Cryptology ePrint Archive: Report 2016/160

Polytopic Cryptanalysis

Tyge Tiessen

Abstract: Standard differential cryptanalysis uses statistical dependencies between the difference of two plaintexts and the difference of the respective two ciphertexts to attack a cipher. Here we introduce polytopic cryptanalysis which considers interdependencies between larger sets of texts as they traverse through the cipher. We prove that the methodology of standard differential cryptanalysis can unambiguously be extended and transferred to the polytopic case including impossible differentials. We show that impossible polytopic transitions have generic advantages over impossible differentials. To demonstrate the practical relevance of the generalization, we present new low-data attacks on round-reduced DES and AES using impossible polytopic transitions that are able to compete with existing attacks, partially outperforming these.

Category / Keywords: secret-key cryptography / Polytopic, cryptanalysis, differential, block cipher, higher-order, impossible, low-data, DES, AES

Original Publication (in the same form): IACR-EUROCRYPT-2016

Date: received 18 Feb 2016, last revised 21 Feb 2016

Contact author: tyti at dtu dk

Available format(s): PDF | BibTeX Citation

Version: 20160221:171459 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]