COCONUT98

COCONUT98
General
Designers	Serge Vaudenay
First published	1998
Related to	DFC
Cipher detail
Key sizes	256 bits
Block sizes	64 bits
Structure	Decorrelated Feistel cipher
Rounds	8
Best public cryptanalysis
Wagner's boomerang attack uses about 2¹⁶ adaptively-chosen plaintexts and ciphertexts, about 2³⁸ work, and succeeds with probability 99.96%.^[1] The differential-linear attack by Biham, et al. uses 2^27.7 chosen plaintexts and about 2^33.7 work, and has a 75.5% success rate.^[2]

In cryptography, COCONUT98 (Cipher Organized with Cute Operations and N-Universal Transformation) is a block cipher designed by Serge Vaudenay in 1998. It was one of the first concrete applications of Vaudenay's decorrelation theory, designed to be provably secure against differential cryptanalysis, linear cryptanalysis, and even certain types of undiscovered cryptanalytic attacks.

The cipher uses a block size of 64 bits and a key size of 256 bits. Its basic structure is an 8-round Feistel network, but with an additional operation after the first 4 rounds, called a decorrelation module. This consists of a key-dependent affine transformation in the finite field GF(2⁶⁴). The round function makes use of modular multiplication and addition, bit rotation, XORs, and a single 8×24-bit S-box. The entries of the S-box are derived using the binary expansion of e as a source of "nothing up my sleeve numbers".^[3]

Despite Vaudenay's proof of COCONUT98's security, in 1999 David Wagner developed the boomerang attack against it.^[1] This attack, however, requires both chosen plaintexts and adaptive chosen ciphertexts, so is largely theoretical.^[4] Then in 2002, Biham, et al. applied differential-linear cryptanalysis, a purely chosen-plaintext attack, to break the cipher.^[2] The same team has also developed what they call a related-key boomerang attack, which distinguishes COCONUT98 from random using one related-key adaptive chosen plaintext and ciphertext quartet under two keys.^[5]

References

1 2 David Wagner (March 1999). The Boomerang Attack (PDF/PostScript). 6th International Workshop on Fast Software Encryption (FSE '99). Rome: Springer-Verlag. pp. 156–170. Retrieved 5 February 2007.
1 2 Eli Biham, Orr Dunkelman, Nathan Keller (December 2002). Enhancing Differential-Linear Cryptanalysis (PDF/PostScript). Advances in Cryptology — Proceedings of ASIACRYPT 2002. Queenstown, New Zealand: Springer-Verlag. pp. 254–266. Retrieved 5 February 2007.
↑ Serge Vaudenay (February 1998). Provable Security for Block Ciphers by Decorrelation (PostScript). 15th Annual Symposium on Theoretical Aspects of Computer Science (STACS '98). Paris: Springer-Verlag. pp. 249–275. Retrieved 26 February 2007.
↑ Serge Vaudenay (September 2003). "Decorrelation: A Theory for Block Cipher Security" (PDF). Journal of Cryptology. 16 (4): 249–286. doi:10.1007/s00145-003-0220-6. ISSN 0933-2790. Retrieved 26 February 2007.
↑ Biham, Dunkelman, Keller (May 2005). Related-Key Boomerang and Rectangle Attacks (PostScript). Advances in Cryptology — Proceedings of EUROCRYPT 2005. Aarhus: Springer-Verlag. pp. 507–525. Retrieved 16 February 2007.

Block ciphers (security summary)

Common algorithms	AES Blowfish DES (Internal Mechanics, Triple DES) Serpent Twofish

Less common algorithms	Camellia CAST-128 IDEA RC2 RC5 RC6 SEED ARIA Skipjack TEA XTEA

Other algorithms	3-Way Akelarre Anubis BaseKing BassOmatic BATON BEAR and LION CAST-256 Chiasmus CIKS-1 CIPHERUNICORN-A CIPHERUNICORN-E CLEFIA CMEA Cobra COCONUT98 Crab Cryptomeria/C2 CRYPTON CS-Cipher DEAL DES-X DFC E2 FEAL FEA-M FROG G-DES GOST Grand Cru Hasty Pudding cipher Hierocrypt ICE IDEA NXT Intel Cascade Cipher Iraqi KASUMI KeeLoq KHAZAD Khufu and Khafre KN-Cipher Kuznyechik Ladder-DES Libelle LOKI (97, 89/91) Lucifer M6 M8 MacGuffin Madryga MAGENTA MARS Mercy MESH MISTY1 MMB MULTI2 MultiSwap New Data Seal NewDES Nimbus NOEKEON NUSH PRESENT Prince Q RC6 REDOC Red Pike S-1 SAFER SAVILLE SC2000 SHACAL SHARK Simon SM4 Speck Spectr-H64 Square SXAL/MBAL Threefish Treyfer UES Xenon xmx XXTEA Zodiac

Design	Feistel network Key schedule Lai-Massey scheme Product cipher S-box P-box SPN Avalanche effect Block size Key size Key whitening (Whitening transformation)

Attack (cryptanalysis)	Brute-force (EFF DES cracker) MITM (Biclique attack, 3-subset MITM attack) Linear (Piling-up lemma) Differential (Impossible Truncated Higher-order) Differential-linear Distinguishing (Known-key) Integral/Square Boomerang Mod n Related-key Slide Rotational Timing XSL Interpolation Partitioning Davies' Rebound Weak key Tau Chi-square Time/memory/data tradeoff

Standardization	AES process CRYPTREC NESSIE

Utilization	Initialization vector Mode of operation Padding

Cryptography

History of cryptography Cryptanalysis Outline of cryptography

Symmetric-key algorithm Block cipher Stream cipher Public-key cryptography Cryptographic hash function Message authentication code Random numbers Steganography

Category Portal WikiProject

This article is issued from Wikipedia - version of the 6/29/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.