Linear Cryptanalysis on SPECTR-H64 with Higher Order Differential Property
In this paper, we find linear equations of SPECTR-H64 using the property of controlled permutation boxes. Also, we construct the fourth-order differential structure using the property that the algebraic degree of the function G is 3, which is the only non-linear part of SPECTR-H64. These linear equations and structures enable us to attack the reduced 6 round SPECTR-H64. So, we can recover the 6-th round subkey with about 244 chosen plaintexts and 2229.6 steps which are lower than the exhaustive search 2256.
KeywordsLinear equation SPECTR-H64 Controlled Permutation Higher order differential Algebraic degree
Unable to display preview. Download preview PDF.
- 1.Goots, N.D., Moldovyan, A.A., Moldovyan, N.A.: Fast Encryption Algorithm SPECTR-H64. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds.) MMM-ACNS 2001. LNCS, vol. 2052, pp. 275–286. Springer, Heidelberg (2001)Google Scholar
- 3.Matsui, M.: Linear Cryptanalysis Method for DES Cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, p. 386. Springer, Heidelberg (1994)Google Scholar
- 4.Knudsen, L.: Truncated and Higher Order Differentials. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 196–211. Springer, Heidelberg (1995)Google Scholar
- 5.Moldovyan, A.A., Moldovyan, N.A.: A method of the cryptographical transformation of binary data blocks. Russian patent number 2141729 Bull. no. 32 (1999)Google Scholar
- 6.Lai, X.: Higher order derivatives and differential cryptanalysis. In: Proc. “Symposium on Communication, Coding and Cryptography”, Monte-Verita, Ascona, Switzerland, Feb. 10 13. in honor of James L.Massy on the occasion of his 60’th birthday (1994) (to appear)Google Scholar