Not What You Meant? There are 32 definitions for Mod.

Mod n cryptanalysis

About 2 pages (674 words)

Questions on this topic? Just ask!

In cryptography, mod n cryptanalysis is an attack applicable to block and stream ciphers. It is a form of partitioning cryptanalysis which exploits unevenness in how the cipher operates over equivalence classes (congruence classes) modulo n. The method was first suggested in 1999 by John Kelsey, Bruce Schneier, and David Wagner and applied to RC5P (a variant of RC5) and M6 (a family of block ciphers used in the FireWire standard). These attacks used the properties of binary addition and bit rotation modulo a Fermat prime.

Mod 3 analysis of RC5P

For RC5P, analysis was conducted modulo 3. It was observed that the operations in the cipher (rotation and addition, both on 32-bit words) were somewhat biased over congruence classes mod 3. To illustrate the approach, consider left rotation by a single bit:

<math>X \lll 1=\left\{\begin{matrix} 2X, & \mbox{if } X < 2^{31} \\ 2X + 1 - 2^{32}, & \mbox{if } X \geq 2^{31}\end{matrix}\right.</math>

Then, because

<math>2^{32} \equiv 1\pmod 3,\,</math>

we can deduce that

<math>X \lll 1 \equiv 2X\pmod 3.</math>

Thus left rotation by a single bit has a simple description modulo 3. Analysis of other operations (data dependent rotation and modular addition) reveals similar, notable biases. Although there are some theoretical problems analysing the operations in combination, the bias can be detected experimentally for the entire cipher. In (Kelsey et. al, 1999), experiments were conducted up to seven rounds, and based on this they conjecture that as many as nineteen or twenty rounds of RC5P can be distinguished from random using this attack. There is also a corresponding method for recovering the secret key. Against M6 there are attacks mod 5 and mod 257 that are even more effective.

References

John Kelsey, Bruce Schneier, David Wagner (1999-03). "Mod n Cryptanalysis, with Applications Against RC5P and M6." (PDF/PostScript). Fast Software Encryption, Sixth International Workshop Proceedings: 139–155, Rome: Springer-Verlag. Retrieved on 2007-02-12.
Vincent Rijmen (2003-12-01). ""mod n" Cryptanalysis of Rabbit" (PDF). White paper, Version 1.0. Cryptico. Retrieved on 2007-02-12.
Toshio Tokita, Tsutomu Matsumoto. "On Applicability of Differential Cryptanalysis, Linear Cryptanalysis and Mod n Cryptanalysis to an Encryption Algorithm M8 (ISO9979-20)". IPSJ JOURNAL 42 (08).

Block ciphers This box: • • edit
Common algorithms: AES \| Blowfish \| DES \| 3DES \| Serpent \| Twofish
Other algorithms: 3-Way \| Akelarre \| Anubis \| ARIA \| BaseKing \| C2 \| Camellia \| CAST-128 \| CAST-256 \| CIKS-1 \| CIPHERUNICORN-A \| CIPHERUNICORN-E \| CMEA \| Cobra \| COCONUT98 \| Crab \| CRYPTON \| CS-Cipher \| DEAL \| DES-X \| DFC \| E2 \| FEAL \| FROG \| G-DES \| GOST \| Grand Cru \| Hasty Pudding Cipher \| Hierocrypt \| ICE \| IDEA \| IDEA NXT \| Iraqi \| Intel Cascade Cipher \| KASUMI \| KHAZAD \| Khufu and Khafre \| KN-Cipher \| Ladder-DES \| Libelle \| LOKI89/91 \| LOKI97 \| Lucifer \| M6 \| MacGuffin \| Madryga \| MAGENTA \| MARS \| Mercy \| MESH \| MISTY1 \| MMB \| MULTI2 \| NewDES \| NOEKEON \| NUSH \| Q \| RC2 \| RC5 \| RC6 \| REDOC \| Red Pike \| S-1 \| SAFER \| SC2000 \| SEED \| SHACAL \| SHARK \| Skipjack \| SMS4 \| Square \| TEA \| Treyfer \| Triple DES \| UES \| Xenon \| xmx \| XTEA \| XXTEA \| Zodiac
Design: Feistel network \| Key schedule \| Product cipher \| S-box \| SPN
Attacks: Brute force \| Linear / Differential / Integral cryptanalysis \| Mod n \| Related-key \| Slide \| XSL
Standardization: AES process \| CRYPTREC \| NESSIE
Misc: Avalanche effect \| Block size \| IV \| Key size \| Modes of operation \| Piling-up lemma \| Weak key
Cryptography This box: • • edit
History of cryptography \| Cryptanalysis \| Cryptography portal \| Topics in cryptography
Symmetric-key algorithm \| Block cipher \| Stream cipher \| Public-key cryptography \| Cryptographic hash function \| Message authentication code \| Random numbers