Adam Shostack (adam@weathership.homeport.org)
Wed, 2 Sep 1998 10:56:45 -0400
| > Consider a cipher that operates on 64-bit blocks & uses a 128-bit
| > key. Can we write equations in any useful algebra for the output
| > in terms of the key & input? Given enough matched input/output
| > (plaintext/ciphertext) pairs known to use the same key, can we
| > just solve for the key?
|
| Proof is very difficult. Analysis is practical for each cipher.
| At least, we can come up with a set of nonlinear equations and
| stare at them until we go nuts.
Possibly of interest is Takeshi Shimoyama & Toshinobu Kaneko's
Quadratic Relation of S-Box and its Application of the Linear Attack
of Full Round DES. (Crypto '98)
http://www.yokohama.tao.go.jp/shimo/paper/crypto98
Adam
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:13:58