Higher-order differential cryptanalysis
In
Higher-order derivatives
A block cipher which maps -bit strings to -bit strings can, for a fixed key, be thought of as a function . In standard differential cryptanalysis, one is interested in finding a pair of an input difference and an output difference such that two input texts with difference are likely to result in output texts with a difference i.e., that is true for many . Note that the difference used here is the
This motivates defining the derivative of a function at a point as[1]
Using this definition, the -th derivative at can recursively be defined as[1]
Thus for example .
Higher order derivatives as defined here have many properties in common with
Higher-order differential attacks
To implement an attack using higher order derivatives, knowledge about the probability distribution of the derivative of the cipher is needed. Calculating or estimating this distribution is generally a hard problem but if the cipher in question is known to have a low algebraic degree, the fact that derivatives reduce this degree can be used. For example, if a cipher (or the S-box function under analysis) is known to only have an algebraic degree of 8, any 9th order derivative must be 0.
Therefore, it is important for any cipher or S-box function in specific to have a maximal (or close to maximal) degree to defy this attack.
Cube attacks have been considered a variant of higher-order differential attacks.[4]
Resistance against Higher-order differential attacks
![]() | This section is empty. You can help by adding to it. (January 2015) |
Limitations of Higher-order differential attacks
Works for small or low algebraic degree S-boxes or small S-boxes. In addition to AND and XOR operations.
See also
- Differential Cryptanalysis
- KN-Cipher
- Cube attack
References
- ^ ISBN 978-1-4613-6159-6.
- Springer-Verlag. pp. 196–211. Retrieved 2007-02-14.
- ISBN 978-3-540-63247-4.)
{{cite book}}
: CS1 maint: multiple names: authors list (link - ^ Daniel J. Bernstein (2009-01-14). "Why haven't cube attacks broken anything?". Retrieved 2014-05-18.