Yue Sun scite author profile

Tischhauser

et al. 2012

Differential cryptanalysis is a classic cryptanalytic method for block ciphers, hash functions and stream ciphers. Many extensions and refinements of differential cryptanalysis have been developed. In this paper, we focus on the use of so-called structures in differential attacks, i.e. the use of multiple input and one output difference. We give a general model and complexity analysis for structure attacks and show how to choose the set of differentials to minimize the time and data complexities. Being a subclass of multiple differential attacks in general, structure attacks can also be analyzed in the model of Blondeau et al. from FSE 2011. In this very general model, a restrictive condition on the set of input differences is required for the complexity analysis. We demonstrate that in our dedicated model for structure attacks, this condition can be relaxed, which allows us to consider a wider range of differentials. Finally, we point out an inconsistency in the FSE 2011 attack on 18 rounds of the block cipher PRESENT and use our model for structure attacks to attack 18-round PRESENT and improve the previous structure attacks on 7-round and 8-round Serpent. To the best of our knowledge, those attacks are the best known differential attacks on these two block ciphers.

Stability and convergence of the mark and cell finite difference scheme for Darcy‐Stokes‐Brinkman equations on non‐uniform grids

Numerical Methods Partial

Rui

2018

In this paper, we consider the mark and cell (MAC) method for Darcy-Stokes-Brinkman equations and analyze the stability and convergence of the method on nonuniform grids. Firstly, to obtain the stability for both velocity and pressure, we establish the discrete inf-sup condition. Then we introduce an auxiliary function depending on the velocity and discretizing parameters to analyze the super-convergence. Finally, we obtain the second-order convergence in L2 norm for both velocity and pressure for the MAC scheme, when the perturbation parameter is not approaching 0. We also obtain the second-order convergence for some terms of ‖⋅‖ norm of the velocity, and the other terms of ‖⋅‖ norm are second-order convergence on uniform grid. Numerical experiments are carried out to verify the theoretical results. KEYWORDS Darcy-Stokes-Brinkman equations, error analysis, non-uniform grids, stability, the MAC scheme 1 Numer Methods Partial Differential Eq. 2019;35:509-527. wileyonlinelibrary.com/journal/num

Cryptanalysis of the Full MMB Block Cipher

Wang

Nakahara

2009

Abstract. The block cipher MMB was designed by Daemen, Govaerts and Vandewalle, in 1993, as an alternative to the IDEA block cipher. We exploit and describe unusual properties of the modular multiplication in Z Z 2 32 −1 , which lead to a differential attack on the full 6-round MMB cipher (both versions 1.0 and 2.0). Further contributions of this paper include detailed square and linear cryptanalysis of MMB. Concerning differential cryptanalysis (DC), we can break the full MMB with 2 118 chosen plaintexts, 2 95.91 6-round MMB encryptions and 2 64 counters, effectively bypassing the cipher's countermeasures against DC. For the square attack, we can recover the 128-bit user key for 4-round MMB with 2 34 chosen plaintexts, 2 126.32 4-round encryptions and 2 64 memory blocks. Concerning linear cryptanalysis, we present a key-recovery attack on 3-round MMB requiring 2 114.56 known-plaintexts and 2 126 encryptions. Moreover, we detail a ciphertext-only attack on 2-round MMB using 2 93.6 ciphertexts and 2 93.6 parity computations. These attacks do not depend on weak-key or weak-subkey assumptions, and are thus independent of the key schedule algorithm.

Algebraic Techniques in Differential Cryptanalysis Revisited

Wang

Mouha

et al. 2011

At FSE 2009, Albrecht et al. proposed a new cryptanalytic method that combines algebraic and differential cryptanalysis. They introduced three new attacks, namely Attack A, Attack B and Attack C. For Attack A, they explain that the time complexity is difficult to determine. The goal of Attacks B and C is to filter out wrong pairs and then recover the key. In this paper, we show that Attack C does not provide an advantage over differential cryptanalysis for typical block ciphers, because it cannot be used to filter out any wrong pairs that satisfy the ciphertext differences. Furthermore, we explain why Attack B provides no advantage over differential cryptanalysis for PRESENT. We verify our results for PRESENT experimentally, using both PolyBoRi and Min-iSat. Our work helps to understand which equations are important in the differential-algebraic attack. Based on our findings, we present two new differential-algebraic attacks. Using the first method, our attack on 15-round PRESENT-80 requires 2 59 chosen plaintexts and has a worstcase time complexity of 2 73.79 equivalent encryptions. Our new attack on 14-round PRESENT-128 requires 2 55 chosen plaintexts and has a worstcase time complexity of 2 112.83 equivalent encryptions. Although these attacks have a higher time complexity than the differential attacks, their data complexity is lower.