New Integral Attack on CRYPTON V1.0

J4 ›› 2012, Vol. 34 ›› Issue (6): 23-27.

• 论文 • Previous Articles Next Articles

New Integral Attack on CRYPTON V1.0

ZHOU Qing1,WEI Yuechuan2,LI Chao1,2,3,WU Yi1

（1.School of Science,National University of Defense Technology，Changsha 410073;
2.School of Computer Science,National University of Defense Technology，Changsha 410073;
3.State Key Laboratory of Information Security,Chinese Academy of Sciences，Beijing 100049）

Received:2010-03-20 Revised:2010-07-08 Online:2012-06-25 Published:2012-06-25

Abstract

Abstract:

CRYPTON V1.0 is a block cipher with a 128bit block size and a 128bit key size. The linear layer of CRYPTON V1.0 is designed based on bits, therefore integral attacks in a traditional way are of no value. In this paper, CRYPTON V1.0 is analyzed. We trace the propagation of the plaintext structure at the bitlevel to obtain the property, present a 3round distinguisher and test it on the PC. In the distinguisher, 1024 chosen plaintexts are encrypted by a 3round cipher, and each bit of the cipher text is balanced. Based on this distinguisher, the reducedround CRYPTON V1.0 is attacked. The result shows a 4round attack needs 211 chosen plaintexts and 223 encryptions, a 5round attack needs 212.4 chosen plaintexts and 253 encryptions.

Key words: block cipher;integral attack;CRYPTON V1.0;bitpattern

ZHOU Qing1,WEI Yuechuan2,LI Chao1,2,3,WU Yi1. New Integral Attack on CRYPTON V1.0[J]. J4, 2012, 34(6): 23-27.

New Integral Attack on CRYPTON V1.0

PDF

Knowledge

Abstract

Cite this article

share this article

Related Articles 0

Recommended Articles

Metrics

Comments