Improved Correlation Attack on RC5
نویسندگان
چکیده
Various attacks against RC5 have been analyzed intensively([1], [2], [4]–[7]). A known plaintext attack([2]) has not been reported that it works on so higher round as a chosen plaintext attack([1]), but it can work more efficiently and practically. In this paper we investigate a known plaintext attack against RC5 by improving a correlation attack ([7]). As for a known plaintext attack against RC5, the best known result is a linear cryptanalysis([2]). They have reported that RC5-32 with 10 rounds can be broken by 264 plaintexts under the heuristic assumption: RC5-32 with r rounds can be broken with a success probability of 90% by using 26r+4 plaintexts. However their assumption seems to be highly optimistic. Our known plaintext correlation attack can break RC5-32 with 10 rounds (20 halfrounds) in a more strict sense with a success probability of 90% by using 263.67 plaintexts. Furthermore our attack can break RC5-32 with 21 half-rounds in a success probability of 30% by using 263.07 plaintexts. key words: RC5, a known plaintext attack, a correlation attack
منابع مشابه
Linear Cryptanalysis of RC5 and RC6
In this paper we evaluate the resistance of the block cipher RC5 against linear cryptanalysis. We describe a known plaintext attack that can break RC5-32 (blocksize 64) with 10 rounds and RC5-64 (blocksize 128) with 15 rounds. In order to do this we use techniques related to the use of multiple linear approximations. Furthermore the success of the attack is largely based on the linear hull-effe...
متن کاملOn Differential and Linear Crytoanalysis of the RC5 Encryption Algorithm
This paper analyzes the security of the RC5 encryption algorithm against differential and linear cryptanalysis. RC5 is a new block cipher recently designed by Ron Rivest. It has a variable word size, a variable number of rounds, and a variable-length secret key. In RC5, the secret key is used to fill an expanded key table which is then used in encryption. Both our differential and linear attack...
متن کاملImproved Differential Attacks on RC5
In this paper we investigate the strength of the secret-key algorithm RC5 newly proposed by Ron Rivest. The target version of RC5 works on words of 32 bits, has 12 rounds and a user-selected key of 128 bits. At Crypto'95 Kaliski and Yin estimated the strength of RC5 by diierential and linear cryptanalysis. They conjectured that their linear analysis is optimal and that the use of 12 rounds for ...
متن کاملModified Cryptanalysis of RC5
The RC5 encryption algorithm was designed by Roland Rivest in 1994. Since its publication, RC5 has attracted the attention of many researchers in the cryptographic community in efforts to accurately assess the security offered. The best previously known attack requires 2 chosen plaintexts in order to derive the full set of 25 subkeys for the 12 round RC5 with 32 bit words. In this paper, we mod...
متن کامل