nach oben

Journal of Cryptology

Erschienen in:

17.08.2017

Efficient Slide Attacks

verfasst von: Achiya Bar-On, Eli Biham, Orr Dunkelman, Nathan Keller

Erschienen in: Journal of Cryptology | Ausgabe 3/2018

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The slide attack, presented by Biryukov and Wagner, has already become a classical tool in cryptanalysis of block ciphers. While it was used to mount practical attacks on a few cryptosystems, its practical applicability is limited, as typically, its time complexity is lower bounded by \(2^n\) (where n is the block size). There are only a few known scenarios in which the slide attack performs better than the \(2^n\) bound. In this paper, we concentrate on efficient slide attacks, whose time complexity is less than \(2^n\). We present a number of new attacks that apply in scenarios in which previously known slide attacks are either inapplicable, or require at least \(2^n\) operations. In particular, we present the first known slide attack on a Feistel construction with a 3-round self-similarity, and an attack with practical time complexity of \(2^{40}\) on a 128-bit key variant of the GOST block cipher with unknown S-boxes. The best previously known attack on the same variant, with known S-boxes (by Courtois), has time complexity of \(2^{91}\).

Nächster Artikel Completeness for Symmetric Two-Party Functionalities: Revisited

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

We note that the slide attack is related to several previous techniques, including the attack of Grossman and Tucherman on Feistel constructions [30] and Biham’s related-key attack [3].

Instead of storing the list of locations, one can define a lexicographic order (or any other standardized order) and apply a hash function on the list.

We note that GOST has been the Russian encryption standard since 1989. In 2015, the Russian Federation standardization body issued another standard called Kuznyechik, to be effective in parallel with GOST (which is now called MAGMA in the official documents). Hence, currently GOST is one of the two Russian standards for block ciphers.

We note that according to the published documentation [29], the S-boxes are not necessarily permutations. Hence, an S-box can be modeled as an unknown 64-bit key.

Obviously when we discuss the most significant S-box, there is no such carry with probability 1.

Using standard independence assumption and the Poisson distribution of right pairs, the success probability is 71.8%.

W. Aerts, E. Biham, D.D. Moitie, E.D. Mulder, O. Dunkelman, S. Indesteege, N. Keller, B. Preneel, G.A.E. Vandenbosch, I. Verbauwhede, A practical attack on KeeLoq. J. Cryptol. 25(1), 136–157 (2012)

M.V. Anand, E.E. Targhi, G.N. Tabia, D. Unruh, Post-quantum security of the CBC, CFB, OFB, CTR, and XTS modes of operation, in T. Takagi (ed.) Post-Quantum Cryptography—7th International Workshop, PQCrypto 2016, Fukuoka, Japan, February 24–26, 2016, Proceedings. Lecture Notes in Computer Science, vol. 9606 (Springer, Berlin, 2016), pp. 44–63

E. Biham, New types of cryptanalytic attacks using related keys. J. Cryptol. 7(4), 229–246 (1994)CrossRefMATH

E. Biham, O. Dunkelman, N. Keller, Improved slide attacks, in A. Biryukov (ed.) Fast Software Encryption, 14th International Workshop, FSE 2007, Luxembourg, Luxembourg, March 26–28, 2007, Revised Selected Papers. Lecture Notes in Computer Science, vol. 4593 (Springer, Berlin, 2007), pp. 153–166

E. Biham, A. Shamir, Differential Cryptanalysis of the Data Encryption Standard (Springer, Berlin, 1993)

A. Biryukov, C. Bouillaguet, D. Khovratovich, Cryptographic schemes based on the ASASA structure: black-box, white-box, and public-key (extended abstract), in P. Sarkar, T. Iwata (eds.) Advances in Cryptology—ASIACRYPT 2014—20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung, Taiwan, R.O.C., December 7–11, 2014. Proceedings, Part I. Lecture Notes in Computer Science, vol. 8873 (Springer, Berlin, 2014), pp. 63–84

A. Biryukov, D. Khovratovich, L. Perrin, Multiset-Algebraic Cryptanalysis of Reduced Kuznyechik, Khazad, and secret SPNs. IACR Trans. Symmetric Cryptol. 2016(2), 226–247 (2016). http://tosc.iacr.org/index.php/ToSC/article/view/572

A. Biryukov, L. Perrin, On reverse-engineering S-boxes with hidden design criteria or structure, in R. Gennaro, M. Robshaw, (eds.) Advances in Cryptology—CRYPTO 2015—35th Annual Cryptology Conference, Santa Barbara, CA, USA, August 16–20, 2015, Proceedings, Part I. Lecture Notes in Computer Science, vol. 9215 (Springer, Berlin, 2015), pp. 116–140

A. Biryukov, A. Shamir, Structural Cryptanalysis of SASAS. J. Cryptol. 23(4), 505–518 (2010)MathSciNetCrossRefMATH

10.

