Structural Cryptanalysis of SASAS |
| |
Authors: | Alex Biryukov Adi Shamir |
| |
Affiliation: | 1. University of Luxembourg, FSTC, Campus Kirchberg, 6, rue Richard Coudenhove-Kalergi, 1359, Luxembourg-Kirchberg, Luxembourg 2. Computer Science Department, The Weizmann Institute, Rehovot, 76100, Israel
|
| |
Abstract: | In this paper we consider the security of block ciphers which contain alternate layers of invertible S-boxes and affine mappings (there are many popular cryptosystems which use this structure, including the winner of the AES competition, Rijndael). We show that a five-layer scheme with 128-bit plaintexts and 8-bit S-boxes is surprisingly weak against what we call a multiset attack, even when all the S-boxes and affine mappings are key dependent (and thus completely unknown to the attacker). We tested the multiset attack with an actual implementation, which required just 216 chosen plaintexts and a few seconds on a single PC to find the 217 bits of information in all the unknown elements of the scheme. |
| |
Keywords: | |
本文献已被 SpringerLink 等数据库收录! |
|