Advertisement

Block Ciphers —A Survey

  • Lars R. Knudsen
Chapter
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1528)

Abstract

In this paper we give a short overview of the state of the art of secret key block ciphers. We focus on the main application of block ciphers, namely for encryption. The most important known attacks on block ciphers are linear cryptanalysis and differential cryptanalysis. Linear cryptanalysis makes use of so-called linear hulls i.e., the parity of a subset of ciphertext bits with a probability sufficiently far away from one half. Differential cryptanalysis makes use of so-called differentials (A, B),i.e., a pair of plaintexts with difference A, which after a certain number of rounds result in a difference B with a high probability. The hulls and differentials can be used to derive (parts of) the secret key.

Keywords

Block Cipher Data Encryption Standard Linear Cryptanalysis Plaintext Attack Choose Plaintext Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    K. Aoki and K. Ohta. Differential-linear attack on FEAL. IEICE Trans. Fundamentals, E79-A(1):20–27, 1996.Google Scholar
  2. 2.
    I. Ben-Aroya and E. Biham. Differential cryptanalysis of Lucifer. In D.R. Stinson, editor, Advances in Cryptology: CRYPTO’93, LNCS 773, pages 187–199, 1993.Google Scholar
  3. 3.
    T. Beth and C. Ding. On almost perfect nonlinear permutations. In T. Helleseth, editor, Advances in Cryptology: EUROCRYPT’93, LNCS 765, pages 65–76. Springer Verlag, 1993.Google Scholar
  4. 4.
    E. Biham. New types of cryptanalytic attacks using related keys. In T. Helleseth, editor, Advances in Cryptology: EUROCRYPT’93, LNCS 765, pages 398–409. Springer Verlag, 1993.Google Scholar
  5. 5.
    E. Biham and A. Shamir. Differential Cryptanalysis of the Data Encryption Standard. Springer Verlag, 1993.Google Scholar
  6. 6.
    E. Biham and A. Shamir. Differential cryptanalysis of the full 16-round DES. In E.F. Brickell, editor, Advances in Cryptology: CRYPTO’92, LNCS 740, pages 487–496. Springer Verlag, 1993.Google Scholar
  7. 7.
    M. Blaze, W. Diffie, R.L. Rivest, B. Schneier, T. Shimomura, E. Thompson, and M. Wiener. Minimal key lengths for symmetric ciphers to provide adequate commercial security. Document, January 1996.Google Scholar
  8. 8.
    J.B. Borst, L.R. Knudsen, and V. Rijmen. Two attacks on IDEA. In Advances in Cryptology: EUROCRYPT’97, LNCS. Springer Verlag, 1997. To appear.Google Scholar
  9. 9.
    L. Brown, J. Pieprzyk, and J. Seberry. LOKI-a cryptographic primitive for authentication and secrecy applications. In J. Seberry and J. Pieprzyk, editors, Advances in Cryptology: AusCrypt’90, LNCS 453, pages 229–236. Springer Verlag, 1990.CrossRefGoogle Scholar
  10. 10.
    P.M. Cohn. Algebra, Volume 1. John Wiley & Sons, 1982.Google Scholar
  11. 11.
    D. Coppersmith. The real reason for Rivest’s phenomenon. In H.C. Williams, editor, Advances in Cryptology: CRYPTO’85, LNCS 218, pages 535–536. Springer Verlag, 1986.Google Scholar
  12. 12.
    T. Cusick and M. Wood. The REDOC-II cryptosystem. In A.J. Menezes and S.A. Vanstone, editors, Advances in Cryptology: CRYPTO’90, LNCS 537, pages 545–563. Springer Verlag, 1991.Google Scholar
  13. 13.
    J. Daemen, R. Govaerts, and J. Vandewalle. Weak keys for IDEA. In D.R. Stinson, editor, Advances in Cryptology: CRYPTO’93, LNCS 773, pages 224–231. Springer Verlag, 1993.Google Scholar
  14. 14.
