Next, after obtaining a serial of plaintext-ciphertext pairs, the opponent supposes some subkey
sets involved in the outer rounds of the impossible differential path, and then encrypts/decrypts partially each pair of plaintext-ciphertext to verify whether the corresponding internal difference states are identical.
It is helpful to reduce the number of subkey
candidates and improve the attacking efficiency.
It presents a high security level because its design structure removes subkey
CH: cluster head, MN: mobile node, FN: fixed node, [KP.sub.main]: main large key pool, [KP.sub.FN]: subkey
pool for fixed nodes, [KP.sub.MN]: subkey
pool for mobile nodes, [K.sub.plc] : public key, [K.sub.prt] : private key, prand(): prime number generator, AUTH: authentication code, PRM: generated prime number, [SP.sub.MN]: scalar product of a mobile node, [SP.sub.FN]: scalar product of a fixed node, SCC: secret communication code.
Study has been made and the result shows, among the AES candidates, Rijndael key schedule fall into a category in which knowledge of a round subkey
yields bits of other round subkeys
or the master key after some simple arithmetic operations or function inversions .
Feistel ciphers have a repetitive structure where each stage or round of calculations involves splitting the input into two halves ([L.sub.i-1], [R.sub.i-1]), passing the right input [R.sub.i-1] to the left output [L.sub.i], and computing the right output Ri by taking the bitwise exclusive-or of the left input [L.sub.i-1] with a function of the right input [R.sub.i-1] and subkey
[K.sub.i] denoted by F([R.sub.i-1], [K.sub.i]).
First we use letters k and p for 16-byte plaintext and first round subkey
, with subscripts indicating a particular byte:
A 128-bit plaintext is XORed with the 128-bit round subkey
in AddRoundKey of an encryption.
They aimed at recovering more subkey
bits and increasing the probability of the remaining pairs, thus reducing data complexity.
As for the DFA on the available block ciphers, the last subkey
should be recovered at first by differential analysis.
: All the possible subkey
values form a set k with size K.
We focus our attention on these ciphers which consist of subkey
XOR, nonlinear, and linear operations.