Abstract
We present new attacks on key schedules of block ciphers. These attacks are based on the principles of related-key differential cryptanalysis: attacks that allow both keys and plaintexts to be chosen with specific differences. We show how these attacks can be exploited in actual protocols and cryptanalyze the key schedules of a variety of algorithms, including three-key triple-DES.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Bellare and P. Rogaway, “Optimal Asymmetric Encryption—How to Encrypt with RSA,” Advances in Cryptology—EUROCRYPT’ 94, Springer-Verlag, 1995, pp. 92–111.
I. Ben-Aroya and E. Biham, “Differential Cryptanalysis of Lucifer,” Advances in Cryptology CRYPTO’ 93, Springer-Verlag, 1994.
T.A. Berson, “Long Key Variants of DES,” Advances in Cryptology: CRYPTO’ 82, Plenum Press, 1983, pp. 311–313.
E. Biham, “New Types of Cryptanalytic Attacks Using Related Keys,” Advances in Cryptology—EUROCRYPT’ 93, Springer-Verlag, 1994, pp. 398–409.
E. Biham and A. Shamir, Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993, pp. 187–199.
E. Biham and A. Shamir, “Differential Cryptanalysis of the Full 16-round DES,” Advances in Cryptology—CRYPTO’ 92, Springer-Verlag 1993, pp. 487–496.
M. Blaze, “A Cryptographic File System for UNIX,” 1st ACM Conference on Computer and Communications Security, ACM Press, 1993, pp. 9–16.
M. Blaze, “Key Management in an Encrypting File System,” Proceedings of the 1994 USENIX Summer Tech. Conference, June 1994.
K.W. Campbell and M.J. Wiener, “DES is Not a Group,” Advances in Cryptology—CRYPTO’ 92, Springer-Verlag, 1993, pp. 512–520.
D. Chaum and J.-H. Evertse, “Cryptanalysis of DES With a Reduced Number of Rounds,” Advances in Cryptology—CRYPTO’ 85, Springer-Verlag, 1986, pp. 192–211.
D. Coppersmith, “The Real Reason for Rivest’s Phenomenon,” Advances in Cryptology—CRYPTO’ 85, Springer-Verlag, 1986, pp. 535–536.
J. Daemen, R. Govaerts, and J. Vanderwalle, “Block Ciphers Based on Modular Arithmetic,” Proceedings of the 3rd Symposium on State and Progress of Research in Cryptography, 1993, pp. 80–89.
D.W. Davies, “Some Regular Properties of the DES,” Advances in Cryptology—CRYPTO’ 92, Plenum Press, 1983, pp. 89–96.
GOST, Gosudarst vennyi Standard 28147-89, “Cryptographic Protection for Data Processing Systems,” Government Committee of the USSR for Standards, 1989.
E.K. Grossman and B. Tuckerman, “Analysis of a Weakened Feistel-like Cipher,” 1978 International Conference on Communications, Alger Press Limited, 1978, pp. 46.3.1–46.3.5.
L.R. Knudsen, “Cryptanalysis of LOKI,” Advances in Cryptology—ASIACRYPT’ 91, Springer-Verlag, 1993, pp. 22–35.
L.R. Knudsen, “Cryptanalysis of LOKI91,” Advances in Cryptology—AUSCRYPT’ 92, Springer-Verlag, 1993, pp. 196–208.
L.R. Knudsen, “Practically Secure Feistel Ciphers,” Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 211–221.
L.R. Knudsen, “New Potentially ‘Weak’ Keys for DES and LOKI,” Advances in Cryptology—EUROCRYPT’ 94, Springer-Verlag, 1995, pp. 419–424.
L.R. Knudsen, “A Key-schedule Weakness in SAFER K-64,” Advances in Cryptology—CRYPTO’ 95, Springer-Verlag, 1995, pp. 274–286.
P.C. Kocher, “Timing Attack Cryptanalysis of Diffie-Hellman, RSA, and Other Systems,” Advances in Cryptology—CRYPTO’ 96, Springer-Verlag, 1996, this volume.
M. Kwan and J. Pieprzyk, “A General Purpose Technique for Locating Key Scheduling Weaknesses in DES-like Cryptosystems,” Advances in Cryptology—ASIACRYPT’ 91, Springer-Verlag, 1993, pp. 237–246.
