The Design of Rijndael
PRESENT: An Ultra-Lightweight Block Cipher
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
KATAN and KTANTAN -- A Family of Small and Efficient Hardware-Oriented Block Ciphers
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Markov ciphers and differential cryptanalysis
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
On probability of success in linear and differential cryptanalysis
SCN'02 Proceedings of the 3rd international conference on Security in communication networks
Multiple differential cryptanalysis: theory and practice
FSE'11 Proceedings of the 18th international conference on Fast software encryption
SEA: a scalable encryption algorithm for small embedded applications
CARDIS'06 Proceedings of the 7th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
HIGHT: a new block cipher suitable for low-resource device
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
mCrypton – a lightweight block cipher for security of low-cost RFID tags and sensors
WISA'05 Proceedings of the 6th international conference on Information Security Applications
Linear cryptanalysis of reduced-round ICEBERG
ISPEC'12 Proceedings of the 8th international conference on Information Security Practice and Experience
A model for structure attacks, with applications to PRESENT and serpent
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Hi-index | 0.00 |
ICEBERG is proposed by Standaert et al. in FSE 2004 for reconfigurable hardware implementations. It uses 64-bit block size and 128-bit key and the round number is 16. Specially, it is a SPN block cipher and all components are involutional and allow very efficient combinations of encryption/decryption. In this paper, we propose an elaborate method to identify the 6-round differentials and present the differential attack on 7-round ICEBERG with 257 chosen plaintexts and 290.28 7-round encryptions. Then we use multiple differentials to attack 8-round ICEBERG with 263 chosen plaintexts and 296 8-round encryptions. The previous linear cryptanalysis can only attack 7-round ICEBERG with the whole codebook. It means that ICEBERG is more resistant to linear cryptanalysis than differential cryptanalysis. Although our attack cannot threat ICEBERG, we give the best attack for ICEBERG published to date and our elaborate method to identify multiple differential can be used for other similar block ciphers.