Paper 2003/033

Integral Cryptanalysis on reduced-round Safer++

Gilles Piret and Jean-Jacques Quisquater

Abstract

In this paper we describe an integral distinguisher over 2 rounds of Safer++. It allows a practical attack against 3 rounds of Safer++128, as well as attacks on 4 rounds of Safer++128 and Safer++256, under the chosen-plaintext hypothesis. These results achieve much lower complexity than the currently known best attacks on Safer++, namely weak-key linear cryptanalysis by Nakahara. As a side result, we prove that the byte-branch number of the linear transform of Safer++ is 5. We also discuss a way for further research in order to extend integral cryptanalysis.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
block ciphersintegral cryptanalysis
Contact author(s)
piret @ dice ucl ac be
History
2003-02-18: received
Short URL
https://ia.cr/2003/033
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2003/033,
      author = {Gilles Piret and Jean-Jacques Quisquater},
      title = {Integral Cryptanalysis on reduced-round Safer++},
      howpublished = {Cryptology ePrint Archive, Paper 2003/033},
      year = {2003},
      note = {\url{https://eprint.iacr.org/2003/033}},
      url = {https://eprint.iacr.org/2003/033}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.