Partial and Higher Order Differentials and Applications to the DES

Lars Ramkilde Knudsen

doi:10.7146/brics.v2i9.19512

Partial and Higher Order Differentials and Applications to the DES

BRICS Report Series ◽

10.7146/brics.v2i9.19512 ◽

1995 ◽

Vol 2 (9) ◽

Cited By ~ 1

Author(s):

Lars Ramkilde Knudsen

Keyword(s):

Block Cipher ◽

Higher Order ◽

Differential Attack ◽

Running Time ◽

Differential Attacks ◽

Derivatives Of ◽

Discrete Functions

In 1994 Lai considered higher order derivatives of discrete functions and introduced the concept of higher order differentials. We introduce the concept of partial differentials and present attacks on ciphers presumably secure against differential attacks, but vulnerable to attacks using higher order and partial differentials. Also we examine the DES for partial and higher order differentials and give a differential attack using partial differentials on DES reduced to 6 rounds using only 46 chosen plaintexts with an expected running time of about the time of 3,500 encryptions. Finally it is shown how to find a minimum nonlinear order of a block cipher using higher order differentials.

Download Full-text

Provable Security Against a Differential Attack

DAIMI Report Series ◽

10.7146/dpb.v23i473.6946 ◽

1994 ◽

Vol 23 (473) ◽

Cited By ~ 1

Author(s):

Kaisa Nyberg ◽

Lars Ramkilde Knudsen

Keyword(s):

Upper Bound ◽

Provable Security ◽

Block Cipher ◽

Differential Cryptanalysis ◽

Font Size ◽

Differential Attack ◽

Round Function ◽

Differential Attacks

The purpose of this paper is to show that there exist DES-like iterated ciphers, which are provably resistant against differential attacks. The main result on the security of a DES-like cipher with independent round keys is Theorem 1, which gives an upper bound to the probability of s-round differentials, as defined in Markov Ciphers and Differential Cryptanalysis by X. Lai et al. and this upper bound depends only on the round function of the iterated cipher. Moreover, it is shown that there exist functions such that the probabilities of differentials are less than or equal to 23-n, where n is the length of the plaintext block. We also show a prototype of an iterated block cipher, which is compatible with DES and has proven security against differential attacks.

Download Full-text

On optimal size in truncated differential attacks

Studia Scientiarum Mathematicarum Hungarica ◽

10.1556/012.2015.52.2.1314 ◽

2015 ◽

Vol 52 (2) ◽

pp. 246-254 ◽

Cited By ~ 2

Author(s):

Nicolas T. Courtois ◽

Theodosis Mourouzis ◽

Anna Grocholewska-Czuryło ◽

Jean-Jacques Quisquater

Keyword(s):

Block Cipher ◽

Ad Hoc ◽

Differential Cryptanalysis ◽

Optimal Size ◽

Potential Space ◽

Differential Attack ◽

Pass Through ◽

Differential Attacks ◽

Differential Properties ◽

Truncated Differential

Differential Cryptanalysis (DC) is one of the oldest known attacks on block ciphers. DC is based on tracking of changes in the differences between two messages as they pass through the consecutive rounds of encryption. However DC remains very poorly understood. In his textbook written in the late 1990s Schneier wrote that against differential cryptanalysis, GOST is “probably stronger than DES”. In fact Knudsen have soon proposed more powerful advanced differential attacks however the potential space of such attacks is truly immense. To this day there is no method which allows to evaluate the security of a cipher against such attacks in a systematic way. Instead, attacks are designed and improved in ad-hoc ways with heuristics [6–13,21]. The best differential attack known has time complexity of 2179 [13]. In this paper we show that for a given block cipher there exists an optimal size for advanced differential properties. This new understanding allows to considerably reduce the space to be searched for “good” truncated differential properties suitable for an attack.

Download Full-text

Accurate Estimate of the Advantage of Impossible Differential Attacks

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2017.i3.169-191 ◽

2017 ◽

pp. 169-191 ◽

Cited By ~ 1

Author(s):

Céline Blondeau

Keyword(s):

Time Complexity ◽

Block Cipher ◽

Poisson Approximation ◽

Accurate Estimate ◽

Random Permutations ◽

Differential Attack ◽

Impossible Differential ◽

Impossible Differential Attack ◽

Differential Attacks ◽

Multivariate Hypergeometric Distribution

Impossible differential attacks, which are taking advantage of differentials that cannot occur, are powerful attacks for block cipher primitives. The power of such attacks is often measured in terms of the advantage — number of key-bits found during the key sieving phase — which determines the time complexity of the exhaustive key search phase. The statistical model used to compute this advantage has been introduced in the seminal work about the resistance of the DEAL cipher to impossible differential attacks. This model, which has not been modified since the end of the 1990s, is implicitly based on the Poisson approximation of the binomial distribution. In this paper, we investigate this commonly used model and experimentally illustrate that random permutations do not follow it. Based on this observation, we propose more accurate estimates of the advantage of an impossible differential attack. The experiments illustrate the accuracy of the estimate derived from the multivariate hypergeometric distribution. The maximal advantage –using the full codebook– of an impossible differential attack is also derived.

