Related-key attack - Factbites
 Where results make sense
 About us   |   Why use us?   |   Reviews   |   PR   |   Contact us

# Topic: Related-key attack

Note: these results are not from the primary (high quality) database.

###### In the News (Wed 22 May 13)

 Slide attack - Wikipedia, the free encyclopedia The slide attack is closely related to the related-key attack. Rather than looking at the data-randomizing aspects of the block cipher the slide attack works by analyzing the key schedule and exploiting weaknesses in it to break the cipher. Once we have identified a slid pair, the cipher is broken because of the vulnerability to known-plaintext attacks. en.wikipedia.org /wiki/Slide_attack   (665 words)

 Stefan Lucks--some papers The core of the attack is a a key-independent distinguisher for six rounds of Twofish. Although the attacks are of no advantage if E0 is used with the recommended security parameters (64 bit encryption key), they provide an upper bound on the amount of security that would be made available by enlarging the encryption key, as discussed in the Bluetooth specification. Thus, our attack is more efficient than previously known key reconstruction algorithms against the self-shrinking generator that operate on short keystream sequences. th.informatik.uni-mannheim.de /People/Lucks/papers.html   (1939 words)

 Related-key attack - Wikipedia, the free encyclopedia In cryptography, a related-key attack is any form of cryptanalysis where the attacker can observe the operation of a cipher under several different keys whose values are initially unknown, but where some mathematical relationship connecting the keys is known to the attacker. However, modern cryptography is implemented using complex computer protocols, often not vetted by cryptographers, and in some cases a related-key attack is made very feasible. The master WPA key is shared with each client and access point and is used in a protocol called TKIP to create new working keys frequently enough to thwart known attack methods. www.wikipedia.org /wiki/Related_key   (573 words)

 Citations: Related-key cryptanalysis of 3-WAY - Kelsey, Schneier, Wagner (ResearchIndex) Related key cryptanalysis has been developed by [7, 2, 5, 6] Most of the related key attacks depend on the attacker is learning the encryption of one or more plaintexts under several unknown but related keys. Most of the related key attacks depend on the attacker is learning the encryption of one or more plaintexts under several unknown but related keys. , a di erential related key attack on NewDES 1996 that can, in retrospect, be viewed as a boomerang style attack (with minor adjustments to take advantages of related key queries, as allowed in [KSW97] s extended threat model) One of the interesting features of the boomerang attack is that it is. citeseer.lcs.mit.edu /context/705301/0   (1206 words)

 Key-Schedule Cryptanalysis of DEAL This attack requires 233 related key queries, the same $3$ plaintexts encrypted under each key, and may be implemented with a variety of time-memory tradeoffs; Given $3 x 269 bytes of memory, the attack requires 2113 DES encryptions, and given$3 x 245 bytes of memory, the attack requires 2137 DES encryptions. DEAL is a six- or eight-round Luby-Rackoff cipher that uses DES as its round function, with allowed key lengths of 128, 192, and 256 bits. First, we discuss the existence of equivalent keys for all three key lengths; pairs of equivalent keys in DEAL-128 require about 264 DES encryptions to find, while equivalent keys in DEAL-192 and DEAL-256 require only six or eight DES encryptions to find. www.windowsecurity.com /pages/article_p.asp?id=232   (152 words)

 3des.txt The second key is cracked with a chosen ciphertext attack and the third key by brute force. The time requirements for the attacks are not much more than for breaking single DES, but the chosen ciphertext and chosen key requirements are the show stoppers. Even though the attack is not realistic, the ANSI working group pulled that particular CBCM mode from the X9.52 standard because of public perception and potential lost confidence in Triple DES. www.cs.georgetown.edu /~denning/crypto/3des.txt   (313 words)

 newdes.txt In a related-key attack the attacker uses the fact that if the key is changed to a related key, there is some information he has about the resulting ciphertext without actually running the entire encryption algorithm. The weakness was due to the simple key expansion algorithm which made key rotation by seven bytes cause the last 15 rounds to be the same as the first 15 rounds using the un-rotated key. Therefore the encryption algorithm using the rotated key does 17 rounds where the last 15 rounds are the same as the first 15 rounds using the un-rotated key. www.ussrback.com /crypto/libraries/newdes/newdes.txt   (665 words)

 fall02-paper42.txt There are two attacks described in the paper- related-key attack based on invariance weakness: time-complexity of this method grows upwards with key length; related-key attack based on known IV weakness: time complexity of this attack is independent of key length. Weaknesses in the Key Scheduling Algorithm of RC4 This paper exposes the design flaws in the RC4 key scheduling algorithm, which derives the initial state from a variable size key, that is used in WEP as described in the first paper. Also, using a known portion of a key concatenated with a secret key, it is computationally feasible to obtain the rest of the secret key through an iterative process that scales linear to the length of the secret key. www.cs.cornell.edu /Courses/cs615/2002fa/615/fall02-paper42.txt   (11510 words)

