License
when quoting this document, please refer to the following
URN: urn:nbn:de:0030-drops-10188
URL: http://drops.dagstuhl.de/opus/volltexte/2007/1018/

Nyberg, Kaisa ; Hakala, Risto

A Key-Recovery Attack on SOBER-128

pdf-format:
Dokument 1.pdf (254 KB)


Abstract

In this talk we consider linear approximations of layered cipher constructions with secret key-dependent constants that are inserted between layers, and where the layers have strong interdependency. Then clearly, averaging over the constant would clearly be wrong as it will break the interdependencies, and the Piling Up –lemma cannot be used. We show how to use linear approximations to divide the constants into constant classes, not necessary determined by a linear relation. As an example, a nonlinear filter generator SOBER-128 is considered and we show how to extend Matsui's Algorithm I in this case. Also the possibility of using multiple linear approximations simultaneously is considered.

BibTeX - Entry

@InProceedings{nyberg_et_al:DSP:2007:1018,
  author =	{Kaisa Nyberg and Risto Hakala},
  title =	{A Key-Recovery Attack on SOBER-128},
  booktitle =	{Symmetric Cryptography},
  year =	{2007},
  editor =	{Eli Biham and Helena Handschuh and Stefan Lucks and Vincent Rijmen},
  number =	{07021},
  series =	{Dagstuhl Seminar Proceedings},
  ISSN =	{1862-4405},
  publisher =	{Internationales Begegnungs- und Forschungszentrum f{\"u}r Informatik (IBFI), Schloss Dagstuhl, Germany},
  address =	{Dagstuhl, Germany},
  URL =		{http://drops.dagstuhl.de/opus/volltexte/2007/1018},
  annote =	{Keywords: Linear approximations, correlation, linear cryptanalysis, key recovery attack, piling-up lemma, SOBER-128}
}

Keywords: Linear approximations, correlation, linear cryptanalysis, key recovery attack, piling-up lemma, SOBER-128
Seminar: 07021 - Symmetric Cryptography
Issue date: 2007
Date of publication: 06.06.2007


DROPS-Home | Fulltext Search | Imprint Published by LZI