Cryptography Reference
In-Depth Information
Input:
1. Number l of key bytes.
2. The parameter m (≤ l).
3. The parameter h.
4. The permutation bytes S
N
[y], 0 ≤ y ≤N − 1, after the KSA.
Output: The recovered key bytes K[0],K[1],...,K[l−1] or FAIL.
Compute all C
i
values for i and obtain all suggestions for sum such
as K[0⊎l] = C
l+1
−C
1
;
Among the suggestions select the one with the highest weight as
sum value;
Reduce all C
i
s in which i > l to suggestions for sequences in which
i < l;
for all m-byte combinations of l do
Fix the specific bytes of the key that are declared to be true;
for each 4-byte group do
Start the update process which chooses the first h candidates
that have been sorted according to the weights for the
unknown key bytes;
end
Try all combinations of resulting candidates obtained for 4-byte
groups;
Return the correct key when it is found;
end
Return FAIL;
Algorithm 4.4.1: KeyGroupRetrieval
l m
h P
suc
Time (seconds)
5
3
256
0.998
0.008
8
5
64
0.931
8.602
12
4
6
0.506
54.390
16
6
4
0.745
1572
TABLE 4.3: Selected experimental results corresponding to Algorithm 4.4.1.
