scholarly journals On the Usage of Deterministic (Related-Key) Truncated Differentials and Multidimensional Linear Approximations for SPN Ciphers

2020 ◽  
pp. 262-287
Author(s):  
Ling Sun ◽  
David Gerault ◽  
Wei Wang ◽  
Meiqin Wang
Keyword(s):  
Internal State ◽  
Constraint Satisfaction Problem ◽  
Exhaustive Search ◽  
Distinguishing Attack ◽  
Linear Approximations ◽  
Inherent Feature ◽  
Differential Pattern ◽  
Impossible Differential ◽  
Multidimensional Linear ◽  
Fixed Input

Among the few works realising the search of truncated differentials (TD) and multidimensional linear approximations (MDLA) holding for sure, the optimality of the distinguisher should be confirmed via an exhaustive search over all possible input differences/masks, which cannot be afforded when the internal state of the primitive has a considerable number of words. The incomplete search is also a long-term problem in the search of optimal impossible differential (ID) and zerocorrelation linear approximation (ZCLA) since all available automatic tools operate under fixed input and output differences/masks, and testing all possible combinations of differences/masks is impracticable for now. In this paper, we start by introducing an automatic approach based on the constraint satisfaction problem for the exploration of deterministic TDs and MDLAs. Since we transform the exhaustive search into an inherent feature of the searching model, the issue of incomplete search is settled. This tool is applied to search for related-key (RK) TDs of AES-192, and a new related-key differential-linear (DL) distinguisher is identified with a TD with certainty. Due to the novel property of the distinguisher, the previous RK DL attack on AES-192 is improved. Also, the new distinguisher is explained from the viewpoint of differentiallinear connectivity table (DLCT) and thus can be regarded as the first application of DLCT in the related-key attack scenario. As the second application of the tool, we propose a method to construct (RK) IDs and ZCLAs automatically. Benefiting from the control of the nonzero fixed differential pattern and the inherent feature of exhaustive search, the new searching scheme can discover longer distinguishers and hence possesses some superiorities over the previous methods. This technique is implemented with several primitives, and the provable security bounds of SKINNY and Midori64 against impossible differential distinguishing attack are generalised.

scholarly journals Multidimensional linear cryptanalysis with key difference invariant bias for block ciphers

Cybersecurity ◽  
2021 ◽  
Vol 4 (1) ◽  
Author(s):  
Wenqin Cao ◽  
Wentao Zhang
Keyword(s):  
Time Complexity ◽  
Block Ciphers ◽  
Linear Cryptanalysis ◽  
Compression Technique ◽  
Key Recovery ◽  
Linear Approximations ◽  
Theoretical Advantage ◽  
Multidimensional Linear ◽  
Multidimensional Linear Cryptanalysis ◽  
Key Recovery Attacks

AbstractFor block ciphers, Bogdanov et al. found that there are some linear approximations satisfying that their biases are deterministically invariant under key difference. This property is called key difference invariant bias. Based on this property, Bogdanov et al. proposed a related-key statistical distinguisher and turned it into key-recovery attacks on LBlock and TWINE-128. In this paper, we propose a new related-key model by combining multidimensional linear cryptanalysis with key difference invariant bias. The main theoretical advantage is that our new model does not depend on statistical independence of linear approximations. We demonstrate our cryptanalysis technique by performing key recovery attacks on LBlock and TWINE-128. By using the relations of the involved round keys to reduce the number of guessed subkey bits. Moreover, the partial-compression technique is used to reduce the time complexity. We can recover the master key of LBlock up to 25 rounds with about 260.4 distinct known plaintexts, 278.85 time complexity and 261 bytes of memory requirements. Our attack can recover the master key of TWINE-128 up to 28 rounds with about 261.5 distinct known plaintexts, 2126.15 time complexity and 261 bytes of memory requirements. The results are the currently best ones on cryptanalysis of LBlock and TWINE-128.

scholarly journals Vectorized linear approximations for attacks on SNOW 3G

2020 ◽  
pp. 249-271
Author(s):  
Jing Yang ◽  
Thomas Johansson ◽  
Alexander Maximov
Keyword(s):  
Stream Cipher ◽  
Key Recovery ◽  
Distinguishing Attack ◽  
Linear Approximations ◽  
Correlation Attack ◽  
Finite State ◽  
Integrity Protection ◽  
Key Length ◽  
Expected Complexity ◽  
4G Lte

SNOW 3G is a stream cipher designed in 2006 by ETSI/SAGE, serving in 3GPP as one of the standard algorithms for data confidentiality and integrity protection. It is also included in the 4G LTE standard. In this paper we derive vectorized linear approximations of the finite state machine in SNOW3G. In particular,we show one 24-bit approximation with a bias around 2−37 and one byte-oriented approximation with a bias around 2−40. We then use the approximations to launch attacks on SNOW 3G. The first approximation is used in a distinguishing attack resulting in an expected complexity of 2172 and the second one can be used in a standard fast correlation attack resulting in key recovery in an expected complexity of 2177. If the key length in SNOW 3G would be increased to 256 bits, the results show that there are then academic attacks on such a version faster than the exhaustive key search.

