Welcome to the resource topic for 2025/2011
Title:
When the Wrong Key Lives On: The Key-Recovery Procedure in Integral Attacks
Authors: Christof Beierle, Gregor Leander, Yevhen Perehuda
Abstract:An integral distinguisher for a block cipher is defined by a nontrivial subset of plaintexts for which the bitwise sum of (parts of) a certain internal state is independent of the secret key. Such a distinguishing property can be turned into a key-recovery procedure by partially decrypting the ciphertexts under all possible keys and then filtering the key candidates using the integral distinguisher. The behavior of this filter has never been analyzed in depth, and we show that the ubiquitous hypothesis about its behavior is incorrect.
Fortunately, the deviation is either limited or can be lifted to improve the underlying attacks. By algorithmically determining the exact subspaces of key candidates to be guessed - whose dimensions are often lower than expected - we are able to improve upon the best known integral key-recovery attacks on various ciphers.
ePrint: https://eprint.iacr.org/2025/2011
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .