I created this page so that I can share what I'm learning in my latest pursuit: cryptography. I am particularly interested in the cryptanalysis end of it. I am slowly expanding my understanding of this artform, but it does have a pretty steep learning curve. I think that my background in both programming and security will greatly help. I will attempt to use as standard as notation as possible, but I am self-taught so I'm sure that the language will not be perfect. I plan to start the entries here (from the bottom) at a basic level and then work up to more advanced stuff. In this way, newcomers will hopefully be able to follow along as I progress (and hopefully they do as well). I am still a beginner at this and would appreciate any corrections or advice.
Learn about the very basics of cryptography. What does encryption mean? How are ciphers categorized? What uses does
crypto have other than scrambling messages? How can you sign a letter without a pen? I attempt to answer these sorts of questions on this
page. It is really for the beginners but it'd be cool if the experienced folks checked out gave me tips on how to improve it.
Discussed on this page are some of the elements used in the design of block ciphers. Also we examine two structures to combine these
elements into a full algorithm. Much of the vocabulary that will be used in later pages is explained here. Learn about s-boxes, key schedules,
linear mixing, and feistel ciphers and let me know what you think.
Here we have a relatively non-technical overview of what cryptanalysis is. Known-plaintext attacks, frequency analysis, linear and differential
attacks, and more is discussed.
Linear Cryptanalysis Tutorial
After banging my head on the desk for 2 weeks, I finally found the bug in my LC code. On this page, I've explained as simply as I can how
a barebones linear attack would work on a 2-round 4-bit block cipher. We'll explore finding linear approximations, what the hell a linear
approximation is, and how to leverage them to break the cipher with less computational work than brute force. I haven't seen another page on
the net that walks the reader through the process and provides source code to play with. If you know of a page/paper about linear cryptanalysis
that doesn't require a math degree to understand, please let me know. In the meantime, enjoy this tutorial and, as always, let me know what you
Differential Cryptanalysis Tutorial
Here's another modern statistical attack applied to block ciphers. We'll use the classic differential attack to break a simple toy cipher and
recover the key in less than brute force time. We'll also explore how to find good differentials and use them to reduce the keyspace to be searched.
Enjoy and tell me your thoughts.
Multi-Round Differential Cryptanalysis
I had so much fun learning about DC while writing the last tutorial, I went a bit further with it here. The cipher attacked on this page is
quite a bit beefier. With a block size of 8 bits, 4 rounds, a P-Box, and a 32 bit key; its a hefty target. We'll chain several differential
characteristics together and find a chosen plaintext/ciphertext pair that satisfies this path. Next, we'll use the good pair and our path to
make assumptions about the hidden intermediate values in the cipher. These assumptions allow us to recover the key in far less time than
Differential Cryptanalysis of FEAL-4
This one is long as hell. We walk through a differential attack on the infamously weak FEAL-4 block cipher. Although being a favorite
cipher to beat on by the cryptography community, it is a real modern block cipher. Go slow, study the diagrams, read the code, and have fun.
Be sure to take this technique further and tell me about it so I can learn more. There is a ton of opportunity for improving the attack here.
Scaling back the difficulty a little bit here. This page describes a very basic form of slide attack. This technique is used to break
simple ciphers that attempt to rely on lots of rounds for their security against analysis. This, alone, is not enough and this page
will show you why.
Boomerang Attack on FEAL-6
This time we'll use an adaptive-chosen ciphertext technique called the boomerang attack to determine if a black box is running FEAL-6.
The boomerang attack was created to expand the power of differential cryptanalysis. Although, we will not be recovering any information
about the key, we will be identifying the algorithm inside just by feeding data into it. This distinguishing attack exploits 100% probable
differentials in FEAL and only requires 2 encryptions and 2 decryptions.
Impossible Differential Cryptanalysis
In this tutorial we'll check out yet another variant of the differential attack. We'll use the impossibility of differentials
injected by chosen-plaintext transforming into other differentials to break a toy cipher. By having certainty that a property
shouldn't exist at the input to the last round, we can make key guesses at the last-round subkey and rule out those subkeys when
the property appears. Narrow down the keyspace enough and you'll be left with the correct key.