scholarly journals Significantly Improved Multi-bit Differentials for Reduced Round Salsa and ChaCha

2017 ◽  
pp. 261-287 ◽  
Author(s):  
Arka Rai Choudhuri ◽  
Subhamoy Maitra
Keyword(s):  
Main Idea ◽  
Stream Ciphers ◽  
Exhaustive Search ◽  
Linear Combinations ◽  
Linear Approximations ◽  
Linear Attack ◽  
First Time ◽  
Very High

ChaCha and Salsa are two software oriented stream ciphers that have attracted serious attention in academic as well as commercial domain. The most important cryptanalysis of reduced versions of these ciphers was presented by Aumasson et al. in FSE 2008. One part of their attack was to apply input difference(s) to investigate biases after a few rounds. So far there have been certain kind of limited exhaustive searches to obtain such biases. For the first time, in this paper, we show how to theoretically choose the combinations of the output bits to obtain significantly improved biases. The main idea here is to consider the multi-bit differentials as extension of suitable single-bit differentials with linear approximations, which is essentially a differential-linear attack. As we consider combinations of many output bits (for example 19 for Salsa and 21 for ChaCha), exhaustive search is not possible here. By this method we obtain very high biases for linear combinations of bits in Salsa after 6 rounds and in ChaCha after 5 rounds. These are clearly two rounds of improvement for both the ciphers over the existing works. Using these biases we obtain several significantly improved cryptanalytic results for reduced round Salsa and ChaCha that could not b obtained earlier. In fact, with our results it is now possible to cryptanalyse 6-round Salsa and 5-round ChaCha in practical time.

scholarly journals Spectral analysis of ZUC-256

2020 ◽  
pp. 266-288 ◽  
Author(s):  
Jing Yang ◽  
Thomas Johansson ◽  
Alexander Maximov
Keyword(s):  
Spectral Analysis ◽  
Computational Complexity ◽  
Distinguishing Attack ◽  
Linear Approximations

In this paper we develop a number of generic techniques and algorithms in spectral analysis of large linear approximations for use in cryptanalysis. We apply the developed tools for cryptanalysis of ZUC-256 and give a distinguishing attack with complexity around 2236. Although the attack is only 220 times faster than exhaustive key search, the result indicates that ZUC-256 does not provide a source with full 256-bit entropy in the generated keystream, which would be expected from a 256-bit key. To the best of our knowledge, this is the first known academic attack on full ZUC-256 with a computational complexity that is below exhaustive key search.

German Internal State Language Questionnaire

2012 ◽  
Author(s):  
Susanne Kristen ◽  
Beate Sodian ◽  
Maria Licata ◽  
Claudia Thoermer ◽  
Diane Poulin‐Dubois
Keyword(s):  
Internal State ◽  
Internal State Language ◽  
State Language

Identification of Differentially Expressed Genes Using cDNA-AFLP During Six Days In Vitro Tuberization of Potato

Zuriat ◽  
2015 ◽  
Vol 14 (1) ◽  
Author(s):  
Nono Carsono ◽  
Christian Bachem
Keyword(s):  
Gene Expression ◽  
Developmental Process ◽  
Expression Patterns ◽  
Induction Medium ◽  
In Vitro Tuberization ◽  
Storage Organ ◽  
Developmentally Regulated ◽  
Study Gene Expression ◽  
Differential Pattern

Tuberization in potato is a complex developmental process resulting in the differentiation of stolon into the storage organ, tuber. During tuberization, change in gene expression has been known to occur. To study gene expression during tuberization over the time, in vitro tuberization system provides a suitable tool, due to its synchronous in tuber formation. An early six days axillary bud growing on tuber induction medium is a crucial development since a large number of genes change in their expression patterns during this period. In order to identify, isolate and sequencing the genes which displaying differential pattern between tuberizing and non-tuberizing potato explants during six days in vitro tuberization, cDNA-AFLP fingerprint, method for the visualization of gene expression using cDNA as template which is amplified to generate an RNA-fingerprinting, was used in this experiment. Seventeen primer combinations were chosen based on their expression profile from cDNA-AFLP fingerprint. Forty five TDFs (transcript derived fragment), which displayed differential expressions, were obtained. Tuberizing explants had much more TDFs, which developmentally regulated, than those from non tuberizing explants. Seven TDFs were isolated, cloned and then sequenced. One TDF did not find similarity in the current databases. The nucleotide sequence of TDF F showed best similarity to invertase ezymes from the databases. The homology of six TDFs with known sequences is discussed in this paper.

Sign in / Sign up

Export Citation Format

Share Document