Slide Attack on Spectr-H64
We compare one round diffusion characteristics of the block cipher Spectr-H64 to those of AES-Rijndael and Safer K-64, in terms of the Avalanche Weight Distribution (AWD) criterion and observe a weakness in the round transformation of Spectr-H64. We exploit this weakness to break one round of Spectr-H64 extracting half of the key bits, and develop a chosen plaintext slide attack against the overall encryption algorithm, which works for 232 elements of the key space (out of 2256). We also observe 2128 weak keys, for which encryption becomes the same function as decryption, and 232 fixed points for each weak key.
KeywordsSlide attack Spectr-H64 Avalanche Weight Distribution (AWD)
Unable to display preview. Download preview PDF.