Date: 18 Dec 2002

Slide Attack on Spectr-H64

* Final gross prices may vary according to local VAT.

Get Access


We compare one round diffusion characteristics of the block cipher Spectr-H64 to those of AES-Rijndael and Safer K-64, in terms of the Avalanche Weight Distribution (AWD) criterion and observe a weakness in the round transformation of Spectr-H64. We exploit this weakness to break one round of Spectr-H64 extracting half of the key bits, and develop a chosen plaintext slide attack against the overall encryption algorithm, which works for 232 elements of the key space (out of 2256). We also observe 2128 weak keys, for which encryption becomes the same function as decryption, and 232 fixed points for each weak key.