Cryptanalysis of WIDEA
نویسنده
چکیده
WIDEA is a family of block ciphers designed by Junod and Macchetti in 2009 as an extension of IDEA to larger block sizes (256 and 512 bits for the main instances WIDEA-4 and WIDEA-8) and larger key sizes (512 and 1024 bits, respectively). WIDEA-w is composed of w parallel copies of the IDEA block cipher, with an MDS matrix to provide diffusion between them. An important motivation was to use WIDEA to design a hash function. In this paper we present low complexity attacks on WIDEA based on truncated differentials. We show a distinguisher for the full WIDEA with complexity only 2, and we use the distinguisher in a key-recovery attack with complexity w · 2. We also show a collision attack on WIDEA-8 if it is used to build a hash function using the Merkle-Damgård mode of operation. The attacks exploit the parallel structure of WIDEA and the limited diffusion between the IDEA instances, using differential trails where the MDS diffusion layer is never active. In addition, we use structures of plaintext to reduce the data complexity.
منابع مشابه
Revisiting the IDEA Philosophy
Since almost two decades, the block cipher IDEA has resisted an exceptional number of cryptanalysis attempts. At the time of writing, the best published attack works against 6 out of the 8.5 rounds (in the non-related-key attacks model), employs almost the whole codebook, and improves the complexity of an exhaustive key search by a factor of only two. In a parallel way, Lipmaa demonstrated that...
متن کاملDifferential and Linear Attacks on the Full WIDEA-n Block Ciphers (under Weak Keys)
We report on differential and linear analysis of the full 8.5round WIDEA-n ciphers for n ∈ {4, 8}, under weak-key assumptions. The novelty in our attacks include the use of differential and linear relation patterns that allow to bypass the diffusion provided by MDS codes altogether. Therefore, we can attack only a single IDEA instance out of n copies, effectively using a narrow trail for the pr...
متن کاملA new method for accelerating impossible differential cryptanalysis and its application on LBlock
Impossible differential cryptanalysis, the extension of differential cryptanalysis, is one of the most efficient attacks against block ciphers. This cryptanalysis method has been applied to most of the block ciphers and has shown significant results. Using structures, key schedule considerations, early abort, and pre-computation are some common methods to reduce complexities of this attack. In ...
متن کاملImpossible Differential Cryptanalysis on Deoxys-BC-256
Deoxys is a final-round candidate of the CAESAR competition. Deoxys is built upon an internal tweakable block cipher Deoxys-BC, where in addition to the plaintext and key, it takes an extra non-secret input called a tweak. This paper presents the first impossible differential cryptanalysis of Deoxys-BC-256 which is used in Deoxys as an internal tweakable block cipher. First, we find a 4.5-round...
متن کاملTime and Space Complexity Reduction of a Cryptanalysis Algorithm
Binary Decision Diagram (in short BDD) is an efficient data structure which has been used widely in computer science and engineering. BDD-based attack in key stream cryptanalysis is one of the best forms of attack in its category. In this paper, we propose a new key stream attack which is based on ZDD(Zero-suppressed BDD). We show how a ZDD-based key stream attack is more efficient in time and ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2012