Introduction Undisturbed Bits Attack on Serpent Conclusion Improbable Differential Attacks on Serpent using Undisturbed Bits Cihangir TEZCAN1;2, Halil Kemal TAS¸KIN1;3 and Murat DEMIRC_ IO_ GLU˘ 1;3 1Institute of Applied Mathematics, Department of Cryptography Middle East Technical University, Ankara, Turkey 2Department of Mathematics Middle East Technical University, Ankara, Turkey 3Oran Technology Ankara, Turkey SIN 2014, Glasgow, Scotland 9 September 2014 Cihangir TEZCAN, Halil Kemal TAS¸KIN and Murat DEMIRC_ IO_ GLU˘ Improbable Differential Attacks on Serpent using Undisturbed Bits Introduction Undisturbed Bits Attack on Serpent Conclusion Outline Outline 1 Introduction 2 Undisturbed Bits 3 Improbable Differential Attacks on Serpent 4 Conclusion Cihangir TEZCAN, Halil Kemal TAS¸KIN and Murat DEMIRC_ IO_ GLU˘ Improbable Differential Attacks on Serpent using Undisturbed Bits Truncated Differential Cryptanalysis Discovered by L. Knudsen, 1994 Find a path (differential) so that when the input difference is α, output difference is β with high probability Only parts of the differences α and β are specified Impossible Differential Cryptanalysis Discovered by E. Biham, A. Biryukov, A. Shamir, 1998 Find a path (impossible differential) so that when the input difference is α, the output difference is never β And others (Higher-order Differential, Boomerang,...) Improbable Differential Cryptanalysis Discovered by C. Tezcan in 2008 (published in 2010) Differentials are less probable for the correct key Introduction Undisturbed Bits Attack on Serpent Conclusion A (Very) Short Introduction to Differential Cryptanalysis Differential Cryptanalysis First public announcement by E. Biham and A. Shamir, early 1980s Find a path (characteristic) so that when the input difference is α, output difference is β with high probability Cihangir TEZCAN, Halil Kemal TAS¸KIN and Murat DEMIRC_ IO_ GLU˘ Improbable Differential Attacks on Serpent using Undisturbed Bits Impossible Differential Cryptanalysis Discovered by E. Biham, A. Biryukov, A. Shamir, 1998 Find a path (impossible differential) so that when the input difference is α, the output difference is never β And others (Higher-order Differential, Boomerang,...) Improbable Differential Cryptanalysis Discovered by C. Tezcan in 2008 (published in 2010) Differentials are less probable for the correct key Introduction Undisturbed Bits Attack on Serpent Conclusion A (Very) Short Introduction to Differential Cryptanalysis Differential Cryptanalysis First public announcement by E. Biham and A. Shamir, early 1980s Find a path (characteristic) so that when the input difference is α, output difference is β with high probability Truncated Differential Cryptanalysis Discovered by L. Knudsen, 1994 Find a path (differential) so that when the input difference is α, output difference is β with high probability Only parts of the differences α and β are specified Cihangir TEZCAN, Halil Kemal TAS¸KIN and Murat DEMIRC_ IO_ GLU˘ Improbable Differential Attacks on Serpent using Undisturbed Bits And others (Higher-order Differential, Boomerang,...) Improbable Differential Cryptanalysis Discovered by C. Tezcan in 2008 (published in 2010) Differentials are less probable for the correct key Introduction Undisturbed Bits Attack on Serpent Conclusion A (Very) Short Introduction to Differential Cryptanalysis Differential Cryptanalysis First public announcement by E. Biham and A. Shamir, early 1980s Find a path (characteristic) so that when the input difference is α, output difference is β with high probability Truncated Differential Cryptanalysis Discovered by L. Knudsen, 1994 Find a path (differential) so that when the input difference is α, output difference is β with high probability Only parts of the differences α and β are specified Impossible Differential Cryptanalysis Discovered by E. Biham, A. Biryukov, A. Shamir, 1998 Find a path (impossible differential) so that when the input difference is α, the output difference is never β Cihangir TEZCAN, Halil Kemal TAS¸KIN and Murat DEMIRC_ IO_ GLU˘ Improbable Differential Attacks on Serpent using Undisturbed Bits Improbable Differential Cryptanalysis Discovered by C. Tezcan in 2008 (published in 2010) Differentials are less probable for the correct key Introduction Undisturbed Bits Attack on Serpent Conclusion A (Very) Short Introduction to Differential Cryptanalysis Differential Cryptanalysis First public announcement by E. Biham and A. Shamir, early 1980s Find a path (characteristic) so that when the input difference is α, output difference is β with high probability Truncated Differential Cryptanalysis Discovered by L. Knudsen, 1994 Find a path (differential) so that when the input difference is α, output difference is β with high probability Only parts of the differences α and β are specified Impossible Differential