Analysis of Involutional Ciphers: Khazad and Anubis
In this paper we study structural properties of SPN ciphers in which both the S-boxes and the affine layers are involutions. We apply our observations to the recently designed Rijndael-like ciphers Khazad and Anubis, and show several interesting properties of these ciphers. We also show that 5-round Khazad has 264 weak keys under a ”slide-with-a-twist” attack distinguisher. This is the first cryptanalytic result which is better than exhaustive search for 5-round Khazad. Analysis presented in this paper is generic and applies to a large class of ciphers built from involutional components.
- 1.Barreto, P., Rijmen, V.: The Khazad Legacy-Level Block Cipher, Submission to the NESSIE ProjectGoogle Scholar
- 2.Barreto, P., Rijmen, V.: The Anubis Block Cipher, Submission to the NESSIE ProjectGoogle Scholar
- 4.Daemen, J., Rijmen, V.: The Design of Rijndael. Springer, Heidelberg (2001)Google Scholar
- 5.Gilbert, H., Minier, M.: A collision attack on seven rounds of Rijndael. In: Proceedings of the third AES Conference, pp. 230–241. NIST (2000)Google Scholar
- 6.NESSIE, New European Schemes for Signatures, Integrity, and Encryption, IST- 1999-12324, http://www.cryptonessie.org