
	Where results make sense

Topic: Differential cryptanalysis

In the News (Wed 22 May 13)

EXECUTIVE POWER

Iran

ANALYSIS

Pakistan

Family compact

	Differential Cryptanalysis (Site not responding. Last check: 2007-10-21)
		Differential Cryptanalysis is a potent cryptanalytic technique introduced by Biham and Shamir [3].
		Differential cryptanalysis is designed for the study and attack of DES-like cryptosystems.
		All of the cryptosystems thus far studied using differential cryptanalysis are non-probabilistic cryptosystems in which each plaintext corresponds to a unique ciphertext, i.e.
	www.santafe.edu /~hag/crypto/node22.html (212 words)

	Learn more about Cryptanalysis in the online encyclopedia. (Site not responding. Last check: 2007-10-21)
		Cryptanalysis (from the Greek kryptós and analy´ein, "to loosen" or "to untie"), strictly, includes methods and techniques of recovering information from encrypted material (produced by ciphers or codes) without knowledge of the key, or codebook.
		For single-key (secret key) cryptography there is no significant difference between chosen plaintext and chosen ciphertext if the key is known, but in two-key cryptography it is possible for one of the encryption or decryption functions to be secure against chosen input (either plain or encrypted) while the other is vulnerable.
		Unlike ciphertext attacks or ciphertext/plaintext pair attacks in single-key cryptosystems, this sort of cryptanalysis is aimed at breaking the cryptosystem by analysis that can be carried out based only on a knowledge of the underlying connection between the two keys.
	www.onlineencyclopedia.org /c/cr/cryptanalysis_1.html (774 words)

	Cryptanalysis - Wikipedia
		Cryptanalysis (from the Greek kryptós and analy´ein, "to loosen" or "to untie") is the science (and art) of recovering information from ciphers without knowledge of the key.
		There are three generic types of cryptanalysis characterised by what the cryptanalyst knows: (1) ciphertext only; (2) known ciphertext/plaintext pairs; and (3) chosen plaintext or chosen ciphertext.
		Because of its reliance on "hard" mathematical problems as a basis for cryptoalgorithms and because one of the keys is publicly exposed, two-key cryptography has led to a new type of cryptanalysis that is virtually indistinguishable from research in any other area of computational mathematics.
	nostalgia.wikipedia.org /wiki/Cryptanalysis (549 words)

	Differential cryptanalysis - Wikipedia
		A form of cryptanalysis most often used on block ciphers, although it has occasionally been applied to stream ciphers and cryptographic hash functions as well.
		Differential cryptanalysis was first published by Sean Murphy, Eli Biham and Adi Shamir circa 1990, but there are indications it was known to some sections the closed cryptographic community much earlier.
		Differential cryptanalysis should be seen as mostly a "white hat" method, since such an attack would be very hard to mount in a real-world situation.
	nostalgia.wikipedia.org /wiki/Differential_cryptanalysis (379 words)

	Encyclopedia: Differential cryptanalysis
		Cryptanalysis (from the Greek kryptÃ³s, hidden, and analÃ½ein, to loosen or to untie) is the study of methods for obtaining the meaning of encrypted information, without access to the secret information which is normally required to do so.
		Differential cryptanalysis is a form of cryptanalysis most often used on block ciphers, although it has been applied to stream ciphers and cryptographic hash functions as well.
		Differential cryptanalysis is usually a chosen plaintext attack, meaning that the attacker must be able to obtain encrypted
	www.nationmaster.com /encyclopedia/Differential-cryptanalysis (612 words)

	[No title] (Site not responding. Last check: 2007-10-21)
		In general, differential cryptanalysis is much faster than exhaustive search for a certain number of rounds in the cipher, however there is a breakeven point where it becomes slower than exhaustive search.
		Differential Cryptanalysis was first described by Biham and Shamir in [2], and in greater detail in [3].
		In Differential Cryptanalysis, a table showing the distribution of the XOR of input pairs against the XOR of output pairs is used to determine probabilities of a particular observed output pair being the result of some input pair.
	www.adfa.oz.au /~lpb/papers/tr9138.txt (4168 words)

	Differential cryptanalysis: Just the facts... (Site not responding. Last check: 2007-10-21)
		It was noted that DES is surprisingly resilient to differential cryptanalysis, in the sense that even small modifications make it much more susceptible; this suggested that the designers at IBM (additional info and facts about IBM) knew of this in the 1970s (The decade from 1970 to 1979).
		While DES was designed with resistance to differential cryptanalysis in mind, other contemporary ciphers proved to be vulnerable.
		Differential cryptanalysis is usually a chosen plaintext attack (additional info and facts about chosen plaintext attack), meaning that the attacker must be able to obtain encrypted ciphertext (additional info and facts about ciphertext) s for some set of plaintext (additional info and facts about plaintext) s of his choosing.
	www.absoluteastronomy.com /encyclopedia/d/di/differential_cryptanalysis.htm (516 words)

