Moreover, we delineate an attack against the (roughly) millionth-fold iteration of a random permutation. In particular, we create a distinguishing attack, whereby the iteration of a cipher a number of times equal to a particularly chosen highly-composite number is breakable, but merely one fewer round is considerably more secure. We then extend this to a key-recovery attack in a “Triple-DES” style construction, but using AES-256 and iterating the middle cipher (roughly) a million-fold. This attack is $2^{119.237}$ times faster than brute-force search.
It is hoped that these results will showcase the utility of exponential and ordinary generating functions and will encourage their use in cryptanalytic research.
Category / Keywords: secret-key cryptography / Generating Functions, EGF, OGF, Random Permutations, Cycle Structure, Cryptanalysis, Iterations of Permutations, Analytic Combinatorics, Keeloq. Publication Info: Submitted to a journal, the response is pending. Date: received 30 Apr 2009 Contact author: bard at fordham edu Available formats: PDF | BibTeX Citation Note: The distinguishing attack was presented in the Rump Session of Eurocrypt 2009. Version: 20090502:125914 (All versions of this report) Discussion forum: Show discussion | Start new discussion