Linear cryptanalysis method for DES cipher
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
An experiment on DES statistical cryptanalysis
CCS '96 Proceedings of the 3rd ACM conference on Computer and communications security
Linear Cryptanalysis Using Multiple Approximations
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
New Method for Upper Bounding the Maximum Average Linear Hull Probability for SPNs
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Stochastic Cryptanalysis of Crypton
FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
PRESENT: An Ultra-Lightweight Block Cipher
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Experiments on the Multiple Linear Cryptanalysis of Reduced Round Serpent
Fast Software Encryption
A Statistical Saturation Attack against the Block Cipher PRESENT
CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
Lightweight Block Ciphers Revisited: Cryptanalysis of Reduced Round PRESENT and HIGHT
ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
Multidimensional Extension of Matsui's Algorithm 2
Fast Software Encryption
Weak Keys of Reduced-Round PRESENT for Linear Cryptanalysis
Selected Areas in Cryptography
Linear (Hull) and Algebraic Cryptanalysis of the Block Cipher PRESENT
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Markov ciphers and differential cryptanalysis
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
A generalization of linear cryptanalysis and the applicability of Matsui's piling-up lemma
EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
Improving the time complexity of Matsui's linear cryptanalysis
ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
Differential cryptanalysis of reduced-round PRESENT
AFRICACRYPT'08 Proceedings of the Cryptology in Africa 1st international conference on Progress in cryptology
FPGA implementation of a statistical saturation attack against PRESENT
AFRICACRYPT'11 Proceedings of the 4th international conference on Progress in cryptology in Africa
A cryptanalysis of PRINTcipher: the invariant subspace attack
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
EPCBC: a block cipher suitable for electronic product code encryption
CANS'11 Proceedings of the 10th international conference on Cryptology and Network Security
| Hi-index | 0.00 |
Statistical Saturation Attacks have been introduced and applied to the block cipher PRESENT at CT-RSA 2009. In this paper, we consider their natural extensions. First, we investigate the existence of better trails than the one used in the former attack. For this purpose, we provide a theoretical evaluation of the trail distributions using probability transition matrices. Since the exhaustive evaluation of all possible distributions turned out to be computationally hard, we additionally provide a heuristic branch-and-bound algorithm that allows us to generate a large number of good trails. These tools confirm that the trail of CT-RSA 2009 was among the best possible ones, but also suggest that numerous other trails have similar properties. As a consequence, we investigate the use of multiple trails and show that it allows significant improvements of the previous cryptanalysis attempts against PRESENT. Estimated complexities indicate that PRESENT-80 is safe against key recovery, by a small security margin. We also discuss the impact of multiple trails for the security of the full PRESENT-128. We finally put forward a "statistical hull" effect that makes the precise theoretical analysis of our results difficult, when the number of block cipher rounds increases.