Preliminary Cryptanalysis of Reduced-Round Serpent

T. Kohno, J. Kelsey, and B. Schneier

Proceedings of the Third AES Candidate Conference, April 2000, pp. 195-211.

ABSTRACT: Serpent is a 32-round AES block cipher finalist. In this paper we present several attacks on reduced-round variants of Serpent that require less work than exhaustive search. We attack six-round 256-bit Serpent using the meet-in-the-middle technique, 512 known plaintexts, 2246 bytes of memory, and approximately 2247 trial encryptions. For all key sizes, we attack six-round Serpent using standard differential cryptanalysis, 283 chosen plaintexts, 240 bytes of memory, and 290 trial encryptions. We present boomerang and amplified boomerang attacks on seven- and eight-round Serpent, and show how to break nine-round 256-bit Serpent using the amplified boomerang technique, 2110 chosen plaintexts, 2212 bytes of memory, and approximately 2252 trial encryptions.

[full text – postscript] [full text – PDF (Acrobat)]

Categories: Algorithm Analyses

Sidebar photo of Bruce Schneier by Joe MacInnis.