Structural Cryptanalysis of SASAS

Structural Cryptanalysis of SASAS

In this paper we consider the security ofblo ck ciphers which contain alternate layers of invertible S-boxes and affine mappings (there are many popular cryptosystems which use this structure, including the winner of the AES competition, Rijndael). We show that a five layer scheme with 128 bit plain...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Biryukov, Alex, Shamir, Adi
Format: Buchkapitel
Sprache:eng
Schlagworte:
Applied sciences
block ciphers
Cryptanalysis
Cryptography
Exact sciences and technology
Information, signal and communications theory
Rijndael
Signal and communications theory
Structural cryptanalysis
substitution affine networks
substitution permutation networks
Telecommunications and information theory
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 405
container_issue
container_start_page 395
container_title
container_volume 2045
creator Biryukov, Alex
Shamir, Adi
description In this paper we consider the security ofblo ck ciphers which contain alternate layers of invertible S-boxes and affine mappings (there are many popular cryptosystems which use this structure, including the winner of the AES competition, Rijndael). We show that a five layer scheme with 128 bit plaintexts and 8 bit S-boxes is surprisingly weak even when all the S-boxes and affine mappings are key dependent (and thus completely unknown to the attacker). We tested the attack with an actual implementation, which required just 216 chosen plaintexts and a few seconds on a single PC to find the 217 bits of information in all the unknown elements of the scheme.
doi_str_mv 10.1007/3-540-44987-6_24
format Book Chapter
fullrecord <record><control><sourceid>proquest_pasca</sourceid><recordid>TN_cdi_pascalfrancis_primary_787265</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>EBC3073130_30_405</sourcerecordid><originalsourceid>FETCH-LOGICAL-p308t-23d3cba08c2f8652108b983cc2b75ccbd00a067d1816cecead756ea858990a183</originalsourceid><addsrcrecordid>eNotkElPwzAQhc0qQumdYxFnl7En3o5VxSZV4lA4W47jQCE0wU4P_fe4y8xhpPdm0XyE3DKYMgD1gFSUQMvSaEWl5eUJucas7AV5SgomGaOIpTkjY6P03uOgQJyTAhA4NarES1IYoQVnAuQVGaf0DTmQgymhIHfLIW78sImunczjth_c2rXbtEqTrpksZzlvyEXj2hTGxzoiH0-P7_MXunh7fp3PFrRH0APlWKOvHGjPGy3zOdCV0eg9r5TwvqoBHEhVM82kDz64WgkZnBbaGHBM44jcH_b2LnnXNtGt_SrZPq5-XdxapRWXIndND10pG-vPEG3VdT_JMrA7ZBZthmD3hOwOWR7A49rY_W1CGmzYTfiwHvLP_sv1Q4jJIihkCLnaEgT-A4akZ1Y</addsrcrecordid><sourcetype>Index Database</sourcetype><iscdi>true</iscdi><recordtype>book_chapter</recordtype><pqid>EBC3073130_30_405</pqid></control><display><type>book_chapter</type><title>Structural Cryptanalysis of SASAS</title><source>Springer Books</source><creator>Biryukov, Alex ; Shamir, Adi</creator><contributor>Pfitzmann, Birgit ; Pfitzmann, Birgit</contributor><creatorcontrib>Biryukov, Alex ; Shamir, Adi ; Pfitzmann, Birgit ; Pfitzmann, Birgit</creatorcontrib><description>In this paper we consider the security ofblo ck ciphers which contain alternate layers of invertible S-boxes and affine mappings (there are many popular cryptosystems which use this structure, including the winner of the AES competition, Rijndael). We show that a five layer scheme with 128 bit plaintexts and 8 bit S-boxes is surprisingly weak even when all the S-boxes and affine mappings are key dependent (and thus completely unknown to the attacker). We tested the attack with an actual implementation, which required just 216 chosen plaintexts and a few seconds on a single PC to find the 217 bits of information in all the unknown elements of the scheme.