Reference : Structural Cryptanalysis of SASAS
Scientific journals : Article
Engineering, computing & technology : Computer science
Structural Cryptanalysis of SASAS
Biryukov, Alex mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Shamir, Adi [Weizmann Institute of Science, Israel]
Journal of Cryptology
Yes (verified by ORBilu)
[en] Cryptanalysis ; Structural cryptanalysis ; Multiset attack ; Block ciphers ; Substitution permutation networks ; Substitution affine networks ; Rijndael ; AES
[en] In this paper we consider the security of block ciphers which contain alternate layers of invertible S-boxes and affine mappings (there are many popular cryptosystems which use this structure, including the winner of the AES competition, Rijndael). We show that a five-layer scheme with 128-bit plaintexts and 8-bit S-boxes is surprisingly weak against what we call a multiset attack, even when all the S-boxes and affine mappings are key dependent (and thus completely unknown to the attacker). We tested the multiset attack with an actual implementation, which required just 2^16 chosen plaintexts and a few seconds on a single PC to find the 2^17 bits of information in all the unknown elements of the scheme.

File(s) associated to this reference

Fulltext file(s):

Open access
structural-cryptanalysis.pdfPublisher postprint273.47 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.