Cryptology ePrint Archive: Report 2015/646

Decomposition attack on SASASASAS

Alex Biryukov and Dmitry Khovratovich

Abstract: We demonstrate the first attacks on the SPN ciphers with 6, 7, 8, and 9 secret layers. In particular, we show a decomposition attack on the SASASASAS scheme when the S-box size M and the block length N satisfy the condition M^2 < N (for example, 8-bit S-box and 128-bit block).

Category / Keywords: secret-key cryptography / ASASA, high-order, algebraic

Date: received 30 Jun 2015, last revised 1 Jul 2015

Contact author: khovratovich at gmail com; alex biryukov@uni lu;

Available format(s): PDF | BibTeX Citation

Note: Minor abstract revision

Version: 20150701:102424 (All versions of this report)

Short URL: ia.cr/2015/646

Discussion forum: Show discussion | Start new discussion