Abstract
SAFER+ was a candidate block cipher for AES with 128-bit block size and a variable key sizes of 128, 192 or 256 bits. Bluetooth uses customized versions of SAFER+ for security. The numbers of rounds for SAFER+ with key sizes of 128, 192 and 256 are 8, 12 and 16, respectively. SAFER++, a variant of SAFER+, was among the cryptographic primitives selected for the second phase of the NESSIE project. The block size is 128 bits and the key size can take either 128 or 256 bits. The number of rounds for SAFER++ is 7 for keys of 128 bits, and 10 for keys of 256 bits. Both ciphers use PHT as their linear transformation. In this paper, we take advantage of properties of PHT and S-boxes to identify 3.75-round impossible differentials for SAFER++ and 2.75-round impossible differentials for SAFER+, which result in impossible differential attacks on 4-round SAFER+/128(256), 5-round SAFER++/128 and 5.5-round SAFER++/256. Our attacks significantly improve previously known impossible differential attacks on 3.75-round SAFER+/128(256) and SAFER++/128(256). Our attacks on SAFER+/128(256) and SAFER++/128(256) represent the best currently known attack in terms of the number of rounds.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
