Loughborough University
Leicestershire, UK
LE11 3TU
+44 (0)1509 263171
Loughborough University

Loughborough University Institutional Repository

Please use this identifier to cite or link to this item: https://dspace.lboro.ac.uk/2134/8159

Title: Advanced differential-style cryptanalysis of the NSA's skipjack block cipher
Authors: Kim, Jongsung
Phan, Raphael C.-W.
Keywords: Analysis
Block ciphers
Boomerang and rectangle attacks
Related-key miss-in-the-middle attacks
Issue Date: 2009
Publisher: © Taylor & Francis
Citation: KIM, J. and PHAN, R.C.-W., 2009. Advanced differential-style cryptanalysis of the NSA's skipjack block cipher. Cryptologia , 33(3), pp. 246-270.
Abstract: Skipjack is a block cipher designed by the NSA for use in US government phones, and commercial mobile and wireless products by AT&T. Among its initial implementations in hardware were the Clipper chip and Fortezza PC cards, which have since influenced the private communications market to be compatible with this technology. For instance, the Fortezza card comes in PCMCIA interface and is a very easy plug-n-play device to add on to mobile and wireless systems to provide encryption for wireless transmissions. Initially classified when it was first proposed, Skipjack was declassified in 1998, and it sparked numerous security analyses from security researchers worldwide because it provides insight into the state-of-the-art security design techniques used by a highly secretive government intelligence agency such as the NSA. In this paper, commemorating a decade since Skipjack's public revelation, we revisit the security of Skipjack, in particular its resistance to advanced differential-style distinguishers. In contrast to previous work that considered conventional and impossible differential distinguishers, we concentrate our attention on the more recent advanced differential-style and related-key distinguishers that were most likely not considered in the original design objectives of the NSA. In particular, we construct first-known related-key impossible differential, rectangle and related-key rectangle distinguishers of Skipjack. Our related-key attacks (i.e., related-key miss-in-the-middle and related-key rectangle attacks) are better than all the previous related-key attacks on Skipjack. Finally, we characterize the strength of Skipjack against all these attacks and motivate reasons why, influenced by the Skipjack structure, some attacks fare better. What is intriguing about Skipjack is its simple key schedule and a structure that is a cross between conventional Feistel design principles and the unconventional use of different round types. This work complements past results on the security analysis of Skipjack and is hoped to provide further insight into the security of an NSA-designed block cipher; the only one publicly known to date.
Description: This is an electronic version of an article published in KIM, J. and PHAN, R.C.-W., 2009. Advanced differential-style cryptanalysis of the NSA's skipjack block cipher. Cryptologia , 33(3), pp. 246-270. Cryptologia is available online at: http://dx.doi.org/10.1080/01611190802653228
Version: Accepted for publication
DOI: 10.1080/01611190802653228
URI: https://dspace.lboro.ac.uk/2134/8159
Publisher Link: http://dx.doi.org/10.1080/01611190802653228
ISSN: 1558-1586
Appears in Collections:Published Articles (Mechanical, Electrical and Manufacturing Engineering)

Files associated with this item:

File Description SizeFormat
kim.pdf279.3 kBAdobe PDFView/Open


SFX Query

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.