A. Biryukov, D. Wagner, Slide attacks. in L.R. Knudsen, (ed.) Fast Software Encryption, 6th International Workshop, FSE ’99, Rome, Italy, March 24–26, 1999, Proceedings. Lecture Notes in Computer Science, vol. 1636 (Springer, Berlin, 1999), pp. 245–259

11.

A. Biryukov, D. Wagner, Advanced slide attacks, in B. Preneel, (ed.)Advances in Cryptology—EUROCRYPT 2000, International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14–18, 2000, Proceeding. Lecture Notes in Computer Science, vol. 1807 (Springer, Berlin, 2000), pp. 589–606

12.

N. Courtois, Algebraic complexity reduction and cryptanalysis of GOST. IACR Cryptology ePrint Archive 2011, 626 (2011). http://eprint.iacr.org/2011/626

13.

N.T. Courtois, An improved differential attack on full GOST. IACR Cryptology ePrint Archive 2012, 138 (2012). http://eprint.iacr.org/2012/138

14.

N.T. Courtois, Cryptanalysis of two GOST variants with 128-bit keys. Cryptologia 38(4), 348–361 (2014)CrossRef

15.

N.T. Courtois, An improved differential attack on full GOST, in P.Y.A. Ryan, D. Naccache, J. Quisquater, (eds.) The New Codebreakers—Essays Dedicated to David Kahn on the Occasion of His 85th Birthday. Lecture Notes in Computer Science, vol. 9100 (Springer, Berlin, 2016), pp. 282–303

16.

J. Daemen, L.R. Knudsen, V. Rijmen, The block cipher square, in E. Biham, (ed.) Fast Software Encryption, 4th International Workshop, FSE ’97, Haifa, Israel, January 20–22, 1997, Proceedings. Lecture Notes in Computer Science, vol. 1267 (Springer, Berlin, 1997), pp. 149–165

17.

J. Daemen, V. Rijmen, The design of Rijndael: AES—the advanced encryption standard. Information Security and Cryptography (Springer, Berlin, 2002)

18.

I. Dinur, O. Dunkelman, N. Keller, A. Shamir, Reflections on slide with a twist attacks. Des. Codes Cryptogr. 77(2–3), 633–651 (2015)

19.

I. Dinur, O. Dunkelman, A. Shamir, Improved attacks on full GOST, in A. Canteaut, (ed.) Fast Software Encryption—19th International Workshop, FSE 2012, Washington, DC, USA, March 19–21, 2012. Revised Selected Papers. Lecture Notes in Computer Science, vol. 7549 (Springer, Berlin, 2012), pp. 9–28

20.

O. Dunkelman, N. Keller, Reverse Engineering the Difference Distribution Table (2016), work in progress

21.

O. Dunkelman, N. Keller, A. Shamir, Slidex attacks on the Even–Mansour encryption scheme. J. Cryptol. 28(1), 1–28 (2015)MathSciNetCrossRefMATH

22.

S. Even, Y. Mansour, A construction of a cipher from a single pseudorandom permutation. J. Cryptol. 10(3), 151–162 (1997)MathSciNetCrossRefMATH

23.

P. Flajolet, R. Sedgewick, Analytic Combinatorics (Cambridge University Press, Cambridge, 2009). http://www.cambridge.org/uk/catalogue/catalogue.asp?isbn=9780521898065

24.

R.W. Floyd, Nondeterministic Algorithms. J. ACM 14(4), 636–644 (1967)

25.

S. Furuya, Slide attacks with a known-plaintext cryptanalysis, in K. Kim, (ed.) Information Security and Cryptology—ICISC 2001, 4th International Conference Seoul, Korea, December 6–7, 2001, Proceedings. Lecture Notes in Computer Science, vol. 2288 (Springer, Berlin, 2001), pp. 214–225

26.

V. Goncharov, On the distribution of cycles in permutations. Doklady Akedmii Nauk SSSR 35, 299–301 (1942)

27.

V. Goncharov, Some facts from combinatorics. Izvestia Academii Nauk SSSR 8 , 3–48 (1944), ser. Mat.

28.

M. Gorski, S. Lucks, T. Peyrin, Slide attacks on a class of hash functions, in J. Pieprzyk, (ed.) Advances in Cryptology—ASIACRYPT 2008, 14th International Conference on the Theory and Application of Cryptology and Information Security, Melbourne, Australia, December 7–11, 2008. Proceedings. Lecture Notes in Computer Science, vol. 5350 (Springer, Berlin, 2008), pp. 143–160

29.

Government Committee of the USSR for Standards, Gosudarstvennei Standard 28147-89: Cryptographic Protection for Data Processing Systems. Tech. rep. (1989)

30.

E.K. Grossman, B. Tucherman, Analysis of a weakened Feistel-like Cipher, in Proceedings of International Conference on Communications (1978), pp. 46.3.1–46.3.5

31.

T. Isobe, A single-key attack on the full GOST block cipher. J. Cryptol. 26(1), 172–189 (2013)MathSciNetCrossRefMATH

32.

