Mod n cryptanalysis


In cryptography, mod n cryptanalysis is an attack applicable to block and stream ciphers. It is a form of partitioning cryptanalysis that exploits unevenness in how the cipher operates over equivalence classes modulo n. The method was first suggested in 1999 by John Kelsey, Bruce Schneier, and David Wagner and applied to RC5P and M6. These attacks used the properties of binary addition and bit rotation modulo a Fermat prime.

Mod 3 analysis of RC5P

For RC5P, analysis was conducted modulo 3. It was observed that the operations in the cipher were somewhat biased over congruence classes mod 3. To illustrate the approach, consider left rotation by a single bit:
Then, because
it follows that
Thus left rotation by a single bit has a simple description modulo 3. Analysis of other operations reveals similar, notable biases. Although there are some theoretical problems analysing the operations in combination, the bias can be detected experimentally for the entire cipher. In, experiments were conducted up to seven rounds, and based on this they conjecture that as many as 19 or 20 rounds of RC5P can be distinguished from random using this attack. There is also a corresponding method for recovering the secret key.
Against M6 there are attacks mod 5 and mod 257 that are even more effective.