Differential cryptanalysis of the data encryption standard
Differential cryptanalysis of the data encryption standard
Linear cryptanalysis method for DES cipher
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
A Key-schedule Weakness in SAFER K-64
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Improved Truncated Differential Attacks on SAFER
ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
SAFER K-64: A Byte-Oriented Block-Ciphering Algorithm
Fast Software Encryption, Cambridge Security Workshop
Proceedings of the Third International Workshop on Fast Software Encryption
Truncated Differentials of SAFER
Proceedings of the Third International Workshop on Fast Software Encryption
Linear Cryptanalysis of RC5 and RC6
FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
Proceedings of the 6th IMA International Conference on Cryptography and Coding
A new method for known plaintext attack of FEAL cipher
EUROCRYPT'92 Proceedings of the 11th annual international conference on Theory and application of cryptographic techniques
A generalization of linear cryptanalysis and the applicability of Matsui's piling-up lemma
EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
A Chosen Plaintext Linear Attack on Block Cipher CIKS-1
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
New impossible differential attack on SAFER+ and SAFER++
ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
| Hi-index | 0.00 |
This paper presents a linear cryptanalytic attack against reduced round variants of the SAFER family of block ciphers. Compared with the 1.5 round linear relations by Harpes et al., the following new linear relations were found: a 3.75-round non-homomorphic linear relation for both SAFER-K and SAFER-SK with bias ∈ = 2-29; a 2.75 round relation for SAFER+ with bias Ɛ = 2-49. For a 32-bit block mini-version of SAFER a 4.75-round relation with bias Ɛ = 2-16 has been identified. These linear relations apply only to certain weak key classes. The results show that by considering non-homomorphic linear relations, more rounds of the SAFER block cipher family can be attacked. The new attacks pose no threat to any member of the SAFER family.