The real reason for Rivest's phenomenon
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
Cycle structure of the DES with weak and semi-weak keys
Proceedings on Advances in cryptology---CRYPTO '86
The cryptanalysis of FEAL-4 with 20 chosen plaintexts
Journal of Cryptology
The Design of Rijndael
On Some Cryptographic Properties of Rijndael
MMM-ACNS '01 Proceedings of the International Workshop on Information Assurance in Computer Networks: Methods, Models, and Architectures for Network Security
Fast Encryption Algorithm Spectr-H64
MMM-ACNS '01 Proceedings of the International Workshop on Information Assurance in Computer Networks: Methods, Models, and Architectures for Network Security
ASIACRYPT '92 Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
SAFER K-64: A Byte-Oriented Block-Ciphering Algorithm
Fast Software Encryption, Cambridge Security Workshop
FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Security analysis of the full-round DDO-64 block cipher
Journal of Systems and Software
Slide Attacks on a Class of Hash Functions
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Related-Key differential attacks on cobra-s128, cobra-f64a, and cobra-f64b
Mycrypt'05 Proceedings of the 1st international conference on Progress in Cryptology in Malaysia
Advanced slide attacks revisited: realigning slide on DES
Mycrypt'05 Proceedings of the 1st international conference on Progress in Cryptology in Malaysia
Related-Key differential attacks on cobra-h64 and cobra-h128
IMA'05 Proceedings of the 10th international conference on Cryptography and Coding
| Hi-index | 0.00 |
We compare one round diffusion characteristics of the block cipher Spectr-H64 to those of AES-Rijndael and Safer K-64, in terms of the Avalanche Weight Distribution (AWD) criterion and observe a weakness in the round transformation of Spectr-H64. We exploit this weakness to break one round of Spectr-H64 extracting half of the key bits, and develop a chosen plaintext slide attack against the overall encryption algorithm, which works for 232 elements of the key space (out of 2256). We also observe 2128 weak keys, for which encryption becomes the same function as decryption, and 232 fixed points for each weak key.