Differential cryptanalysis of the data encryption standard
Differential cryptanalysis of the data encryption standard
The Design of Rijndael
Differential Cryptanalysis of DES-like Cryptosystems
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Amplified Boomerang Attacks Against Reduced-Round MARS and Serpent
FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
Related-Key Cryptanalysis of the Full AES-192 and AES-256
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
On generalized Feistel networks
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
| Hi-index | 0.00 |
The block cipher MARS has been designed by a team from IBM and became one of the five finalists for the AES. A unique feature is the usage of two entirely different round function types. The "wrapper rounds" are unkeyed, while the key schedule for the "core rounds" is a slow and complex one, much more demanding then, e.g., the key schedule for the AES. Each core round employs a 62-bit round key. The best attack published so far [KKS00] was applicable to 11 core rounds, and succeeded in recovering some 163 round key bits. But neither did it deal with inverting the key schedule, nor did it provide any other means to recover the remaining 519 round key bits in usage. Our attack applies to 12 core rounds, needs 2252 operations, 265 chosen plaintexts and 269 memory cells. After recovering a limited number of cipher key bits, we deal with the inverse key-schedule to recover the original encryption key. This allows the attacker to easily generate all the round keys in the full.