COCONUT98
| General | |
|---|---|
| Designers | Serge Vaudenay |
| First published | 1998 |
| Related to | DFC |
| Cipher detail | |
| Key sizes | 256 bits |
| Block sizes | 64 bits |
| Structure | Decorrelated Feistel cipher |
| Rounds | 8 |
| Best public cryptanalysis | |
| Wagner's boomerang attack uses about 216 adaptively-chosen plaintexts and ciphertexts, about 238 work, and succeeds with probability 99.96%.[1] The differential-linear attack by Biham, et al. uses 227.7 chosen plaintexts and about 233.7 work, and has a 75.5% success rate.[2] | |
In cryptography, COCONUT98 (Cipher Organized with Cute Operations and N-Universal Transformation) is a block cipher designed by Serge Vaudenay in 1998. It was one of the first concrete applications of Vaudenay's decorrelation theory, designed to be provably secure against differential cryptanalysis, linear cryptanalysis, and even certain types of undiscovered cryptanalytic attacks.
The cipher uses a
nothing up my sleeve numbers".[3]
Despite Vaudenay's proof of COCONUT98's security, in 1999
differential-linear cryptanalysis, a purely chosen-plaintext attack, to break the cipher.[2] The same team has also developed what they call a related-key boomerang attack, which distinguishes COCONUT98 from random using one related-key adaptive chosen plaintext and ciphertext quartet under two keys.[5]
References
- ^ . Retrieved 7 October 2023.
- ^ ASIACRYPT 2002. Queenstown, New Zealand: Springer-Verlag. pp. 254–266. Retrieved 5 February 2007.)
{{cite conference}}: CS1 maint: multiple names: authors list (link - Springer-Verlag. pp. 249–275. Archived from the original (PostScript) on 23 April 2007. Retrieved 26 February 2007.
- S2CID 14252770. Archived from the original(PDF) on 21 February 2007. Retrieved 26 February 2007.
- EUROCRYPT 2005. Aarhus: Springer-Verlag. pp. 507–525. Retrieved 16 February 2007.]
{{cite conference}}: CS1 maint: multiple names: authors list (link)[permanent dead link
