TY - CHAP

T1 - New Combined Attacks on Block Ciphers

AU - Biham, Eli

AU - Dunkelman, Orr

AU - Keller, N.

PY - 2005

Y1 - 2005

N2 - Differential cryptanalysis and linear cryptanalysis are the most widely used techniques for block ciphers cryptanalysis. Several attacks combine these cryptanalytic techniques to obtain new attacks, e.g., differential-linear attacks, miss-in-the-middle attacks, and boomerang attacks.
In this paper we present several new combinations: we combine differentials with bilinear approximations, higher-order differentials with linear approximations, and the boomerang attack with linear, with differential-linear, with bilinear, and with differential-bilinear attacks. We analyze these combinations and present examples of their usefulness. For example, we present a 6-round differential-bilinear approximation of s5DES with a bias of 1/8, and use it to attack 8-round s5DES using only 384 chosen plaintexts. We also enlarge a weak key class of IDEA by a factor of 512 using the higher-order differential-linear technique. We expect that these attacks will be useful against larger classes of ciphers.

AB - Differential cryptanalysis and linear cryptanalysis are the most widely used techniques for block ciphers cryptanalysis. Several attacks combine these cryptanalytic techniques to obtain new attacks, e.g., differential-linear attacks, miss-in-the-middle attacks, and boomerang attacks.
In this paper we present several new combinations: we combine differentials with bilinear approximations, higher-order differentials with linear approximations, and the boomerang attack with linear, with differential-linear, with bilinear, and with differential-bilinear attacks. We analyze these combinations and present examples of their usefulness. For example, we present a 6-round differential-bilinear approximation of s5DES with a bias of 1/8, and use it to attack 8-round s5DES using only 384 chosen plaintexts. We also enlarge a weak key class of IDEA by a factor of 512 using the higher-order differential-linear technique. We expect that these attacks will be useful against larger classes of ciphers.

UR - http://link.springer.com/chapter/10.1007/11502760_9

M3 - Chapter

VL - 3557

T3 - Lecture Notes in Computer Science

SP - 126

EP - 144

BT - Fast Software Encryption

A2 - Gilbert, Henri

A2 - Handschuh, Helena

PB - Springer

CY - Berlin Heidelberg

ER -