Integral cryptanalysis: Difference between revisions
imported>Sandy Harris No edit summary |
imported>Sandy Harris No edit summary |
||
Line 1: | Line 1: | ||
'''Integral cryptanalysis''' is a method of [[cryptanalysis]] invented by [[Lars Knudsen]]. It is an extension of [[differential cryptanalysis]]. Differential analysis looks at pairs of inputs that differ in only one bit position, with all other bits identical. Integral analysis, for block size b, holds b-k bits constant and runs the other k through all 2<sup>k</sup> possibilities. For k=1, this is just differential cryptanalysis, but with k>1 it is a new technique. | '''Integral cryptanalysis''' is a method of [[cryptanalysis]] invented by [[Lars Knudsen]]. It is an extension of [[differential cryptanalysis]]. Differential analysis looks at pairs of inputs that differ in only one bit position, with all other bits identical. Integral analysis, for block size b, holds b-k bits constant and runs the other k through all 2<sup>k</sup> possibilities. For k=1, this is just differential cryptanalysis, but with k>1 it is a new technique. | ||
The method is also known as the '''Square attack''' because it was first applied to [[Square (cipher)|square]], a [[block cipher]] designed by [[Joan Daemen]] and [[Vincent Rijmen]] who later designed [[AES]]. In fact, the cipher and the attack were published together; the developers had given Knudsen a preprint of their paper. The attack has since been applied to a number of other ciphers. | The method is also known as the '''Square attack''' because it was first applied to [[Square (cipher)|square]], a [[block cipher]] designed by [[Joan Daemen]] and [[Vincent Rijmen]] who later designed [[AES]]. In fact, the cipher and the attack were published together; the developers had given Knudsen a preprint of their paper. Against a [[Block cipher#SP networks|substitution-permutation network]] such as Square, k is often chosen to be the size of a single [[Block cipher#S-boxes|S-box]]. The attack has since been applied to a number of other ciphers, not all SPNs. |
Revision as of 11:17, 9 August 2009
Integral cryptanalysis is a method of cryptanalysis invented by Lars Knudsen. It is an extension of differential cryptanalysis. Differential analysis looks at pairs of inputs that differ in only one bit position, with all other bits identical. Integral analysis, for block size b, holds b-k bits constant and runs the other k through all 2k possibilities. For k=1, this is just differential cryptanalysis, but with k>1 it is a new technique.
The method is also known as the Square attack because it was first applied to square, a block cipher designed by Joan Daemen and Vincent Rijmen who later designed AES. In fact, the cipher and the attack were published together; the developers had given Knudsen a preprint of their paper. Against a substitution-permutation network such as Square, k is often chosen to be the size of a single S-box. The attack has since been applied to a number of other ciphers, not all SPNs.