konstanz, 1996.
C. Harpes, G. Kramer, J. L. Massey, “A generalization of linear cryptanalysis and the applicability of Matsui’s piling-up lemma,” Advances in Cryptology, Proceedings Eurocrypt’95, LNCS 921, L. C. Guillou and J.-J. Quisquater, Eds., Springer-Verlag, 1995, pp. 24–38.
D. Wagner, “The boomerang attack,” Fast Software Encryption, LNCS 1636, L. R. Knudsen, Ed., Springer-Verlag, 1999, pp. 201–214.
E. Biham, A. Shamir, “Differential Cryptanalysis of the Data Encryption Standard,” Springer-Verlag, 1993.
H. Wu, F. Bao, R. H. Deng, Q.-Z. Ye, “Improved truncated differential attacks on SAFER,” Advances in Cryptology, Proceedings Asiacrypt’98, LNCS 1514, K. Ohta, D. Pei, Eds., Springer-Verlag, 1998, pp. 133–147.
J. Borst, B. Preneel, J. Vandewalle, “Linear Cryptanalysis of RC5 and RC6,” Fast Software Encryption, LNCS 1636, L. R. Knudsen, Ed., Springer-Verlag, 1999, pp. 16–30.
J. Kelsey, B. Schneier, D. Wagner, “Key schedule weaknesses in SAFER+,” Proceedings 2nd Advanced Encryption Standard Candidate Conference, March 22-23, 1999, Rome (I), pp. 155–167.
J. L. Massey, G. H. Khachatrian, M. K. Kuregian, “Nomination of SAFER+ as candidate algorithm for the Advanced Encryption Standard (AES),” June 12, 1998. Available at http://www.ii.uib.no/~larsr/aes.html
J. L. Massey, “SAFER-K64: a byte-oriented block ciphering algorithm,” Fast Software Encryption, LNCS 1039, D. Gollmann, Ed., Springer-Verlag, 1996, pp. 1–17.
J. L. Massey, “SAFER-K64: one year later,” Fast Software Encryption, LNCS 1008, B. Preneel, Ed., Springer-Verlag, 1995, pp. 212–241.
J. L. Massey, “Strengthened key schedule for the cipher SAFER,” posted to the USENET newsgroup sci.crypt, September 1995. Available at ftp://ftp.cert.dfn.de/pub/tools/crypt/SAFER/
K. Nyberg, “Linear approximation of block ciphers,” Advances in Cryptology, Proceedings Eurocrypt’94, LNCS 950, A. De Santis, Ed., Springer-Verlag, 1995, pp. 439–444.
L. R. Knudsen, “A key schedule weakness in SAFER-K64,” Advances in Cryptology, Proceedings Crypto’95, LNCS 963, D. Coppersmith, Ed., Springer-Verlag, 1995, pp. 274–286.
L. R. Knudsen, “Why SAFER K changed its name,” Technical Report LIENS 96-13, Laboratoire d’Informatique, Ecole Normale Supfierieure, Paris, France, April 1996. Available at http://www.ii.uib.no/~larsr/aes.html
L. R. Knudsen, T. A. Berson, “Truncated differentials of SAFER,” Fast Software Encryption, LNCS 1039, D. Gollmann, Ed., Springer-Verlag, 1996, pp. 15–26.
M. Matsui, “Linear cryptanalysis method for DES cipher,” Advances in Cryptology, Proceedings Eurocrypt’93, LNCS 765, T. Helleseth, Ed., Springer-Verlag, 1994, pp. 386–397.
M. Matsui, A. Yamagishi, “A new method for known plaintext attack on FEAL cipher,” Advances in Cryptology, Proceedings Eurocrypt’92, LNCS 658, R. A. Rueppel, Ed., Springer-Verlag, 1993, pp. 81–91.
S. Murphy, “An analysis of SAFER,” Journal of Cryptology, Vol. 11,No. 4, 1998, pp. 235–251.
S. Vaudenay, “On the need for multipermutations: Cryptanalysis of MD4 and SAFER,” Fast Software Encryption, LNCS 1039, D. Gollmann, Ed., Springer-Verlag, 1996, pp. 286–297.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nakahara, J., Preneel, B., Vandewalle, J. (2001). Linear Cryptanalysis of Reduced-Round Versions of the SAFER Block Cipher Family. In: Goos, G., Hartmanis, J., van Leeuwen, J., Schneier, B. (eds) Fast Software Encryption. FSE 2000. Lecture Notes in Computer Science, vol 1978. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44706-7_17
Download citation
DOI: https://doi.org/10.1007/3-540-44706-7_17
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41728-6
Online ISBN: 978-3-540-44706-1
eBook Packages: Springer Book Archive