Linear Distinguishing Attack on Shannon

We study known-key distinguishing and partial-collision attacks on GFN-2 structures with various block lengths in this paper. For 4-branch GFN-2, we present 15-round known-key distinguishing attack and 11-round partial-collision attack which improve previous results. We also present 17-round known-key distinguishing attack on 6-branch GFN-2 and 27-round known-key distinguishing attack on 8-branch GFN-2 and show that several partial-collision attacks are derived from them. Additionally, some attacks are valid under special conditions for the F-function.

Download Full-text

Security analysis of linearly filtered NLFSRs

Journal of Mathematical Cryptology ◽

10.1515/jmc-2013-5009 ◽

2013 ◽

Vol 7 (4) ◽

pp. 313-332 ◽

Cited By ~ 3

Author(s):

Mohammad Ali Orumiehchiha ◽

Josef Pieprzyk ◽

Ron Steinfeld ◽

Harry Bartlett

Keyword(s):

Linear Combination ◽

Mobile Communication ◽

Stream Cipher ◽

High Efficiency ◽

Security Analysis ◽

Linear Feedback ◽

Attractive Feature ◽

Key Recovery ◽

Distinguishing Attack ◽

Feedback Shift Register

Abstract. Non-linear feedback shift register (NLFSR) ciphers are cryptographic tools of choice of the industry especially for mobile communication. Their attractive feature is a high efficiency when implemented in hardware or software. However, the main problem of NLFSR ciphers is that their security is still not well investigated. The paper makes a progress in the study of the security of NLFSR ciphers. In particular, we show a distinguishing attack on linearly filtered NLFSR (or LF-NLFSR) ciphers. We extend the attack to a linear combination of LF-NLFSRs. We investigate the security of a modified version of the Grain stream cipher and show its vulnerability to both key recovery and distinguishing attacks.

Download Full-text

A Distinguishing Attack with a Neural Network

2013 IEEE 13th International Conference on Data Mining Workshops ◽

10.1109/icdmw.2013.116 ◽

2013 ◽

Cited By ~ 1

Author(s):

William A.R. De Souza ◽

Allan Tomlinson

Keyword(s):

Neural Network ◽

Distinguishing Attack

Download Full-text

Distinguishing attack on five-round Feistel networks

Electronics Letters ◽

10.1049/el:20030768 ◽

2003 ◽

Vol 39 (16) ◽

pp. 1175 ◽

Cited By ~ 2

Author(s):

L. Knudsen ◽

H. Raddum

Keyword(s):

Distinguishing Attack ◽

Feistel Networks

Download Full-text

On the Usage of Deterministic (Related-Key) Truncated Differentials and Multidimensional Linear Approximations for SPN Ciphers

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2020.i3.262-287 ◽

2020 ◽

pp. 262-287

Author(s):

Ling Sun ◽

David Gerault ◽

Wei Wang ◽

Meiqin Wang

Keyword(s):

Internal State ◽

Constraint Satisfaction Problem ◽

Exhaustive Search ◽

Distinguishing Attack ◽

Linear Approximations ◽

Inherent Feature ◽

Differential Pattern ◽

Impossible Differential ◽

Multidimensional Linear ◽

Fixed Input

Among the few works realising the search of truncated differentials (TD) and multidimensional linear approximations (MDLA) holding for sure, the optimality of the distinguisher should be confirmed via an exhaustive search over all possible input differences/masks, which cannot be afforded when the internal state of the primitive has a considerable number of words. The incomplete search is also a long-term problem in the search of optimal impossible differential (ID) and zerocorrelation linear approximation (ZCLA) since all available automatic tools operate under fixed input and output differences/masks, and testing all possible combinations of differences/masks is impracticable for now. In this paper, we start by introducing an automatic approach based on the constraint satisfaction problem for the exploration of deterministic TDs and MDLAs. Since we transform the exhaustive search into an inherent feature of the searching model, the issue of incomplete search is settled. This tool is applied to search for related-key (RK) TDs of AES-192, and a new related-key differential-linear (DL) distinguisher is identified with a TD with certainty. Due to the novel property of the distinguisher, the previous RK DL attack on AES-192 is improved. Also, the new distinguisher is explained from the viewpoint of differentiallinear connectivity table (DLCT) and thus can be regarded as the first application of DLCT in the related-key attack scenario. As the second application of the tool, we propose a method to construct (RK) IDs and ZCLAs automatically. Benefiting from the control of the nonzero fixed differential pattern and the inherent feature of exhaustive search, the new searching scheme can discover longer distinguishers and hence possesses some superiorities over the previous methods. This technique is implemented with several primitives, and the provable security bounds of SKINNY and Midori64 against impossible differential distinguishing attack are generalised.

Download Full-text

Distinguishing Attack Against TPypy

Selected Areas in Cryptography - Lecture Notes in Computer Science ◽

10.1007/978-3-540-77360-3_25 ◽

2007 ◽

pp. 396-407 ◽

Cited By ~ 2

Author(s):

Yukiyasu Tsunoo ◽

Teruo Saito ◽

Takeshi Kawabata ◽

Hiroki Nakashima

Keyword(s):

Distinguishing Attack

Download Full-text

On Distinguishing Attack Against the Reduced Version of the Cipher Nlsv2

Tatra Mountains Mathematical Publications ◽

10.2478/v10127-012-0037-5 ◽

2012 ◽

Vol 53 (1) ◽

pp. 21-32

Author(s):

Michal Braško ◽

Jaroslav Boor

Keyword(s):

Stream Cipher ◽

Stream Ciphers ◽

Web Page ◽

Security Issue ◽

Phase 3 ◽

Distinguishing Attack ◽

De Vries ◽

Practical Demonstration

ABSTRACT The Australian stream cipher NLSv2 [Hawkes, P.-Paddon, M.-Rose, G. G.-De Vries, M. W.: Primitive specification for NLSv2, Project eSTREAM web page, 2007, 1-25] is a 32-bit word oriented stream cipher that was quite successful in the stream ciphers competition-the project eSTREAM. The cipher achieved Phase 3 and successfully accomplished one of the main requirements for candidates in Profile 1 (software oriented proposals)-to have a better performance than AES in counter mode. However the cipher was not chosen into the final portfolio [Babbage, S.-De Canni`ere, Ch.-Canteaut, A.-Cid, C.-Gilbert, H.-Johansson, T.-Parker, M.-Preneel, B.-Rijmen, V.-Robshaw, M.: The eSTREAM Portfolio, Project eSTREAM web page, 2008], because its performance was not so perfect when comparing with other finalist. Also there is a security issue with a high correlation in the used S-Box, which some effective distinguishers exploit. In this paper, a practical demonstration of the distinguishing attack against the smaller version of the cipher is introduced. In our experiments, we have at disposal a machine with four cores (Intel® CoreTM Quad @ 2.66 GHz) and single attack lasts about 6 days. We performed successful practical experiments and our results demonstrate that the distingushing attack against the smaller version is working.

Download Full-text