翻訳と辞書 Words near each other ・ Interpol (band) ・ Interpol (disambiguation) ・ Interpol (EP) ・ Interpol Calling ・ Interpol discography ・ Interpol Investigates ・ Interpol notice ・ Interpol Remix ・ Interpol Terrorism Watch List ・ Interpol Travel Document ・ Interpolation ・ Interpolation (computer graphics) ・ Interpolation (disambiguation) ・ Interpolation (manuscripts) ・ Interpolation (music) ・ Interpolation attack ・ Interpolation inequality ・ Interpolation search ・ Interpolation space ・ Interpolation theorem ・ Interpolation theory ・ Interpolative decomposition ・ Interpolis ・ Interport matches ・ Interporto Futebol Clube ・ Interposed nucleus ・ Interposer ・ Interposing tactics ・ Interposition ・ Interposition (disambiguation) Dictionary Lists mini英和辞書 mini和英辞書 Webster 1913 Latin-English FOLDOC Wikipedia English ウィキペディア

翻訳と辞書　辞書検索 [ 開発暫定版 ] スポンサード リンク Interpolation attack ： ウィキペディア英語版 Interpolation attack In cryptography, an interpolation attack is a type of cryptanalytic attack against block ciphers. After the two attacks, differential cryptanalysis and linear cryptanalysis, were presented on block ciphers, some new block ciphers were introduced, which were proven secure against differential and linear attacks. Among these there were some iterated block ciphers such as the KN-Cipher and the SHARK cipher. However, Thomas Jakobsen and Lars Knudsen showed in the late 90's that these ciphers were easy to break by introducing a new attack called the interpolation attack. In the attack, an algebraic function is used to represent an S-box. This may be a simple quadratic, or a polynomial or rational function over a Galois field. Its coefficients can be determined by standard Lagrange interpolation techniques, using known plaintexts as data points. Alternatively, chosen plaintexts can be used to simplify the equations and optimize the attack. In its simplest version an interpolation attack expresses the ciphertext as a polynomial of the plaintext. If the polynomial has a relative low number of unknown coefficients, then with a collection of plaintext/ciphertext (p/c) pairs, the polynomial can be reconstructed. With the polynomial reconstructed the attacker then has a representation of the encryption, without exact knowledge of the secret key. The interpolation attack can also be used to recover the secret key. It is easiest to describe the method with an example. ==Example== Let an iterated cipher be given by :$c\_i=(c\_\backslash oplus\; k\_i)^3,$ where $c\_0$ is the plaintext, $k\_i\backslash in\; K$ is the secret round key, and for a $r$-round iterated cipher, $c\_r$ is the ciphertext. Consider the 2-round cipher. Let $x$ denote the message, and $c$ denote the ciphertext. Then the output of round 1 becomes :$c\_1=(x+\; k\_1)^3=(x^2+\; k\_1^2)(x\; +\; k\_1)=x^3+\; k\_1^2x+\; x^2k\_1+\; k\_1^3,$ and the output of round 2 becomes :$c\_2=c=(c\_1+\; k\_2)^3=(x^3+\; k\_1^2x+\; x^2k\_1+\; k\_1^3+\; k\_2)^3$ :$=x^9+\; x^8k\_1+\; x^6k\_2+\; x^4k\_1^2k\_2+\; x^3k\_2^2+\; x^2(k\_1k\_2^2+k\_1^4k\_2)$ + x(k_1^2k_2^2+k_1^8)+ k_1^3k_2^2+ k_1^9+ k_2^3, Express the ciphertext as a polynomial of the plaintext yields :$p(x)=a\_1x^9+\; a\_2x^8+\; a\_3x^6+\; a\_4x^4+\; a\_5x^3+\; a\_6x^2+\; a\_7x+\; a\_8,$ where the $a\_i$'s are key dependent constants. Using as many plaintext/ciphertext pairs as the number of unknown coefficients in the polynomial $p(x)$, then we can construct the polynomial. This can for example be done by Lagrange Interpolation (see Lagrange polynomial). When the unknown coefficients have been determined, then we have an representation $p(x)$ of the encryption, without knowledge of the secret key $K$. 抄文引用元・出典: フリー百科事典『 ウィキペディア（Wikipedia）』 ■ウィキペディアで「Interpolation attack」の詳細全文を読む スポンサード リンク 翻訳と辞書 : 翻訳のためのインターネットリソース Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.