Abstract
Differential cryptanalysis is a general cryptanalytic tool that makes use of differentials over some rounds of a cipher, combined with some key bit guesses of one or two rounds. This paper introduces a new cryptanalysis strategy of block ciphers named differential-algebraic cryptanalysis. The idea of differential-algebraic cryptanalysis is to find a differential with high probability and build the multivariable system equations for the last few rounds. The subkey values of the last few rounds can be obtained by filtering the solutions of system equations instead of guessing all possible subkey values. We use the differential-algebraic cryptanalysis to break 8-round Serpent-256. Our attack can recover the 256-bit key with 283 chosen plaintexts, 2180.4 8-round Serpent-256 encryptions and 2176.7 bytes memory. Compared with the previous differential cryptanalysis results, both the data complexity and the time complexity are reduced, but the memory requirements are increased. The time complexity and the memory requirements are very close, and a time-memory tradeoff is exploited.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Biham E, Shamir A. Differential cryptanalysis of DES-like cryptosystems. J Cryptol, 1991, 4: 3–72
Biham E, Shamir A. Differential Cryptanalysis of the Data Encryption Standard. Berlin: Springer-Verlag, 1993
Matsui M. Linear cryptanalysis method for DES cipher. In: Helleseth T, ed. Advances in Cryptology Eurocrypt 1993. LNCS 765. Berlin: Springer-Verlag, 1993. 386–397
Courtois N T, Piepryyk J. Cryptanalysis of block ciphers with overdefined systems of equations. In: Zheng Y L, ed. Advances in Cryptology ASIACRYPT 2002, LNCS 2501. Berlin: Springer-Verlag, 2002. 267–287
Albrecht M, Cid C. Algebraic techniques in differential cryptanalysis. In: Fast Software Encryption FSE 2009, LNCS 5665. Berlin: Springer-Verlag, 2009. 193–208
Orr D, Sebastiaan I, Nathan K. A differential-linear attack on 12-round Serpent. In: Progress in Cryptology Indocrypt 2008, LNCS 5365. Berlin: Springer-Verlag, 2008. 308–321
Anderson R J, Biham E, Knudsen L R. Serpent: A proposal for the Advanced Encryption Standard. Available at: http://www.cs.technion.ac.il/biham/Reports/Serpent
NIST. A request for candidate algorithm nominations for the AES. Available online at http://www.nist.gov/aes
Biham E, Dunkelman O, Keller N. The rectangle attack-rectangling the Serpent. In: Pfitzmann B, ed. Advances in Cryptology Eurocrypt 2001, LNCS 2045. Berlin: Springer-Verlag, 2001. 340–357
Selcuk A A, Bicak A. On probability of success in linear and differential cryptanalysis. In: Cimato S, Galdi C, Persiano G, eds. Security in Communication Networks SCN 2002, LNCS 2576. Berlin: Springer-Verlag, 2002. 174–185
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Wang, M., Wang, X. & Hui, L.C. Differential-algebraic cryptanalysis of reduced-round of Serpent-256. Sci. China Inf. Sci. 53, 546–556 (2010). https://doi.org/10.1007/s11432-010-0048-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11432-010-0048-2