	Differential Cryptanalysis
		However, differential cryptanalysis is still a viable method to use for reduced versions of DES (using less than the prescribed 16 rounds), and is still effective in making easier an attack on the full DES.
		In fact, that is how differential cryptanalysis works--by guessing bits of the key through various methods, until a brute force search on the remaining bits of the key becomes feasible and faster than other, more complex methods.
		One important note about differential cryptanalysis is that it always works using a pair of plaintexts or inputs, so that they may be compared.
	home.earthlink.net /~mylnir/desdoc.html (3579 words)

	Linear cryptanalysis - Wikipedia, the free encyclopedia
		In cryptography, linear cryptanalysis is a general form of cryptanalysis based on finding affine approximations to the action of a cipher.
		Linear cryptanalysis is one of two widely applicable attacks on block ciphers; the other being differential cryptanalysis.
		The discovery of linear cryptanalysis is attributed to Mitsuru Matsui, who first applied the technique to the FEAL cipher (Matsui and Yamagishi, 1992).
	en.wikipedia.org /wiki/Linear_cryptanalysis (241 words)

	RSA Laboratories - 2.4.5 What are the most important attacks on symmetric block ciphers?
		Differential cryptanalysis is basically a chosen plaintext attack (see Question 2.4.2); it relies on an analysis of the evolution of the differences between two related plaintexts as they are encrypted under the same key.
		Differential cryptanalysis has also been useful in attacking other cryptographic primitives such as hash functions (see Section 2.1.6).
		Linear cryptanalysis is a known plaintext attack (see Question 2.4.2) which uses a linear approximation to describe the behavior of the block cipher.
	www.rsa.com /rsalabs/node.asp?id=2204 (762 words)

	Knowledge King - Differential cryptanalysis (Site not responding. Last check: 2007-10-21)
		Differential cryptanalysis was first published by Sean Murphy, Eli Biham and Adi Shamir circa 1990, but it was known to the National Security Agency as far back as the early-1970's.
		Parties involved in the creation of DES have admitted that defending against differential cryptanalysis was the primary design goal of DES, and the secrecy of the technique was the reason the design process of DES was kept secret.
		Since differential cryptanalysis became public knowledge, it has become an essential tool of cipher designers.
	www.knowledgeking.net /encyclopedia/d/di/differential_cryptanalysis.html (357 words)

	Constructing Symmetric Ciphers Using the CAST Design Procedure
		Differential [8] and linear [32] cryptanalysis appear to be fairly general-purpose attacks which may be applied to a variety of substitution-permutation network (DES-like) ciphers.
		With subsequent improvements to the differential attack [8] and with the introduction of linear cryptanalysis, it now appears that 18-20 rounds would be necessary for DES to be theoretically as strong as its keysize.
		Differential and linear cryptanalysis (chosen- and known-plaintext attacks, respectively) are similar in flavour in that both rely on s-box properties to formulate an attack on a single s-box.
	cryptome.sabotage.org /cast.html (12489 words)

	cryptanalysis - a Whatis.com definition (Site not responding. Last check: 2007-10-21)
		Cryptanalysis refers to the study of ciphers, ciphertext, or cryptosystems (that is, to secret code systems) with a view to finding weaknesses in them that will permit retrieval of the plaintext from the ciphertext, without necessarily knowing the key or the algorithm.
		However, successful cryptanalysis has made the enormous resources often devoted to it more than worthwhile: the breaking of the German Enigma code during WWII, for example, was one of the key factors in an early Allied victory.
		Today, cryptanalysis is practiced by a broad range of organizations: governments try to break other governments' diplomatic and military transmissions; companies developing security products send them to cryptanalysts to test their security features and to a hacker or cracker to try to break the security of Web sites by finding weaknesses in the securing protocols.
	searchsecurity.techtarget.com /sDefinition/0,,sid14_gci214432,00.html (840 words)

	Differential Cryptanalysis: A Literature Survey
		Thus, in practice, Differential Cryptanalysis would seem to be defeated by the simple use of message keys and limitations on the amount of material ciphered under a single message key.
		The complexity of differential cryptanalysis depends on the size of the largest entry in the XOR table, the total number of zeros in the XOR table, and the number of nonzero entries in the first column of that table [1], [3].
		The complexity of differential cryptanalysis depends on the size of the largest entry in the XOR table, the total number of zeros in the XOR table, and the number of nonzero entries in the first column in that table [1], [8].
	www.ciphersbyritter.com /RES/DIFFANA.HTM (4246 words)

