New Data-Efficient Attacks on Reduced-Round IDEA

IDEA is a 64-bit block cipher with 128-bit keys which is widely used due to its inclusion in several cryptographic packages such as PGP. After its introduction by Lai and Massey in 1991, it was subjected to an extensive cryptanalytic effort, but so far the largest variant on which there are any published attacks contains only 6 of its 8.5-rounds. The first 6-round attack, described in the conference version of this paper in 2007, was extremely marginal: It required essentially the entire codebook, and saved only a factor of 2 compared to the time complexity of exhaustive search. In 2009, Sun and Lai reduced the data complexity of the 6-round attack from 2 to 2 chosen plaintexts and simultaneously reduced the time complexity from 2 to 2 encryptions. In this revised version of our paper, we combine a highly optimized meet-in-themiddle attack with a keyless version of the Biryukov-Demirci relation to obtain new key recovery attacks on reduced-round IDEA, which dramatically reduce their data complexities and increase the number of rounds to which they are applicable. In the case of 6-round IDEA, we need only two known plaintexts (the minimal number of 64-bit messages required to determine a 128-bit key) to perform full key recovery in 2 time. By increasing the number of known plaintexts to sixteen, we can reduce the time complexity to 2 , which is slightly faster than the Sun and Lai data-intensive attack. By increasing the number of plaintexts to about one thousand, we can now attack 6.5 rounds of IDEA, which could not be attacked by any previously published technique. By pushing our techniques to extremes, we can attack 7.5 rounds using 2 plaintexts and 2 time, and by using an optimized version of a distributive attack, we can reduce the time complexity of exhaustive search on the full 8.5-round IDEA to 2 encryptions using only 16 plaintexts.

[1]  Keting Jia,et al.  A Meet-in-the-Middle Attack on the Full KASUMI , 2011, IACR Cryptol. ePrint Arch..

[2]  Joos Vandewalle,et al.  New Weak-Key Classes of IDEA , 2002, ICICS.

[3]  Alex Biryukov,et al.  Related-Key Cryptanalysis of the Full AES-192 and AES-256 , 2009, ASIACRYPT.

[4]  David Chaum,et al.  Crytanalysis of DES with a Reduced Number of Rounds: Sequences of Linear Factors in Block Ciphers , 1985, CRYPTO.

[5]  Xuejia Lai,et al.  Markov Ciphers and Differential Cryptanalysis , 1991, EUROCRYPT.

[6]  D. Chaum,et al.  Cryptanalysis of DES with a reduced number of rounds , 1986, CRYPTO 1986.

[7]  Eli Biham,et al.  Related-Key Boomerang and Rectangle Attacks , 2005, EUROCRYPT.

[8]  Ali Aydin Selçuk,et al.  A New Meet-in-the-Middle Attack on the IDEA Block Cipher , 2003, Selected Areas in Cryptography.

[9]  Joos Vandewalle,et al.  Weak Keys for IDEA , 1994, CRYPTO.

[10]  Joos Vandewalle,et al.  The Biryukov-Demirci Attack on Reduced-Round Versions of IDEA and MESH Ciphers , 2004, ACISP.

[11]  Joan Daemen Cryptanalysis of 2,5 Rounds of IDEA (Extended Abstract) , 1993 .

[12]  Philip Hawkes,et al.  On Applying Linear Cryptanalysis to IDEA , 1996, ASIACRYPT.

[13]  Eli Biham,et al.  A New Attack on 6-Round IDEA , 2007, FSE.

[14]  Yu Sasaki,et al.  Preimage Attacks on One-Block MD4, 63-Step MD5 and More , 2009, Selected Areas in Cryptography.

[15]  Hongjun Wu,et al.  Improved Meet-in-the-Middle Cryptanalysis of KTANTAN (Poster) , 2011, ACISP.

[16]  Willi Meier,et al.  On the Security of the IDEA Block Cipher , 1994, EUROCRYPT.

[17]  Bruce Schneier,et al.  Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES , 1996, CRYPTO.

[18]  Hüseyin Demirci Square-like Attacks on Reduced Rounds of IDEA , 2002, Selected Areas in Cryptography.

[19]  Takanori Isobe,et al.  A Single-Key Attack on the Full GOST Block Cipher , 2011, Journal of Cryptology.

[20]  Eli Biham,et al.  A Unified Approach to Related-Key Attacks , 2008, FSE.

[21]  Eli Biham,et al.  Miss in the Middle Attacks on IDEA and Khufu , 1999, FSE.

[22]  Pascal Junod,et al.  New Attacks Against Reduced-Round Versions of IDEA , 2005, FSE.

[23]  Xiaorui Sun,et al.  The Key-Dependent Attack on Block Ciphers , 2009, ASIACRYPT.