Linear Cryptanalysis of RC5 and RC6

Borst, Johan; Preneel, Bart; Vandewalle, Joos

doi:10.1007/3-540-48519-8_2

Cited by 31 publications

(29 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…practical) block sizes. We note that it is not necessarily the case for block ciphers with a more "exotic" structure, as illustrated in the case of RC5 and RC6 in [4,30,31]. On the other hand, experiments by Selçuk [31] on SP-structured Feistel ciphers seem to match ours.…”

Section: Testing the Key Equivalence Hypothesissupporting

confidence: 54%

Provable security of block ciphers against linear cryptanalysis: a mission impossible?

Piret

Standaert

2008

Des. Codes Cryptogr.

View full text Add to dashboard Cite

Abstract. In this paper, we are concerned with the security of block ciphers against linear cryptanalysis and discuss the distance between the so-called practical security approach and the actual theoretical security provided by a given cipher. For this purpose, we present a number of illustrative experiments performed against small (i.e. computationally tractable) ciphers. We compare the linear probability of the best linear characteristic and the actual best linear probability (averaged over all keys). We also test the key equivalence hypothesis. Our experiments illustrate both that provable security against linear cryptanalysis is not achieved by present design strategies and the relevance of the practical security approach. Finally, we discuss the (im)possibility to derive actual design criteria from the intuitions underlined in these experiments.

show abstract

Section: Testing the Key Equivalence Hypothesissupporting

confidence: 54%

Provable security of block ciphers against linear cryptanalysis: a mission impossible?

Piret

Standaert

2008

Des. Codes Cryptogr.

View full text Add to dashboard Cite

show abstract

“…An estimate of the number of plaintexts required to mount an attack on RC5 and RC6 with varying number of rounds can be used to quantify security strength [27], [28]. time and resources required for the attacker to successfully mount a cryptanalysis attack on the system should be considerably (often, exponentially) more than the time and resources required for encryption/decryption.…”

Section: Tablementioning

confidence: 99%

“…Coefficients α i and ω i are constants and depend on the importance of each application (determined by the system designer) as well as the word size [27] and the length of the encryption key [23], [28]. Motivated by the results in Table 1 [27]- [29], and as shown graphically in Figure 2, the exponent (α i r i + ω i ) is modeled as a linear function of r i .…”

Section: Tablementioning

confidence: 99%

“…In this section, we illustrate the problem tackled in this paper based on an SAE benchmark [32], equipped with security parameters from [27]. The Society of Automotive Engineers (SAE) has released a set of requirements and a control benchmark, i.e., the control system of an electric vehicle, to be able to compare the effectiveness of new solutions for safety critical automotive systems [32].…”

Section: Motivational Examplementioning

confidence: 99%

“…This SAE benchmark, however, does not specify any security parameters. Therefore, here, this SAE benchmark is equipped with security parameters from [27]. According to [27], the longer the word size, the more the number of plaintexts required to mount a successful cryptanalysis attack on the system.…”

Section: Motivational Examplementioning

confidence: 99%

See 2 more Smart Citations

Optimization of Message Encryption for Real-Time Applications in Embedded Systems

Aminifar

Eles

Peng

2018

IEEE Trans. Comput.

View full text Add to dashboard Cite

Abstract-Today, security can no longer be treated as a secondary issue in embedded and cyber-physical systems. Therefore, one of the main challenges in these domains is the design of secure embedded systems under stringent resource constraints and real-time requirements. However, there exists an inherent trade-off between the security protection provided and the amount of resources allocated for this purpose. That is, the more the amount of resources used for security, the higher the security, but the fewer the number of applications which can be run on the platform and meet their timing requirements. This trade-off is of high importance since embedded systems are often highly resource constrained. In this paper, we propose an efficient solution to maximize confidentiality, while also guaranteeing the timing requirements of real-time applications on shared platforms.

show abstract

Cryptanalysis of the Reduced-Round RC6

Miyaji

Nonaka

2002

Information and Communications Security

View full text Add to dashboard Cite

Linear Cryptanalysis of RC5 and RC6

Cited by 31 publications

References 13 publications

Provable security of block ciphers against linear cryptanalysis: a mission impossible?

Provable security of block ciphers against linear cryptanalysis: a mission impossible?

Optimization of Message Encryption for Real-Time Applications in Embedded Systems

Cryptanalysis of the Reduced-Round RC6

Contact Info

Product

Resources

About