On the success probability of χ2-attack on RC6

Authors:
Atsuko Miyaji;Yuuki Takano
Affiliations:
Japan Advanced Institute of Science and Technology;Japan Advanced Institute of Science and Technology
Venue:
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
Year:
2005

Citing 9
Cited 1

An experiment on DES statistical cryptanalysis

CCS '96 Proceedings of the 3rd ACM conference on Computer and communications security
Cryptanalysis of the Reduced-Round RC6

ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
On the Complexity of Matsui's Attack

SAC '01 Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography
x2 Cryptanalysis of the SEAL Encryption Algorithm

FSE '97 Proceedings of the 4th International Workshop on Fast Software Encryption
Mod n Cryptanalysis, with Applications Against RC5P and M6

FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
A Statistical Attack on RC6

FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
Correlations in RC6 with a Reduced Number of Rounds

FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
Multiple Linear Cryptanalysis of a Reduced Round RC6

FSE '02 Revised Papers from the 9th International Workshop on Fast Software Encryption
On probability of success in linear and differential cryptanalysis

SCN'02 Proceedings of the 3rd international conference on Security in communication networks

A new version of the RC6 algorithm, stronger against X2 cryptanalysis

AISC '09 Proceedings of the Seventh Australasian Conference on Information Security - Volume 98

Quantified Score

Hi-index	0.00

Visualization

Abstract

Knudsen and Meier applied the χ2-attack to RC6. The χ2-attack can be used for both distinguishing attacks and key recovery attacks. Up to the present, the success probability of key recovery attack in any χ2-attack has not been evaluated theoretically without any assumption of experimental results. In this paper, we discuss the success probability of key recovery attack in χ2-attack and give the theorem that evaluates the success probability of a key recovery attack without any assumption of experimental approximation, for the first time. We make sure the accuracy of our theorem by demonstrating it on both 4-round RC6 without post-whitening and 4-round RC6-8. We also evaluate the security of RC6 theoretically and show that a variant of the χ2-attack is faster than an exhaustive key search for the 192-bit-key and 256-bit-key RC6 with up to 16 rounds. As a result, we succeed in answering such an open question that a variant of the χ2-attack can be used to attack RC6 with 16 or more rounds.