    J. Daemen, L. Knudsen, and V. Rijmen. The block cipher SQUARE. In E. Biham, editor, Fast Software Encryption, Fourth International Workshop, Haifa, Israel, January 1997, LNCS. Springer Verlag, 1997. To appear.Google Scholar
  15. 15.
    I.B. Damgård and L.R. Knudsen. The breaking of the AR hash function. In T. Helleseth, editor, Advances in Cryptology: EUROCRYPT’93, LNCS 773, pages 286–292. Springer Verlag, 1993.Google Scholar
  16. 16.
    I.B. Damgård and L.R. Knudsen. Multiple encryption with minimum key. In E. Dawson and J. Golic, editors, Cryptography: Policy and Algorithms. International Conference, Brisbane, Queensland, Australia, July 1995, LNCS 1029, pages 156–164. Springer Verlag, 1995.Google Scholar
  17. 17.
    I.B. Damgård and L.R. Knudsen. Two-key triple encryption. The Journal of Cryptology, 1997. To appear.Google Scholar
  18. 18.
    D.W. Davies and W.L. Price. Security for Computer Networks. John Wiley & Sons, 1989.Google Scholar
  19. 19.
    D.E. Denning. Cryptography and Data Security. Addison-Wesley, 1982.Google Scholar
  20. 20.
    J. Detombe and S. Tavares. Constructing large cryptographically strong S-boxes. In J. Seberry and Y. Zheng, editors, Advances in Cryptology: AusCrypt 92, LNCS 718, pages 165–181. Springer Verlag, 1993.Google Scholar
  21. 21.
    W. Diffie and M. Hellman. New directions in cryptography. IEEE Trans. on Information Theory, IT-22(6):644–654, 1976.CrossRefMathSciNetGoogle Scholar
  22. 22.
    S. Even and O. Goldreich. On the power of cascade ciphers. ACM Trans. on Computer Systems, 3:108–116, 1985.CrossRefGoogle Scholar
  23. 23.
    H. Feistel. Cryptography and computer privacy. Scientific American, 228(5):15–23, 1973.CrossRefGoogle Scholar
  24. 24.
    S. Goldwasser, S. Micali, and R.L. Rivest. A ”paradoxical” solution to the signature problem. In Proc. 25th IEEE Symposium on Foundations of Computer Science, pages 441–448, 1984.Google Scholar
  25. 25.
    S. Goldwasser, S. Micali, and R.L. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing, 17(2):281–308, 1988.zbMATHCrossRefMathSciNetGoogle Scholar
  26. 26.
    M. Hellman. A cryptanalytic time-memeory trade-off. IEEE Trans. on Information Theory, IT-26(4):401–406, 1980.CrossRefMathSciNetGoogle Scholar
  27. 27.
    M.E. Hellman and S.K. Langford. Differential-linear cryptanalysis. In Y. Desmedt, editor, Advances in Cryptology: CRYPTO’94, LNCS 839, pages 26–39. Springer Verlag, 1994.Google Scholar
  28. 28.
    T. Jakobsen and L. Knudsen. The interpolation attack on block ciphers. In E. Biham, editor, Fast Software Encryption, Fourth International Workshop, Haifa, Israel, January 1997, LNCS. Springer Verlag, 1997. To appear.Google Scholar
  29. 29.
    D. Kahn. The Codebreakers. MacMillan, 1967.Google Scholar
  30. 30.
    B.S. Kaliski and M.J.B. Robshaw. Linear cryptanalysis using multiple approximations. In Y. Desmedt, editor, Advances in Cryptology: CRYPTO’94, LNCS 839, pages 26–39. Springer Verlag, 1994.Google Scholar
  31. 31.
    J. Kelsey, B. Schneier, and D. Wagner. Key-schedule cryptanalysis of IDEA, GDES, GOST, SAFER, and triple-DES. In Neal Koblitz, editor, Advances in Cryptology: CRYPTO’96, LNCS 1109, pages 237–251. Springer Verlag, 1996.Google Scholar
  32. 32.
    J. Kilian and P. Rogaway. How to protect DES against exhaustive key search. In Neal Koblitz, editor, Advances in Cryptology: CRYPTO’96, LNCS 1109, pages 252–267. Springer Verlag, 1996.Google Scholar
  33. 33.
