Abstract
This paper presents an analysis of the PES cipher in a similar setting as done by Daemen et al. at Crypto’93 for IDEA. The following results were obtained for 8.5-round PES: a linear weak-key class of size 248, two differential weak-key classes of size 241, and two differential-linear weak-key classes of size 262. For 17-round PES (double PES): a linear weak-key class of size 27, and a differential weak-key class of size 27 were found. These attacks demonstrate that doubling the number of rounds in PES is not enough to avoid weak keys. These findings were possible because the cipher structure from PES to IDEA was changed but the key schedule algorithm remained the same. Daemen suggested a modified key schedule for IDEA in order to avoid weak keys. We found a differential weak-key class of size 283 for 2.5-round IDEA under his redesigned key schedule, and a differential-linear weak-key class of size 268 for 3.5-round IDEA. The presence of weak keys has some consequences. Recall that without weak-key assumptions there are no known attacks on more than 4.5 rounds of IDEA. Furthermore, the existence of weak keys may imply that the block cipher becomes unsuitable in stream cipher and hash function constructions.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Biham, E., Biryukov, A., Shamir, A.: Miss-in-the-Middle Attacks on IDEA, Khufu and Khafre. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 124–138. Springer, Heidelberg (1999)
Biryukov, A., Nakahara Jr., J., Preneel, B., Vandewalle, J.: New weak-key classes of IDEA. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 315–326. Springer, Heidelberg (2002)
Daemen, J., Govaerts, R., Vandewalle, J.: Weak Keys for IDEA. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 224–231. Springer, Heidelberg (1994)
Hawkes, P.M.: Differential-Linear Weak Key Classes of IDEA. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 112–126. Springer, Heidelberg (1998)
Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Lai, X., Massey, J.L.: A Proposal for a New Block Encryption Standard. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 389–404. Springer, Heidelberg (1990)
Lai, X., Massey, J.L., Murphy, S.: Markov Ciphers and Differential Cryptanalysis. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 17–38. Springer, Heidelberg (1991)
Mediacrypt AG: The IDEA Block Cipher, Submission to the NESSIE Project at http://cryptonessie.org
Menezes, A.J., van Oorschot, P.C., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)
NESSIE Project: New European Schemes for Signatures, Integrity and Encryption at http://cryptonessie.org
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nakahara, J., Preneel, B., Vandewalle, J. (2003). A Note on Weak Keys of PES, IDEA, and Some Extended Variants. In: Boyd, C., Mao, W. (eds) Information Security. ISC 2003. Lecture Notes in Computer Science, vol 2851. Springer, Berlin, Heidelberg. https://doi.org/10.1007/10958513_21
Download citation
DOI: https://doi.org/10.1007/10958513_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20176-2
Online ISBN: 978-3-540-39981-0
eBook Packages: Springer Book Archive