Open AccessProceedings Article
Multiplicative Differentials
Nikita Borisov,Monica Chew,Rob Johnson,David Wagner +3 more
- 04 Feb 2002
pp 17-33
68
TL;DR: It is concluded that cipher designers may have placed too much faith in multiplication as a mixing operator, and that it should be combined with at least two other incompatible group operations.
read more
Abstract: We present a new type of differential that is particularly suited to analyzing ciphers that use modular multiplication as a primitive operation. These differentials are partially inspired by the differential used to break Nimbus, and we generalize that result. We use these differentials to break the MultiSwap cipher that is part of the Microsoft Digital Rights Management subsystem, to derive a complementation property in the xmx cipher using the recommended modulus, and to mount a weak key attack on the xmx cipher for many other moduli. We also present weak key attacks on several variants of IDEA. We conclude that cipher designers may have placed too much faith in multiplication as a mixing operator, and that it should be combined with at least two other incompatible group operations.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
C -Differentials, Multiplicative Uniformity, and (Almost) Perfect c -Nonlinearity
TL;DR: A new (output) multiplicative differential is defined, and the corresponding c-differential uniformity of the inverse function (in any dimension and characteristic), relevant for the Rijndael block cipher.
91
Investigations on c -(Almost) Perfect Nonlinear Functions
TL;DR: This work continues the work by looking at some APN functions through the mentioned concept and showing that their $c$ -differential uniformity increases significantly in some cases.
62
A new attack on 6-round IDEA
Eli Biham,Orr Dunkelman,Nathan Keller +2 more
- 26 Mar 2007
TL;DR: This paper presents the first known attack on 6-round IDEA faster than exhaustive key search, and exploits the weak keyschedule algorithm of IDEA, and combines Square-like techniques with linear cryptanalysis to increase the number of rounds that can be attacked.
50
On the c -differential uniformity of certain maps over finite fields
TL;DR: Some classes of power maps with low c-differential uniformity over finite fields of odd characteristic, for c = -1, are given and a necessary and sufficient condition for a linearized polynomial to be a perfect c-nonlinear function is given.
45
•Journal Article
A New Attack on 6-Round IDEA
TL;DR: The first known attack on 6-round IDEA was presented in this article, which exploits the weak keyschedule algorithm of IDEA, and combines Square-like techniques with linear cryptanalysis to increase the number of rounds that can be attacked.
43
References
Linear cryptanalysis method for DES cipher
Mitsuru Matsui
- 02 Jan 1994
TL;DR: A new method is introduced for cryptanalysis of DES cipher, which is essentially a known-plaintext attack, that is applicable to an only-ciphertext attack in certain situations.
Differential cryptanalysis of DES-like cryptosystems
Eli Biham,Adi Shamir +1 more
- 11 Aug 1990
TL;DR: A new type of cryptanalytic attack is developed which can break the reduced variant of DES with eight rounds in a few minutes on a personal computer and can break any reduced variantof DES (with up to 15 rounds) using less than 256 operations and chosen plaintexts.
Markov ciphers and differential cryptanalysis
Xuejia Lai,James L. Massey,Sean Murphy +2 more
- 08 Apr 1991
TL;DR: It is shown that PES (8) and PES(16) are immune to differential cryptanalysis after sufficiently many rounds, and a new design principle for Markov ciphers, viz., that their transition probability matrices should not be symmetric is suggested.
A generalization of linear cryptanalysis and the applicability of Matsui's piling-up lemma
Carlo Harpes,Gerhard Kramer,James L. Massey +2 more
- 21 May 1995
TL;DR: It is argued that the ciphers IDEA and SAFER K-64 are secure against this generalization of linear cryptanalysis, and the basic attack is described and conditions for it to be successful.
Related Papers (5)
Eli Biham,Adi Shamir +1 more
- 11 Aug 1990
[...]
Joan Daemen,René Govaerts,Joos Vandewalle +2 more
- 02 Jan 1994
[...]
David Wagner
- 24 Mar 1999