    L.R. Knudsen. Cryptanalysis of LOKI’91. In J. Seberry and Y. Zheng, editors, Advances in Cryptology, AusCrypt 92, LNCS 718, pages 196–208. Springer Verlag, 1993.Google Scholar
  34. 34.
    L.R. Knudsen. Cryptanalysis of LOKI. In H. Imai, R.L. Rivest, and T. Matsumoto, editors, Advances in Cryptology: AsiaCrypt’91, LNCS 453, pages 22–35. Springer Verlag, 1993.Google Scholar
  35. 35.
    L.R. Knudsen. Block Ciphers-Analysis, Design and Applications. PhD thesis, Aarhus University, Denmark, 1994.Google Scholar
  36. 36.
    L.R. Knudsen. Practically secure Feistel ciphers. In R. Anderson, editor, Fast Software Encryption-Proc. Cambridge Security Workshop, Cambridge, U.K., LNCS 809, pages 211–221. Springer Verlag, 1994.Google Scholar
  37. 37.
    L.R. Knudsen. A key-schedule weakness in SAFER K-64. In Advances in Cryptology: CRYPTO’95, LNCS 963, pages 274–286. Springer Verlag, 1995.Google Scholar
  38. 38.
    L.R. Knudsen. Truncated and higher order differentials. In B. Preneel, editor, Fast Software Encryption-Second International Workshop, Leuven, Belgium, LNCS 1008, pages 196–211. Springer Verlag, 1995.Google Scholar
  39. 39.
    L.R. Knudsen and T. Berson. Truncated differentials of SAFER. In Gollmann D., editor, Fast Software Encryption, Third International Workshop, Cambridge, UK, February 1996, LNCS 1039, pages 15–26. Springer Verlag, 1995.Google Scholar
  40. 40.
    L.R. Knudsen and W. Meier. Improved differential attack on RC5. In Neal Koblitz, editor, Advances in Cryptology: CRYPTO’96, LNCS 1109, pages 216–228. Springer Verlag, 1996.Google Scholar
  41. 41.
    L.R. Knudsen and M.P.J. Robshaw. Non-linear approximations in linear cryptanalysis. In U. Maurer, editor, Advances in Cryptology: EUROCRYPT’96, LNCS 1070, pages 224–236. Springer Verlag, 1996.Google Scholar
  42. 42.
    X. Lai. On the design and security of block ciphers. In J.L. Massey, editor, ETH Series in Information Processing, volume 1. Hartung-Gorre Verlag, Konstanz, 1992.Google Scholar
  43. 43.
    X. Lai. Higher order derivatives and differential cryptanalysis. In R. Blahut, editor, Communication and Cryptography, Two Sides of one tapestry. Kluwer Academic Publishers, 1994. ISBN 0-7923-9469-0.Google Scholar
  44. 44.
    X. Lai, J.L. Massey, and S. Murphy. Markov ciphers and differential cryptanalysis. In D.W. Davies, editor, Advances in Cryptology: EUROCRYPT’91, LNCS 547, pages 17–38. Springer Verlag, 1992.Google Scholar
  45. 45.
    S.S. Magliveras and N.D. Memon. Algebraic properties of cryptosystem PGM. Journal of Cryptology, 5(3):167–184, 1992.zbMATHCrossRefMathSciNetGoogle Scholar
  46. 46.
    J.L. Massey. Cryptography: Fundamentals and applications. Copies of transparencies, Advanced Technology Seminars, 1993.Google Scholar
  47. 47.
    J.L. Massey. SAFER K-64: A byte-oriented block-ciphering algorithm. In R. Anderson, editor, Fast Software Encryption-Proc. Cambridge Security Workshop, Cambridge, U.K., LNCS 809, pages 1–17. Springer Verlag, 1994.Google Scholar
  48. 48.
    J.L. Massey. SAFER K-64: One year later. In B. Preneel, editor, Fast Software Encryption-Second International Workshop, Leuven, Belgium, LNCS 1008, pages 212–241. Springer Verlag, 1995.Google Scholar
  49. 49.
