Integral cryptanalysis
Encyclopedia
In cryptography
, integral cryptanalysis is a cryptanalytic attack
that is particularly applicable to block cipher
s based on substitution-permutation network
s. It was originally designed by Lars Knudsen
as a dedicated attack against Square
, so is commonly known as the Square attack. It was also extended to a few other ciphers related to Square: CRYPTON
, Rijndael, and SHARK
. Stefan Lucks
generalized the attack to what he called a saturation attack and used it to attack Twofish
, which is not at all similar to Square, having a radically different Feistel network structure. Forms of integral cryptanalysis have since been applied to a variety of ciphers, including Hierocrypt
, IDEA
, Camellia
, Skipjack
, MISTY1
, MISTY2, SAFER++, KHAZAD
, and FOX (now called IDEA NXT
).
Unlike differential cryptanalysis
, which uses pairs of chosen plaintexts with a fixed XOR difference, integral cryptanalysis uses sets or even multiset
s of chosen plaintexts of which part is held constant and another part varies through all possibilities. For example, an attack might use 256 chosen plaintexts that have all but 8 of their bits the same, but all differ in those 8 bits. Such a set necessarily has an XOR sum of 0, and the XOR sums of the corresponding sets of ciphertexts provide information about the cipher's operation. This contrast between the differences of pairs of texts and the sums of larger sets of texts inspired the name "integral cryptanalysis", borrowing the terminology of calculus
.
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
, integral cryptanalysis is a cryptanalytic attack
Cryptanalysis
Cryptanalysis is the study of methods for obtaining the meaning of encrypted information, without access to the secret information that is normally required to do so. Typically, this involves knowing how the system works and finding a secret key...
that is particularly applicable to block cipher
Block cipher
In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext...
s based on substitution-permutation network
Substitution-permutation network
In cryptography, an SP-network, or substitution-permutation network , is a series of linked mathematical operations used in block cipher algorithms such as AES .Other ciphers that use SPNs are 3-Way, SAFER, SHARK, and Square....
s. It was originally designed by Lars Knudsen
Lars Knudsen
Lars Ramkilde Knudsen is a Danish researcher in cryptography, particularly interested in the design and analysis of block ciphers, hash functions and message authentication codes .-Academic:...
as a dedicated attack against Square
Square (cipher)
In cryptography, Square is a block cipher invented by Joan Daemen and Vincent Rijmen. The design, published in 1997, is a forerunner to the Rijndael algorithm, which has been adopted as the Advanced Encryption Standard...
, so is commonly known as the Square attack. It was also extended to a few other ciphers related to Square: CRYPTON
CRYPTON
In cryptography, CRYPTON is a block cipher submitted as a candidate for the Advanced Encryption Standard . It is very efficient in hardware implementations and was designed by Chae Hoon Lim of Future Systems Inc....
, Rijndael, and SHARK
SHARK
In cryptography, SHARK is a block cipher identified as one of the predecessors of Rijndael .SHARK has a 64-bit block size and a 128-bit key size. It is a six round SP-network which alternates a key mixing stage with linear and non-linear transformation layers...
. Stefan Lucks
Stefan Lucks
Stefan Lucks is a researcher in the fields of communications security and cryptography. Lucks is known for his attack on Triple DES, and for extending Lars Knudsen's Square attack to Twofish, a cipher outside the Square family, thus generalising the attack into integral cryptanalysis...
generalized the attack to what he called a saturation attack and used it to attack Twofish
Twofish
In cryptography, Twofish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. It was one of the five finalists of the Advanced Encryption Standard contest, but was not selected for standardisation...
, which is not at all similar to Square, having a radically different Feistel network structure. Forms of integral cryptanalysis have since been applied to a variety of ciphers, including Hierocrypt
Hierocrypt
In cryptography, Hierocrypt-L1 and Hierocrypt-3 are block ciphers created byToshiba in 2000. They were submitted to the NESSIE project, but were not selected...
, IDEA
International Data Encryption Algorithm
In cryptography, the International Data Encryption Algorithm is a block cipher designed by James Massey of ETH Zurich and Xuejia Lai and was first described in 1991. As a block cipher, it is also symmetric. The algorithm was intended as a replacement for the Data Encryption Standard[DES]...
, Camellia
Camellia (cipher)
In cryptography, Camellia is a 128-bit block cipher jointly developed by Mitsubishi and NTT. The cipher has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project...
, Skipjack
Skipjack (cipher)
In cryptography, Skipjack is a block cipher—an algorithm for encryption—developed by the U.S. National Security Agency . Initially classified, it was originally intended for use in the controversial Clipper chip...
, MISTY1
MISTY1
In cryptography, MISTY1 is a block cipher designed in 1995 by Mitsuru Matsui and others for Mitsubishi Electric.MISTY1 is one of the selected algorithms in the European NESSIE project, and has been recommended for Japanese government use by the CRYPTREC project."MISTY" can stand for "Mitsubishi...
, MISTY2, SAFER++, KHAZAD
KHAZAD
In cryptography, KHAZAD is a block cipher designed by Paulo S. L. M. Barreto together with Vincent Rijmen, one of the designers of the Advanced Encryption Standard . KHAZAD is named after Khazad-dûm, the fictional dwarven realm in the writings of J. R. R. Tolkien...
, and FOX (now called IDEA NXT
IDEA NXT
In cryptography, the IDEA NXT algorithm is a block cipher designed by Pascal Junod and Serge Vaudenay of EPFL . It was conceived between 2001 and 2003, the project was originally named FOX and was published in 2003. In May 2005 it was announced by MediaCrypt under the name IDEA NXT...
).
Unlike differential cryptanalysis
Differential cryptanalysis
Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in an input can affect the resultant difference at the output...
, which uses pairs of chosen plaintexts with a fixed XOR difference, integral cryptanalysis uses sets or even multiset
Multiset
In mathematics, the notion of multiset is a generalization of the notion of set in which members are allowed to appear more than once...
s of chosen plaintexts of which part is held constant and another part varies through all possibilities. For example, an attack might use 256 chosen plaintexts that have all but 8 of their bits the same, but all differ in those 8 bits. Such a set necessarily has an XOR sum of 0, and the XOR sums of the corresponding sets of ciphertexts provide information about the cipher's operation. This contrast between the differences of pairs of texts and the sums of larger sets of texts inspired the name "integral cryptanalysis", borrowing the terminology of calculus
Calculus
Calculus is a branch of mathematics focused on limits, functions, derivatives, integrals, and infinite series. This subject constitutes a major part of modern mathematics education. It has two major branches, differential calculus and integral calculus, which are related by the fundamental theorem...
.