Known-key distinguishing attack
In cryptography, a known-key distinguishing attack is an attack model against symmetric ciphers, whereby an attacker who knows the key can find a structural property in cipher, where the transformation from plaintext to ciphertext is not random. There is no common formal definition for what such a transformation may be. The chosen-key distinguishing attack is strongly related, where the attacker can choose a key to introduce such transformations.[1] These attacks do not directly compromise the confidentiality of ciphers, because in a classical scenario, the key is unknown to the attacker. Known-/chosen-key distinguishing attacks apply in the "open key model" instead.[1] They are known to be applicable in some situations where block ciphers are converted to hash functions, leading to practical collision attacks against the hash.[2]
Known-key distinguishing attacks were first introduced in 2007 by Lars Knudsen and Vincent Rijmen[1] in a paper that proposed such an attack against 7 out of 10 rounds of the AES cipher and another attack against a generalized Feistel cipher. Their attack finds plaintext/ciphertext pairs for a cipher with a known key, where the input and output have s least significant bits set to zero, in less than 2s time (where s is fewer than half the block size).[3]
These attacks have also been applied to reduced-round Threefish (Skein)[4][5] and Phelix.[6]
See also
References
- ↑ 1.0 1.1 1.2 Elena Andreeva; Andrey Bogdanov; Bart Mennink (8 July 2014). "Towards Understanding the Known-Key Security of Block Ciphers". FSE 2014. https://eprint.iacr.org/2015/222.
- ↑ Yu Sasaki; Kan Yasuda (2011). "Known-Key Distinguishers on 11-Round Feistel and Collision Attacks on Its Hashing Modes". FSE 2011. https://www.iacr.org/archive/fse2011/67330405/67330405.pdf.
- ↑ Lars Knudsen; Vincent Rijmen (2007). "Known-Key Distinguishers for Some Block Ciphers". Asiacrypt 2007. https://www.iacr.org/archive/asiacrypt2007/48330316/48330316.pdf.
- ↑ Bruce Schneier (1 September 2010). "More Skein News". Schneier on Security. https://www.schneier.com/blog/archives/2010/09/more_skein_news.html.
- ↑ Dmitry Khovratovich; Ivica Nikolic; Christian Rechberger (20 October 2010). "Rotational Rebound Attacks on Reduced Skein". Cryptology ePrint Archive. https://eprint.iacr.org/2010/538.
- ↑ Yaser Esmaeili Salehani; Hadi Ahmadi (2006). A Chosen-key Distinguishing Attack on Phelix.
Further reading
- Yu Sasaki; Kan Yasuda. "Formalizing Known-Key "Distinguishers" - New Attacks on Feistel Ciphers". Slides from CRYPTO 2010 Rump Session. http://rump2010.cr.yp.to/e29460260345c462b53eb32c98ce20b6.pdf.
 |  |
