Abstract
In this paper we study the resistance of a block cipher against a class of general attacks which we call “iterated attacks”. This class includes some elementary versions of differential and linear cryptanalysis. We prove that we can upper bound the complexity of the attack by using decorrelation techniques. Our main theorem enables to prove the security against these attacks (in our model) of some recently proposed block ciphers COCONUT98 and PEANUT98, as well as the AES candidate DFC.We outline that decorrelation to the order 2d is required for proving security against iterated attacks of order d.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Download to read the full chapter text
Chapter PDF
References
Data Encryption Standard. Federal Information Processing Standard Publication 46, U. S. National Bureau of Standards, 1977.
M. Bellare, P. Rogaway. Random Oracles are Practical: a Paradigm for Designing Efficient Protocols. In 1st ACM Conference on Computer and Communications Security, Fairfax, Virginia, U.S.A., pp. 62–73, ACM Press, 1993.
E. Biham, A. Shamir. Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993.
D. Bleichenbacher. Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS#1. In Advances in Cryptology CRYPTO’98, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 1462, pp. 1–12, Springer-Verlag, 1998.
L. Carter, M. Wegman. Universal Classes of Hash Functions. Journal of Computer and System Sciences, vol. 18, pp. 143–154, 1979.
H. Feistel. Cryptography and Computer Privacy. Scientific American, vol. 228, pp. 15–23, 1973.
H. Gilbert, M. Girault, P. Hoogvorst, F. Noilhan, T. Pornin, G. Poupard, J. Stern, S. Vaudenay. Decorrelated Fast Cipher: an AES Candidate. Submitted to the Advanced Encryption Standard process. In CD-ROM “AES CD-1: Documentation”, National Institute of Standards and Technology (NIST), August 1998.
O. Goldreich, S. Goldwasser, S. Micali. How to Construct Random Functions. In Proceedings of the 25th IEEE Symposium on Foundations of Computer Science, Singer Island, U.S.A., pp. 464–479, IEEE, 1984.
S. Halevi, H. Krawczyk. MMH: Software Message Authentication in the Gbit/Second Rates. In Fast Software Encryption, Haifa, Israel, Lectures Notes in Computer Science 1267, pp. 172–189, Springer-Verlag, 1997.
T. Jakobsen, L. R. Knudsen. The Interpolation Attack on Block Ciphers. In Fast Software Encryption, Haifa, Israel, Lectures Notes in Computer Science 1267, pp. 28–40, Springer-Verlag, 1997.
H. Krawczyk. LFSR-based Hashing and Authentication. In Advances in Cryptology CRYPTO’94, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 839, pp. 129–139, Springer-Verlag, 1994.
L. R. Knudsen. DEAL-A 128-Bit Block Cipher. Presented at the SAC’97 Workshop (Invited Lecture). Submitted to the Advanced Encryption Standard process. In CD-ROM “AES CD-1: Documentation”, National Institute of Standards and Technology (NIST), August 1998.
X. Lai. On the Design and Security of Block Ciphers, ETH Series in Information Processing, vol. 1, Hartung-Gorre Verlag Konstanz, 1992.
X. Lai, J. L. Massey. A Proposal for a New Block Encryption Standard. In Advances in Cryptology EUROCRYPT’90, Aarhus, Denemark, Lectures Notes in Computer Science 473, pp. 389–404, Springer-Verlag, 1991.
X. Lai, J. L. Massey, S. Murphy. Markov Ciphers and Differential Cryptanalysis. In Advances in Cryptology EUROCRYPT’91, Brighton, United Kingdom, Lectures Notes in Computer Science 547, pp. 17–38, Springer-Verlag, 1991.
M. Luby, C. Rackoff. How to Construct Pseudorandom Permutations from Pseudorandom Functions. SIAM Journal on Computing, vol. 17, pp. 373–386, 1988.
S. Lucks. Faster Luby-Rackoff Ciphers. In Fast Software Encryption, Cambridge, United Kingdom, Lectures Notes in Computer Science 1039, pp. 189–203, Springer-Verlag, 1996.
M. Matsui. Linear Cryptanalysis Methods for DES Cipher. In Advances in Cryptology EUROCRYPT’93, Lofthus, Norway, Lectures Notes in Computer Science 765, pp. 386–397, Springer-Verlag, 1994.
M. Matsui. The First Experimental Cryptanalysis of the Data Encryption Standard. In Advances in Cryptology CRYPTO’94, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 839, pp. 1–11, Springer-Verlag, 1994.
M. Matsui. New Structure of Block Ciphers with Provable Security against Differential and Linear Cryptanalysis. In Fast Software Encryption, Cambridge, United Kingdom, Lectures Notes in Computer Science 1039, pp. 205–218, Springer-Verlag, 1996.
M. Matsui. New Block Encryption Algorithm MISTY. In Fast Software Encryption, Haifa, Israel, Lectures Notes in Computer Science 1267, pp. 54–68, Springer-Verlag, 1997.
