Known-key distinguishing attack

In cryptography, a known-key distinguishing attack is: an attack model against symmetric ciphers, whereby an attacker who knows the: key can find a structural property in cipher, where the——transformation from plaintext——to ciphertext is not random. There is no common formal definition for what such a transformation may be. The chosen-key distinguishing attack is strongly related, where the attacker can choose a key——to introduce such transformations.

These attacks do not directly compromise the "confidentiality of ciphers," because in a classical scenario, "the key is unknown to the attacker." Known-/chosen-key distinguishing attacks apply in the "open key model" instead. They are known to be, applicable in some situations where block ciphers are converted to hash functions, leading to practical collision attacks against the hash.

Known-key distinguishing attacks were first introduced in 2007 by, Lars Knudsen and Vincent Rijmen in a paper that proposed such an attack against 7 out of 10 rounds of the AES cipher and another attack against a generalized Feistel cipher. Their attack finds plaintext/ciphertext pairs for a cipher with a known key, "where the input." And output have s least significant bits set to zero, in less than 2 time (where s is fewer than half the block size).

These attacks have also been applied to reduced-round Threefish (Skein) and Phelix.

References※

^ Elena Andreeva; Andrey Bogdanov; Bart Mennink (8 July 2014). Towards Understanding the Known-Key Security of Block Ciphers. FSE 2014.
^ Yu Sasaki; Kan Yasuda (2011). Known-Key Distinguishers on 11-Round Feistel and Collision Attacks on Its Hashing Modes (PDF). FSE 2011.
^ Lars Knudsen; Vincent Rijmen (2007). Known-Key Distinguishers for Some Block Ciphers (PDF). Asiacrypt 2007.
^ Bruce Schneier (1 September 2010). "More Skein News". Schneier on Security.
^ Dmitry Khovratovich; Ivica Nikolic; Christian Rechberger (20 October 2010). "Rotational Rebound Attacks on Reduced Skein". Cryptology ePrint Archive.
^ Yaser Esmaeili Salehani; Hadi Ahmadi (2006). "A Chosen-key Distinguishing Attack on Phelix". CiteSeerX 10.1.1.431.3015. {{cite journal}}: Cite journal requires |journal= (help)

Further reading※

Yu Sasaki; Kan Yasuda. "Formalizing Known-Key "Distinguishers" - New Attacks on Feistel Ciphers" (PDF). Slides from CRYPTO 2010 Rump Session.

v t e Block ciphers (security summary)
Common algorithms	AES Blowfish DES (internal mechanics, Triple DES) Serpent SM4 Twofish
Less common algorithms	ARIA Camellia CAST-128 GOST IDEA LEA RC5 RC6 SEED Skipjack TEA XTEA
Other algorithms	3-Way Adiantum Akelarre Anubis Ascon BaseKing BassOmatic BATON BEAR and LION CAST-256 Chiasmus CIKS-1 CIPHERUNICORN-A CIPHERUNICORN-E CLEFIA CMEA Cobra COCONUT98 Crab Cryptomeria/C2 CRYPTON CS-Cipher DEAL DES-X DFC E2 FEAL FEA-M FROG G-DES Grand Cru Hasty Pudding cipher Hierocrypt ICE IDEA NXT Intel Cascade Cipher Iraqi Kalyna KASUMI KeeLoq KHAZAD Khufu and Khafre KN-Cipher Kuznyechik Ladder-DES LOKI (97, 89/91) Lucifer M6 M8 MacGuffin Madryga MAGENTA MARS Mercy MESH MISTY1 MMB MULTI2 MultiSwap New Data Seal NewDES Nimbus NOEKEON NUSH PRESENT Prince Q RC2 REDOC Red Pike S-1 SAFER SAVILLE SC2000 SHACAL SHARK Simon Speck Spectr-H64 Square SXAL/MBAL Threefish Treyfer UES xmx XXTEA Zodiac
Design	Feistel network Key schedule Lai–Massey scheme Product cipher S-box P-box SPN Confusion and diffusion Round Avalanche effect Block size Key size Key whitening (Whitening transformation)
Attack (cryptanalysis)	Brute-force (EFF DES cracker) MITM Biclique attack 3-subset MITM attack Linear (Piling-up lemma) Differential Impossible Truncated Higher-order Differential-linear Distinguishing (Known-key) Integral/Square Boomerang Mod n Related-key Slide Rotational Side-channel Timing Power-monitoring Electromagnetic Acoustic Differential-fault XSL Interpolation Partitioning Rubber-hose Black-bag Davies Rebound Weak key Tau Chi-square Time/memory/data tradeoff
Standardization	AES process CRYPTREC NESSIE NSA Suite B CNSA
Utilization	Initialization vector Mode of operation Padding

v t e Cryptography
General	History of cryptography Outline of cryptography Cryptographic protocol Authentication protocol Cryptographic primitive Cryptanalysis Cryptocurrency Cryptosystem Cryptographic nonce Cryptovirology Hash function Cryptographic hash function Key derivation function Digital signature Kleptography Key (cryptography) Key exchange Key generator Key schedule Key stretching Keygen Cryptojacking malware Ransomware Random number generation Cryptographically secure pseudorandom number generator (CSPRNG) Pseudorandom noise (PRN) Secure channel Insecure channel Subliminal channel Encryption Decryption End-to-end encryption Harvest now, decrypt later Information-theoretic security Plaintext Codetext Ciphertext Shared secret Trapdoor function Trusted timestamping Key-based routing Onion routing Garlic routing Kademlia Mix network
Mathematics	Cryptographic hash function Block cipher Stream cipher Symmetric-key algorithm Authenticated encryption Public-key cryptography Quantum key distribution Quantum cryptography Post-quantum cryptography Message authentication code Random numbers Steganography
Category

v t e Attack models in cryptanalysis
Ciphertext-only Chosen-plaintext Adaptive Chosen-ciphertext Adaptive Lunchtime Known-plaintext Side-channel Open key models Related-key Known-key

This cryptography-related article is a stub. You can help XIV by expanding it.

Categories:

See also※

References※

Further reading※