Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Narrow bicliquesppt
1. Dmitry Khovratovich, Gaëtan Leurent, and Christian Rechberger. 2012. NarrowBicliques:
cryptanalysis of full IDEA. In Proceedings of the 31st Annual international conference on Theory
and Applications of Cryptographic Techniques (EUROCRYPT'12), David Pointcheval and
Thomas Johansson (Eds.). SpringerVerlag,
Berlin, Heidelberg, 392410.
1
Rifad MMM (138229C)
Mumtaz MAM (138218R)
2. The biclique attack framework was recently
introduced as a way to add more rounds to a
Meet in the middle attack while potentially
keeping the same time complexity.
2
3. Given: A block cipher
Goal: find the single unknown key
Cryptanalyst is allowed to choose plaintexts
and ask for their ciphertexts (CPA)
3
4. The Meet in the Middle attack attempts to
find a value using both of the range
(ciphertext) and domain (plaintext) of the
composition of several functions.
Key guesses faster than brute force
4
5. International Data Encryption Standard
Designed by Lai and Massey, 91
64-bit blocks, 128-bit key
Widely implemented
5
6. Crypto 2011 Rump Session, Biham et al.:
MITM attacks on up to 6 (middle) rounds
Example: variant with 2 plaintext/ciphertext
pairs
– Time: about 2-123
6
7. A biclique is a set of internal states, which are
constructed in the first or in the last rounds
of a cipher and mapped to each other by
specifically chosen keys.
7
8. The idea behind this attack is to break the
block cipher key sets into set of keys, where
each key in the group is tested using meet in
the middle technique.
The key space is partitioned as three sets of
key bits: Kb, Kf , and Kg.
8
9. Let f be the mapping describing the first
cipher rounds, then a biclique for a group Kg
is a set of states {Pi}, {Sj} such that
9
10. Keys in a group are tested as follows. A
cryptanalyst asks for the encryption of
plaintexts Pi and gets ciphertexts Ci.
Then he checks if
where g maps states Sj to ciphertexts.
A biclique is said to have dimension d, if both
Kb and Kf have d bits.
10
11. To test the keys within a group, a variable v is
calculated in both directions as depicted by
the following equations. In this case the
mapping function is called as chunks (g1 and
g2).
11
12. The following figure depicts key testing with
biclique of three plaintexts and three internal
states.
12
13. A narrow biclique technique limits the length
of a biclique to the number of rounds needed
for the full diffusion.
Efficiently, for every key group, find internal
state variables such that resulting plaintexts
collide in as many bits as possible
13