MIYAJI and NONAKA : CRYPTANALYSIS OF REDUCED - ROUND RC 6 WITHOUT WHITENING
نویسنده
چکیده
We investigate the cryptanalysis of reducedround RC6 without whitening. Up to now, key recovery algorithms against the reduced-round RC6 itself, the reduced-round RC6 without whitening, and even the simplified variants have been infeasible on a modern computer. In this paper, we propose an efficient and feasible key recovery algorithm against reducedround RC6 without whitening. Our algorithm is very useful for analyzing the security of the round-function of RC6. Our attack applies to a rather large number of rounds. RC6 without whitening with r rounds can be broken with a success probability of 90% by using 28.1r−13.8 plaintexts. Therefore, our attack can break RC6 without whitening with 17 rounds by using 2123.9 plaintexts with a probability of 90%. key words: block cipher, RC6, cryptanalysis, χ2 attack
منابع مشابه
Security of Reduced Version of the Block Cipher Camellia against Truncated and Impossible Differential Cryptanalysis
This paper describes truncated and impossible differential cryptanalysis of the 128-bit block cipher Camellia, which was proposed by NTT and Mitsubishi Electric Corporation. Our work improves on the best known truncated and impossible differential cryptanalysis. As a result, we show a nontrivial 9-round byte characteristic, which may lead to a possible attack of reduced-round version of Camelli...
متن کاملNew Results on Impossible Differential Cryptanalysis of Reduced-Round Camellia-128
Camellia, a 128–bit block cipher which has been accepted by ISO/IEC as an international standard, is increasingly being used in many cryptographic applications. In this paper, using the redundancy in the key schedule and accelerating the filtration of wrong pairs, we present a new impossible differential attack to reduced–round Camellia. By this attack 12–round Camellia–128 without FL/FL−1 func...
متن کاملNew Impossible Differential Attacks of Reduced-Round Camellia-192 and Camellia-256
Camellia is a block cipher selected as a standard by ISO/IEC, which has been analyzed by a number of cryptanalysts. In this paper, we propose several 6-round impossible differential paths of Camellia with the FL/FL−1 layer in the middle of them. With the impossible differential and a well-organized precomputational table, impossible differential attacks on 10-round Camellia-192 and 11-round Cam...
متن کاملImpossible Differential-Linear Cryptanalysis of Reduced-Round CLEFIA-128
CLEFIA is a 128-bit block cipher proposed by Sony Corporation in 2007. Our paper introduces a new chosen text attack, impossible differential-linear attack, on iterated cryptosystems. The attack is efficient for 16-round CLEFIA with whitening keys. In the paper, we construct a 13-round impossible differential-linear distinguisher. Based on the distinguisher, we present an effective attack on 16...
متن کامل