Abstract
Fast Fourier Transformation (FFT) technique was used to reduce the time complexity of linear cryptanalysis by Collard et al. at ICISC 2007. This powerful technique has been used to improve the time complexity of zero-correlation linear cryptanalysis as well as integral attack by Bogdanov et al. and Todo respectively. Yet whether FFT is applicable when multiple modular additions with subkeys are involved during the partial encryption and decryption phase remains unknown, which has limited its application to some degree. In this paper, we give a general scheme to use FFT technique in linear cryptanalysis, zero-correlation or integral attack where multiple modular additions (together with multiple XORs) with subkeys are involved in the key recovery process. Based on this scheme, we can attack one more round of CAST-256 than the zero-correlation attack on 28-round CAST-256 at ASIACRYPT 2012 by Bogdanov et al., which also becomes the best attack against CAST-256 without any weak key assumption.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Adams, C.M.: The CAST-256 Encryption Algorithm. In: AES Proposal (1998)
Adams, C.M.: Constructing Symmetric Ciphers Using the CAST Design Procedure. Designs, Codes and Cryptography 12(3), 283–316 (1997)
Blondeau, C., Bogdanov, A., Wang, M.: On the (In)Equivalence of Impossible Differential and Zero-Correlation Distinguishers for Feistel- and Skipjack-Type Ciphers. In: Boureanu, I., Owesarski, P., Vaudenay, S. (eds.) ACNS 2014. LNCS, vol. 8479, pp. 271–288. Springer, Heidelberg (2014)
Blondeau, C., Nyberg, K.: New Links Between Differential and Linear Cryptanalysis. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 388–404. Springer, Heidelberg (2013)
Bogdanov, A., Boura, C., Rijmen, V., Wang, M., Wen, L., Zhao, J.: Key Difference Invariant Bias in Block Ciphers. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part I. LNCS, vol. 8269, pp. 357–376. Springer, Heidelberg (2013)
Bogdanov, A., Geng, H., Wang, M., Wen, L., Collard, B.: Zero-Correlation Linear Cryptanalysis with FFT and Improved Attacks on ISO Standards Camellia and CLEFIA. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 306–323. Springer, Heidelberg (2014)
Bogdanov, A., Leander, G., Nyberg, K., Wang, M.: Integral and Multidimensional Linear Distinguishers with Correlation Zero. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 244–261. Springer, Heidelberg (2012)
Bogdanov, A., Rijmen, V.: Linear Hulls with Correlation Zero and Linear Cryptanalysis of Block Ciphers. Designs, Codes and Cryptography 70(3), 369–383 (2014)
Bogdanov, A., Wang, M.: Zero Correlation Linear Cryptanalysis with Reduced Data Complexity. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 29–48. Springer, Heidelberg (2012)
Chose, P., Joux, A., Mitton, M.: Fast Correlation Attacks: An Algorithmic Point of View. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 209–221. Springer, Heidelberg (2002)
Collard, B., Standaert, F.-X., Quisquater, J.-J.: Improving the Time Complexity of Matsui’s Linear Cryptanalysis. In: Nam, K.-H., Rhee, G. (eds.) ICISC 2007. LNCS, vol. 4817, pp. 77–88. Springer, Heidelberg (2007)
Davis, P.J.: Circulant Matrices, pp. 176–191. Wiley-Interscience, Chichester (1979)
Lu, Y., Meier, W., Vaudenay, S.: The Conditional Correlation Attack: A Practical Attack on Bluetooth Encryption. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 97–117. Springer, Heidelberg (2005)
Nakahara Jr., J., Rasmussen, M.: Linear Analysis of Reduced-round CAST-128 and CAST-256. In: SBSEG 2007, pp. 45–55 (2007)
Naya-Plasencia, M.: Cryptanalysis of Achterbahn-128/80. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 73–86. Springer, Heidelberg (2007)
Seki, H., Kaneko, T.: Differential Cryptanalysis of CAST-256 Reduced to Nine Quad-rounds. IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences E84–A(4), 913–918 (2001)
Soleimany, H., Nyberg, K.: Zero-Correlation Linear Cryptanalysis of Reduced-Round LBlock. IACR Cryptology ePrint Archive, 2012:570 (2012). http://eprint.iacr.org/2012/570
Todo, Y.: FFT-Based Key Recovery for the Integral Attack. IACR Cryptology ePrint Archive, 2014:187 (2014). http://eprint.iacr.org/2014/187
Wagner, D.: The Boomerang Attack. In: Knudsen, L. (ed.) FSE 1999. LNCS, vol. 1636, pp. 156–170. Springer, Heidelberg (1999)
Wang, M., Wang, X., Hu, C.: New Linear Cryptanalytic Results of Reduced-Round of CAST-128 and CAST-256. In: Avanzi, R., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 429–441. Springer, Heidelberg (2009)
Wen, L., Wang, M.: Integral Zero-Correlation Distinguisher for ARX Block Cipher, with Application to SHACAL-2. In: Susilo, W., Mu, Y. (eds.) ACISP 2014. LNCS, vol. 8544, pp. 454–461. Springer, Heidelberg (2014)
Wen, L., Wang, M., Bogdanov, A.: Multidimensional Zero-Correlation Attacks on Lightweight Block Cipher HIGHT: Improved Cryptanalysis of an ISO Standard. Information Processing Letters 114(6), 322–330 (2014)
Wen, L., Wang, M., Bogdanov, A.: Multidimensional Zero-Correlation Linear Cryptanalysis of E2. In: Pointcheval, D., Vergnaud, D. (eds.) AFRICACRYPT 2004. LNCS, vol. 8469, pp. 147–164. Springer, Heidelberg (2014)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Wen, L., Wang, M., Bogdanov, A., Chen, H. (2014). General Application of FFT in Cryptanalysis and Improved Attack on CAST-256. In: Meier, W., Mukhopadhyay, D. (eds) Progress in Cryptology -- INDOCRYPT 2014. INDOCRYPT 2014. Lecture Notes in Computer Science(), vol 8885. Springer, Cham. https://doi.org/10.1007/978-3-319-13039-2_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-13039-2_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-13038-5
Online ISBN: 978-3-319-13039-2
eBook Packages: Computer ScienceComputer Science (R0)