Abstract
In this paper we present an attack on a reduced round version of Crypton. The attack is based on the dedicated Square attack. We explain why the attack also works on Crypton and prove that the entire 256-bit user key for 6 rounds of Crypton can be recovered with a complexity of 256 encryptions, whereas for Srypton 272 encryptions are required to recover the 128-bit user key.
F.W.O. Postdoctoral Researcher, sponsored by the Fund for Scientic Research -Flanders (Belgium)
Chapter PDF
Similar content being viewed by others
References
J. Borst, “Weak keys of Crypton,” technical comment submitted to NIST.
J. Daemen, L. Knudsen and V. Rijmen, “The block cipher Square,” Fast Software Encryption, LNCS 1267, E. Biham, Ed., Springer-Verlag, 1997, pp. 149–165.
Lim, “CRYPTON: A New 128-bit Block Cipher,” available from [5].
Lim, “Specification and Analysis of Crypton Version 1.0,” FSE’ 99, these proceedings.
S. Vaudenay, “Weak keys in Crypton,” announcement on NIST’s electronic AES forum, cf. [5].
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
D’Halluin, C., Bijnens, G., Rijmen, V., Preneel, B. (1999). Attack on Six Rounds of CRYPTON. In: Knudsen, L. (eds) Fast Software Encryption. FSE 1999. Lecture Notes in Computer Science, vol 1636. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48519-8_4
Download citation
DOI: https://doi.org/10.1007/3-540-48519-8_4
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66226-6
Online ISBN: 978-3-540-48519-3
eBook Packages: Springer Book Archive