Quang Viet Duong

Learn More
In this paper, we rst show that there are several equivalent keys for t + 1 chosen plaintexts if the degree of the reduced cipher is t?1. This is against the claim by Jakobsen and Knudsen. We also derive an upper bound on the number of equivalent last round keys for t + 1 chosen plaintexts. We further show an eecient method which nds all the equivalent keys(More)
In the key recovery variant of the interpolation attack, exhaustive search is required to find the last round key Km. Therefore, this attack is almost impractical if the size of Km is too large. In this paper, we show that Km can be very efficiently obtained if F(K, x) can be approximated by a low degree polynomial gx(K) in K for any fixed x, where F is a(More)
  • 1