Cryptography Reference
In-Depth Information
Constructing the plaintext set
1. Choose 58657
S
i
of 2
40
plaintexts
l
P
each,
i
=1
,
2
, ...,
58657
,l
=1
,
2
, ...,
2
40
, where in each structure, the 0, 6, 7-th bytes of
l
P
are fixed, and the remaining 5 bytes take all the possible values. Obtain the
ciphertexts
l
C
,
l
C
∗
,
l
C
,and
l
C
∗
of
l
P
encrypted with four related keys
K
1,
K
2,
K
3, and
K
4 respectively, where keys have a relation described in
Table 2 of Section 4.1.
2
15
.
84
≈
structures
Guessing and filtering
2. Guess the 9 bytes
K
1[0
,
1
,
2
,
5
,
6
,
10
,
12
,
13
,
14] such that
SK
1[82]
∈D
and
do as follows, where
SKi
is subkey bytes produced by a secret key
Ki
.
(a) Compute the subkeys
SK
1[0
,
1
,
2
,
5
,
6
,
10], and their related subkeys.
Partially encrypt plaintext bytes
l
P
[1
,
2
,
3
,
4
,
5] for each
l
P
through par-
tial rounds 0, 1, and 2 with 5 guessed subkey bytes and its related subkey
bytes to get the following sets of intermediate values,
l
X
2
[3]
,
l
X
3
[5]
,
l
X
3
[6]
,
l
X
2
[6]
,
l
X
2
[7]
{
}
,
i
l
X
2
[3]
,
l
X
3
[5]
,
l
X
3
[6]
,
l
X
2
[6]
,
l
X
2
[7]
{
}
,
i
l
X
2
[3]
,
l
X
3
[5]
,
l
X
3
[6]
,
l
X
2
[6]
,
l
X
2
[7]
{
}
,
l
X
2
[3]
,
l
X
3
[5]
,
l
X
3
[6]
,
l
X
2
[6]
,
l
X
2
[7]
{
}
,
2
40
.
(b) Find all pairs (
l
P,
i
u
P
) such that
l
X
2
[3]
2
15
.
84
and 1
for all 1
≤
i
≤
≤
l
≤
i
u
X
2
[3] =
,
l
X
3
[6]
⊕
⊕
0x80
i
u
X
3
[6] =
l
X
2
[6]
i
u
X
2
[6] =
l
X
2
[7]
i
u
X
2
[7] =
,and
l
X
3
[5]
i
u
X
3
[5]
⊕
⊕
⊕
∈
0x0
and store the corresponding ciphertext pairs (
l
C,
i
u
C
∗
) encrypted with
each
K
1and
K
2 in a hash table
A
2
15
.
84
.
H
, for all 1
≤
i
≤
(c) Find all pairs (
v
P,
j
w
P
) such that
v
X
2
[3]
⊕
j
w
X
2
[3] =
v
X
3
[6]
⊕
0x80
,
j
w
X
3
[6] =
v
X
2
[6]
⊕
j
w
X
2
[6] =
v
X
2
[7]
⊕
j
w
X
2
[7] =
,and
v
X
3
[5]
⊕
0x0
j
w
X
3
[5]
and store the corresponding ciphertext pairs (
v
C
,
j
w
C
∗
)
encrypted with each
K
3and
K
4 in a hash table
I
, for all 1
≤ j ≤
2
15
.
84
.
∈A
0
0
* ** **
0
80
0r
ͷ
͡
ͷ
͢
ͷ
͡
ͷ
͢
: Guessed key bytes
*
: All possible values
1r
ͷ
͡
ͷ
͢
ͷ
͡
ͷ
͢
0
0
0
0
0
80
2r
ͷ
͢
ࣛ
0
Fig. 2.
Constructing plaintext sets and choosing pairs
Search WWH ::
Custom Search