Questions tagged [differential-analysis]
Differential cryptanalysis is a form of cryptanalysis which studies cryptographic algorithms by observing how differences in input affect differences in output.
150 questions
2
votes
1
answer
113
views
What are realistic can-run-on-my-laptop linear and differential attacks on reduced-round AES?
I'd like to teach linear and differential cryptanalysis using AES as an example. I'm guessing there must be a number of rounds that are realistic to attack on a laptop.
I'm also interested in other ...
- 1,595
1
vote
0
answers
48
views
Effect of summand XOR-difference on the sum
Suppose I have two unknown elements of a ring $\mathbb{Z}_{2^n}$: $a$ and $b$.
Their sum $s_1 = a+b$ is known. Let $x$ be some fixed known value with $m < n$ bits set to 1.
What could I say about ...
- 275
0
votes
0
answers
61
views
Designing simple functions with a high degree of mixing
In designing a MAC algorithm from scratch (don't lecture me, please), I was dissatisfied with what seemed to be patterns in the tags it generated. I figured this was a result of linearity or what have ...
- 3,905
3
votes
1
answer
117
views
How do I find the optimal number of rounds needed so that my block cipher is secure?
I am new to cryptanalysis for SPN. In context of linear and differential cryptanalysis, I would like to know the following.
How does one find the number of active S-boxes in a block cipher?
Why does ...
8
votes
1
answer
1k
views
How can Blowfish be resistant against differential cryptanalysis if it doesn't have S-boxes tuned for that?
The S-boxes used in DES were carefully tuned for resistance against differential cryptanalysis, a technique not known to the public at that time but known to designers of DES. It was later discovered ...
- 1,643
1
vote
1
answer
90
views
Is there any notion of key-recovery attacks security (perhaphs using games) that is equivalent to IND-CPA?
I am talking about Symmetric Cryptography only in the following.
We know that Semantic Security (in the presence of eavesdropper) implies security against message recovery (in the presence of ...
1
vote
0
answers
84
views
New Impossible Differential Attacks on AES reduce time complexity
I am interested in the following snippet from the paper New Impossible Differential Attacks on AES.
Analysis of Steps 3–4 of the 7-Round Attack in the 8-Round Attack
The most time consuming steps of ...
- 41
3
votes
0
answers
77
views
improved impossible differential crpytanalysis of 6-round rijndael
I'm studying the paper: "Improved Impossible Differential Cryptanalysis of Rijndael and Crypton".
I've got two questions:
Please explain the calculation performed for step 5?
Step 4 ...
- 41
2
votes
0
answers
40
views
Can a differential attack on FEAL4 yield multiple valid keys?
For my version of this attack I used the FEAL4 version depicted here http://theamazingking.com/crypto-feal.php and in the book "Applied Cryptanalysis Breaking Ciphers in the Real World -- Mark ...
1
vote
1
answer
74
views
Differential uniformity of vectorial Boolean function
What could we say about differential uniformity of (a vectorial Boolean function) $F = f+g \pmod 2$ (i.e. XOR) in terms of differential uniformity of $f$ and $g$?
- 31
0
votes
1
answer
66
views
Heys Differential Cryptanalysis Question
I'm wondering if anyone is aware of the best input difference to input into the system Heys outlines in his paper (http://www.cs.bc.edu/~straubin/crypto2017/heys.pdf) to achieve a high probability ...
0
votes
0
answers
86
views
How to estimate the bias of linear cryptanalysis given the input and output masks
Assume the input linear mask is $a$, and output mask is $b$,for a block cipher $F$ with $r$ round,How to accurately and quickly estimate the bias of linear cryptanalysis? which is
\begin{equation*}
...
3
votes
1
answer
113
views
Midori block cipher design: importance of $S_b$ as the S-box
With a use of almost MDS the Midori cipher provides a good diffusion. But why $S_b$ is used as S-box and what is its actual importance?
- 31
0
votes
0
answers
79
views
Differential cryptanalysis of modes of operation
It is not quite difficult to understand the idea of differential cryptanalysis applied to a standalone block cipher. The method investigates, how differences of plaintext evolve while going through ...
- 275
0
votes
1
answer
115
views
How to evaluate the minimum complexity of the key recovery when the success probability p is given?
Since the practical security of a symmetric-key primitive is determined by evaluating its resistance against an almost exhaustive list of known cryptanalytic techniques.
My problem is that could we ...