













Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
This lecture was delivered by Prof. Adityavardhana Gavde at Ankit Institute of Technology and Science. It is part of series lecture on Network Security course. It includes: Network, Security, Attacks, Block Ciphers, Differential, Linear, Cryptanalysis, Weaknesses, DES
Typology: Slides
1 / 21
This page cannot be seen from the preview
Don't miss anything!














Reported in open literature in
First use in cryptanalysis of
by Murphy. Followed by number of papers by Biham and Shamir. Was the first publish attack
that can break
in less then
55 Can successfully cryptanalyze DES
with
47 encryptions, requiring
47 chosen plaintext. The
47 is significantly less than
55 but need for 2 47 chosen plaintext make this attack only theoretical interest.
Although a powerful tool ,but do not do well against
Reason
according to
was known to the team as early as
The need to strength
against Differential cryptanalysis played a major rule in design of
boxes and
Differential cryptanalysis of eight round
require
chosen plaintext
where as attack on eight round
requires
14 chosen plaintext.
Suppose, that many pairs of input to f with the same difference yield the same output difference if the same key is used. In other words,
may cause
with probability p, if for the fraction p of the pairs in which the input
is
the output
is
we want to suppose that there are number of values of
that have high probability of causing a particular output difference. If number of such differences are determined
it is feasible to determine the sub
key used in the function f.
43
docsity.com
For a 97.7% success rate , the equation N=|p ‐ 1/2| ‐ 2 is suggested. Thus for a success rate of 97.7% we would require |0. ‐ 0.500| ‐ 2 = known plaintext. If number of rounds increase to eight then the probability is
and around 400 known plaintext are required.
Should be non ‐ linear and difficult to approximate with linear function. S ‐ box size, n x m s ‐ box. Larger S ‐ boxes are more ‐ resistant to linear and differential attacks. Mister and Adams proposed, must satisfy Strict avalanche criterion (SAC ), (that output bit j of an S ‐ box should change with probability ½ , when any single input bit i is inverted) and bit independence criterion (BIC),( that output bits j and k should change independently when any single input bit i is inverted) also sujects that they should be bent . GA(Guaranteed Avalanche)
docsity.com