Cryptology ePrint Archive: Report 2003/033
Integral Cryptanalysis on reduced-round Safer++
Gilles Piret and Jean-Jacques Quisquater
Abstract: In this paper we describe an integral distinguisher over 2 rounds of Safer++. It allows a practical attack against 3 rounds of Safer++128, as well as attacks on 4 rounds of Safer++128 and Safer++256, under the chosen-plaintext hypothesis. These results achieve much lower
complexity than the currently known best attacks on Safer++, namely
weak-key linear cryptanalysis by Nakahara. As a side result, we prove that the byte-branch number of the linear transform of Safer++ is 5.
We also discuss a way for further research in order to extend integral
cryptanalysis.
Category / Keywords: secret-key cryptography / block ciphers, integral cryptanalysis
Date: received 16 Feb 2003, last revised 17 Feb 2003
Contact author: piret at dice ucl ac be
Available format(s): PDF | BibTeX Citation
Version: 20030218:144644 (All versions of this report)
Short URL: ia.cr/2003/033
[ Cryptology ePrint archive ]