COCONUT98
   HOME

TheInfoList



Click Here for Items Related To - COCONUT98
OR:
COCONUT98 on:   [Wikipedia]   [Google]   [Amazon]

In
cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...
, COCONUT98 (Cipher Organized with Cute Operations and N-Universal Transformation) is a
block cipher In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called ''blocks''. Block ciphers are specified cryptographic primitive, elementary components in the design of many cryptographic protocols and ...
designed by
Serge Vaudenay Serge Vaudenay (born 5 April 1968) is a French cryptographer and professor, director of the Communications Systems Section at the École Polytechnique Fédérale de Lausanne Serge Vaudenay entered the École Normale Supérieure in Paris as a '' ...
in 1998. It was one of the first concrete applications of Vaudenay's
decorrelation theory In cryptography, decorrelation theory is a system developed by Serge Vaudenay in 1998 for designing block ciphers to be provably secure against differential cryptanalysis, linear cryptanalysis, and even undiscovered cryptanalytic attacks meeting ...
, designed to be
provably secure Provable security refers to any type or level of computer security that can be proved. It is used in different ways by different fields. Usually, this refers to mathematical proofs, which are common in cryptography. In such a proof, the capabiliti ...
against
differential cryptanalysis Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in information input can aff ...
, linear cryptanalysis, and even certain types of undiscovered cryptanalytic attacks. The cipher uses a block size of 64 bits and a key size of 256 bits. Its basic structure is an 8-round
Feistel network In cryptography, a Feistel cipher (also known as Luby–Rackoff block cipher) is a symmetric structure used in the construction of block ciphers, named after the German-born physicist and cryptographer Horst Feistel, who did pioneering research whi ...
, but with an additional operation after the first 4 rounds, called a ''decorrelation module''. This consists of a key-dependent
affine transformation In Euclidean geometry, an affine transformation or affinity (from the Latin, ''affinis'', "connected with") is a geometric transformation that preserves lines and parallelism, but not necessarily Euclidean distances and angles. More generally, ...
in the
finite field In mathematics, a finite field or Galois field (so-named in honor of Évariste Galois) is a field that contains a finite number of elements. As with any field, a finite field is a set on which the operations of multiplication, addition, subtr ...
GF(264). The round function makes use of modular multiplication and addition,
bit rotation In computer programming, a bitwise operation operates on a bit string, a bit array or a binary numeral (considered as a bit string) at the level of its individual bits. It is a fast and simple action, basic to the higher-level arithmetic operati ...
,
XOR Exclusive or or exclusive disjunction is a logical operation that is true if and only if its arguments differ (one is true, the other is false). It is symbolized by the prefix operator J and by the infix operators XOR ( or ), EOR, EXOR, , ...
s, and a single 8×24-bit S-box. The entries of the S-box are derived using the binary expansion of e as a source of "
nothing up my sleeve number In cryptography, nothing-up-my-sleeve numbers are any numbers which, by their construction, are above suspicion of hidden properties. They are used in creating cryptographic functions such as hashes and ciphers. These algorithms often need rando ...
s". Despite Vaudenay's proof of COCONUT98's security, in 1999 David Wagner developed the
boomerang attack In cryptography, the boomerang attack is a method for the cryptanalysis of block ciphers based on differential cryptanalysis. The attack was published in 1999 by David Wagner, who used it to break the COCONUT98 cipher. The boomerang attack ...
against it. This attack, however, requires both chosen plaintexts and adaptive chosen ciphertexts, so is largely theoretical. Then in 2002, Biham, et al. applied
differential-linear cryptanalysis Introduced by Martin Hellman and Susan K. Langford in 1994, the differential-linear attack is a mix of both linear cryptanalysis and differential cryptanalysis. The attack utilises a differential characteristic over part of the cipher with a pro ...
, a purely chosen-plaintext attack, to break the cipher. The same team has also developed what they call a '' related-key boomerang attack'', which distinguishes COCONUT98 from random using one related-key adaptive chosen plaintext and ciphertext quartet under two keys.


References

{{Cryptography navbox , block Broken block ciphers