Skip to main content
SpringerLink
Log in

Near Optimal Algorithms for Solving Differential Equations of Addition with Batch Queries

  • Conference paper
Book cover Progress in Cryptology - INDOCRYPT 2005 (INDOCRYPT 2005)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3797))

Included in the following conference series:

Abstract

Combination of modular addition (+) and exclusive-or (⊕) is one of the widely used symmetric cipher components. The paper investigates the strength of modular addition against differential cryptanalysis (DC) where the differences of inputs and outputs are expressed as XOR. In particular, we solve two very frequently used equations (1) and (2) , known as the differential equations of addition (DEA), with a set of batch queries. In a companion paper, presented at ACISP’05, we improved the algorithm by Muller (at FSE’04) to design optimal algorithms to solve the equations with adaptive queries. However, a nontrivial solution with batch queries has remained open. The major contributions of this paper are (i) determination of lower bounds on the required number of batch queries to solve the equations and (ii) design of two algorithms which solve them with queries close to optimal. Our algorithms require 2n − − 2 and 6 queries to solve (1) and (2) where the lower bounds are (theoretically proved) and 4 (based on extensive experiments) respectively (n is the bit-length of x,y,α,β,γ). This exponential lower bound is an important theoretical benchmark which certifies (1) as strong against DC. On the other hand, the constant number of batch queries to solve (2) discovers a major weakness of modular addition against DC.

Muller, at FSE’04, showed a key recovery attack on the Helix stream cipher (presented at FSE’03) with 212 adaptive chosen plaintexts (ACP). At ACISP 2005, we improved the data complexity of the attack to 210.41. However, the complexity of the attack with chosen plaintexts (CP) was unknown. Using our results we recover the secret key of the Helix cipher with only 235.64 chosen plaintexts (CP) which has so far been the only CP attack on this cipher (under the same assumption as that of Muller’s attack). Considering the abundant use of this component, the results seem useful to evaluate the security of many block ciphers against DC.

This work was supported in part by the Concerted Research Action (GOA) Mefisto 2000/06 and Ambiorix 2005/11 of the Flemish Government and in part by the European Commission through the IST Programme under Contract IST-2002-507932 ECRYPT.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ajwa, I.A., Liu, Z., Wang, P.S.: Gröbner Bases Algorithm. ICM Technical Report (February 1995) Available Online at http://icm.mcs.kent.edu/reports/1995/gb.pdf

  2. Berson, T.A.: Differential Cryptanalysis Mod 232 with Applications to MD5. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 71–80. Springer, Heidelberg (1993)

    Chapter  Google Scholar 

  3. Burwick, C., Coppersmith, D., D’Avignon, E., Gennaro, Y., Halevi, S., Jutla, C., Matyas Jr., S.M., O’Connor, L., Peyravian, M., Safford, D., Zunic, N.: MARS – A Candidate Cipher for AES (June 1998), Available Online at http://www.research.ibm.com/security/mars.html

  4. Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991)

    Google Scholar 

  5. Biryukov, A., Wagner, D.: Slide Attacks. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 245–259. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  6. Ferguson, N., Whiting, D., Schneier, B., Kelsey, J., Lucks, S., Kohno, T.: Helix: Fast Encryption and Authentication in a Single Cryptographic Primitive. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 330–346. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  7. Hellman, M.E.: A Cryptanalytic Time-Memory Trade-off. IEEE Transaction on Information Theory IT-26(4) (July 1980)

    Google Scholar 

  8. Klimov, A., Shamir, A.: New Cryptographic Primitives Based on Multiword T-Functions. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 1–15. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  9. Lai, X., Massey, J.L., Murphy, S.: Markov Ciphers and Differential Cryptanalysis. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 17–38. Springer, Heidelberg (1991)

    Chapter  Google Scholar 

  10. Lipmaa, H., Moriai, S.: Efficient Algorithms for Computing Differential Properties of Addition. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 336–350. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  11. Lipmaa, L., Wallén, J., Dumas, P.: On the Additive Differential Probability of Exclusive-Or. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 317–331. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  12. Muller, F.: Differential Attacks against the Helix Stream Cipher. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 94–108. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  13. Paul, S., Preneel, B.: Solving Systems of Differential Equations of Addition (Extended Abstract). In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 75–88. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  14. Rivest, R.L., Robshaw, M., Sidney, R., Yin, Y.L.: The RC6 Block Cipher (June 1998), Available Online at http://theory.lcs.mit.edu/rivest/rc6.ps

  15. Schneier, B., Kelsey, J., Whiting, D., Wagner, D., Hall, C., Ferguson, N.: The Twofish Encryption Algorithm: A 128-Bit Block Cipher. John Wiley & Sons, Chichester (1999)

    Google Scholar 

  16. Staffelbach, O., Meier, W.: Cryptographic Significance of the Carry for Ciphers Based on Integer Addition. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 601–614. Springer, Heidelberg (1991)

    Google Scholar 

  17. Wagner, D.: The Boomerang Attack. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 156–170. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  18. Wallén, J.: Linear Approximations of Addition Modulo 2n. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 261–273. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. ESAT/COSIC, Katholieke Universiteit Leuven, Kasteelpark Arenberg, 10, B–3001, Leuven-Heverlee, Belgium

    Souradyuti Paul & Bart Preneel

Authors
  1. Souradyuti Paul
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bart Preneel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Indian Statistical Institute, 203 B T Road, 700 108, Kolkata, India

    Subhamoy Maitra

  2. Indian Institute of Science, Bangalore

    C. E. Veni Madhavan

  3. Microsoft Research India Private Limited, “Scientia”, No:196/36, 2nd Main Road, Sadashivnagar, 560080, Bangalore, India

    Ramarathnam Venkatesan

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Paul, S., Preneel, B. (2005). Near Optimal Algorithms for Solving Differential Equations of Addition with Batch Queries. In: Maitra, S., Veni Madhavan, C.E., Venkatesan, R. (eds) Progress in Cryptology - INDOCRYPT 2005. INDOCRYPT 2005. Lecture Notes in Computer Science, vol 3797. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11596219_8

Download citation

  • DOI: https://doi.org/10.1007/11596219_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-30805-8

  • Online ISBN: 978-3-540-32278-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation