Differential-Linear Weak Key Classes of IDEA

Large weak key classes of IDEA are found for which membership is tested with a differential-linear test while encrypting with a single key. In particular, one in every 265 keys for 8.5-round IDEA is weak. A related-key differential-linear attack on 4-round IDEA is presented which is successful for all keys. Large weak key classes are found for 4.5- to 6.5-round and 8-round IDEA for which membership of these classes is tested using similar related-key differential-linear tests.

[1]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[2]  Eli Biham,et al.  Differential Cryptanalysis of the Full 16-Round DES , 1992, CRYPTO.

[3]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[4]  Xuejia Lai,et al.  Markov Ciphers and Differential Cryptanalysis , 1991, EUROCRYPT.

[5]  D. Chaum,et al.  Di(cid:11)erential Cryptanalysis of the full 16-round DES , 1977 .

[6]  Bruce Schneier,et al.  Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES , 1996, CRYPTO.

[7]  Joan Daemen Cryptanalysis of 2,5 Rounds of IDEA (Extended Abstract) , 1993 .

[8]  Joos Vandewalle,et al.  Weak Keys for IDEA , 1994, CRYPTO.

[9]  Philip Hawkes,et al.  On Applying Linear Cryptanalysis to IDEA , 1996, ASIACRYPT.

[10]  Susan K. Langford,et al.  Differential-Linear Cryptanalysis , 1994, CRYPTO.

[11]  Willi Meier,et al.  On the Security of the IDEA Block Cipher , 1994, EUROCRYPT.

[12]  Eli Biham,et al.  New Types of Cryptanalytic Attacks Using related Keys (Extended Abstract) , 1994, EUROCRYPT.

[13]  Johan Borst Differential-Linear Cryptanalysis of IDEA , 1996 .

[14]  Vincent Rijmen,et al.  Two Attacks on Reduced IDEA (Extended Abstract) , 1997 .

[15]  Xuejia Lai,et al.  On the design and security of block ciphers , 1992 .

[16]  Carlo Harpes,et al.  A Generalization of Linear Cryptanalysis and the Applicability of Matsui's Piling-Up Lemma , 1995, EUROCRYPT.