Part of the Lecture Notes in Computer Science book series (LNCS, volume 2365)
Multiple Linear Cryptanalysis of a Reduced Round RC6
In this paper, we apply multiple linear cryptanalysis to a reduced round RC6 block cipher. We show that 18-round RC6 with weak key is breakable by using the multiple linear attack.
KeywordsLinear Approximation Block Cipher Linear Characteristic Advance Encryption Standard Linear Probability
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
- 1.A. Biryukov and E. Kushilevitz. Improved cryptanalysis of RC5. EUROCRYPT’98, LNCS 1403, pp. 85–99, 1998.Google Scholar
- 2.J. Borst, B. Preneel, and J. Vandewalle. Linear cryptanalysis of RC5 and RC6. FSE’99, LNCS 1636, pp. 16–30, 1999.Google Scholar
- 3.S. Contini, R.L. Rivest, M.J.B. Robshaw, and Y.L. Yin. The security of the RC6 block cipher. v.1.0, August 20, 1998. Available at http://www.rsasecurity.com/rsalabs/rc6/.
- 4.S. Contini, R.L. Rivest, M.J.B. Robshaw, and Y.L. Yin. Improved analysis of some simplified variants of RC6. FSE’99, LNCS 1636, pp. 1–15, 1999.Google Scholar
- 5.H. Gilbert, H. Handschuh, A. Joux and S. Vaudenay, A Statistical Attack on RC6. FSE 2000, LNCS 1978, pp. 64–74, 2001.Google Scholar
- 7.B.S. Kaliski Jr. and M.J.B. Robshaw. Linear cryptanalysis using multiple approximations. CRYPTO’94, LNCS 839, pp. 26–39, 1994.Google Scholar
- 8.B.S. Kaliski Jr. and M.J.B. Robshaw. Linear cryptanalysis using multiple approximations and FEAL. FSE’94, LNCS 1008, pp. 249–264, 1995.Google Scholar
- 9.B.S. Kaliski Jr. and Y.L. Yin. On differential and linear cryptanalysis of the RC5 encryption algorithm. CRYPTO’95, LNCS 963, pp. 171–184, 1995.Google Scholar
- 10.B.S. Kaliski Jr. and Y.L. Yin. On the security of the RC5 encryption algorithm. Available at http://www.rsasecurity.com/rsalabs/rc6/.
- 11.J. Kelsey, B. Schneier, and D. Wagner. Mod n cryptanalysis, with applications against RC5P and M6. FSE’99, LNCS 1363, pp. 139–155, 1999.Google Scholar
- 12.L.R. Knudsen and M.J.B. Robshaw. Non-linear approximations in linear cryptanalysis. EUROCRYPT’96, LNCS 1070, pp. 224–236, 1996.Google Scholar
- 13.L.R. Knudsen and W. Meier. Correlations in RC6 with a reduced number of rounds. FSE 2000, LNCS 1978, pp. 94–108, 2001.Google Scholar
- 14.M. Matsui. Linear cryptanalysis method for DES cipher. EUROCRYPT’93, LNCS 765, pp. 386–397, 1993.Google Scholar
- 15.S. Moriai, K. Aoki and K. Ohta. Key-dependency of linear probability of RC5. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, Vol. E80-A, No. 1, 1997.Google Scholar
- 16.R.L. Rivest. The RC5 encryption algorithm. FSE’94, LNCS 1008, pp. 86–96, 1995.Google Scholar
- 17.R.L. Rivest, M.J.B. Robshaw, R. Sidney and Y.L. Yin. The RC6 block cipher. v1.1, August 20, 1998. Available at http://www.rsasecurity.com/rsalabs/rc6/.
- 18.K. Nyberg. Linear approximation of block ciphers. EUROCRYPT’94, LNCS 950, pp. 439–444, 1994.Google Scholar
- 19.A.A. Selcuk. New results in linear cryptanalysis of RC5. FSE’98, LNCS 1372, pp. 1–16, 1998.Google Scholar
© Springer-Verlag Berlin Heidelberg 2002