Home | Quick Search | Advanced Search | Bibliography submission | Bibliography submission using bibtex | Bibliography submission using bibtex file | Links | Help | Internal


TitleSpecific S-box criteria in algebraic attacks on block ciphers with several known plaintexts.
Author(s) Nicolas T. Courtois, Blandine Debraize
TypeBook, Chapter in Book, Conference Proceeding
AbstractIn this paper we study algebraic attacks on block ciphers that exploit several (i.e. more than 2) plaintext-ciphertext pairs. We show that this considerably lowers the maximum degree of polynomials that appear in the attack, which allows much faster attacks, some of which can actually be handled experimentally. We point out a theoretical reason why such attacks are more efficient, lying in certain types of multivariate equations that do exist for some S-boxes. Then we show that when the S-box is on 3 bits, such equations do always exist. For S-boxes on 4 bits, the existence of these equations is no longer systematic. We apply our attacks to a toy version of Serpent, a toy version of Rijndael, and a reduced round version of Present, a recently proposed lightweight block cipher. It turns out that some S-boxes are much stronger than others against our attack.
Keywordsalgebraic attacks on block ciphers, Rijndael, Serpent
URL http://link.springer.com/chapter/10.1007%2F978-3-540-88353-1_9
PublisherBerlin: Springer
Translation No
Refereed No