Abstract
This paper studies the security offered by the block cipher E2 against truncated differential cryptanalysis. At FSE'99 Matsui and Tokita showed a possible attack on an 8-round variant of E2 without IT- Function (the initial transformation) and FT-Function (the ffnal trans- formation) based on byte characteristics. To evaluate the security against attacks using truncated differentials, which mean bytewise differentials in this paper, we searched for all truncated differentials that lead to pos- sible attacks for reduced-round variants of E2. As a result, we conffrmed that there exist no such truncated differentials for E2 with more than 8 rounds. However, we found another 7-round truncated differential which lead to another possible attack on an 8-round variant of E2 without IT- or FT-Function with less complexity. We also found that the 7-round truncated differential is useful to distinguish a 7-round variant of E2 with IT- and FT-Functions from a random permutation. In spite of our severe examination, this type of cryptanalysis fails to break the full E2. We believe that this means that the full E2 offers strong security against this truncated differential cryptanalysis.
Cite
CITATION STYLE
Moriai, S., Sugita, M., Aoki, K., & Kanda, M. (2000). Security of E2 against truncated differential cryptanalysis. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 1758, pp. 106–117). Springer Verlag. https://doi.org/10.1007/3-540-46513-8_8
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
