Optimized χ2-Attack against RC6

  • Norihisa Isogai
  • Takashi Matsunaka
  • Atsuko Miyaji
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2846)


In this paper, we make progress on χ 2-attack by introducing the optimization. We propose three key recovery attacks against RC6 without post-whitening, and apply these three key recovery algorithms to RC6. We discuss their differences and optimization and thus our best attack can break 16-round RC6 without pre-whitening with 128-bit key (resp. 16-round RC6 with 192-bit key) by using 2117.84 (resp. 2122.84) chosen plaintexts with a success probability of 95% (resp. 90%). As far as the authors know, this is the best result of attacks to RC6.


Block Cipher Cryptanalysis RC6 χ2-attack 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Borst, J., Preneel, B., Vandewalle, J.: Linear Cryptanalysis of RC5 and RC6. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 16–30. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  2. 2.
    Contini, S., Rivest, R., Robshaw, M., Yin, Y.: The Security of the RC6 Block Cipher. v 1.0. August 20 (1998), Available at
  3. 3.
    Contini, S., et al.: Improved analysis of some simplified variants of RC6. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 1–15. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  4. 4.
    Freund, R.J., Wilson, W.J.: Statistical Method. Academic Press, San Diego (1993)Google Scholar
  5. 5.
    Gilbert, H., et al.: A Statistical Attack on RC6. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 64–74. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Handschuh, H., Gilbert, H.: χ2 Cryptanalysis of the SEAL Encryption Algorithm. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 1–12. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  7. 7.
    Knudsen, L., Meier, W.: Correlations in RC6 with a reduced number of rounds. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 94–108. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Menezes, A., van Oorschot, P.C., Vanstone, S.: Handbook of applied cryptography. CRC Press, Inc., Boca Raton (1996)CrossRefGoogle Scholar
  9. 9.
    Miyaji, A., Nonaka, M.: Cryptanalysis of the Reduced-Round RC6. In: Deng, R.H., et al. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 480–494. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Rivest, R.: The RC5 Encryption Algorithm. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 86–96. Springer, Heidelberg (1995)Google Scholar
  11. 11.
    Rivest, R., Robshaw, M., Sidney, R., Yin, Y.: The RC6 Block Cipher. v1.1. August 20 (1998), Available at
  12. 12.
    Shimoyama, T., Takenaka, M., Koshiba, T.: Multiple linear cryptanalysis of a reduced round RC6. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 76–88. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  13. 13.
    Shimoyama, T., Takeuchi, K., Hayakawa, J.: Correlation Attack to the Block Cipher RC5 and the Simplified Variants of RC6. In: 3rd AES Candidate Conference (April 2000)Google Scholar
  14. 14.
    Vaudenay, S.: An Experiment on DES Statistical Cryptanalysis. In: Proc. 3rd ACM Conference on Computer and Communications Security, pp. 139–147. ACM Press, New York (1996)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Norihisa Isogai
    • 1
  • Takashi Matsunaka
    • 1
  • Atsuko Miyaji
    • 1
  1. 1.Japan Advanced Institute of Science and Technology 

Personalised recommendations