A Statistical Attack on RC6

  • Henri Gilbert
  • Helena Handschuh
  • Antoine Joux
  • Serge Vaudenay
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1978)


This paper details the attack on RC6 which was announced in a report published in the proceedings of the second AES candidate conference (March 1999). Based on an observation on the RC6 statistics, we show how to distinguish RC6 from a random permutation and to recover the secret extended key for a fair number of rounds.


Random Permutation Block Cipher Advance Encryption Standard Statistical Attack Input Word 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 2.
    O. Baudron, H. Gilbert, L. Granboulan, H. Handschuh, A. Joux, P. Nguyen, F. Noilhan, D. Pointcheval, T. Pornin, G. Poupard, J. Stern, S. Vaudenay, “Report on the AES Candidates,” The Second Advanced Encryption Standard Candidate Conference, N.I.S.T., 1999, pp. 53–67.Google Scholar
  2. 3.
    FIPS 46, Data Encryption Standard, US Department of Commerce, National Bureau of Standards, 1977 (revised as FIPS 46-1:1988; FIPS 46-2:1993).Google Scholar
  3. 4.
    T. Iwata, K. Kurosawa, “On the Pseudorandomness of AES Finalists — RC6 and Serpent”, These proceedings.Google Scholar
  4. 5.
    B. S. Kaliski Jr., Y. L. Yin, “On the Security of the RC5 Encryption Algorithm”, RSA Laboratories Technical Report TR-602, Version 1.0-September 1998.Google Scholar
  5. 6.
    L. Knudsen, W. Meier, “Correlations in RC6 with a reduced number of rounds ”, These proceedings.Google Scholar
  6. 7.
    M. Matsui, “The first experimental cryptanalysis of the Data Encryption Standard”. In Advances in Cryptology-Crypto’94, pp 1–11, Springer Verlag, New York, 1994.Google Scholar
  7. 8.
    S. Moriai, S. Vaudenay, “Comparison of randomness provided by several schemes for block ciphers”, Preprint, 1999.Google Scholar
  8. 9.
    R.L. Rivest, M.J.B. Robshaw, R. Sidney and Y.L. Yin,“The RC6 Block Cipher”, v1.1, August 20, 1998.Google Scholar
  9. 10.
    S. Vaudenay, “An experiment on DES-Statistical Cryptanalysis”. In 3rd ACM Conference on Computer Security, New Dehli, India, pp139–147, ACM Press, 1996.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Henri Gilbert
    • 1
  • Helena Handschuh
    • 2
  • Antoine Joux
    • 3
  • Serge Vaudenay
    • 4
  1. 1.France TelecomUSA
  2. 2.GemplusUSA
  4. 4.Ecole Normale Supérieure — CNRSUSA

Personalised recommendations