Paper 2016/160

Polytopic Cryptanalysis

Tyge Tiessen

Abstract

Standard differential cryptanalysis uses statistical dependencies between the difference of two plaintexts and the difference of the respective two ciphertexts to attack a cipher. Here we introduce polytopic cryptanalysis which considers interdependencies between larger sets of texts as they traverse through the cipher. We prove that the methodology of standard differential cryptanalysis can unambiguously be extended and transferred to the polytopic case including impossible differentials. We show that impossible polytopic transitions have generic advantages over impossible differentials. To demonstrate the practical relevance of the generalization, we present new low-data attacks on round-reduced DES and AES using impossible polytopic transitions that are able to compete with existing attacks, partially outperforming these.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published by the IACR in EUROCRYPT 2016
Keywords
Polytopiccryptanalysisdifferentialblock cipherhigher-orderimpossiblelow-dataDESAES
Contact author(s)
tyti @ dtu dk
History
2016-02-21: revised
2016-02-18: received
See all versions
Short URL
https://ia.cr/2016/160
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/160,
      author = {Tyge Tiessen},
      title = {Polytopic Cryptanalysis},
      howpublished = {Cryptology ePrint Archive, Paper 2016/160},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/160}},
      url = {https://eprint.iacr.org/2016/160}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.