Download Full-text

Security Analysis of 7-Round MISTY1 against Higher Order Differential Attacks

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences ◽

10.1587/transfun.e93.a.144 ◽

2010 ◽

Vol E93-A (1) ◽

pp. 144-152 ◽

Cited By ~ 3

Author(s):

Yukiyasu TSUNOO ◽

Teruo SAITO ◽

Maki SHIGERI ◽

Takeshi KAWABATA

Keyword(s):

Security Analysis ◽

Higher Order ◽

Differential Attacks

Download Full-text

A C0 three-node triangular element based on preprocessing approach for thick sandwich plates

Journal of Sandwich Structures & Materials ◽

10.1177/1099636217729731 ◽

2017 ◽

Vol 21 (6) ◽

pp. 1820-1842

Author(s):

Wu Zhen ◽

Ma Rui ◽

Chen Wanji

Keyword(s):

Transverse Shear ◽

Equilibrium Equation ◽

Three Dimensional ◽

Higher Order ◽

Triangular Element ◽

Shear Stresses ◽

Sandwich Plates ◽

Transverse Shear Stress ◽

Transverse Shear Stresses ◽

Derivatives Of

This paper will try to overcome two difficulties encountered by the C0 three-node triangular element based on the displacement-based higher-order models. They are (i) transverse shear stresses computed from constitutive equations vanish at the clamped edges, and (ii) it is difficult to accurately produce the transverse shear stresses even using the integration of the three-dimensional equilibrium equation. Invalidation of the equilibrium equation approach ought to attribute to the higher-order derivations of displacement parameters involved in transverse shear stress components after integrating three-dimensional equilibrium equation. Thus, the higher-order derivatives of displacement parameters will be taken out from transverse shear stress field by using the three-field Hu–Washizu variational principle before the finite element procedure is implemented. Therefore, such method is named as the preprocessing method for transverse shear stresses in present work. Because the higher-order derivatives of displacement parameters have been eliminated, a C0 three-node triangular element based on the higher-order zig-zag theory can be presented by using the linear interpolation function. Performance of the proposed element is numerically evaluated by analyzing multilayered sandwich plates with different loading conditions, lamination sequences, material constants and boundary conditions, and it can be found that the present model works well in the finite element framework.

Download Full-text

Expansions of the mildly relativistic dispersion function for nearly perpendicular electron cyclotron ray tracing

Journal of Plasma Physics ◽

10.1017/s0022377898007284 ◽

1999 ◽

Vol 61 (1) ◽

pp. 121-128 ◽

Cited By ~ 1

Author(s):

I. P. SHKAROFSKY

Keyword(s):

Ray Tracing ◽

Computer Programs ◽

Higher Order ◽

Electron Cyclotron ◽

Dispersion Function ◽

Relativistic Dispersion ◽

Plasma Dispersion ◽

Derivatives Of ◽

Cyclotron Harmonic ◽

Experienced Difficulty

To trace rays very close to the nth electron cyclotron harmonic, we need the mildly relativistic plasma dispersion function and its higher-order derivatives. Expressions for these functions have been obtained as an expansion for nearly perpendicular propagation in a region where computer programs have previously experienced difficulty in accuracy, namely when the magnitude of (c/vt)2 (ω−nωc)/ω is between 1 and 10. In this region, the large-argument expansions are not yet valid, but partial cancellations of terms occur. The expansion is expressed as a sum over derivatives of the ordinary dispersion function Z. New expressions are derived to relate higher-order derivatives of Z to Z itself in this region of concern in terms of a finite series.

Download Full-text

The higher-order derivatives of spectral functions

Linear Algebra and its Applications ◽

10.1016/j.laa.2006.12.013 ◽

2007 ◽

Vol 424 (1) ◽

pp. 240-281 ◽

Cited By ~ 13

Author(s):

Hristo S. Sendov

Keyword(s):

Higher Order ◽

Spectral Functions ◽

Derivatives Of

Download Full-text

An alternative proof on higher order derivatives of a multilinear map

Linear and Multilinear Algebra ◽

10.1080/03081087.2018.1546816 ◽

2018 ◽

Vol 68 (7) ◽

pp. 1457-1464

Author(s):

Sónia Carvalho

Keyword(s):

Higher Order ◽

Alternative Proof ◽

Multilinear Map ◽

Derivatives Of

Download Full-text

Energy minimization of discrete functions with higher-order potentials for depth map generation

2016 23rd International Conference on Pattern Recognition (ICPR) ◽

10.1109/icpr.2016.7899986 ◽

2016 ◽

Author(s):

Dimitri Bulatov ◽

Benedikt Kottler ◽

Franz Rottensteiner

Keyword(s):

Energy Minimization ◽

Depth Map ◽

Higher Order ◽

Map Generation ◽

Discrete Functions

Download Full-text

Optimal Purely Functional Priority Queues

BRICS Report Series ◽

10.7146/brics.v3i37.20019 ◽

1996 ◽

Vol 3 (37) ◽

Author(s):

Gerth Stølting Brodal ◽

Chris Okasaki

Keyword(s):

Data Structure ◽

Higher Order ◽

Priority Queues ◽

Worst Case ◽

Minimum Element ◽

Asymptotically Optimal ◽

Running Time ◽

Recursive Structures ◽

Functional Setting

Brodal recently introduced the first implementation of imperative priority queues to support findMin, insert, and meld in O(1) worst-case time, and deleteMin in O(log n) worst-case time. These bounds are asymptotically optimal among all comparison-based priority queues. In this paper, we adapt Brodal's data structure to a purely functional setting. In doing so, we both simplify the data structure and clarify its relationship to the binomial queues of Vuillemin, which support all four operations in O(log n) time. Specifically, we derive our implementation from binomial queues in three steps: first, we reduce the running time of insert to O(1) by eliminating the possibility of cascading links; second, we reduce the running time of findMin to O(1) by adding a global root to hold the minimum element; and finally, we reduce the running time of meld to O(1) by allowing priority queues to contain other priority queues. Each of these steps is expressed using ML-style functors. The last transformation, known as data-structural bootstrapping, is an interesting application of higher-order functors and recursive structures.

Download Full-text