Differential attacks: using alternative operations. (English) Zbl 1454.94059

Summary: Is it possible that a block cipher apparently immune to classical differential cryptanalysis can be attacked considering a different operation on the message space? Recently, M. Calderini and M. Sala [Elementary abelian regular subgroups as hidden sums for cryptographic trapdoors. arXiv:1702.00581 (2017)] showed how to effectively compute alternative operations on a vector space which can serve as message space for a block cipher such that the resulting structure is still a vector space. The latter were used to mount a linearisation attack against a toy cipher. Here we investigate how alternative operations interact with the layers of a substitution-permutation network and show how they influence the differential probabilities, when the difference taken into consideration is different from the usual bit-wise addition modulo two. Furthermore, we design a block cipher which appears to be secure with respect to classical differential cryptanalysis, but weaker with respect to our attack which makes use of alternative operations.


94A60 Cryptography
Full Text: DOI


[1] Abazari F., Sadeghian B.: Cryptanalysis with ternary difference: applied to block cipher PRESENT. Cryptology ePrint Archive, Report 2011/022, (2011).
[2] Biham E., Anderson R., Knudsen L.: Serpent: A New Block Cipher Proposal. In Fast Software Encryption, pp. 222-238. Springer, New York (1998). · Zbl 1385.94015
[3] Biham E., Biryukov A., Shamir A.: Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials. In: International Conference on the Theory and Applications of Cryptographic Techniques, pp. 12-23. Springer, New York (1999). · Zbl 0927.94013
[4] Borghoff J., Canteaut A., Güneysu T., Kavun E.B., Knezevic M., Knudsen L.R., Leander G., Nikov V., Paar C., Rechberger C., et al.: PRINCE—a low-latency block cipher for pervasive computing applications. In: International Conference on the Theory and Application of Cryptology and Information Security, pp. 208-225. Springer, New York (2012). · Zbl 1292.94035
[5] Brunetta C., Calderini M., Sala M.: Algorithms and bounds for hidden sums in cryptographic trapdoors. arXiv:1702.08384 (2017).
[6] Berson T.A.: Differential cryptanalysis mod \(2^{\wedge }\) 32 with applications to MD5. In: Eurocrypt, vol. 658, pp. 71-80. Springer, New York (1992).
[7] Blondeau, C.; Gérard, B., Links between theoretical and effective differential probabilities: experiments on PRESENT, IACR Cryptol. ePrint Arch., 2010, 261, (2010)
[8] Bogdanov A., Knudsen L.R., Leander G., Paar C., Poschmann A., Robshaw M.J.B., Seurin Y., Vikkelsoe C.: PRESENT: an ultra-lightweight block cipher. In: CHES ’07, pp. 450-466. Springer, New York (2007). · Zbl 1142.94334
[9] Biham, E.; Shamir, A., Differential cryptanalysis of DES-like cryptosystems, J. Cryptol., 4, 3-72, (1991) · Zbl 0729.68017
[10] Caranti, A.; Dalla Volta, F.; Sala, M., Abelian regular subgroups of the affine group and radical rings, Publ. Math. Debrecen, 69, 297-308, (2006) · Zbl 1123.20002
[11] Calderini M., Sala M.: Elementary abelian regular subgroups as hidden sums for cryptographic trapdoors. arXiv:1702.00581 (2017).
[12] Daemen, J.; Rijmen, V., Probability distributions of correlation and differentials in block ciphers, J. Math. Cryptol., 1, 221-242, (2007) · Zbl 1211.94028
[13] Daemen J., Rijmen V.: The Design of Rijndael: AES-the Advanced Encryption Standard. Springer, New York (2013). · Zbl 1065.94005
[14] Knudsen L.R., Leander G., Poschmann A., Robshaw M.J.B.: PRINTcipher: a block cipher for IC-printing. In: CHES, vol. 6225, pp. 16-32. Springer, New York (2010). · Zbl 1297.94080
[15] Knudsen L.R.: Truncated and higher order differentials. In: International Workshop on Fast Software Encryption, pp. 196-211. Springer, New York (1994). · Zbl 0939.94556
[16] Knudsen L.: DEAL—a 128-bit block cipher. In: NIST AES Proposal (1998).
[17] Nyberg K.: Differentially uniform mappings for cryptography. In: Workshop on the Theory and Application of of Cryptographic Techniques, pp. 55-64. Springer, New York (1993).
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. It attempts to reflect the references listed in the original paper as accurately as possible without claiming the completeness or perfect precision of the matching.