Key-Dependency of Linear Probability of RC5 (Special Section on Cryptography and Information Security)
スポンサーリンク
概要
- 論文の詳細を見る
In estimating the vulnerability of a block cipher to differential cryptanalysis and linear cryptanalysis, we must consider the fact that the differential probability and the linear probability vary with the key. In the case of cryptosystems where the round key is XORed to the input data of each round, the difference in both types of probability with different keys is regarded as negligible. However, this is not the case with RC5. This paper makes a primary analysis of the key-dependency of linear probability of RC5. Throughout this paper we study "precise" linear probability. We find some linear approximations that have higher deviation (bias) for some keys than the "best linear approximation" claimed by Kaliski and Yin in CRYPTO'95. Using one linear approximation, we find 10 weak keys of RC5-4/2/2 with linear probability 2^<-1>, 2 weak keys of RC5-4/5/16 with linear probability 2^<-2>, and a weak key of RC5-16/5/16 with linear probability 2^<-15.4>, while Kaliski-Yin's "best biases" are 2^<-3>, 2^<-9>, and 2^<-17>, respectively.
- 社団法人電子情報通信学会の論文
- 1997-01-25
著者
-
MORIAI Shiho
NTT Laboratories
-
AOKI Kazumaro
NTT Laboratories
-
OHTA Kazuo
NTT Laboratories
-
Moriai S
Nippon Telegraph And Telephone Corp. Yokosuka‐shi Jpn
-
AOKI Kazumaro
NTT Communications Corporation
-
Aoki K
Ntt Corp. Yokosuka‐shi Jpn
-
Ohta K
Univ. Electro‐communications Chofu‐shi Jpn
関連論文
- E2-A New 128-Bit Block Cipher(Special Section on Cryptography and Information Security)
- The 128-Bit Block Cipher Camellia(Special Section on Cryptography and Information Security)
- Strict Evaluation of the Maximum Average of Differential Probability and the Maximum Average of Linear Probability (Special Section on Cryptography and Information Security)
- Linear Cryptanalysis of FEAL (Special Section on Cryptography and Information Security)
- Key-Dependency of Linear Probability of RC5 (Special Section on Cryptography and Information Security)
- The Best Linear Expression Search of FEAL (Special Section on Cryptography and Information Security)
- Optimized Software Implementations of E2(Special Section on Cryptography and Information Security)
- An Efficient Interpolation Attack(Special Section on Cryptography and Information Security)
- The Best Differential Characteristic Search of FEAL (Special Section on Cryptography and Information Security)
- Practical Evaluation of Security against Generalized Interpolation Attack(Special Section on Cryptography and Information Security)
- Differential-Linear Cryptanalysis of FEAL-8 (Special Section on Cryptography and Information Security)
- Improved Higher Order Differential Attack and Its Application to Nyberg-Knudsen's Designed Block Cipher
- One-Time Zero-Knowledge Authentications and Their Applications to Untraceable Electronic Cash (Special Section on Cryptography and Information Security)
- Collision Search of a Hash Function by Using Random Mapping (Special Section on Cryptography and Information Security)
- Multi-Signature Schemes Secure against Active Insider Attacks (Special Section on Cryptography and Information Security)
- Security of the Extended Fiat-Shamir Schemes (Special Section on Cryptography and Information Security)