“Impossible differential cryptanalysis”的意思、由来-开放百科全书

In cryptography, impossible differential cryptanalysis is a form of differential cryptanalysis for block ciphers. While ordinary differential cryptanalysis tracks differences that propagate through the cipher with greater than expected probability, impossible differential cryptanalysis exploits differences that are impossible (having probability 0) at some intermediate state of the cipher algorithm.

Lars Knudsen appears to be the first to use a form of this attack, in the 1998 paper where he introduced his AES candidate, DEAL.^[1] The first presentation to attract the attention of the cryptographic community was later the same year at the rump session of CRYPTO '98, in which Eli Biham, Alex Biryukov, and Adi Shamir introduced the name "impossible differential"^[2] and used the technique to break 4.5 out of 8.5 rounds of IDEA^[3] and 31 out of 32 rounds of the NSA-designed cipher Skipjack.^[4] This development led cryptographer Bruce Schneier to speculate that the NSA had no previous knowledge of impossible differential cryptanalysis.^[5] The technique has since been applied to many other ciphers: Khufu and Khafre, E2, variants of Serpent, MARS, Twofish, Rijndael, CRYPTON, Zodiac, Hierocrypt-3, TEA, XTEA, Mini-AES, ARIA, Camellia, and SHACAL-2.

Biham, Biryukov and Shamir also presented a relatively efficient specialized method for finding impossible differentials that they called a miss-in-the-middle attack. This consists of finding "two events with probability one, whose conditions cannot be met together."^[6]

References

1. ^{{ cite journal| author = Lars Knudsen | title = DEAL - A 128-bit Block Cipher | version = Technical report no. 151| publisher = Department of Informatics, University of Bergen, Norway | date = February 21, 1998 | url = http://www2.mat.dtu.dk/people/Lars.R.Knudsen/papers/deal.pdf.gz | accessdate = 2015-05-28 }}
2. ^Shamir, A. (August 25, 1998) Impossible differential attacks. CRYPTO '98 rump session (video at Google Video—uses Flash)
3. ^Biryukov, A. (August 25, 1998) Miss-in-the-middle attacks on IDEA. CRYPTO '98 rump session (video at Google Video—uses Flash)
4. ^Biham, E. (August 25, 1998) Impossible cryptanalysis of Skipjack. CRYPTO '98 rump session (video at Google Video—uses Flash)
5. ^{{ Cite journal | author = Bruce Schneier | title = Impossible Cryptanalysis and Skipjack | journal = Crypto-Gram Newsletter | date = September 15, 1998 | url = https://www.schneier.com/crypto-gram-9809.html#impossible }}
6. ^{{ cite conference | author1 = E. Biham | author2 = A. Biryukov | author3 = A. Shamir | title = Miss in the Middle Attacks on IDEA, Khufu and Khafre | conference = 6th International Workshop on Fast Software Encryption (FSE 1999) | pages = 124–138 | publisher = Springer-Verlag | date = March 1999 | location = Rome | url = http://www.wisdom.weizmann.ac.il/~albi/fse99idea.ps.gz | format = gzipped PostScript | accessdate = 2007-02-14 | deadurl = yes | archiveurl = https://web.archive.org/web/20110515085818/http://www.wisdom.weizmann.ac.il/~albi/fse99idea.ps.gz | archivedate = 2011-05-15 | df = }}

References

Further reading