Multiple Linear Cryptanalysis of a Reduced Round RC6

MIYAJI and NONAKA : CRYPTANALYSIS OF REDUCED - ROUND RC 6 WITHOUT WHITENING

We investigate the cryptanalysis of reducedround RC6 without whitening. Up to now, key recovery algorithms against the reduced-round RC6 itself, the reduced-round RC6 without whitening, and even the simplified variants have been infeasible on a modern computer. In this paper, we propose an efficient and feasible key recovery algorithm against reducedround RC6 without whitening. Our algorithm is...

Cryptanalysis of the Reduced-Round RC6

Linear Cryptanalysis of RC5 and RC6

In this paper we evaluate the resistance of the block cipher RC5 against linear cryptanalysis. We describe a known plaintext attack that can break RC5-32 (blocksize 64) with 10 rounds and RC5-64 (blocksize 128) with 15 rounds. In order to do this we use techniques related to the use of multiple linear approximations. Furthermore the success of the attack is largely based on the linear hull-effe...

Impossible Differential Cryptanalysis of Reduced-Round Midori64 Block Cipher (Extended Version)

Impossible differential attack is a well-known mean to examine robustness of block ciphers. Using impossible differ- ential cryptanalysis, we analyze security of a family of lightweight block ciphers, named Midori, that are designed considering low energy consumption. Midori state size can be either 64 bits for Midori64 or 128 bits for Midori128; however, both vers...

Impossible Differential Cryptanalysis on Deoxys-BC-256

Deoxys is a final-round candidate of the CAESAR competition. Deoxys is built upon an internal tweakable block cipher Deoxys-BC, where in addition to the plaintext and key, it takes an extra non-secret input called a tweak. This paper presents the first impossible differential cryptanalysis of Deoxys-BC-256 which is used in Deoxys as an internal tweakable block cipher. First, we find a 4.5-round...