Ciphertex-only attack on Akelarre
Cryptologia
Handbook of Applied Cryptography
Handbook of Applied Cryptography
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
| Hi-index | 0.00 |
This paper describes a linear attack on the Ake98 block cipher, an updated version of the Akelarre cipher presented by Alvarez et al. at the SAC’96 Workshop. The new attacks require the assumption of weak keys. It is demonstrated that Ake98 does not introduce enough security measures to counter cryptanalytic attacks, both in a known-plaintext and in a ciphertext-only setting. A key-recovery attack on 4.5-round Ake98, for instance, is applicable to a weak-key class of size 2108, and requires only 71 known plaintexts, with an effort of 71· 271 half-round decryptions. Moreover, the existence of weak keys precludes the use of Ake98 as a building block for other cryptographic primitives, such as in Davies-Meyer Hash mode. Attacks using weak keys can be applied up to 11.5 rounds of Ake98 with less effort than an exhaustive key search. But, Ake98 with 8.5 rounds is already slower than IDEA, RC6 or AES, which implies that this updated version of the Akelarre cipher does not seem to provide significant advantages (security or efficiency) compared to the former, more established ciphers.