Advances in Cryptology — CRYPTO ’96

Volume 1109 of the series Lecture Notes in Computer Science pp 237-251


Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES

  • John KelseyAffiliated withCounterpane Systems
  • , Bruce SchneierAffiliated withCounterpane Systems
  • , David WagnerAffiliated withC.S. Div., Soda Hall, U.C. Berkeley


We present new attacks on key schedules of block ciphers. These attacks are based on the principles of related-key differential cryptanalysis: attacks that allow both keys and plaintexts to be chosen with specific differences. We show how these attacks can be exploited in actual protocols and cryptanalyze the key schedules of a variety of algorithms, including three-key triple-DES.