Cryptanalysis of WIDEA

Conference paper

DOI: 10.1007/978-3-662-43933-3_3

Volume 8424 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Leurent G. (2014) Cryptanalysis of WIDEA. In: Moriai S. (eds) Fast Software Encryption. FSE 2013. Lecture Notes in Computer Science, vol 8424. Springer, Berlin, Heidelberg

Abstract

WIDEA is a family of block ciphers designed by Junod and Macchetti in 2009 as an extension of IDEA to larger block sizes (256 and 512 bits for the main instances WIDEA-\(4\) and WIDEA-\(8\)) and larger key sizes (512 and 1024 bits, respectively). WIDEA-\(w\) is composed of \(w\) parallel copies of the IDEA block cipher, with an MDS matrix to provide diffusion between them. An important motivation was to use WIDEA to design a hash function.

In this paper we present low complexity attacks on WIDEA based on truncated differentials. We show a distinguisher for the full WIDEA with complexity only \(2^{65}\), and we use the distinguisher in a key-recovery attack with complexity \(w \cdot 2^{68}\). We also show a collision attack on WIDEA-\(8\) if it is used to build a hash function using the Merkle-Damgård mode of operation.

The attacks exploit the parallel structure of WIDEA and the limited diffusion between the IDEA instances, using differential trails where the MDS diffusion layer is never active. In addition, we use structures of plaintext to reduce the data complexity.

Keywords

Cryptanalysis Block cipher Hash function Truncated differential IDEA WIDEA HIDEA 

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  1. 1.UCL Crypto GroupLouvain-la-NeuveBelgium