Efficient Dissection of Composite Problems, with Applications to Cryptanalysis, Knapsacks, and Combinatorial Search Problems

Dinur, Itai; Dunkelman, Orr; Keller, Nathan; Shamir, Adi

doi:10.1007/978-3-642-32009-5_42

Cited by 62 publications

(86 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While this may not be a surprise from the point of view of quantum complexity theory (see e.g. the conclusion of [3]), this suggests that the time-space product, a common way of evaluating classical attacks [7], may not be the correct figure of merit to evaluate quantum attacks.…”

Section: Quantum Attacks Against Iterated Block Ciphers 73mentioning

confidence: 99%

Quantum attacks against iterated block ciphers

Каплан¹,

Kaplan²

2016

Матем. вопр. криптогр.

View full text Add to dashboard Cite

Abstract. We study the amplification of security against quantum attacks provided by iteration of block ciphers. We prove that (in contrast to the classical Meet-in-the-middle attack) for quantum adversaries two iterated ideal block ciphers are more much difficult to attack than a single one. The optimality of the quantized Meet-in-the-middle attack is proved. It is shown that contrary to the classical case, the quantum dissection attack against 4-encryption has a better time complexity than a quantum Meet-in-the-middle attack.Key words: iteration of block ciphers, quantum attacks, Meet-in-the-middle attack, dissection attack Квантовые атаки на итерационные блочные шифры М. Каплан Лаборатория передачи и обработки информации, Телеком ПариТех, Париж, ФранцияАннотация. Изучается увеличение стойкости блочного шифра против кван-товых атак за счет числа итераций. Показано, что (в отличие от классиче-ского метода встречи посередине) для квантового злоумышленника вскрыть двукратную итерацию идеальных блочных шифров значительно сложнее, чем однократную. Доказана оптимальность квантового метода встречи посередине. Установлено, что (в отличие от классического случая) квантовая атака рассе-чения против 4-кратной итерации имеет меньшую сложность, чем квантовый метод встречи посередине.Ключевые слова: итерации блочных шифров, квантовые атаки, метод встречи посередине, атака рассечения Citation: Mathematical Aspects of Cryptography, 2016, v. 7, № 2, pp. 71-90 (Russian) c Академия криптографии Российской Федерации, 2016 г. 72M. Kaplan

show abstract

Section: Quantum Attacks Against Iterated Block Ciphers 73mentioning

confidence: 99%

Quantum attacks against iterated block ciphers

Каплан¹,

Kaplan²

2016

Матем. вопр. криптогр.

View full text Add to dashboard Cite

show abstract

“…The problem of merging two large lists with respect to a group-wise Boolean relation has been defined and addressed by Naya-Plasencia in [33,Section 2]. Here, we focus on three algorithms proposed in [33], namely instant matching, gradual matching and an improvement of the parallel matching due to [19]. We provide general and precise formulas for the average time and memory complexities of these three algorithms.…”

Section: Merging the Two Lists Efficientlymentioning

confidence: 99%

“…The details are provided by Algo 3. This algorithm applies an idea from [19] to the parallel matching algorithm from [33]: instead of building a big auxiliary list as in the original parallel matching, we here build small ones which do not need any additional memory. In parallel matching, the elements in both lists are decomposed into three parts: the first t 1 groups, the next t 2 groups, and the remaining (t − t 1 − t 2 ) groups.…”

mentioning

confidence: 99%

Sieve-in-the-Middle: Improved MITM Attacks

Canteaut

Naya-Plasencia

Vayssière

2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. This paper presents a new generic technique, named sieve-in-the-middle, which improves meet-in-the-middle attacks in the sense that it provides an attack on a higher number of rounds. Instead of selecting the key candidates by searching for a collision in an intermediate state which can be computed forwards and backwards, we here look for the existence of valid transitions through some middle sbox. Combining this technique with short bicliques allows to freely add one or two more rounds with the same time complexity. Moreover, when the key size of the cipher is larger than its block size, we show how to build the bicliques by an improved technique which does not require any additional data (on the contrary to previous biclique attacks). These techniques apply to PRESENT, DES, PRINCE and AES, improving the previously known results on these four ciphers. In particular, our attack on PRINCE applies to 8 rounds (out of 12), instead of 6 in the previous cryptanalyses. Some results are also given for theoretically estimating the sieving probability provided by some subsets of the input and output bits of a given sbox.

show abstract

“…The papers [6,9] have the basic idea of guessing one internal state in MITM attacks, but their attacks only succeed in improving memory and data complexities, but not time complexity, of the previous work in [12]. We also note that there is an independent work [8] with similar ideas, but the authors focus on optimizing time-memory trade-offs for composite problems, and their analysis is only applied to the cases where all sub-ciphers have independent keys.…”

Section: Introductionmentioning

confidence: 96%

Multidimensional meet-in-the-middle attack and its applications to KATAN32/48/64

Zhu

Gong

2014

Cryptogr. Commun.

View full text Add to dashboard Cite

This paper investigates a new framework to analyze symmetric ciphers by guessing intermediate states and dividing algorithms into consecutive sub-ciphers. It is suitable for lightweight ciphers with simple key schedules and block sizes smaller than key lengths. New attacks on the block cipher family KATAN are proposed by adopting this framework. Our new attacks can recover the master keys of 175-round KATAN32, 130-round KATAN48 and 112-round KATAN64 faster than exhaustive search, and thus reach many more rounds than previous attacks. We also provide new attacks on 115-round KATAN32 and 100-round KATAN48 in order to demonstrate this new kind of attacks can be more time-efficient and memory-efficient than existing attacks.

show abstract

Efficient Dissection of Composite Problems, with Applications to Cryptanalysis, Knapsacks, and Combinatorial Search Problems

Cited by 62 publications

References 14 publications

Quantum attacks against iterated block ciphers

Quantum attacks against iterated block ciphers

Sieve-in-the-Middle: Improved MITM Attacks

Multidimensional meet-in-the-middle attack and its applications to KATAN32/48/64

Contact Info

Product

Resources

About