    M. Matsui. Linear cryptanalysis method for DES cipher. In T. Helleseth, editor, Advances in Cryptology: EUROCRYPT’93, LNCS 765, pages 386–397. Springer Verlag, 1993.Google Scholar
  50. 50.
    M. Matsui. The first experimental cryptanalysis of the Data Encryption Standard. In Y.G. Desmedt, editor, Advances in Cryptology: CRYPTO’94, LNCS 839, pages 1–11. Springer Verlag, 1994.Google Scholar
  51. 51.
    M. Matsui. New structure of block ciphers with provable security against differential and linear cryptanalysis. In D. Gollman, editor, Fast Software Encryption, Third International Workshop, Cambridge, UK, February 1996, LNCS 1039, pages 205–218. Springer Verlag, 1996.Google Scholar
  52. 52.
    M. Matsui and A. Yamagishi. A new method for known plaintext attack of FEAL cipher. In R. Rueppel, editor, Advances in Cryptology: EURO CRYPT”92, LNCS 658, pages 81–91. Springer Verlag, 1992.Google Scholar
  53. 53.
    U. Maurer and J.L. Massey. Cascade ciphers: The importance of being first. Journal of Cryptology, 6(1):55–61, 1993.zbMATHCrossRefGoogle Scholar
  54. 54.
    R. Merkle. Fast software encryption functions. In A.J. Menezes and S.A. Vanstone, editors, Advances in Cryptology: CRYPTO’90, LNCS 537, pages 476–501. Springer Verlag, 1991.Google Scholar
  55. 55.
    R. Merkle and M. Hellman. On the security of multiple encryption. Communications of the ACM, 24(7):465–467, 1981.CrossRefMathSciNetGoogle Scholar
  56. 56.
    S. Miyaguchi. The FEAL cipher family. In A.J. Menezes and S.A. Vanstone, editors, Advances in Cryptology: CRYPTO’90, LNCS 537, pages 627–638. Springer Verlag, 1990.Google Scholar
  57. 57.
    S. Murphy, K. Paterson, and P. Wild. A weak cipher that generates the symmetric group. Journal of Cryptology, 7(1):61–65, 1994.zbMATHCrossRefMathSciNetGoogle Scholar
  58. 58.
    K. Nyberg. Differentially uniform mappings for cryptography. In T. Helleseth, editor, Advances in Cryptology: EUROCRYPT’93, LNCS 765, pages 55–64. Springer Verlag, 1993.Google Scholar
  59. 59.
    K. Nyberg. On the construction of highly nonlinear permutations. In R. Rueppel, editor, Advances in Cryptology: EUROCRYPT’92, LNCS 658. Springer Verlag, 1993.Google Scholar
  60. 60.
    K. Nyberg. Linear approximations of block ciphers. In A. De Santis, editor, Advances in Cryptology: EUROCRYPT’94, LNCS 950, pages 439–444. Springer Verlag, 1994.CrossRefGoogle Scholar
  61. 61.
    K. Nyberg and L. R. Knudsen. Provable security against differential cryptanalysis. In E.F. Brickell, editor, Advances in Cryptology: CRYPTO’92, LNCS 740, pages 566–574. Springer Verlag, 1993.Google Scholar
  62. 62.
    K. Nyberg and L. R. Knudsen. Provable security against a differential attack. The Journal of Cryptology, 8(1):27–38, 1995.zbMATHMathSciNetGoogle Scholar
  63. 63.
    National Bureau of Standards. Data encryption standard. Federal Information Processing Standard (FIPS), Publication 46, National Bureau of Standards, U.S. Department of Commerce, Washington D.C., January 1977.Google Scholar
  64. 64.
    National Bureau of Standards. DES modes of operation. Federal Information Processing Standard (FIPS), Publication 81, National Bureau of Standards, U.S. Department of Commerce, Washington D.C., December 1980.Google Scholar
  65. 65.
