Cycle Structure of the DES for Keys Having Palindromic (or Antipalindromic) Sequences of Round Keys
IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Is DES a pure cipher? (Results of more cycling experiments on DES)
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
The real reason for Rivest's phenomenon
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
Cycle structure of the DES with weak and semi-weak keys
Proceedings on Advances in cryptology---CRYPTO '86
Differential cryptanalysis of the data encryption standard
Differential cryptanalysis of the data encryption standard
Linear cryptanalysis method for DES cipher
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish)
Fast Software Encryption, Cambridge Security Workshop
Proceedings of the Third International Workshop on Fast Software Encryption
FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
Cryptanalysis of alleged A5 stream cipher
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Reflection Cryptanalysis of Some Ciphers
INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
A single-key attack on the full GOST block cipher
FSE'11 Proceedings of the 18th international conference on Fast software encryption
| Hi-index | 0.00 |
The reflection attack is a recently discovered self similarity analysis which is usually mounted on ciphers with many fixed points. In this paper, we describe two reflection attacks on r-round Blowfish which is a fast, software oriented encryption algorithm with a variable key length k. The attacks work successfully on approximately 2k+32-16r number of keys which we call reflectively weak keys. We give an almost precise characterization of these keys. One interesting result is that 234 known plaintexts are enough to determine if the unknown key is a reflectively weak key, for any key length and any number of rounds. Once a reflectively weak key is identified, a large amount of subkey information is revealed with no cost. Then, we recover the key in roughly r ċ 216r+22 steps. Furthermore, it is possible to improve the attack for some key lengths by using memory to store all reflectively weak keys in a table in advance. The pre-computation phase costs roughly r ċ 2k-11 steps. Then the unknown key can be recovered in 2(k+32-16r)/64 steps. As an independent result, we improve Vaudenay's analysis on Blowfish for reflectively weak keys. Moreover, we propose a new success criterion for an attack working on some subset of the key space when the key generator is random.