Content deleted Content added
No edit summary Tags: Visual edit Mobile edit Mobile web edit Disambiguation links added |
m link to block cipher article |
||
| (3 intermediate revisions by 3 users not shown) | |||
Line 1:
{{short description|General form of cryptanalysis applicable primarily to block ciphers}}
'''[[Differential (mathematics)|Differential]] cryptanalysis''' is a general form of [[cryptanalysis]] applicable primarily to [[Block cipher|block ciphers]], but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in information input can affect the resultant difference at the output. In the case of a [[block cipher]], it refers to a set of techniques for tracing differences through the network of transformation, discovering where the cipher exhibits [[non-randomness|non-random behavior]], and exploiting such properties to recover the secret key (cryptography key).
==History==
Line 16:
(and ⊕ denotes exclusive or) for each such S-box ''S''. In the basic attack, one particular ciphertext difference is expected to be especially frequent. In this way, the [[cipher]] can be distinguished from [[randomness|random]]. More sophisticated variations allow the key to be recovered faster than [[Brute force attack|an exhaustive search]].
In the most basic form of key recovery through differential cryptanalysis, an attacker requests the ciphertexts for a large number of plaintext pairs, then assumes that the differential holds for at least ''r'' − 1 rounds, where ''r'' is the total number of rounds.
For any particular cipher, the input difference must be carefully selected for the attack to be successful. An analysis of the algorithm's internals is undertaken; the standard method is to trace a path of highly probable differences through the various stages of encryption, termed a ''differential characteristic''.
| |||