This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Next revision Both sides next revision | ||
paes [25/03/2014 11:56:59] stek |
paes [11/04/2014 08:07:03] mmeh [Cryptanalysis] |
||
---|---|---|---|
Line 6: | Line 6: | ||
===== Cryptanalysis ===== | ===== Cryptanalysis ===== | ||
- | ^ Type ^ Number of Queries ^ Computations ^ Reference ^ Comment ^ | + | ^ Type ^ Queries ^ Computations ^ Success probability ^ Reference ^ |
- | | Forgery | $2^{11}$ | $2^{11}$ | Yu Sasaki and Lei Wang[(ref:caesar:cryptoeprint2014218)] | | | + | | Forgery | $2^{11}$ | $2^{11}$ | | Sasaki and Wang[(ref:caesar:cryptoeprint2014218)] | |
- | + | | Distinguisher | 1 | | | Saarinen [[https://groups.google.com/forum/#!topic/crypto-competitions/vRmJdRQBzOo|on newsgroup]] | | |
- | + | | Distinguisher | 1 | | $2^{-64}$ | Jean and Nikolić [(:ref:caesar:paesJeanNicolic)] | | |
- | Jérémy Jean and Ivica Nikolić describe a distinguisher for PAES in [[http://www1.spms.ntu.edu.sg/~syllab/m/images/6/6e/Using_AES_Round_Symmetries_to_Distinguish_PAES.pdf|this note]]. Independently, Markku-Juhani O. Saarinen reports issues with rotational invariants in PAES in [[https://groups.google.com/forum/#!topic/crypto-competitions/vRmJdRQBzOo|this thread]] that lead to distinguishing and key-recovery shortcuts. | + | |
+ | ~~REFNOTES~~ |