Cryptanalysis Discovered by E. Biham, A. Biryukov, A. Shamir, 1998 Find a path (impossible differential) so that when the input difference is α, the output difference is never β And others (Higher-order Differential, Boomerang,...) Cihangir TEZCAN, Halil Kemal TAS¸KIN and Murat DEMIRC_ IO_ GLU˘ Improbable Differential Attacks on Serpent using Undisturbed Bits Introduction Undisturbed Bits Attack on Serpent Conclusion A (Very) Short Introduction to Differential Cryptanalysis Differential Cryptanalysis First public announcement by E. Biham and A. Shamir, early 1980s Find a path (characteristic) so that when the input difference is α, output difference is β with high probability Truncated Differential Cryptanalysis Discovered by L. Knudsen, 1994 Find a path (differential) so that when the input difference is α, output difference is β with high probability Only parts of the differences α and β are specified Impossible Differential Cryptanalysis Discovered by E. Biham, A. Biryukov, A. Shamir, 1998 Find a path (impossible differential) so that when the input difference is α, the output difference is never β And others (Higher-order Differential, Boomerang,...) Improbable Differential Cryptanalysis Discovered by C. Tezcan in 2008 (published in 2010) Differentials are less probable for the correct key Cihangir TEZCAN, Halil Kemal TAS¸KIN and Murat DEMIRC_ IO_ GLU˘ Improbable Differential Attacks on Serpent using Undisturbed Bits Probability of the probability of the Attack Type incident for incident for Note a wrong key the correct key Statistical Attacks p p0 p0 > p (Differential, Truncated,...) Impossible Differential p 0 p0 = 0 Improbable Differential p p0 p0 < p Introduction Undisturbed Bits Attack on Serpent Conclusion Improbable Differential Cryptanalysis Statistical Attacks Statistical attacks on block ciphers make use of a property of the cipher so that an incident (characteristic, differential,...) occurs with different probabilities depending on whether the correct key is used or not. Cihangir TEZCAN, Halil Kemal TAS¸KIN and Murat DEMIRC_ IO_ GLU˘ Improbable Differential Attacks on Serpent using Undisturbed Bits Impossible Differential p 0 p0 = 0 Improbable Differential p p0 p0 < p Introduction Undisturbed Bits Attack on Serpent Conclusion Improbable Differential Cryptanalysis Statistical Attacks Statistical attacks on block ciphers make use of a property of the cipher so that an incident (characteristic, differential,...) occurs with different probabilities depending on whether the correct key is used or not. Probability of the probability of the Attack Type incident for incident for Note a wrong key the correct key Statistical Attacks p p0 p0 > p (Differential, Truncated,...) Cihangir TEZCAN, Halil Kemal TAS¸KIN and Murat DEMIRC_ IO_ GLU˘ Improbable Differential Attacks on Serpent using Undisturbed Bits Improbable Differential p p0 p0 < p Introduction Undisturbed Bits Attack on Serpent Conclusion Improbable Differential Cryptanalysis Statistical Attacks Statistical attacks on block ciphers make use of a property of the cipher so that an incident (characteristic, differential,...) occurs with different probabilities depending on whether the correct key is used or not. Probability of the probability of the Attack Type incident for incident for Note a wrong key the correct key Statistical Attacks p p0 p0 > p (Differential, Truncated,...) Impossible Differential p 0 p0 = 0 Cihangir TEZCAN, Halil Kemal TAS¸KIN and Murat DEMIRC_ IO_ GLU˘ Improbable Differential Attacks on Serpent using Undisturbed Bits Introduction Undisturbed Bits Attack on Serpent Conclusion Improbable Differential Cryptanalysis Statistical Attacks Statistical attacks on block ciphers make use of a property of the cipher so that an incident (characteristic, differential,...) occurs with different probabilities depending on whether the correct key is used or not. Probability of the probability of the Attack Type incident for incident for Note a wrong key the correct key Statistical Attacks p p0 p0 > p (Differential, Truncated,...) Impossible Differential p 0 p0 = 0 Improbable Differential p p0 p0 < p Cihangir TEZCAN, Halil Kemal TAS¸KIN and Murat DEMIRC_ IO_ GLU˘ Improbable Differential Attacks on Serpent using Undisturbed Bits Introduction Undisturbed Bits Attack on Serpent Conclusion Miss-in-the-Middle Technique Figure : Miss-in-the-Middle Technique for obtaining Impossible Differentials α prob 1 δ p’=1 γ prob 1 β Cihangir TEZCAN, Halil Kemal TAS¸KIN and Murat DEMIRC_ IO_ GLU˘ Improbable Differential Attacks on Serpent using Undisturbed Bits Introduction Undisturbed Bits Attack on Serpent Conclusion Improbable Differentials from Impossible Differentials δ p’=1 γ Cihangir TEZCAN, Halil Kemal TAS¸KIN and Murat DEMIRC_ IO_ GLU˘ Improbable Differential Attacks on Serpent using Undisturbed Bits Introduction Undisturbed