Differential Attack Of Reduced-round Block Cipher Serpent And ICEBERG

Information is the most valuable resource and treasure in the information society. It can be transmitted by any useable medium, such as network, electricity, and print. The confidence and security of information is very important since the extremely high frequence of communnication. The security of information has a close relationship with the military, politics, economy and personal life. The encryption technique is brought in for ensuring the safety and confidence of informaion, with which the information could not be changed and fabricated by anyone except the legal user.Block cipher is one big branch of encryption algoritm, which means the encryption is done in blocks. The classic block cipher include DES, IDEA, and etc. The cryptanalysis methods toward block cipher include differential attack, linear attack, square attack and etc. This paper presents differential attack to 7-round Serpent and 8-round Serpent, and initial analysis on the block cipher ICEBERG, used mainly on reconfigurable hardware.We prensent four 6-round Serpent differential characteristics, whose input differences are not fixed. Let the input differences vary all the possible value, and count the total number of characteristic with different probability. During the attack, characteristics with different probability is used. The first improvement is made with two characteristics of the four. The data complexity is 275.64 chosen plaintexts, and the time complexity is 276.64 memory access in the 7-round attack,2204.64 memory access in the 8-round attack. With another characteristic, the 7-round attack needs 273.64 chosen plaintexts,274.64 memory access, and the 8-round attack needs the same amount of chosen plaintexts,2202.64 memory access. The result can be improved with the last characteristic. In the 7-round attack,269.46 chosen plaintexts and 270.49 memory access are needed, while the same number of chosen plaintexts and 2198.49 memory access are needed in the 8-round attack.While analyzing the linear transformation of ICEBERG, we divide the 64 bits of input into 16 disjoint groups, which include four bits only having relationship with three bits in the same group during the linear transformation. Base on the fact, we conclude that there are at least twelve active S-boxes in a 6-round differential characteristic, and the distribution of active S-boxes only have eight possiblities. We get four 5-round differential characteristic with probability 2-52.6, and two 6-round differential characteristic with probabilty 2-63.2. With them, the 6-round and 7-round ICBERG can be attacked with 264 chosen plaintexts, and 264 encryptions.