In cryptography, mod n cryptanalysis is an attack applicable to block and stream ciphers. It is a form of partitioning cryptanalysis that exploits unevenness in how the cipher operates over equivalence classes (congruence classes) modulo n. The method was first suggested in 1999 by John Kelsey, Bruce Schneier, and David Wagner and applied to RC5P (a variant of RC5) and M6 (a family of block ciphers used in the FireWire standard). These attacks used the properties of binary addition and bit rotation modulo a Fermat prime.

Mod 3 analysis of RC5P

edit

For RC5P, analysis was conducted modulo 3. It was observed that the operations in the cipher (rotation and addition, both on 32-bit words) were somewhat biased over congruence classes mod 3. To illustrate the approach, consider left rotation by a single bit:

Then, because

it follows that

Thus left rotation by a single bit has a simple description modulo 3. Analysis of other operations (data dependent rotation and modular addition) reveals similar, notable biases. Although there are some theoretical problems analysing the operations in combination, the bias can be detected experimentally for the entire cipher. In (Kelsey et al., 1999), experiments were conducted up to seven rounds, and based on this they conjecture that as many as 19 or 20 rounds of RC5P can be distinguished from random using this attack. There is also a corresponding method for recovering the secret key.

Against M6 there are attacks mod 5 and mod 257 that are even more effective.

References

edit
  • John Kelsey, Bruce Schneier, David Wagner (March 1999). Mod n Cryptanalysis, with Applications Against RC5P and M6 (PDF/PostScript). Fast Software Encryption, Sixth International Workshop Proceedings. Rome: Springer-Verlag. pp. 139–155. Retrieved 2007-02-12.{{cite conference}}: CS1 maint: multiple names: authors list (link)
  • Vincent Rijmen (2003-12-01). ""mod n" Cryptanalysis of Rabbit" (PDF). White paper, Version 1.0. Cryptico. Retrieved 2007-02-12. {{cite journal}}: Cite journal requires |journal= (help)
  • Toshio Tokita; Tsutomu Matsumoto. "On Applicability of Differential Cryptanalysis, Linear Cryptanalysis and Mod n Cryptanalysis to an Encryption Algorithm M8 (ISO9979-20)". Ipsj Journal. 42 (8).

📚 Artikel Terkait di Wikipedia

Cryptanalysis

cryptanalysis Integral cryptanalysis Linear cryptanalysis Meet-in-the-middle attack Mod-n cryptanalysis Related-key attack Sandwich attack Slide attack

Mod

modification of a computer game Absolute value, also called modulus Mod n cryptanalysis, a partitioning attack applicable to block and stream ciphers Modulo

Partitioning cryptanalysis

cryptanalysis is a form of cryptanalysis for block ciphers. Developed by Carlo Harpes in 1995, the attack is a generalization of linear cryptanalysis

M6 (cipher)

attacked by mod n cryptanalysis. Mod 5, about 100 known plaintexts suffice to distinguish the output from a pseudorandom permutation. Mod 257, information

David A. Wagner

the slide attack, a new form of cryptanalysis (with Alex Biryukov); also the boomerang attack and mod n cryptanalysis (the latter with Bruce Schneier

Outline of cryptography

Differential cryptanalysis Impossible differential cryptanalysis Integral cryptanalysis Linear cryptanalysis Meet-in-the-middle attack Mod-n cryptanalysis Related-key

List of number theory topics

Gauss's lemma (number theory) Congruence of squares Luhn formula Mod n cryptanalysis Multiplicative function Additive function Dirichlet convolution Erdős–Kac

Differential cryptanalysis

Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash