Hartung-Gorre Verlag
Inh.: Dr.
Renate Gorre D-78465
Konstanz Fon: +49 (0)7533 97227 Fax: +49 (0)7533 97228 www.hartung-gorre.de
|
S
|
New
publication 1992/1995
ETH Series in Information Processing Vol. 1
Editor: James L. Massey
Xuejia Lai
On the Design and Security of Block Ciphers
2nd Edition 1995. XII, 108 pages. EUR 34,80.
ISBN 3-89191-573-X
Secret-key block ciphers are the subject of this
work. The design and security of block ciphers, together with their application
in hashing techniques, are considered. In particular, iterated block ciphers
that are based on iterating a weak round function several times are considered.
Four basic constructions for the round function of an iterated cipher are
studied.
The iterated block cipher IDEA is proposed. This
cipher is based on the new design concept of mixing different group operations
on 16-bit subblocks. Using operations on subblocks facilitates the software
implementation of the cipher. The regular structure of the cipher facilitates
hardware implementation. The interaction of the three chosen
"incompatible" group operations provides the necessary
"confusion", and the chosen cipher structure causes the required
"diffusion".
The security of iterated ciphers against Biham and Shamir's differential
cryptanalysis is discussed. Differential cryptanalysis is described in terms of
an i-round "differential",
which is defined as a couple (α,β) such that a pair of distinct plaintexts with
difference a can result in a pair of i-th round outputs having difference β. It is shown that the maximum
probability of such a differential can be used to determine a lower bound on
the complexity of a differential cryptanalysis attack. The concept of
"Markov ciphers" is introduced because of its significance in differential
cryptanalysis. It is shown that the security of
a Markov cipher against differential cryptanalysis is determined by the
transition probability matrix created by the round function. A design principle
for Markov ciphers is formulated, viz., that its transition matrix should be
non-symmetric. Differential cryptanalysis of the IDEA cipher is performed
partly by theoretical analysis of the relationship between the three chosen
group operations and the properties of the MA-structure within the cipher, and
partly by numerical experiments on "mini versions" of the cipher. The
results suggest that the IDEA cipher is secure against differential
cryptanalysis attack after only four of its eight rounds.
The application of block ciphers in constructing
hash functions is also considered. Five different attacks on hash functions
obtained by iterating a hash round function are formulated and examined.
Relations between the security of such an iterated hash function and the
strength of its round function are derived. Schemes for constructing hash round
functions by using block ciphers are discussed and new hashing schemes using
the IDEA cipher are proposed. In particular, the problem of constructing 2m-bit hash round functions from
available m-bit block ciphers is considered and two new constructions are
proposed. Four attacks on three known hash schemes are presented by applying a
new principle for evaluating the security of a hash round function.
ETH Series in Information Processing
Buchbestellungen
in Ihrer Buchhandlung, bei www.amazon.de
oder
direkt:
Hartung-Gorre Verlag / D-78465 Konstanz
Telefon: +49 (0) 7533 97227 Telefax: +49 (0) 7533 97228
http://www.hartung-gorre.de eMail: verlag@hartung-gorre.de