Known-key distinguishing attack

In cryptography, a known-key distinguishing attack is an attack model against symmetric ciphers, whereby an attacker who knows the key can find a structural property in cipher, where the transformation from plaintext to ciphertext is not random. There is no common formal definition for what such a transformation may be. The chosen-key distinguishing attack is strongly related, where the attacker can choose a key to introduce such transformations.^[1]

These attacks do not directly compromise the confidentiality of ciphers, because in a classical scenario, the key is unknown to the attacker. Known-/chosen-key distinguishing attacks apply in the "open key model" instead.^[1] They are known to be applicable in some situations where block ciphers are converted to hash functions, leading to practical collision attacks against the hash.^[2]

Known-key distinguishing attacks were first introduced in 2007 by Lars Knudsen and Vincent Rijmen^[1] in a paper that proposed such an attack against 7 out of 10 rounds of the AES cipher and another attack against a generalized Feistel cipher. Their attack finds plaintext/ciphertext pairs for a cipher with a known key, where the input and output have s least significant bits set to zero, in less than 2^s time (where s is fewer than half the block size).^[3]

These attacks have also been applied to reduced-round Threefish (Skein)^[4]^[5] and Phelix.^[6]

References

1 2 3 Elena Andreeva, Andrey Bogdanov, Bart Mennink (8 July 2014). Towards Understanding the Known-Key Security of Block Ciphers. FSE 2014.
↑ Yu Sasaki, Kan Yasuda (2011). Known-Key Distinguishers on 11-Round Feistel and Collision Attacks on Its Hashing Modes (PDF). FSE 2011.
↑ Lars Knudsen, Vincent Rijmen (2007). Known-Key Distinguishers for Some Block Ciphers (PDF). Asiacrypt 2007.
↑ Bruce Schneier (1 September 2010). "More Skein News". Schneier on Security.
↑ Dmitry Khovratovich; Ivica Nikolic; Christian Rechberger (20 October 2010). "Rotational Rebound Attacks on Reduced Skein".
↑ Yaser Esmaeili Salehani, Hadi Ahmadi (2006). "A Chosen-key Distinguishing Attack on Phelix".

Block ciphers (security summary)

Common algorithms	AES Blowfish DES (Internal Mechanics, Triple DES) Serpent Twofish

Less common algorithms	Camellia CAST-128 IDEA RC2 RC5 RC6 SEED ARIA Skipjack TEA XTEA

Other algorithms	3-Way Akelarre Anubis BaseKing BassOmatic BATON BEAR and LION CAST-256 Chiasmus CIKS-1 CIPHERUNICORN-A CIPHERUNICORN-E CLEFIA CMEA Cobra COCONUT98 Crab Cryptomeria/C2 CRYPTON CS-Cipher DEAL DES-X DFC E2 FEAL FEA-M FROG G-DES GOST Grand Cru Hasty Pudding cipher Hierocrypt ICE IDEA NXT Intel Cascade Cipher Iraqi KASUMI KeeLoq KHAZAD Khufu and Khafre KN-Cipher Kuznyechik Ladder-DES Libelle LOKI (97, 89/91) Lucifer M6 M8 MacGuffin Madryga MAGENTA MARS Mercy MESH MISTY1 MMB MULTI2 MultiSwap New Data Seal NewDES Nimbus NOEKEON NUSH PRESENT Prince Q RC6 REDOC Red Pike S-1 SAFER SAVILLE SC2000 SHACAL SHARK Simon SM4 Speck Spectr-H64 Square SXAL/MBAL Threefish Treyfer UES Xenon xmx XXTEA Zodiac

Design	Feistel network Key schedule Lai-Massey scheme Product cipher S-box P-box SPN Avalanche effect Block size Key size Key whitening (Whitening transformation)

Attack (cryptanalysis)	Brute-force (EFF DES cracker) MITM (Biclique attack, 3-subset MITM attack) Linear (Piling-up lemma) Differential (Impossible Truncated Higher-order) Differential-linear Distinguishing (Known-key) Integral/Square Boomerang Mod n Related-key Slide Rotational Timing XSL Interpolation Partitioning Davies' Rebound Weak key Tau Chi-square Time/memory/data tradeoff

Standardization	AES process CRYPTREC NESSIE

Utilization	Initialization vector Mode of operation Padding

Cryptography

History of cryptography Cryptanalysis Outline of cryptography

Symmetric-key algorithm Block cipher Stream cipher Public-key cryptography Cryptographic hash function Message authentication code Random numbers Steganography

Category Portal WikiProject

This article is issued from Wikipedia - version of the 6/1/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.

Known-key distinguishing attack

See also

References

Further reading