 APPLIED CRYPTOGRAPHY, SECOND EDITION: Protocols, Algorithms, and Source Code in C:Other Block Ciphers These are numbers derived from the key table that are used to select the tables in a given function within a given round. This attack cannot be extended to multiple rounds, but they were able to obtain three mask values after 4 rounds. FEAL-4, FEAL with four rounds, was successfully cryptanalyzed with a chosen-plaintext attack in [201] and later demolished [1132]. friedo.szm.sk /krypto/AC/ch13/13-02.html   (1383 words)

 Tinyness: An Overview of TEA and Related Ciphers To prevent key-schedule attacks, the four subkeys are mixed in a less regular fashion, and at a slower rate. It was these related-key weaknesses together with the equivalent keys problem that motivated the design of the TEA variants, XTEA and Block TEA. Wheeler and Needham, 1994] operates on 64-bit message blocks with a 128-bit key, and is a Feistel network with a suggested 64 rounds (though the authors speculate that 32 rounds might suffice). www-users.cs.york.ac.uk /~matthew/TEA   (2289 words)

 [saag] RC4 insecurity wrt SSL/TLS? > > Weaknesses in the Key Scheduling Algorithm of RC4 > http://www.eyetap.org/~rguerra/toronto2001/rc4_ksaproc.pdf > > Using the Fluhrer, Mantin, and Shamir Attack to Break WEP > http://www.cs.rice.edu/~astubble/wep/ > > >..and this from http://www.ietf.org/rfc/rfc2246.txt... The keys are thus *slightly* different, which is the wedge that Fluhrer, Mantin, and Shamir used. Each packet (until the IV counter wraps around after 2^24 packets) has a different key, but 24 of those bits are changing, while 40 or 104 remain the same. bs.mit.edu /pipermail/saag/2001q3/000223.html   (314 words)

 Key Schedule Weaknesses in SAFER+ - Kelsey, Schneier, Wagner (ResearchIndex) , a related key attack and a meet in the middle attack are claimed against SAFER for the 256 bit key size. We also develop a related-key attack on 256-bit SAFER+ requiring 3 2 32 chosen plaintexts under two keys with a chosen xor relationship, and work... E2: in [31] attacks on 9 and 10 round versions are claimed. citeseer.csail.mit.edu /319959.html   (427 words)

 Attacks on Cryptoprocessor Transaction Sets (SMEALSearch) - Pal,Rangaswamy,Giles,Debnath Related key attacks use known or chosen differences between two cryptographic keys. Meet in the middle attacks work by generating a large number of unknown keys of the same type, thus reducing the key space that must be searched to discover the value of one of the keys in the type. Attacks are presented on the IBM 4758 CCA and the Visa Security Module. smealsearch.psu.edu /99130.html   (226 words)

 NEWDES The algorithm was revised with a modified key schedule in 1996 to counter a related-key vulnerability; this version is sometimes referred to as NewDES-96. The key is then rotated 56 bits for use in the next two rounds. This means that the work factor for a brute force attack is reduced by a factor of 2. www.yotor.org /wiki/en/ne/NewDES.htm   (369 words)

 Cryptology ePrint Archive More precisely, we were able to mount a low complexity related-key attack on DES with slightly modified key schedule although no related-key attack is known for the original algorithm. The key schedule of the Data Encryption Standard is analyzed, and it is shown that the properties of the permuted choice PC-2 transformation and the number of bits that are left shifted during the key generation are critical for the security of the algorithm. eprint.iacr.org /2005/084   (81 words)

 Cryptology ePrint Archive The attacks are based on a new protocol-level related-key attack against RMAC and can be considered variants of Biham's key-collision attack [Bih02]. We believe that the protocol-level related-key attack is of independent interest. cryptographic protocols / RMAC, key-collision attacks, related-key attacks. eprint.iacr.org /2002/159   (93 words)

 NIST's AES Round 1 Report The difficulty in effecting an attack (reflected in the number of statistical samples of a quantity such as power consumption) may be related to the number of possible states of the card. Attacks on smart card implementations may exploit intrinsic algorithm characteristics; nonetheless, they cannot be regarded as being indicative of intrinsic algorithm weaknesses, since any given implementation may or may not be vulnerable (cf. Power analysis attacks can be effected against operations that use different amounts of power, depending on their power consumption pattern, which may vary with the arguments to the operation. csrc.nist.gov /encryption/aes/round1/r1report.htm   (13423 words)

 ind-key-des-cracked Just a trivial attack breaks DES with independent subkeys with 16 chosen related key queries (and ~ 32 chosen plaintexts). Of course, this attack doesn't work at all when you use the DES key schedule: you can't flip just one bit in the last round subkey without flipping other rounds' subkey bits at the same time. I think the importance of the key schedule is often underestimated. www.cs.berkeley.edu /~daw/my-posts/ind-key-des-cracked   (313 words)

