Differential-Linear Weak Key Classes of IDEA
نویسنده
چکیده
Large weak key classes of IDEA are found for which membership is tested with a differential-linear test while encrypting with a single key. In particular, one in every 2'' keys for 8.5-round IDEA is weak. A related-key differential-linear attack on 4-round IDEA is presented which is successful for all keys. Large weak key classes are found for 4.5to 6.5-round and 8-round IDEA for which membership of these classes is tested using similar related-key differential-linear tests.
منابع مشابه
A Note on Weak Keys of PES, IDEA, and Some Extended Variants
This paper presents an analysis of the PES cipher in a similar setting as done by Daemen et al. at Crypto’93 for IDEA. The following results were obtained for 8.5 round PES: a linear weak-key class of size 2; two distinct differential weak-key classes of size 2; two differentiallinear weak-key classes of size 2. For 17-round PES (double-PES): a linear weak-key class of size 2, and a differentia...
متن کاملNew Weak-Key Classes of IDEA
This paper presents a large collection of new weak-key classes for the IDEA cipher. The classes presented in this paper contain 2−2 weak keys (as compared with 2 differential weak keys presented by Daemen at CRYPTO’93 and 2 differential-linear weak-keys presented by Hawkes at EUROCRYPT’98). The novelty of our approach is in the use of boomerang distinguishers for the weak-key class membership t...
متن کاملTotal break of Zorro using linear and differential attacks
An AES-like lightweight block cipher, namely Zorro, was proposed in CHES 2013. While it has a 16-byte state, it uses only 4 S-Boxes per round. This weak nonlinearity was widely criticized, insofar as it has been directly exploited in all the attacks on Zorro reported by now, including the weak key, reduced round, and even full round attacks. In this paper, using some properties discovered by Wa...
متن کاملWeak Keys for IDEA
Large classes of weak keys have been found for the block cipher algorithm IDEA, previously known as IPES [2]. IDEA has a 128bit key and encrypts blocks of 64 bits. For a class of 2 keys IDEA exhibits a linear factor. For a certain class of 2 keys the cipher has a global characteristic with probability 1. For another class of 2 keys only two encryptions and solving a set of 16 nonlinear boolean ...
متن کاملCryptanalysis of the Full MMB Block Cipher
The block cipher MMB was designed by Daemen, Govaerts and Vandewalle, in 1993, as an alternative to the IDEA block cipher. We exploit and describe unusual properties of the modular multiplication in ZZ232−1, which lead to a differential attack on the full 6-round MMB cipher (both versions 1.0 and 2.0). Further contributions of this paper include detailed square and linear cryptanalysis of MMB. ...
متن کامل