Linear cryptanalysis method for DES cipher
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Improving the Upper Bound on the Maximum Average Linear Hull Probability for Rijndael
SAC '01 Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography
New Method for Upper Bounding the Maximum Average Linear Hull Probability for SPNs
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Practically Secure Feistel Cyphers
Fast Software Encryption, Cambridge Security Workshop
PRESENT: An Ultra-Lightweight Block Cipher
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Bit-Pattern Based Integral Attack
Fast Software Encryption
A Statistical Saturation Attack against the Block Cipher PRESENT
CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
Lightweight Block Ciphers Revisited: Cryptanalysis of Reduced Round PRESENT and HIGHT
ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
Algebraic Techniques in Differential Cryptanalysis
Fast Software Encryption
Weak Keys of Reduced-Round PRESENT for Linear Cryptanalysis
Selected Areas in Cryptography
Linear (Hull) and Algebraic Cryptanalysis of the Block Cipher PRESENT
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
On Linear Cryptanalysis with Many Linear Approximations
Cryptography and Coding '09 Proceedings of the 12th IMA International Conference on Cryptography and Coding
Differential cryptanalysis of reduced-round PRESENT
AFRICACRYPT'08 Proceedings of the Cryptology in Africa 1st international conference on Progress in cryptology
Multi-trail statistical saturation attacks
ACNS'10 Proceedings of the 8th international conference on Applied cryptography and network security
On linear hulls, statistical saturation attacks, PRESENT and a cryptanalysis of PUFFIN
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Breaking ciphers with COPACOBANA –a cost-optimized parallel code breaker
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
Linear cryptanalysis of reduced-round PRESENT
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
| Hi-index | 0.00 |
Statistical attacks against block ciphers usually exploit "characteristics". A characteristic essentially defines a relation between (parts of) the block cipher's inputs, outputs and intermediate values. Intuitively, a good characteristic is one for which the relation between the cipher's inputs and outputs exhibit a significant deviation from the uniform distribution. Due to its intensive computational complexity, the search for good characteristics generally relies on heuristics, e.g. based on a branch-and-bound algorithm. But the use of such heuristics directly raises the question whether these good characteristics remain good, as the number of cipher rounds increases. This question relates to the socalled hull effect, expressing the idea that in a practically secure cipher, only the combination of many characteristics can explain the statistical deviations exploited in cryptanalysis. As characteristics are also a central tool when estimating the data complexities of statistical attacks, determining whether a hull effect can be observed is essential in the security evaluation of a block cipher. Unfortunately, this is again a computationally intensive task, as it ideally requires to sample over the full input space. In this paper, we consequently discuss the interest of hardware assistance, in order to improve the understanding of statistical attacks against block ciphers. More precisely, we propose an FPGA design that allowed us to evaluate a statistical saturation attack against the block cipher PRESENT, for overall complexities up to 250. Compared to previous software solutions, it corresponds to an increase of the maximum data complexity experimentally reached up to now by a factor 214. Our experiments confirm that up to 19 rounds of PRESENT can be broken with 248 plaintext/ciphertext pairs. They also serve as a basis for discussing the statistical hull effect and suggest that 31-round PRESENT should be safe against such statistical attacks.