Related Directory Categories
- Coconut Creek (26)
- Coconut Grove (26)
- Business and Economy (20)
- Business and Economy (17)
- Real Estate (8)
- Beyond Zork - The Coconut of Quendor (6)
- Automotive (6)
- Real Estate (4)
- Travel and Tourism (4)
- Lodging (4)
Sources
Help build the largest human-edited directory on the web.
Submit a site - Become an editor
Wikipedia. Licensed under the GNU Free Documentation License.
Are you an expert in this subject? Join the discussion and share your knowledge at Wikipedia.org.
COCONUT98
From Wikipedia, the free encyclopedia
| Designer(s): | Serge Vaudenay |
|---|---|
| First published: | 1998 |
| Related to: | DFC |
| Key size(s): | 256 bits |
| Block size(s): | 64 bits |
| Structure: | Decorrelated Feistel cipher |
| Rounds: | 8 |
| Best public cryptanalysis: | |
| Wagner's boomerang attack uses about 216 adaptively-chosen plaintexts and ciphertexts, about 238 work, and succeeds with probability 99.96%. The differential-linear attack by Biham, et al. uses 227.7 chosen plaintexts and about 233.7 work, and has a 75.5% success rate. |
|
In cryptography, COCONUT98 (Cipher Organized with Cute Operations and N-Universal Transformation) is a block cipher designed by Serge Vaudenay in 1998. It was one of the first concrete applications of Vaudenay's decorrelation theory, designed to be provably secure against differential cryptanalysis, linear cryptanalysis, and even certain types of undiscovered cryptanalytic attacks.
The cipher uses a block size of 64 bits and a key size of 256 bits. Its basic structure is an 8-round Feistel network, but with an additional operation after the first 4 rounds, called a decorrelation module. This consists of a key-dependent affine transformation in the finite field GF(264). The round function makes use of modular multiplication and addition, bit rotation, XORs, and a single 8×24-bit S-box. The entries of the S-box are derived using the binary expansion of e as a source of "nothing up my sleeve numbers".
Despite Vaudenay's proof of COCONUT98's security, in 1999 David Wagner developed the boomerang attack against it. This attack, however, requires both chosen plaintexts and adaptively-chosen ciphertexts, so is largely theoretical. Then in 2002, Biham, et al. applied differential-linear cryptanalysis, a purely chosen-plaintext attack, to break the cipher. The same team has also developed what they call a related-key boomerang attack that distinguishes COCONUT98 from random using one related-key adaptive chosen plaintext and ciphertext quartet under two keys.
- Serge Vaudenay (1998). "Provable Security for Block Ciphers by Decorrelation" (PostScript). Retrieved on 2007-02-16.
- David Wagner (1999-03). "The Boomerang Attack" (PDF/PostScript). 6th International Workshop on Fast Software Encryption (FSE '99): 156-170, Springer-Verlag. Retrieved on 2007-02-05.
- Eli Biham, Orr Dunkelman, Nathan Keller (2002). "Enhancing Differential-Linear Cryptanalysis" (PDF/PostScript). Advances in Cryptology, Proceedings of ASIACRYPT 2002: 254-266, Queenstown, New Zealand: Springer-Verlag. Retrieved on 2007-02-05.
- Serge Vaudenay (2003). "Decorrelation: A Theory for Block Cipher Security" (PDF). Retrieved on 2007-02-05.
- Biham, Dunkelman, Keller (2005). "Related-Key Boomerang and Rectangle Attacks" (PostScript). Advances in Cryptology, Proceedings of EUROCRYPT 2005: 507-525, Aarhus: Springer-Verlag. Retrieved on 2007-02-16.
 |
This cryptography-related article is a stub. You can help Wikipedia by expanding it. |