Cryptography Reference
In-Depth Information
5. Biryukov, A., Khovratovich, D.: Feasible Attack on the 13-round AES-256. Cryp-
tology ePrint Archive, Report 2010/257
6. Chabaud, F., Joux, A.: Differential Collisions in SHA-0. In: Krawczyk, H. (ed.)
CRYPTO 1998. LNCS, vol. 1462, pp. 56-71. Springer, Heidelberg (1998)
7. Dunkelman, O., Keller, N., Shamir, A.: A Practical-Time Related-Key Attack on
the KASUMI Cryptosystem Used in GSM and 3G Telephony. In: Rabin, T. (ed.)
CRYPTO 2010. LNCS, vol. 6223, pp. 393-410. Springer, Heidelberg (2010)
8. Hong, D., Sung, J., Hong, S., Kim, J., Lee, S., Koo, B.-S., Lee, C., Chang, D., Lee,
J., Jeong, K., Kim, H., Kim, J., Chee, S.: HIGHT: A New Block Cipher Suitable
for Low-Resource Device. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS,
vol. 4249, pp. 46-59. Springer, Heidelberg (2006)
9. International Organization for Standardization. ISO/IEC 18033-3:2005. Informa-
tion technology - Security techniques - Encryption algorithms - Part 3: Block
ciphers (2005)
10. Lu, J.: Cryptanalysis of reduced versions of the HIGHT block cipher from CHES
2006. In: Nam, K., Rhee, K. (eds.) ICISC 2007. LNCS, vol. 4817, pp. 11-26.
Springer, Heidelberg (2007)
11. Lu, J.: Cryptanalysis of Block Ciphers. PhD thesis, Royal Holloway, University of
London, England (July 2008)
12. Lipmaa, H., Moriai, S.: Ecient Algorithms for Computing Differential Properties
of Addition. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 336-350. Springer,
Heidelberg (2002)
13.
¨
Ozen,O.,Varıcı,K.,Tezcan,C.,Kocair, ¸ .: Lightweight block ciphers revisited:
Cryptanalysis of reduced round PRESENT and HIGHT. In: Boyd, C., Gonzalez
Nieto, J. (eds.) ACISP 2009. LNCS, vol. 5594, pp. 90-107. Springer, Heidelberg
(2009)
14. Vaudenay, S.: When is an Algorithm Legally Broken? Early Symmetric Crypto
(ESC) Seminar (January 14, 2010)
15. Zhang, P., Sun, B., Li, C.: Saturation Attack on the Block Cipher HIGHT. In: Garay,
J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 76-86. Springer,
Heidelberg (2009)
A Some Flaws in Previous Attack on Reduced Rounds of
HIGHT
As mentioned in Section 1, Lu et al. present a related-key rectangle attack on 26
rounds of HIGHT which uses two related-key differential trails for 10 rounds(for
E
0) and 8 rounds(for
E
1) of HIGHT, respectively. Their 10-round related-key
differential trail for
E
0 covers rounds from 3 to 12, with the following input and
output differences,
(
,
,
,
,
,
,
,
)
−→
(
,
?
,
?
,
,
,
,
,
)
,
0x2a
0x43
0x80
0x0
0x0
0x0
0x0
0x0
0x0
0x80
0x0
0x0
0x0
0x0
where the relation of the key is
ΔK
[2] =
for
i
=
0
,
1
,
3
,
4
,
5
, ...,
15. They compute the amplified probability 2
−
19
.
98
of
E
0forsome
possible values for positions marked by '?', and this probability is computed
based on the fact that the probability of the first 1-round differential trail,
and
ΔK
[
i
]=
0x80
0x0
Search WWH ::
Custom Search