Sciweavers

EUROCRYPT
2001
Springer

Structural Cryptanalysis of SASAS

14 years 3 months ago
Structural Cryptanalysis of SASAS
In this paper we consider the security of block ciphers which contain alternate layers of invertible S-boxes and affine mappings (there are many popular cryptosystems which use this structure, including the winner of the AES competition, Rijndael). We show that a five layer scheme with 128 bit plaintexts and 8 bit S-boxes is surprisingly weak even when all the S-boxes and affine mappings are key dependent (and thus completely unknown to the attacker). We tested the attack with an actual implementation, which required just 216 chosen plaintexts and a few seconds on a single PC to find the 217 bits of information in all the unknown elements of the scheme.
Alex Biryukov, Adi Shamir
Added 28 Jul 2010
Updated 28 Jul 2010
Type Conference
Year 2001
Where EUROCRYPT
Authors Alex Biryukov, Adi Shamir
Comments (0)