Date: 13 Jul 2001

Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES


We present new attacks on key schedules of block ciphers. These attacks are based on the principles of related-key differential cryptanalysis: attacks that allow both keys and plaintexts to be chosen with specific differences. We show how these attacks can be exploited in actual protocols and cryptanalyze the key schedules of a variety of algorithms, including three-key triple-DES.