Analysis and design of stream ciphers
Analysis and design of stream ciphers
Differential cryptanalysis of the data encryption standard
Differential cryptanalysis of the data encryption standard
On Differential and Linear Crytoanalysis of the RC5 Encryption Algorithm
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Markov ciphers and differential cryptanalysis
EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
Known Plaintext Correlation Attack against RC5
CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
Cryptanalysis of the Reduced-Round RC6
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Lectures on Data Security, Modern Cryptology in Theory and Practice, Summer School, Aarhus, Denmark, July 1998
Recent Developments in the Design of Conventional Cryptographic Algorithms
State of the Art in Applied Cryptography, Course on Computer Security and Industrial Cryptography - Revised Lectures
State of the Art in Applied Cryptography, Course on Computer Security and Industrial Cryptography - Revised Lectures
On the Design and Security of RC2
FSE '98 Proceedings of the 5th International Workshop on Fast Software Encryption
Linear Cryptanalysis of RC5 and RC6
FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
Mod n Cryptanalysis, with Applications Against RC5P and M6
FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
Improved Analysis of Some Simplified Variants of RC6
FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
Probing Attacks on Tamper-Resistant Devices
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
| Hi-index | 0.00 |
In this paper we investigate the strength of the secret-key algorithm RC5 newly proposed by Ron Rivest. The target version of RC5 works on words of 32 bits, has 12 rounds and a user-selected key of 128 bits. At Crypto'95 Kaliski and Yin estimated the strength of RC5 by differential and linear cryptanalysis. They conjectured that their linear analysis is optimal and that the use of 12 rounds for RC5 is sufficient to make both differential and linear cryptanalysis impractical. In this paper we show that the differential analysis made by Kaliski and Yin is not optimal. We give differential attacks better by up to a factor of 512. Also we show that RC5 has many weak keys with respect to differential attacks. This weakness relies on the structure of the cipher and not on the key schedule.