Advertisement

Journal of Cryptology

, Volume 28, Issue 2, pp 209–239 | Cite as

New Attacks on IDEA with at Least 6 Rounds

  • Eli Biham
  • Orr Dunkelman
  • Nathan Keller
  • Adi Shamir
Article

Abstract

IDEA is a 64-bit block cipher with 128-bit keys which was introduced by Lai and Massey in 1991. The best previously published attack on IDEA could only handle 6 of its 8.5-rounds. In this paper, we combine a highly optimized meet-in-the-middle attack with a keyless version of the Biryukov–Demirci relation to obtain a greatly improved attack on 6-round IDEA which requires only two known plaintexts, and the first key recovery attacks on versions of IDEA with 6.5 to 8.5 rounds.

Key words

IDEA Cryptanalysis Biryukov–Demirci relation Zero-in-the-Middle attack 

Notes

Acknowledgements

The authors thank Willi Meier and the anonymous referees for their constructive and helpful comments.

References

  1. [1]
    K. Aoki, Y. Sasaki, Preimage attacks on one-block MD4, 63-step MD5 and more, in Proceedings of Selected Areas in Cryptography 2008. Lecture Notes in Computer Science, vol. 5381 (Springer, Berlin, 2009), pp. 103–119 CrossRefGoogle Scholar
  2. [2]
    E.S. Ayaz, A.A. Selçuk, Improved DST cryptanalysis of IDEA, in Proceedings of Selected Areas in Cryptography 2006. Lecture Notes in Computer Science, vol. 4356 (Springer, Berlin, 2007), pp. 1–14 CrossRefGoogle Scholar
  3. [3]
    E. Biham, A. Biryukov, A. Shamir, Miss in the middle attacks on IDEA and Khufu, in Proceedings of Fast Software Encryption 1999. Lecture Notes in Computer Science, vol. 1636 (Springer, Berlin, 1999), pp. 124–138 CrossRefGoogle Scholar
  4. [4]
    E. Biham, O. Dunkelman, N. Keller, New cryptanalytic results on IDEA, in Advances in Cryptology, Proceedings of ASIACRYPT 2006. Lecture Notes in Computer Science, vol. 4284 (2006), pp. 412–427 CrossRefGoogle Scholar
  5. [5]
    E. Biham, O. Dunkelman, N. Keller, A new attack on 6-round IDEA, in Proceedings of Fast Software Encryption 2007. Lecture Notes in Computer Science, vol. 4593 (Springer, Berlin, 2007), pp. 211–224 CrossRefGoogle Scholar
  6. [6]
    A. Biryukov, J. Nakahara Jr., B. Preneel, J. Vandewalle, New weak-key classes of IDEA, in Proceedings of Information and Communications Security 2002. Lecture Notes in Computer Science, vol. 2513 (Springer, Berlin, 2002), pp. 315–326 Google Scholar
  7. [7]
    A. Biryukov, D. Khovratovich, Related-key cryptanalysis of the full AES-192 and AES-256, in Advances in Cryptology, Proceedings of ASIACRYPT 2009. Lecture Notes in Computer Science, vol. 5912 (Springer, Berlin, 2009), pp. 1–18 CrossRefGoogle Scholar
  8. [8]
    N. Borisov, M. Chew, R. Johnson, D. Wagner, Multiplicative differentials, in Proceedings of Fast Software Encryption 2002. Lecture Notes in Computer Science, vol. 2365 (Springer, Berlin, 2002), pp. 17–33 CrossRefGoogle Scholar
  9. [9]
    J. Borst, L.R. Knudsen, V. Rijmen, Two attacks on reduced round IDEA, in Advances in Cryptology, Proceedings of EUROCRYPT 1997. Lecture Notes in Computer Science, vol. 1233 (Springer, Berlin, 1997), pp. 1–13 Google Scholar
  10. [10]
    D. Chaum, J.-H. Evertse, Cryptanalysis of DES with a reduced number of rounds: sequences of linear factors in block ciphers, in Advances in Cryptology, Proceedings of CRYPTO 1985. Lecture Notes in Computer Science, vol. 218 (Springer, Berlin, 1986), pp. 192–211 Google Scholar
  11. [11]
    J. Daemen, R. Govaerts, J. Vandewalle, Cryptanalysis of 2.5 rounds of IDEA (Extended Abstract). Technical report 93/1, Department of Electrical Engineering, ESAT–COSIC, KU Leuven, Belgium (1993) Google Scholar
  12. [12]
    J. Daemen, R. Govaerts, J. Vandewalle, Weak keys for IDEA, in Advances in Cryptology, Proceedings of CRYPTO 1993. Lecture Notes in Computer Science, vol. 773 (Springer, Berlin, 1994), pp. 224–231 Google Scholar
  13. [13]
    H. Demirci, Square-like attacks on reduced rounds of IDEA, in Proceedings of Selected Areas in Cryptography 2002. Lecture Notes in Computer Science, vol. 2595 (Springer, Berlin, 2003), pp. 147–159 CrossRefGoogle Scholar
  14. [14]
