Mod n cryptanalysis

Mod n cryptanalysis

In cryptography, mod n cryptanalysis is an attack applicable to block and stream ciphers. It is a form of partitioning cryptanalysis that exploits unevenness in how the cipher operates over equivalence classes (congruence classes) modulo n. The method was first suggested in 1999 by John Kelsey, Bruce Schneier, and David Wagner and applied to RC5P (a variant of RC5) and M6 (a family of block ciphers used in the FireWire standard). These attacks used the properties of binary addition and bit rotation modulo a Fermat prime.

Mod 3 analysis of RC5P

For RC5P, analysis was conducted modulo 3. It was observed that the operations in the cipher (rotation and addition, both on 32-bit words) were somewhat biased over congruence classes mod 3. To illustrate the approach, consider left rotation by a single bit:

X \lll 1=\left\{\begin{matrix} 2X, & \mbox{if } X < 2^{31} \\ 2X + 1 - 2^{32}, & \mbox{if } X \geq 2^{31}\end{matrix}\right.

Then, because

2^{32} \equiv 1\pmod 3,\,

we can deduce that

X \lll 1 \equiv 2X\pmod 3.

Thus left rotation by a single bit has a simple description modulo 3. Analysis of other operations (data dependent rotation and modular addition) reveals similar, notable biases. Although there are some theoretical problems analysing the operations in combination, the bias can be detected experimentally for the entire cipher. In (Kelsey et al., 1999), experiments were conducted up to seven rounds, and based on this they conjecture that as many as nineteen or twenty rounds of RC5P can be distinguished from random using this attack. There is also a corresponding method for recovering the secret key.

Against M6 there are attacks mod 5 and mod 257 that are even more effective.

References

v · d · e Block ciphers (security summary)
Common
algorithms
Less common
algorithms
Camellia · CAST-128 · IDEA · RC2 · RC5 · SEED · Skipjack · TEA · XTEA
Other
algorithms
3-Way · ABC · Akelarre · Anubis · ARIA · BaseKing · BassOmatic · BATON · BEAR and LION · CAST-256 · CIKS-1 · CIPHERUNICORN-A · CIPHERUNICORN-E · CLEFIA · CMEA · Cobra · COCONUT98 · Crab · Cryptomeria/C2 · CRYPTON · CS-Cipher · DEAL · DES-X · DFC · E2 · FEAL · FEA-M · FROG · G-DES · GOST · Grand Cru · Hasty Pudding cipher · Hierocrypt · ICE · IDEA NXT · Intel Cascade Cipher · Iraqi · KASUMI · KeeLoq · KHAZAD · Khufu and Khafre · KN-Cipher · Ladder-DES · Libelle · LOKI97 · LOKI89/91 · Lucifer · M6 · M8 · MacGuffin · Madryga · MAGENTA · MARS · Mercy · MESH · MISTY1 · MMB · MULTI2 · MultiSwap · New Data Seal · NewDES · Nimbus · NOEKEON · NUSH · Q · RC6 · REDOC · Red Pike · S-1 · SAFER · SAVILLE · SC2000 · SHACAL · SHARK · SMS4 · Spectr-H64 · Square · SXAL/MBAL · Threefish · Treyfer · UES · Xenon · xmx · XXTEA · Zodiac
Design
Attack
(cryptanalysis)
Brute force · Linear · Differential (Impossible · Truncated· Integral · Boomerang · Mod n · Related-key · Slide · Rotational · Timing · XSL
Standardization
Misc
v · d · e Cryptography

Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Cryptanalysis — Close up of the rotors in a Fialka cipher machine Cryptanalysis (from the Greek kryptós, hidden , and analýein, to loosen or to untie ) is the study of methods for obtaining the meaning of encrypted information, without access to the secret… …   Wikipedia

  • Mod — Contents 1 Sports 2 General 3 Music 4 Popular culture …   Wikipedia

  • Cryptanalysis of TIA's Common Cryptographic Algorithms — In 1992, the TR 45 working group within the Telecommunications Industry Association (TIA) developed a standard for integration of cryptographic technology into tomorrow s digital cellular systems [TIA92] , which has been updated at least once… …   Wikipedia

  • Cryptanalyse Mod N — En cryptologie, la cryptanalyse mod n est une attaque applicable aux chiffrements par bloc et aux chiffrements par flot. C est une forme de cryptanalyse partitionnelle utilisant l arithmétique modulaire. Elle exploite le fait que le comportement… …   Wikipédia en Français

  • Cryptanalyse mod n — En cryptologie, la cryptanalyse mod n est une attaque applicable aux chiffrements par bloc et aux chiffrements par flot. C est une forme de cryptanalyse partitionnelle utilisant l arithmétique modulaire. Elle exploite le fait que le comportement… …   Wikipédia en Français

  • Cryptanalyse Mod n — En cryptologie, la cryptanalyse mod n est une attaque applicable aux chiffrements par bloc et aux chiffrements par flot. C est une forme de cryptanalyse partitionnelle utilisant l arithmétique modulaire. Elle exploite le fait que le comportement… …   Wikipédia en Français

  • Partitioning cryptanalysis — In cryptography, partitioning cryptanalysis is a form of cryptanalysis for block ciphers. Developed by Carlo Harpes in 1995, the attack is a generalization of linear cryptanalysis. Harpes originally replaced the bit sums (affine transformations)… …   Wikipedia

  • Differential cryptanalysis — is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in an input can affect the resultant difference at… …   Wikipedia

  • Impossible differential cryptanalysis — In cryptography, impossible differential cryptanalysis is a form of differential cryptanalysis for block ciphers. While ordinary differential cryptanalysis tracks differences that propagate through the cipher with greater than expected… …   Wikipedia

  • Келси, Джон — В Википедии есть статьи о других людях с такой фамилией, см. Келси. Джон Келси англ. Kelsy,John Место рождения: США Научная сфера: криптография Место работы …   Википедия

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”