Cryptology ePrint Archive: Report 2003/109

Crytanalysis of SAFER++

Alex Biryukov and Christophe De Cannière and Gustaf Dellkrantz

Abstract: This paper presents several multiset and boomerang attacks on SAFER++ up to 5.5 out of its 7 rounds. These are the best known attacks for this cipher and significantly improve the previously known results. The attacks in the paper are practical up to 4 rounds. The methods developed to attack SAFER++ can be applied to other substitution-permutation networks with incomplete diffusion.

Category / Keywords: secret-key cryptography / cryptanalysis, block ciphers, SAFER, multiset attack, boomerang attack

Publication Info: Shortened version will appear in Advances in Cryptology - CRYPTO2003

Date: received 30 May 2003

Contact author: christophe decanniere at esat kuleuven ac be

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Note: This paper contains some additional illustrations and an appendix describing a boomerang attack on 4-round SAFER++, both of which were removed from the CRYPTO2003 paper because of space limitations.

Version: 20030602:010139 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]