All Questions
Tagged with differential-analysis symmetric
10 questions
1
vote
1
answer
90
views
Is there any notion of key-recovery attacks security (perhaphs using games) that is equivalent to IND-CPA?
I am talking about Symmetric Cryptography only in the following.
We know that Semantic Security (in the presence of eavesdropper) implies security against message recovery (in the presence of ...
1
vote
1
answer
74
views
Differential uniformity of vectorial Boolean function
What could we say about differential uniformity of (a vectorial Boolean function) $F = f+g \pmod 2$ (i.e. XOR) in terms of differential uniformity of $f$ and $g$?
- 31
0
votes
1
answer
115
views
How to evaluate the minimum complexity of the key recovery when the success probability p is given?
Since the practical security of a symmetric-key primitive is determined by evaluating its resistance against an almost exhaustive list of known cryptanalytic techniques.
My problem is that could we ...
0
votes
2
answers
72
views
Targeting integer number of right pair in differential attacks
As we know, purpose of attackers is finding some high probable differential characteristics in differential cryptanalysis. Then they construct some plaintext structures, plaintext pool and expect some ...
- 740
3
votes
1
answer
114
views
How exactly to concatenate two differential trails to form a boomerang disguisher in practice?
I've been reading many papers on boomerang/rectangle attacks. The general strategy is to find two trails for a small number of rounds and then concatenate them to form a longer distinguisher. ...
- 63
1
vote
1
answer
116
views
How do we know a single differential/linear trail dominates the others?
I have read the proof of AES's resistance against differential cryptanalysis. In the proof the authors show that there is no single differential trail with prop ratio higher than $2^{-300}$ over 8 ...
- 35
2
votes
1
answer
251
views
Why isn't there a final permutation on SPN-based ciphers?
I am doing some research on differential cryptanalysis. Most people who are familiar with that cryptanalysis technique do know the tutorial from Heys (Heys Tutorial). I came currently to the question, ...
- 519
2
votes
1
answer
212
views
Symmetric property of DDT of inverse function
Given a bijective function $F: \mathbb{F}_2^n \rightarrow \mathbb{F}_2^n$.
The entry of the Difference Distribution Table (DDT) at row $\alpha$ and column $\beta$ is defined as
$$DDT_{F}(\alpha,\...
- 23
3
votes
1
answer
230
views
What does it mean : "Canonical representative of Sbox is 0123468A5BCF79DE"? and How can we calculate this representative for Sbox?
In paper :Cryptographic Analysis of All 4 × 4-Bit S-Boxes Saarinen has classified $4 \times 4$ S-Boxes and defined Canonical representative for each class of S-Boxes.
What does "Canonical ...
- 336
7
votes
1
answer
1k
views
What is a differential trail?
From what I could find it relates input differences to output differences usually across multiple rounds.
But is it the entire probability distribution over all output differences for one input ...
- 91