Welcome to the resource topic for 2003/033
Integral Cryptanalysis on reduced-round Safer++
Authors: Gilles Piret, Jean-Jacques QuisquaterAbstract:
In this paper we describe an integral distinguisher over 2 rounds of Safer++. It allows a practical attack against 3 rounds of Safer++128, as well as attacks on 4 rounds of Safer++128 and Safer++256, under the chosen-plaintext hypothesis. These results achieve much lower
complexity than the currently known best attacks on Safer++, namely
weak-key linear cryptanalysis by Nakahara. As a side result, we prove that the byte-branch number of the linear transform of Safer++ is 5.
We also discuss a way for further research in order to extend integral
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .