Re: Algebraic cryptanalysis ?

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view

Adam Shostack (adam@weathership.homeport.org)
Wed, 2 Sep 1998 10:56:45 -0400

Next message: David Honig: "Re: Algebraic cryptanalysis ?"
Previous message: Paulo Barreto: "Re: Algebraic cryptanalysis ?"
Next in thread: Mike Rosing: "Re: Algebraic cryptanalysis ?"
Reply: Mike Rosing: "Re: Algebraic cryptanalysis ?"

| > Consider a cipher that operates on 64-bit blocks & uses a 128-bit
| > key. Can we write equations in any useful algebra for the output
| > in terms of the key & input? Given enough matched input/output
| > (plaintext/ciphertext) pairs known to use the same key, can we
| > just solve for the key?
|
| Proof is very difficult. Analysis is practical for each cipher.
| At least, we can come up with a set of nonlinear equations and
| stare at them until we go nuts.

Possibly of interest is Takeshi Shimoyama & Toshinobu Kaneko's
Quadratic Relation of S-Box and its Application of the Linear Attack
of Full Round DES. (Crypto '98)

http://www.yokohama.tao.go.jp/shimo/paper/crypto98

Adam

Next message: David Honig: "Re: Algebraic cryptanalysis ?"
Previous message: Paulo Barreto: "Re: Algebraic cryptanalysis ?"
Next in thread: Mike Rosing: "Re: Algebraic cryptanalysis ?"
Reply: Mike Rosing: "Re: Algebraic cryptanalysis ?"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view

All trademarks and copyrights are the property of their respective owners.
Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:13:58