    H. Demirci, A.A. Selçuk, E. Türe, A new meet-in-the-middle attack on the IDEA block cipher, in Proceedings of Selected Areas in Cryptography 2003. Lecture Notes in Computer Science, vol. 3006 (Springer, Berlin, 2004), pp. 117–129 CrossRefGoogle Scholar
  15. [15]
    W. Diffie, M.E. Hellman, Exhaustive cryptanalysis of the NBS data encryption standard. Computer 10(6), 74–84 (1977) CrossRefGoogle Scholar
  16. [16]
    Electronic Frontier Foundations, Cracking DES: Secrets of Encryption Research, Wiretap Politics & Chip Design (O’Reilly, Sebastopol, 1998) Google Scholar
  17. [17]
    P. Hawkes, Differential-linear weak keys classes of IDEA, in Advances in Cryptology, Proceedings if EUROCRYPT 1998. Lecture Notes in Computer Science, vol. 1403 (Springer, Berlin, 1998), pp. 112–126 Google Scholar
  18. [18]
    P. Hawkes, L. O’Connor, On applying linear cryptanalysis to IDEA, in Advances in Cryptology, Proceedings of ASIACRYPT 1996. Lecture Notes in Computer Science, vol. 1163 (Springer, Berlin, 1996), pp. 105–115 Google Scholar
  19. [19]
    P. Junod, New attacks against reduced-round versions of IDEA, in Proceedings of Fast Software Encryption 2005. Lecture Notes in Computer Science, vol. 3557 (Springer, Berlin, 2005), pp. 384–397 CrossRefGoogle Scholar
  20. [20]
    J. Kelsey, B. Schneier, D. Wagner, Key-schedule cryptoanalysis of IDEA, G-DES, GOST, SAFER, and triple-DES, in Advances in Cryptology, Proceedings of CRYPTO 1996. Lecture Notes in Computer Science, vol. 1109 (Springer, Berlin, 1996), pp. 237–251 Google Scholar
  21. [21]
    D. Khovratovich, G. Leurent, C. Rechberger, Narrow-bicliques: cryptanalysis of Full IDEA, in Advances in Cryptology, Proceedings of EUROCRYPT 2012. Lecture Notes in Computer Science, vol. 7237 (Springer, Berlin, 2012), pp. 392–410 CrossRefGoogle Scholar
  22. [22]
    X. Lai, J.L. Massey, S. Murphy, Markov ciphers and differential cryptanalysis, in Advances in Cryptology, Proceedings of EUROCRYPT 1991. Lecture Notes in Computer Science, vol. 547 (Springer, Berlin, 1992), pp. 17–38 Google Scholar
  23. [23]
    W. Meier, On the security of the IDEA block cipher, in Advances in Cryptology, Proceedings of EUROCRYPT 1993. Lecture Notes in Computer Science, vol. 765 (Springer, Berlin, 1994), pp. 371–385 Google Scholar
  24. [24]
    R.C. Merkle, M.E. Hellman, On the security of multiple encryption. Commun. ACM 24(7), 465–467 (1981) CrossRefMathSciNetGoogle Scholar
  25. [25]
    J. Nakahara Jr., P.S.L.M. Barreto, B. Preneel, J. Vandewalle, H.Y. Kim, SQUARE Attacks Against Reduced-Round PES and IDEA Block Ciphers, IACR Cryptology ePrint Archive, Report 2001/068 (2001) Google Scholar
  26. [26]
    J. Nakahara Jr., B. Preneel, J. Vandewalle, The Biryukov–Demirci attack on reduced-round versions of IDEA and MESH ciphers, in Proceedings of Australasian Conference on Information Security and Privacy 2004. Lecture Notes in Computer Science, vol. 3108 (Springer, Berlin, 2004), pp. 98–109 Google Scholar
  27. [27]
    H. Raddum, Cryptanalysis of IDEA-X/2, in Proceedings of Fast Software Encryption 2003. Lecture Notes in Computer Science, vol. 2887 (Springer, Berlin, 2003), pp. 1–8 CrossRefGoogle Scholar
  28. [28]
    X. Sun, X. Lai, The key-dependent attack on block ciphers, in Advances in Cryptology, Proceedings of ASIACRYPT 2009. Lecture Notes in Computer Science, vol. 5912 (2009), pp. 19–36 CrossRefGoogle Scholar
  29. [29]
    L. Wei, C. Rechberger, J. Guo, H. Wu, H. Wang, S. Ling, Improved meet-in-the-middle cryptanalysis of KTANTAN, in Proceedings of Australasian Conference on Information Security and Privacy 2011. Lecture Notes in Computer Science, vol. 6812 (Springer, Berlin, 2011), pp. 433–438. Full version available at: IACR Cryptology ePrint Archive, Report 2011/201 (2011) Google Scholar

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Eli Biham
    • 1
  • Orr Dunkelman
    • 2
    • 3
  • Nathan Keller
    • 3
    • 4
  • Adi Shamir
    • 3
  1. 1.Computer Science DepartmentTechnionHaifaIsrael
  2. 2.Computer Science DepartmentUniversity of HaifaHaifaIsrael
  3. 3.Faculty of Mathematics and Computer ScienceWeizmann Institute of ScienceRehovotIsrael
  4. 4.Department of MathematicsBar Ilan UniversityRamat GanIsrael

Personalised recommendations