 Cryptographic Algorithms: Block and Stream Ciphers, Hash Algorithms. Kremlin Encrypt Security Software: Encrypt and Protect Your Files, Folders, Emails, and Disks! Each TEA key can be found to have three other equivalent keys, as described in a paper by David Wagner, John Kelsey, and Bruce Schneier. There are also weak keys in GOST, but there are too few to be a problem when GOST is used with its standard set of S-boxes. The key setup process of SEAL requires several kilobytes of space and rather intensive computation involving SHA1, but only five operations per byte are required to generate the keystream. www.kremlinencrypt.com /crypto/algorithms.html   (3164 words)

 Tiny Encryption Algorithm - Wikisource TEA is also susceptible to a related-key attack. Most notably, it suffers from equivalent keys — each key is equivalent to three others, and this means that the effective key size is only 126 bits. It was designed by David Wheeler and Roger Needham of the Cambridge Computer Laboratory, and first presented at the Fast Software Encryption workshop in 1994 (Wheeler and Needham, 1994). wikisource.org /wiki/Tiny_Encryption_Algorithm   (149 words)

 zaes You can also combine all the related key queries, so you only need 1 related key query to get the whole key (but still using the same # of chosen plaintexts, etc.). Note that adding more rounds probably won't help against this attack if you use the same type of key scheduling; each round really needs more key dependence entering it. To encipher P[0..15] under key K[0..15], do: (here P[i] is the i-th byte of the plaintext, etc.) 1. www.eecs.berkeley.edu /~daw/my-posts/zaes   (1133 words)

 Cryptology ePrint Archive A new kind of attack, the Square related-key attack, is applied on 2.5 rounds of IDEA and recovers 32 key bits, with 2 chosen-plaintexts and $2^{17}$ related keys. Attacks on 2.5 rounds of IDEA require $3\cdot 2^{16}$ chosen-plaintexts and recover 78 key bits. Implementations of the attacks on 32-bit block mini-versions of both ciphers confirmed the expected computational complexity. eprint.iacr.org /2001/068   (159 words)

 A Twofish Retreat: Related-Key Attacks Against Reduced-Round Twofish - Ferguson, Kelsey, Schneier, Wagner (ResearchIndex) Abstract: The Twofish AES submission document contains a partial chosen-key and a related-key attack against ten rounds of Twofish without whitening, using 256-bit keys. In this report we analyze the occurrence of this kind of weak key pair and describe how such pairs may be used both to mount attacks on reduced-round Twofish and to find... This attack does not work; it makes use of a postulated class of weak key pairs which has the S-box keys and eight successive round keys equal, but no such pairs exist. sherry.ifi.unizh.ch /ferguson00twofish.html   (272 words)

 related-3des > Hrmm, that wasn't the related key attack I was thinking of: I'll admit I don't see how to get your idea to work with less than ~ 2^{64-n} related key known plaintexts and ~ 2^{56+n} computations... This whole deal requires ~ 1 related key chosen ciphertext and ~ 2^56 computations. I get you to encrypt a known plaintext P under 3DES key (K_1,K_2,K_3); then I get you to decrypt the ciphertext C under 3DES key (x,K_2,K_3) to get P', where x can be any 56 bits of your choosing. www.cs.berkeley.edu /~daw/my-posts/related-3des   (318 words)

 Citations: a related-key cryptanalysis of rc - Grosul, Wallach (ResearchIndex) ] that for large keys whose size is close to N words, RC4 is vulnerable to a related key attack. Grosul A.L., Wallach D.S. A related key cryptanalysis of RC4, 2000, to appear. Weaknesses in the Key Scheduling Algorithm of RC4 - Fluhrer, Mantin, Shamir (2001) citeseer.lcs.mit.edu /context/1926514/0   (206 words)

 hyphen.htm This use of the hyphen shows that the words "public" and "key" belong together and jointly modify the N-N "encryption scheme." The use of the hyphen avoids the (admittedly far-fetched) reading of "public" as modifier for a key-encryption scheme. (c) In the somewhat unusual cases in which a term like "public key" is used to modify a noun, but is not positioned before a noun, it is not hyphenated. Our encryption scheme, public key in nature, does not require the sender and receiver to share a secret. www.cs.ucdavis.edu /~rogaway/papers/hyphen.htm   (542 words)

 Wikinfo List of cryptology topics Ralph Merkle -- Railroad fence cypher -- RC4 -- RC4 cipher-- RC5 encryption algorithm -- RC6 encryption algorithm -- related-key attack -- RIPEMD-160 -- Ronald Rivest -- ROT-13 -- rotor machine -- RSA -- rubber-hose cryptanalysis This page aims to list terms that are related to cryptology. Babington plot -- bit-flipping attack -- Bletchley Park -- blinding (cryptography)-- block cipher-- block cipher modes of operation -- block size -- Blowfish encryption algorithm -- Blum Blum Shub -- Boris Hagelin -- Bruce Schneier -- brute force attack -- www.wikinfo.org /wiki.php?title=List_of_cryptology_topics   (579 words)

Try your search on: Qwika (all wikis)

About us   |   Why use us?   |   Reviews   |   Press   |   Contact us