	Data Encryption Standard (Site not responding. Last check: 2007-10-21)
		Another theoretical attack, linear cryptanalysis, was published in 1994, but it was a brute force attack in 1998 that demonstrated that DES could be attacked very practically, and highlighted the need for a replacement algorithm.
		Differential cryptanalysis was discovered in the late 1980s by Eli Biham and Adi Shamir, although it was known earlier to both IBM and the NSA and kept secret.
		A generalisation of LC — multiple linear cryptanalysis — was suggested in 1994 (Kaliski and Robshaw), and was further refined by Biryukov et al (2004); their analysis suggests that multiple linear approximations could be used to reduce the data requirements of the attack by at least a factor of 4 (i.e.
	www.centipedia.com /articles/DES (3601 words)

	Information Security - MITSUBISHI ELECTRIC
		Differential cryptanalysis is a chosen, plain-text attack applied to DES encryption and proposed by Biham and Shamir in 1990.
		Because average differential probability is a summary and differential characteristics probability is a set, encryption security against differential cryptanalysis is not necessarily assured.
		Linear cryptanalysis is a known plain text attack applied to DES encryption and introduced by Mitsubishi Electric's Mitsuru Matsui in 1993.
	global.mitsubishielectric.com /bu/security/rd/rd01_01b.html (463 words)

	Impossible Differential Cryptanalysis (Site not responding. Last check: 2007-10-21)
		With conventional differential cryptanalysis, you look for pairs of inputs which have differences (xors usually) such that after a certain number of rounds, the ciphertexts have certain differences with excess probability.
		With "impossible" differential cryptanalysis, you look for inputs with differences which lead to ciphertext differences that are "impossible", or at least have reduced probability.
		As a result ciphers which were designed to resist differential cryptanalysis may be vulnerable to impossible differentials.
	cryptome.quintessenz.org /mirror/idc.htm (275 words)

	Differential and Linear Cryptanalysis (Site not responding. Last check: 2007-10-21)
		However, if one is fortunate enough to have a large quantity of corresponding plaintext and ciphertext blocks for a particular unknown key, a technique called differential cryptanalysis, developed by Eli Biham and Adi Shamir, is available to obtain clues about some bits of the key, thereby shortening an exhaustive search.
		Differential cryptanalysis represents an approach to finding more subtle correlations.
		In fact, however, a complete pattern of which bits change and do not change in the input and in the output is the subject of differential cryptanalysis.
	www.quadibloc.com /crypto/co040501.htm (489 words)

	Differential cryptanalysis (Site not responding. Last check: 2007-10-21)
		Indeed, parties involved in the creation of DES have since admitted that defending against differential cryptanalysis was a design goal (Coppersmith, 1994).
		Within IBM, differential cryptanalysis was known as the "T-attack", or "Tickling attack" [1].
		New designs are expected to be accompanied by evidence that the algorithm is resistant to this attack, and many, including the Advanced Encryption Standard, are provably secure against it.
	www.sciencedaily.com /encyclopedia/differential_cryptanalysis (631 words)

	Impossible Differential Cryptanalysis (Site not responding. Last check: 2007-10-21)
		With conventional differential cryptanalysis, you look for pairs of inputs which have differences (xors usually) such that after a certain number of rounds, the ciphertexts have certain differences with excess probability.
		With "impossible" differential cryptanalysis, you look for inputs with differences which lead to ciphertext differences that are "impossible", or at least have reduced probability.
		As a result ciphers which were designed to resist differential cryptanalysis may be vulnerable to impossible differentials.
	cryptome.quintessenz.at /mirror/idc.htm (275 words)

	Citations: Differential Cryptanalysis of the Data Encryption Standard - Biham, Shamir (ResearchIndex) (Site not responding. Last check: 2007-10-21)
		The essence of a differential attack is to exploit particular entries in the difference distribution tables of S boxes employed by a block cipher.
		One weakness of differential cryptanalysis is that it finds chosen plaintext attacks; these are much less practical than known plaintext and certainly than ciphertext only attacks.
		introduced the notion of differential cryptanalysis and Matsui [7, 8] introduced the notion of linear cryptanalysis, which was a quite general model of attack.
	citeseer.lcs.mit.edu /context/35216/0 (4365 words)

Try your search on: Qwika (all wikis)