T. Isobe, K. Shibutani, Generic key recovery attack on Feistel scheme, in K. Sako, P. Sarkar, (eds.) Advances in Cryptology—ASIACRYPT 2013—19th International Conference on the Theory and Application of Cryptology and Information Security, Bengaluru, India, December 1–5, 2013, Proceedings, Part I. Lecture Notes in Computer Science, vol. 8269 (Springer, Berlin, 2013), pp. 464–485

33.

J. Jean, I. Nikolic, T. Peyrin, L. Wang, S. Wu, Security analysis of PRINCE, in S. Moriai (ed.) Fast Software Encryption—20th International Workshop, FSE 2013, Singapore, March 11–13, 2013. Revised Selected Papers. Lecture Notes in Computer Science, vol. 8424 (Springer, Berlin, 2013), pp. 92–111

34.

M. Kaplan, G. Leurent, A. Leverrier, M. Naya-Plasencia, Breaking symmetric cryptosystems using quantum period finding, in M. Robshaw, J. Katz, (eds.) Advances in Cryptology—CRYPTO 2016—36th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 14–18, 2016, Proceedings, Part II. Lecture Notes in Computer Science, vol. 9815 (Springer, Berlin, 2016), pp. 207–237

35.

O. Kara, Reflection attacks on product ciphers. IACR Cryptology ePrint Archive 2007, 43 (2007). http://eprint.iacr.org/2007/043

36.

O. Kara, Reflection cryptanalysis of some ciphers, in D.R. Chowdhury, V. Rijmen, A. Das, (eds.) Progress in Cryptology—INDOCRYPT 2008, 9th International Conference on Cryptology in India, Kharagpur, India, December 14–17, 2008. Proceedings. Lecture Notes in Computer Science, vol. 5365 (Springer, Berlin, 2008), pp. 294–307

37.

Y. Ko, S. Hong, W. Lee, S. Lee, J. Kang, Related key differential attacks on 27 rounds of XTEA and full-round GOST, in B.K. Roy, W. Meier, (eds.) Fast Software Encryption, 11th International Workshop, FSE 2004, Delhi, India, February 5–7, 2004, Revised Papers. Lecture Notes in Computer Science, vol. 3017 (Springer, Berlin, 2004), pp. 299–316

38.

M. Matsui, Linear cryptanalysis method for DES cipher, in T. Helleseth, (ed.) Advances in Cryptology—EUROCRYPT ’93, Workshop on the Theory and Application of Cryptographic Techniques, Lofthus, Norway, May 23–27, 1993, Proceedings. Lecture Notes in Computer Science, vol. 765 (Springer, Berlin, 1993), pp. 386–397

39.

B. Minaud, P. Derbez, P. Fouque, P. Karpman, Key-recovery attacks on ASASA, in T. Iwata, J.H Cheon, (eds.) Advances in Cryptology—ASIACRYPT 2015—21st International Conference on the Theory and Application of Cryptology and Information Security, Auckland, New Zealand, November 29–December 3, 2015, Proceedings, Part II. Lecture Notes in Computer Science, vol. 9453 (Springer, Berlin, 2015), pp. 3–27

40.

National Bureau of Standards: Data Encryption Standard. NBS Federal Information Processing Standard (FIPS) 46 (1977)

41.

M.J Saarinen, A chosen key attack against the secret S-boxes of GOST (1998). http://citeseer.ist.psu.edu/saarinen98chosen.html

42.

B. Schneier, Applied Cryptography 2nd edn (Wiley, New York, 1996)

43.

D.R. Simon, On the power of quantum computation. SIAM J. Comput. 26(5), 1474–1483 (1997)MathSciNetCrossRefMATH

44.

T. Tiessen, L.R. Knudsen, S. Kölbl, M.M. Lauridsen, Security of the AES with a secret S-Box. in G. Leander, (ed.)Fast Software Encryption—22nd International Workshop, FSE 2015, Istanbul, Turkey, March 8–11, 2015, Revised Selected Papers. Lecture Notes in Computer Science, vol. 9054 (Springer, Berlin, 2015), pp. 175–189

Titel: Efficient Slide Attacks
verfasst von: Achiya Bar-On
Eli Biham
Orr Dunkelman
Nathan Keller
Publikationsdatum: 17.08.2017
Verlag: Springer US
Erschienen in: Journal of Cryptology / Ausgabe 3/2018
Print ISSN: 0933-2790
Elektronische ISSN: 1432-1378
DOI: https://doi.org/10.1007/s00145-017-9266-8

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 3/2018

Stream Ciphers: A Practical Solution for Efficient Homomorphic-Ciphertext Compression

On the Feasibility of Extending Oblivious Transfer

On Constructing One-Way Permutations from Indistinguishability Obfuscation

Completeness for Symmetric Two-Party Functionalities: Revisited

Key-Recovery Attacks on ASASA

Asymptotically Efficient Lattice-Based Digital Signatures

Premium Partner