Dynamic Swapping Schemes and Differential Cryptanalysis
Summary :
This paper proposes a dynamically randomized version of DES (called RDES) in which a input-dependent swapping Sk(X) is added onto the right half of the input in each round of DES. This new scheme decreases the probability of success in differential cryptanalysis because it decreases the characteristic probability. Each "best" two-round characteristic probability is analyzed for typical schemes of the RDES: (i) RDES-1 with a simple one-level swapping, (ii) RDES-1' with an optimal one-level swapping, (iii) RDES-2 with a simple two-level swapping, and (iv) RDES-2' with an optimal two-level swapping. The main results are as follows. (a) The differential attacks on the 16-round RDES-1' and the 16-round RDES-2 require more computational time than the exhaustive search. (b) A differential attack is substantially inapplicable to the 16-round RDES-2' because more than 263 chosen plaintext pairs are required. (c) The encryption/decryption speed of the n-round RDES is almost the same as that of the n-round DES.
- Publication
- IEICE TRANSACTIONS on Fundamentals Vol.E77-A No.8 pp.1328-1336
- Publication Date
- 1994/08/25
- Publicized
- Online ISSN
- DOI
- Type of Manuscript
- Special Section PAPER (Special Section on Information Theory and Its Applications)
- Category
Authors
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Toshinobu KANEKO, Kenji KOYAMA, Routo TERADA, "Dynamic Swapping Schemes and Differential Cryptanalysis" in IEICE TRANSACTIONS on Fundamentals,
vol. E77-A, no. 8, pp. 1328-1336, August 1994, doi: .
Abstract: This paper proposes a dynamically randomized version of DES (called RDES) in which a input-dependent swapping Sk(X) is added onto the right half of the input in each round of DES. This new scheme decreases the probability of success in differential cryptanalysis because it decreases the characteristic probability. Each "best" two-round characteristic probability is analyzed for typical schemes of the RDES: (i) RDES-1 with a simple one-level swapping, (ii) RDES-1' with an optimal one-level swapping, (iii) RDES-2 with a simple two-level swapping, and (iv) RDES-2' with an optimal two-level swapping. The main results are as follows. (a) The differential attacks on the 16-round RDES-1' and the 16-round RDES-2 require more computational time than the exhaustive search. (b) A differential attack is substantially inapplicable to the 16-round RDES-2' because more than 263 chosen plaintext pairs are required. (c) The encryption/decryption speed of the n-round RDES is almost the same as that of the n-round DES.
URL: https://globals.ieice.org/en_transactions/fundamentals/10.1587/e77-a_8_1328/_p
Copy
@ARTICLE{e77-a_8_1328,
author={Toshinobu KANEKO, Kenji KOYAMA, Routo TERADA, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Dynamic Swapping Schemes and Differential Cryptanalysis},
year={1994},
volume={E77-A},
number={8},
pages={1328-1336},
abstract={This paper proposes a dynamically randomized version of DES (called RDES) in which a input-dependent swapping Sk(X) is added onto the right half of the input in each round of DES. This new scheme decreases the probability of success in differential cryptanalysis because it decreases the characteristic probability. Each "best" two-round characteristic probability is analyzed for typical schemes of the RDES: (i) RDES-1 with a simple one-level swapping, (ii) RDES-1' with an optimal one-level swapping, (iii) RDES-2 with a simple two-level swapping, and (iv) RDES-2' with an optimal two-level swapping. The main results are as follows. (a) The differential attacks on the 16-round RDES-1' and the 16-round RDES-2 require more computational time than the exhaustive search. (b) A differential attack is substantially inapplicable to the 16-round RDES-2' because more than 263 chosen plaintext pairs are required. (c) The encryption/decryption speed of the n-round RDES is almost the same as that of the n-round DES.},
keywords={},
doi={},
ISSN={},
month={August},}
Copy
TY - JOUR
TI - Dynamic Swapping Schemes and Differential Cryptanalysis
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 1328
EP - 1336
AU - Toshinobu KANEKO
AU - Kenji KOYAMA
AU - Routo TERADA
PY - 1994
DO -
JO - IEICE TRANSACTIONS on Fundamentals
SN -
VL - E77-A
IS - 8
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - August 1994
AB - This paper proposes a dynamically randomized version of DES (called RDES) in which a input-dependent swapping Sk(X) is added onto the right half of the input in each round of DES. This new scheme decreases the probability of success in differential cryptanalysis because it decreases the characteristic probability. Each "best" two-round characteristic probability is analyzed for typical schemes of the RDES: (i) RDES-1 with a simple one-level swapping, (ii) RDES-1' with an optimal one-level swapping, (iii) RDES-2 with a simple two-level swapping, and (iv) RDES-2' with an optimal two-level swapping. The main results are as follows. (a) The differential attacks on the 16-round RDES-1' and the 16-round RDES-2 require more computational time than the exhaustive search. (b) A differential attack is substantially inapplicable to the 16-round RDES-2' because more than 263 chosen plaintext pairs are required. (c) The encryption/decryption speed of the n-round RDES is almost the same as that of the n-round DES.
ER -
FlyerIEICE has prepared a flyer regarding multilingual services. Please use the one in your native language.
English