</description><identifier>ISSN: 0302-9743</identifier><identifier>ISBN: 9783540420705</identifier><identifier>ISBN: 3540420703</identifier><identifier>EISSN: 1611-3349</identifier><identifier>EISBN: 3540449876</identifier><identifier>EISBN: 9783540449874</identifier><identifier>DOI: 10.1007/3-540-44987-6_24</identifier><identifier>OCLC: 958521506</identifier><identifier>LCCallNum: QA268</identifier><language>eng</language><publisher>Germany: Springer Berlin / Heidelberg</publisher><subject>Applied sciences ; block ciphers ; Cryptanalysis ; Cryptography ; Exact sciences and technology ; Information, signal and communications theory ; Rijndael ; Signal and communications theory ; Structural cryptanalysis ; substitution affine networks ; substitution permutation networks ; Telecommunications and information theory</subject><ispartof>Advances in Cryptology - EUROCRYPT 2001, 2001, Vol.2045, p.395-405</ispartof><rights>Springer-Verlag Berlin Heidelberg 2001</rights><rights>2001 INIST-CNRS</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><relation>Lecture Notes in Computer Science</relation></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Uhttps://ebookcentral.proquest.com/covers/3073130-l.jpg</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/3-540-44987-6_24$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/3-540-44987-6_24$$EHTML$$P50$$Gspringer$$H</linktohtml><link.rule.ids>309,310,776,777,781,786,787,790,4036,4037,27906,38236,41423,42492</link.rule.ids><backlink>$$Uhttp://pascal-francis.inist.fr/vibad/index.php?action=getRecordDetail&amp;idt=787265$$DView record in Pascal Francis$$Hfree_for_read</backlink></links><search><contributor>Pfitzmann, Birgit</contributor><contributor>Pfitzmann, Birgit</contributor><creatorcontrib>Biryukov, Alex</creatorcontrib><creatorcontrib>Shamir, Adi</creatorcontrib><title>Structural Cryptanalysis of SASAS</title><title>Advances in Cryptology - EUROCRYPT 2001</title><description>In this paper we consider the security ofblo ck ciphers which contain alternate layers of invertible S-boxes and affine mappings (there are many popular cryptosystems which use this structure, including the winner of the AES competition, Rijndael). We show that a five layer scheme with 128 bit plaintexts and 8 bit S-boxes is surprisingly weak even when all the S-boxes and affine mappings are key dependent (and thus completely unknown to the attacker). We tested the attack with an actual implementation, which required just 216 chosen plaintexts and a few seconds on a single PC to find the 217 bits of information in all the unknown elements of the scheme.</description><subject>Applied sciences</subject><subject>block ciphers</subject><subject>Cryptanalysis</subject><subject>Cryptography</subject><subject>Exact sciences and technology</subject><subject>Information, signal and communications theory</subject><subject>Rijndael</subject><subject>Signal and communications theory</subject><subject>Structural cryptanalysis</subject><subject>substitution affine networks</subject><subject>substitution permutation networks</subject><subject>Telecommunications and information theory</subject><issn>0302-9743</issn><issn>1611-3349</issn><isbn>9783540420705</isbn><isbn>3540420703</isbn><isbn>3540449876</isbn><isbn>9783540449874</isbn><fulltext>true</fulltext><rsrctype>book_chapter</rsrctype><creationdate>2001</creationdate><recordtype>book_chapter</recordtype><recordid>eNotkElPwzAQhc0qQumdYxFnl7En3o5VxSZV4lA4W47jQCE0wU4P_fe4y8xhpPdm0XyE3DKYMgD1gFSUQMvSaEWl5eUJucas7AV5SgomGaOIpTkjY6P03uOgQJyTAhA4NarES1IYoQVnAuQVGaf0DTmQgymhIHfLIW78sImunczjth_c2rXbtEqTrpksZzlvyEXj2hTGxzoiH0-P7_MXunh7fp3PFrRH0APlWKOvHGjPGy3zOdCV0eg9r5TwvqoBHEhVM82kDz64WgkZnBbaGHBM44jcH_b2LnnXNtGt_SrZPq5-XdxapRWXIndND10pG-vPEG3VdT_JMrA7ZBZthmD3hOwOWR7A49rY_W1CGmzYTfiwHvLP_sv1Q4jJIihkCLnaEgT-A4akZ1Y</recordid><startdate>2001</startdate><enddate>2001</enddate><creator>Biryukov, Alex</creator><creator>Shamir, Adi</creator><general>Springer Berlin / Heidelberg</general><general>Springer Berlin Heidelberg</general><general>Springer</general><scope>FFUUA</scope><scope>IQODW</scope></search><sort><creationdate>2001</creationdate><title>Structural