determining differential characteristics
- From: Chris Steele <chris.steele@xxxxxxxxx>
- Date: Wed, 23 Jul 2008 04:57:11 -0700 (PDT)
I am currently going through the Schneier self-study course, and have
managed now to break several of the recommended early breaks.
However, I am learning enough to know that there are some big holes in
my basic technique that I should be patching. The biggest of these is
in characteristic determination.
To be sure, one can make some intelligent guesses as to some emergent
characteristics just after reading the algorithm description (ie, the
1-round characteristic with p=1 in DES pops right out at you), but for
the more complicated ones, I'm confident that there is a method better
than a kind of linear cryptanalysis -- examining the relationship
between every possible plaintext under every possible key (in fact, if
you do this once you will never need it, even if it completed, due to
just being able to look up the plaintext/ciphertext combination).
I have been reading some of the papers on differential cryptanalysis,
including Biham and Shamir, but they tend to present cryptanalysis
with the characteristic more as a given and then discuss determining
right pairs to meet said characteristic, which is only helpful if you
are trying to extend or reproduce their attacks, not create new ones.
Any hints out there on how to get started in finding and choosing good
differential characteristics? Obviously, every algorithm is
different, but are there key things to look for in an algorithm
description, or something of that nature?
.
- Follow-Ups:
- Re: determining differential characteristics
- From: David Wagner
- Re: determining differential characteristics
- Prev by Date: Re: One time pad
- Next by Date: Re: One time pad
- Previous by thread: Ask for help about finding full TDES Monte Carlo Test Vectors
- Next by thread: Re: determining differential characteristics
- Index(es):
Relevant Pages
|
