标题:On the (In)Equivalence of Impossible Differential and Zero-Correlation Distinguishers for Feistel- and Skipjack-Type Ciphers
作者:Blondeau, Celine; Bogdanov, Andrey; Wang, Meiqin
通讯作者:Blondeau, C
作者机构:[Blondeau, Celine] Aalborg Univ, Sch Sci, Dept Informat & Comp Sci, Aalborg, Denmark.; [Bogdanov, Andrey] Tech Univ Denmark, Lyngby, Denmark.; [Wa 更多
会议名称:12th International Conference on Applied Cryptography and Network Security (ACNS)
会议日期:JUN 10-13, 2014
来源:APPLIED CRYPTOGRAPHY AND NETWORK SECURITY, ACNS 2014
出版年:2014
卷:8479
页码:271-288
关键词:impossible differential; zero-correlation; Feistel-type ciphers;; Skipjack-type ciphers
摘要:For many word-oriented block ciphers, impossible differential (ID) and zero-correlation linear (ZC) cryptanalyses are among the most powerful attacks. Whereas ID cryptanalysis makes use of differentials which never occur, the ZC cryptanalysis relies on linear approximations with correlations equal to zero. While the key recovery parts of ID and ZC attacks may differ and are often specific to the target cipher, the underlying distinguishing properties frequently cover the same number of rounds. However, in some cases, the discrepancy between the best known IDs and ZC approximations is rather significant.; At EUROCRYPT'13, a link between these two distinguishers has been presented. However, though being independent of the underling structure of the cipher, it is usually not useful for most known ID or ZC distinguishers. So despite the relevance of those attacks, the question of their equivalence or inequivalence has not been formally addressed so far in a constructive practical way.; In this paper, we aim to bridge this gap in the understanding of the links between the ID and ZC properties. We tackle this problem at the example of two wide classes of ciphers, namely, Feistel- and Skipjack-type ciphers. As our major contribution, for those ciphers, we derive conditions for impossible differentials and zero-correlation approximations to cover the same number of rounds. Using the conditions, we prove an equivalence between ID and ZC distinguishers for type-I and type-II Feistel- type ciphers, for Rule-A and Rule-B Skipjack-type ciphers, as well as for TWINE and LBlock. Moreover, we show this equivalence for the Extended Generalised Feistel construction presented at SAC'13. We also use our theoretical results to argue for an inequivalence between ID and ZC distinguishers for a range of Skipjack-type ciphers.
收录类别:CPCI-S;EI;SCOPUS
WOS核心被引频次:9
Scopus被引频次:12
资源类型:会议论文;期刊论文
原文链接:https://www.scopus.com/inward/record.uri?eid=2-s2.0-84903648186&doi=10.1007%2f978-3-319-07536-5-17&partnerID=40&md5=a3d227335f5f9eb229f0672a1b4b5219
TOP