Cryptanalysis of SASAS</title><author>Biryukov, Alex ; Shamir, Adi</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-p308t-23d3cba08c2f8652108b983cc2b75ccbd00a067d1816cecead756ea858990a183</frbrgroupid><rsrctype>book_chapters</rsrctype><prefilter>book_chapters</prefilter><language>eng</language><creationdate>2001</creationdate><topic>Applied sciences</topic><topic>block ciphers</topic><topic>Cryptanalysis</topic><topic>Cryptography</topic><topic>Exact sciences and technology</topic><topic>Information, signal and communications theory</topic><topic>Rijndael</topic><topic>Signal and communications theory</topic><topic>Structural cryptanalysis</topic><topic>substitution affine networks</topic><topic>substitution permutation networks</topic><topic>Telecommunications and information theory</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Biryukov, Alex</creatorcontrib><creatorcontrib>Shamir, Adi</creatorcontrib><collection>ProQuest Ebook Central - Book Chapters - Demo use only</collection><collection>Pascal-Francis</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Biryukov, Alex</au><au>Shamir, Adi</au><au>Pfitzmann, Birgit</au><au>Pfitzmann, Birgit</au><format>book</format><genre>bookitem</genre><ristype>CHAP</ristype><atitle>Structural Cryptanalysis of SASAS</atitle><btitle>Advances in Cryptology - EUROCRYPT 2001</btitle><seriestitle>Lecture Notes in Computer Science</seriestitle><date>2001</date><risdate>2001</risdate><volume>2045</volume><spage>395</spage><epage>405</epage><pages>395-405</pages><issn>0302-9743</issn><eissn>1611-3349</eissn><isbn>9783540420705</isbn><isbn>3540420703</isbn><eisbn>3540449876</eisbn><eisbn>9783540449874</eisbn><abstract>In this paper we consider the security ofblo ck ciphers which contain alternate layers of invertible S-boxes and affine mappings (there are many popular cryptosystems which use this structure, including the winner of the AES competition, Rijndael). We show that a five layer scheme with 128 bit plaintexts and 8 bit S-boxes is surprisingly weak even when all the S-boxes and affine mappings are key dependent (and thus completely unknown to the attacker). We tested the attack with an actual implementation, which required just 216 chosen plaintexts and a few seconds on a single PC to find the 217 bits of information in all the unknown elements of the scheme.</abstract><cop>Germany</cop><pub>Springer Berlin / Heidelberg</pub><doi>10.1007/3-540-44987-6_24</doi><oclcid>958521506</oclcid><tpages>11</tpages><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 0302-9743
ispartof Advances in Cryptology - EUROCRYPT 2001, 2001, Vol.2045, p.395-405
issn 0302-9743
1611-3349
language eng
recordid cdi_pascalfrancis_primary_787265
source Springer Books
subjects Applied sciences
block ciphers
Cryptanalysis
Cryptography
Exact sciences and technology
Information, signal and communications theory
Rijndael
Signal and communications theory
Structural cryptanalysis
substitution affine networks
substitution permutation networks
Telecommunications and information theory
title Structural Cryptanalysis of SASAS
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-18T02%3A28%3A15IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_pasca&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=bookitem&rft.atitle=Structural%20Cryptanalysis%20of%20SASAS&rft.btitle=Advances%20in%20Cryptology%20-%20EUROCRYPT%202001&rft.au=Biryukov,%20Alex&rft.date=2001&rft.volume=2045&rft.spage=395&rft.epage=405&rft.pages=395-405&rft.issn=0302-9743&rft.eissn=1611-3349&rft.isbn=9783540420705&rft.isbn_list=3540420703&rft_id=info:doi/10.1007/3-540-44987-6_24&rft_dat=%3Cproquest_pasca%3EEBC3073130_30_405%3C/proquest_pasca%3E%3Curl%3E%3C/url%3E&rft.eisbn=3540449876&rft.eisbn_list=9783540449874&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=EBC3073130_30_405&rft_id=info:pmid/&rfr_iscdi=true