Efficient Slide Attacks
The slide attack, presented by Biryukov and Wagner, has already become a classical tool in cryptanalysis of block ciphers. While it was used to mount practical attacks on a few cryptosystems, its practical applicability is limited, as typically, its time complexity is lower bounded by 2 n (where n i...
Gespeichert in:
| Veröffentlicht in: | Journal of cryptology 2018-07, Vol.31 (3), p.641-670 |
|---|---|
| Hauptverfasser: | , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Zusammenfassung: | The slide attack, presented by Biryukov and Wagner, has already become a classical tool in cryptanalysis of block ciphers. While it was used to mount practical attacks on a few cryptosystems, its practical applicability is limited, as typically, its time complexity is lower bounded by
2
n
(where
n
is the block size). There are only a few known scenarios in which the slide attack performs better than the
2
n
bound. In this paper, we concentrate on
efficient
slide attacks, whose time complexity is less than
2
n
. We present a number of new attacks that apply in scenarios in which previously known slide attacks are either inapplicable, or require at least
2
n
operations. In particular, we present the first known slide attack on a Feistel construction with a
3-round
self-similarity, and an attack with practical time complexity of
2
40
on a 128-bit key variant of the GOST block cipher with
unknown
S-boxes. The best previously known attack on the same variant, with
known
S-boxes (by Courtois), has time complexity of
2
91
. |
|---|---|
| ISSN: | 0933-2790 1432-1378 |
| DOI: | 10.1007/s00145-017-9266-8 |