X. Lai, J. Massey, and S. Murphy, “Markov Ciphers and Differential Crypt-analysis,” Advances in Cryptology—CRYPTO’ 91, Springer-Verlag, 1991, pp. 17–38.
W. Mao and C. Boyd, “Development of Authentication Protocols: Some Misconceptions and a New Approach,” Computer Security Foundations Workshop VII, IEEE Computer Society Press, 1994, p. 178–86.
J.L. Massey, “SAFER K-64: A Byte-Oriented Block-Ciphering Algorithm”, Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 1–17.
R.C. Merkle, “Fast Software Encryption Functions,” Advances in Cryptology—CRYPTO’ 90, Springer-Verlag, 1991, pp. 476–501.
R.C. Merkle and M. Hellman, “On the Security of Multiple Encryption,” Communications of the ACM, v. 24, n. 7, Jul 1981 pp. 465–467.
J.H. Moore and G.J. Simmons, “Cycle Structure of the DES with Weak and Semi-Weak Keys,” Advances in Cryptology—CRYPTO’ 86, Springer-Verlag, 1987, pp. 3–32.
National Bureau of Standards, NBS FIPS PUB 46, “Data Encryption Standard,” National Bureau of Standards, U.S. Department of Commerce, Jan 1977.
P.C. van Oorschot and M.J. Wiener, “A Known-Plaintext Attack on Two-Key Triple Encryption,” Advances in Cryptology—CRYPTO’ 90, Springer-Verlag, 1991, pp. 318–325.
P.C. van Oorschot and M.J. Wiener, “Parallel Collision Search with Cryptanalytic Applications,” to appear, 1995.
A. Pfitzmann and R. Abmann, “Efficient Software Implementations of (Generalized) DES,” Proc. SECURICOM’ 90, Paris, 1990, pp. 139–158.
A. Pfitzmann and R. Abmann, “More Efficient Software Implementations of (Generalized) DES,” Technical Report PfAb90, Interner Bericht 18/90, Fakultat for Informatik, Universitat Karlsruhe, 1990.
RSA Data Security, Inc., “Public-Key Cryptography Standard (PKCS) #1: RSA Encryption Standard,” Version 1.5, Nov 1993.
R.L. Rivest, “The RC5 Encryption Algorithm,” Fast Software Encryption, Second International Workshop Proceedings, Springer-Verlag, 1995, pp. 86–96.
P. Rogaway and D. Coppersmith, “A Software-Optimized Encryption Algorithm,” Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 56–63.
A. Roos, “A Class of Weak Keys in the RC4 Stream Cipher,” Vironix Software Laboratories, Westville, South Africa Sep 1995.
B. Schneier, “Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish),” Fast Software Encryption, Cambridge Security Workshop Proceedings, Springer-Verlag, 1994, pp. 191–204.
B. Schneier, Applied Cryptography, Second Edition, John Wiley & Sons, 1996.
A. Shimizu and S. Miyaguchi, “Fast Data Encipherment Algorithm FEAL,” Advances in Cryptology—EUROCRYPT’ 87, Springer-Verlag, 1988, pp. 267–278.
G. Tsudik and E.V. Herreweghen, “On Simple and Secure Key Distribution,” 1st ACM Conference on Computer and Communications Security, Nov. 1993, pp. 49–57.
S. Vaudenay, “On the Weak Keys in Blowfish,” Fast Software Encryption, Third International Workshop Proceedings, Springer-Verlag, 1996, pp. 27–32.
D. Wheeler and R. Needham, “TEA, a Tiny Encryption Algorithm,” Fast Software Encryption, Second International Workshop Proceedings, Springer-Verlag, 1995, pp. 97–110.
R. Winternitz, “Producing One-Way Hash Functions from DES,” Advances in Cryptology: Proceedings of Crypto 83, Plenum Press, 1984, pp. 203–207.
R. Winternitz and M. Hellman, “Chosen-key Attacks on a Block Cipher,” Cryptologia, v. 11, n. 1, Jan 1987, pp. 16–20.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1996 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kelsey, J., Schneier, B., Wagner, D. (1996). Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES. In: Koblitz, N. (eds) Advances in Cryptology — CRYPTO ’96. CRYPTO 1996. Lecture Notes in Computer Science, vol 1109. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-68697-5_19
Download citation
DOI: https://doi.org/10.1007/3-540-68697-5_19
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-61512-5
Online ISBN: 978-3-540-68697-2
eBook Packages: Springer Book Archive