M. Naor, O. Reingold. On the construction of pseudo-random permutations: Luby-Rackoff revisited. Presented at the Security in Communication Networks Workshop, Amalfi, Italy, 1996. Submitted for publication. http://www.unisa.it/SCN96/papers/Reingold.ps
K. Nyberg. Perfect Nonlinear S-Boxes. In Advances in Cryptology EUROCRYPT’91, Brighton, United Kingdom, Lectures Notes in Computer Science 547, pp. 378–385, Springer-Verlag, 1991.
K. Nyberg. Differentially Uniform Mapping for Cryptography. In Advances in Cryptology EUROCRYPT’93, Lofthus, Norway, Lectures Notes in Computer Science 765, pp. 55–64, Springer-Verlag, 1994.
K. Nyberg. Linear Approximation of Block Ciphers. In Advances in Cryptology EUROCRYPT’94, Perugia, Italy, Lectures Notes in Computer Science 950, pp. 439–444, Springer-Verlag, 1995.
K. Nyberg, L. R. Knudsen. Provable Security against a Differential Cryptanalysis. In Advances in Cryptology CRYPTO’92, Santa Barbara, California, U.S.A., Lectures Notes in Computer Science 740, pp. 566–574, Springer-Verlag, 1993.
K. Nyberg, L. R. Knudsen. Provable Security against a Differential Attack. Journal of Cryptology, vol. 8, pp. 27–37, 1995.
J. Pieprzyk. How to Construct Pseudorandom Permutations from a Single Pseudorandom Functions. In Advances in Cryptology EUROCRYPT’90, Aarhus, Denemark, Lectures Notes in Computer Science 473, pp. 140–150, Springer-Verlag, 1991.
J. Patarin. Etude des G’en’erateurs de Permutations Bas’es sur le Sch’ema du D.E.S., Th’ese de Doctorat de l’Universit’e de Paris 6, 1991.
J. Patarin. How to Construct Pseudorandom and Super Pseudorandom Permutations from One Single Pseudorandom Function. In Advances in Cryptology EUROCRYPT’92, Balatonfüred, Hungary, Lectures Notes in Computer Science 658, pp. 256–266, Springer-Verlag, 1993.
J. Patarin. About Feistel Schemes with Six (or More) Rounds. In Fast Software Encryption, Paris, France, Lectures Notes in Computer Science 1372, pp. 103–121, Springer-Verlag, 1998.
R. L. Rivest, A. Shamir and L. M. Adleman. A Method for Obtaining Digital Signatures and Public-key Cryptosystem. In Communications of the ACM, vol. 21, pp. 120–126, 1978.
C. E. Shannon. Communication Theory of Secrecy Systems. Bell system technical journal, vol. 28, pp. 656–715, 1949.
V. Shoup. Lower Bounds for Discrete Logarithms and Related Problems. In Advances in Cryptology EUROCRYPT’97, Konstanz, Germany, Lectures Notes in Computer Science 1233, pp. 256–266, Springer-Verlag, 1997.
S. Vaudenay. An Experiment on DES — Statistical Cryptanalysis. In 3rd ACM Conference on Computer and Communications Security, New Delhi, India, pp. 139–147, ACM Press, 1996.
S. Vaudenay. Provable Security for Block Ciphers by Decorrelation. In STACS 98, Paris, France, Lectures Notes in Computer Science 1373, pp. 249–275, Springer-Verlag, 1998.
S. Vaudenay. Provable Security for Block Ciphers by Decorrelation. (Full Paper.) Submitted. Preliminary version available on URL:ftp://ftp.ens.fr/pub/reports/liens/liens-98-8.A4.ps.Z
S. Vaudenay. Feistel Ciphers with L 2-Decorrelation. To appear in SAC’98, LNCS.
S. Vaudenay. The Decorrelation Technique Home-Page. http://www.dmi.ens.fr/∼vaudenay/decorrelation.html
G. S. Vernam. Cipher Printing Telegraph Systems for Secret Wire and Radio Telegraphic Communications. Journal of the American Institute of Electrical Engineers, vol. 45, pp. 109–115, 1926.
D. Wagner. The Boomerang Attack. Personal communication.
M. N. Wegman, J. L. Carter. New Hash Functions and their Use in Authentication and Set Equality. Journal of Computer and System Sciences, vol. 22, pp. 265–279, 1981.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Vaudenay, S. (1999). Resistance Against General Iterated Attacks. In: Stern, J. (eds) Advances in Cryptology — EUROCRYPT ’99. EUROCRYPT 1999. Lecture Notes in Computer Science, vol 1592. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48910-X_18
Download citation
DOI: https://doi.org/10.1007/3-540-48910-X_18
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-65889-4
Online ISBN: 978-3-540-48910-8
eBook Packages: Springer Book Archive