Matt Thomlinson (mattt@microsoft.com)
Wed, 2 Sep 1998 18:04:25 -0700
I actually found this paper fairly novel, and perhaps apropos:
"Cryptanalysis of Block Ciphers with Probabilistic Non-linear Relations of
Low Degree" (soon to be published to
http://www.mat.dtu.dk/persons/Jakobsen_Thomas/pub.html). Jakobsen used
Sudan's algorithm for error correction to compute relations between
plaintexts and ciphertexts.
mattt
> -----Original Message-----
> From: Adam Shostack [mailto:adam@weathership.homeport.org]
> Sent: Wednesday, September 02, 1998 7:57 AM
> To: Mike Rosing
> Cc: CodherPlunks@toad.com
> Subject: Re: Algebraic cryptanalysis ?
>
>
> | > Consider a cipher that operates on 64-bit blocks & uses a 128-bit
> | > key. Can we write equations in any useful algebra for the output
> | > in terms of the key & input? Given enough matched input/output
> | > (plaintext/ciphertext) pairs known to use the same key, can we
> | > just solve for the key?
> |
> | Proof is very difficult. Analysis is practical for each cipher.
> | At least, we can come up with a set of nonlinear equations and
> | stare at them until we go nuts.
>
> Possibly of interest is Takeshi Shimoyama & Toshinobu Kaneko's
> Quadratic Relation of S-Box and its Application of the Linear Attack
> of Full Round DES. (Crypto '98)
>
> http://www.yokohama.tao.go.jp/shimo/paper/crypto98
>
> Adam
>
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:13:58