Structural Cryptanalysis of SASAS

Structural Cryptanalysis of SASAS

In this paper we consider the security ofblo ck ciphers which contain alternate layers of invertible S-boxes and affine mappings (there are many popular cryptosystems which use this structure, including the winner of the AES competition, Rijndael). We show that a five layer scheme with 128 bit plain...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Biryukov, Alex, Shamir, Adi
Format: Buchkapitel
Sprache:eng
Schlagworte:
Applied sciences
block ciphers
Cryptanalysis
Cryptography
Exact sciences and technology
Information, signal and communications theory
Rijndael
Signal and communications theory
Structural cryptanalysis
substitution affine networks
substitution permutation networks
Telecommunications and information theory
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In this paper we consider the security ofblo ck ciphers which contain alternate layers of invertible S-boxes and affine mappings (there are many popular cryptosystems which use this structure, including the winner of the AES competition, Rijndael). We show that a five layer scheme with 128 bit plaintexts and 8 bit S-boxes is surprisingly weak even when all the S-boxes and affine mappings are key dependent (and thus completely unknown to the attacker). We tested the attack with an actual implementation, which required just 216 chosen plaintexts and a few seconds on a single PC to find the 217 bits of information in all the unknown elements of the scheme.
ISSN:0302-9743
1611-3349
DOI:10.1007/3-540-44987-6_24