    B. Preneel. Analysis and Design of Cryptographic Hash Functions. PhD thesis, Katholieke Universiteit Leuven, January 1993.Google Scholar
  66. 66.
    B. Preneel, V. Rijmen, and A. Bosselaers. Recent developments in the design of conventional cryptographic algorithms, This Volume, pages 106–131.Google Scholar
  67. 67.
    V. Rijmen, J. Daemen, B. Preneel, A. Bosselaers, and E. De Win. The cipher SHARK. In Gollmann D., editor, Fast Software Encryption, Third International Workshop, Cambridge, UK, February 1996, LNCS 1039, pages 99–112. Springer Verlag, 1996.Google Scholar
  68. 68.
    V. Rijmen, B. Preneel, E. De Win, On weaknesses of non-surjective round functions. Designs, Codes, and Cryptography. To appear.Google Scholar
  69. 69.
    R. Rivest. The RC5 encryption algorithm. In B. Preneel, editor, Fast Software Encryption-Second International Workshop, Leuven, Belgium, LNCS 1008, pages 86–96. Springer Verlag, 1995.Google Scholar
  70. 70.
    I. Schaumüller-Bichl. Zur Analyse des Data Encryption Standard und Synthese Verwandter Chiffriersysteme. PhD thesis, Linz University, May 1981.Google Scholar
  71. 71.
    I. Schaumüller-Bichl. On the design and analysis of new cipher systems related to the DES. Technical report, Linz University, 1983.Google Scholar
  72. 72.
    B. Schneier. Description of a new variable-length key, 64-bit block cipher (Blowfish). In R. Anderson, editor, Fast Software Encryption-Proc. Cambridge Security Workshop, Cambridge, U.K., LNCS 809, pages 191–204. Springer Verlag, 1994.Google Scholar
  73. 73.
    C.E. Shannon. Communication theory of secrecy systems. Bell System Technical Journal, 28:656–715, 1949.MathSciNetzbMATHGoogle Scholar
  74. 74.
    A. Shimizu and S. Miyaguchi. Fast data encipherment algorithm FEAL. In D. Chaum and W.L. Price, editors, Advances in Cryptology: EUROCRYPT’87, LNCS 304, pages 267–280. Springer Verlag, 1988.Google Scholar
  75. 75.
    M.E. Smid and D.K. Branstad. The Data Encryption Standard: Past and future. In G.J. Simmons, editor, Contemporary Cryptology-The Science of Information Integrity, chapter 1, pages 43–64. IEEE Press, 1992.Google Scholar
  76. 76.
    A. Sorkin. LUCIFER: a cryptographic algorithm. Cryptologia, 8(1):22–35, 1984.CrossRefGoogle Scholar
  77. 77.
    W. Tuchman. Hellman presents no shortcut solutions to DES. IEEE Spectrum, 16(7):40–41, July 1979.Google Scholar
  78. 78.
    P.C. van Oorschot and M.J. Wiener. A known-plaintext attack on two-key triple encryption. In Ivan B. Damgård, editor, Advances in Cryptology: EUROCRYPT’90, LNCS 473, pages 318–325. Springer Verlag, 1990.Google Scholar
  79. 79.
    P.C. van Oorschot and M.J. Wiener. Improving implementable meet-in-the-middle attacks of orders of magnitude. In Neal Koblitz, editor, Advances in Cryptology: CRYPTO’96, LNCS 1109, pages 229–236. Springer Verlag, 1996.Google Scholar
  80. 80.
    S. Vaudenay. On the weak keys of Blowfish. In Gollmann D., editor, Fast Software Encryption, Third International Workshop, Cambridge, UK, February 1996, LNCS 1039, pages 27–32. Springer Verlag, 1996.Google Scholar
  81. 81.
    M.J. Wiener. Efficient DES key search. Technical Report TR-244, School of Computer Science, Carleton University, Ottawa, Canada, May 1994. Presented at the Rump Session of CRYPTO’93.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Lars R. Knudsen
    • 1
  1. 1.Dept. Elektrotechniek-ESATK.U.LeuvenHeverlee

Personalised recommendations