Affiliation:
1. University College London , Gower Street, London , United Kingdom
2. ETH Zurich, Department of Computer Science , Zürich , Switzerland
3. Latsia 2232 , Cyprus
Abstract
Abstract
T-310 is an important Cold War cipher. The cipher is extremely complex and it outputs extremely few bits from the internal state. A recent paper [Courtois, N. T.: Decryption oracle slide attacks on T-310, Cryptologia, 42 (2018), no. 3, 191–204] shows an example of a highly anomalous key such that T-310 can be broken by a slide attack with a decryption oracle. In this paper, we show that the same attacks are ALSO possible for regular keys which satisfy all the official KT1 requirements. Two other recent papers [Courtois, N. T.—Georgiou, M.—Scarlata, M.: Slide attacks and LC-weak keys in T-310, Cryptologia 43 (2019), no. 3, 175–189]; [Courtois, N. T.—Oprisanu, M. B.—Schmeh, K.: Linear cryptanalysis and block cipher design in East Germany in the 1970s, Cryptologia (published online), December 5, 2018] show that some of the KT1 keys are very weak w.r.t. Linear Cryptanalysis. In this paper, we show that a vast number of such weak keys exist and study the exact pre-conditions which make them weak. In addition we introduce a new third class of weak keys for RKDC (Related-Key Differential Cryptanalysis). We show that the original designers in the 1970s have ensured that these RKDC properties cannot happen for 4 rounds. We have discovered that these properties can happen for as few as 5 rounds for some keys, and for 10 to 16 rounds they become hard to avoid. The main reason why we study weak keys is to show that none of these properties occur by accident, rather that they are governed by precise pre-conditions which guarantee their existence, and countless other keys with the same properties exist. Eventually, this is how interesting attacks can be found.
Reference16 articles.
1. [1] COURTOIS, N. T.: : Cryptanalysis of GOST, (a very long extended set of slides about the cryptanalysis of GOST, 2010–2014), http://www.nicolascourtois.com/papers/GOST.pdf; (An earlier and shorter version was presented at 29C3 Conference at 29th Chaos Communication Congress (29C3), December 27–30, 2012, in Hamburg, Germany).
2. [2] _____ Decryption oracle slide attacks on T-310, Cryptologia, 42 (2018), no. 3, 191–204; http://www.tandfonline.com/doi/full/10.1080/01611194.2017.136206210.1080/01611194.2017.1362062
3. [3] _____ Data Encryption Standard (DES) (slides used in GA03 Introduction to Cryptography and later in GA18 course Cryptanalysis taught at University College London), 2006–2016; http://www.nicolascourtois.com/papers/des_course6.pdf
4. [4] _____ On the Existence of Non-Linear Invariants and Algebraic Polynomial Constructive Approach to Backdoors in Block Ciphers, Report 2018/807; https://eprint.iacr.org/2018/807.pdf
5. [5] _____ Structural Nonlinear Invariant Attacks on T-310: Attacking Arbitrary Boolean Functions, Cryptology ePrint Archive, Report 2018/1242; https://ia.cr/2018/1242
Cited by
2 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献