A new impossible differential attack on SAFER ciphers

Authors:
Shihui Zheng;Licheng Wang;Yixian Yang
Affiliations:
Information Security Center, State Key Laboratory of Networking and Switching Technology, Key Laboratory of Network and Information Attack & Defence Technology of MOE, Beijing University of Posts ...;Information Security Center, State Key Laboratory of Networking and Switching Technology, Key Laboratory of Network and Information Attack & Defence Technology of MOE, Beijing University of Posts ...;Information Security Center, State Key Laboratory of Networking and Switching Technology, Key Laboratory of Network and Information Attack & Defence Technology of MOE, Beijing University of Posts ...
Venue:
Computers and Electrical Engineering
Year:
2010

Citing 6
Cited 1

A Key-schedule Weakness in SAFER K-64

CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
SAFER K-64: A Byte-Oriented Block-Ciphering Algorithm

Fast Software Encryption, Cambridge Security Workshop
Truncated Differentials of SAFER

Proceedings of the Third International Workshop on Fast Software Encryption
On the SAFER Cryptosystem

Proceedings of the 6th IMA International Conference on Cryptography and Coding
A generalization of linear cryptanalysis and the applicability of Matsui's piling-up lemma

EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials

EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques

New impossible differential attack on SAFER+ and SAFER++

ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents an improved impossible differential cryptanalysis of SAFER ciphers, which uses the miss-in-the-middle technique developed by Biham et al. We analyze 3.75-round SAFER SK-64, using 2^4^5 chosen plaintexts, 2^3^8 bytes memory and 2^4^2 half round computations. Furthermore, the new impossible differential attack on 3.75-round SAFER+/128 uses 2^7^8 chosen plaintexts, 2^7^5 half round computations and 2^6^8 bytes memory. And attack on 3.75-round SAFER++/128 uses 2^7^8 data, 2^6^6 time, and 2^6^2 memory.