Learn More
The Data Encryption Standard (DES) is the best known and most widely used cryptosystem for civilian applications. It was developed at IBM and adopted by the National Bureau of Standards in the mid 1970s, and has successfully withstood all the attacks published so far in the open literature. In this paper we develop a new type of cryptanalytic attack which(More)
In September 1996 Boneh, Demillo, and Lipton from Bellcore announced a new type of cryptanalytic attack which exploits computational errors to find cryptographic keys. Their attack is based on algebraic properties of modular arithmetic, and thus it is applicable only to public key cryptosystems such as RSA, and not to secret key algorithms such as the Data(More)
In this paper we present a cryptanalytic technique, based on impossible differentials. We use it to show that recovering keys of Skipjack reduced from 32 to 31 rounds can be performed faster than exhaustive search. We also describe the Yoyo game (a tool that can be used against reduced-round Skipjack), and other properties of Skipjack.
In this paper we present a very practical ciphertext-only cryptanalysis of GSM (Global System for Mobile communications) encrypted communication, and various active attacks on the GSM protocols. These attacks can even break into GSM networks that use “unbreakable” ciphers. We first describe a ciphertext-only attack on A5/2 that requires a few dozen(More)
In this paper we describe a fast new DES implementation. This implementation is about ve times faster than the fastest known DES implementation on a (64-bit) Alpha computer, and about three times faster than than our new optimized DES implementation on 64-bit computers. This implementation uses a non-standard representation, and view the processor as a SIMD(More)
In this paper we describe improvements to the techniques used to cryptanalyze SHA-0 and introduce the first results on SHA1. The results include a generic multi-block technique that uses nearcollisions in order to find collisions, and a four-block collision of SHA-0 found using this technique with complexity 2. Then, extension of this and prior techniques(More)
Since the seminal works of Merkle and Damg̊ard on the iteration of compression functions, hash functions were built from compression functions using the Merkle-Damg̊ard construction. Recently, several flaws in this construction were identified, allowing for second pre-image attacks and chosen target pre-image attacks on such hash functions even when the(More)
In this paper we study the influence of key-scheduling algorithms on the strength of blockciphers. We show that the key-scheduling algorithms of many blockciphers inherit obvious relationships between keys, and use these key relations to attack the blockciphers. Two new types of attacks are described: New chosen plaintext reductions of the complexity of(More)