Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
On using RSA with low exponent in a public key network
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
Lecture Notes in Computer Science on Advances in Cryptology-EUROCRYPT'88
LOKI—a cryptographic primitive for authentication and secrecy applications
AUSCRYPT '90 Proceedings of the international conference on cryptology on Advances in cryptology
A known-plaintext attack on two-key triple encryption
EUROCRYPT '90 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
Differential cryptanalysis of the data encryption standard
Differential cryptanalysis of the data encryption standard
Linear cryptanalysis method for DES cipher
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Applied cryptography (2nd ed.): protocols, algorithms, and source code in C
Applied cryptography (2nd ed.): protocols, algorithms, and source code in C
On the security of multiple encryption
Communications of the ACM
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Cracking DES: Secrets of Encryption Research, Wiretap Politics and Chip Design
Cracking DES: Secrets of Encryption Research, Wiretap Politics and Chip Design
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
A High-Speed DES Implementation for Network Applications
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Improving Resistance to Differential Cryptanalysis and the Redesign of LOKI
ASIACRYPT '91 Proceedings of the International Conference on the Theory and Applications of Cryptology: Advances in Cryptology
Multiple Encryption with Minimum Key
Proceedings of the International Conference on Cryptography: Policy and Algorithms
A Java implemented key collision attack on the data encryption standard (DES)
PPPJ '03 Proceedings of the 2nd international conference on Principles and practice of programming in Java
Attacking and repairing the winZip encryption scheme
Proceedings of the 11th ACM conference on Computer and communications security
Countering targeted file attacks using locationguard
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Design of a New Stream Cipher--LEX
New Stream Cipher Designs
3D: A Three-Dimensional Block Cipher
CANS '08 Proceedings of the 7th International Conference on Cryptology and Network Security
The design of a stream cipher LEX
SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
Key recovery attacks on the RMAC, TMAC, and IACBC
ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
A related-key rectangle attack on the full KASUMI
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Rigorous bounds on cryptanalytic time/memory tradeoffs
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Improved time-memory trade-offs with multiple data
SAC'05 Proceedings of the 12th international conference on Selected Areas in Cryptography
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
A Comparative Survey on Cryptology-Based Methodologies
International Journal of Information Security and Privacy
| Hi-index | 0.89 |
In this paper we analyze the complexity of recovering cryptographic keys when messages are encrypted under various keys. We suggest key-collision attacks, which show that the theoretic strength of a block cipher (in ECB mode) cannot exceed the square root of the size of the key space. As a result, in some circumstances, some keys can be recovered while they are still in use, and these keys can then be used to substitute messages by messages more favorable to the attacker (e.g., transfer $1000000 to bank account 123-4567890). Taking DES as our example, we show that one key of DES can be recovered with complexity 228, and one 168-bit key of (three-key) triple-DES can be recovered with complexity 284. We also discuss the theoretic strength of chaining modes of operation, and show that in some cases they may be vulnerable to such attacks.