Abstract
In this paper the block cipher RC6 is analysed. RC6 is submitted as a candidate for the Advanced Encryption Standard, and is one of five finalists. It has 128-bit blocks and supports keys of 128, 192 and 256 bits, and is an iterated 20-round block cipher. Here it is shown that versions of RC6 with 128-bit blocks can be distinguished from a random permutation with up to 15 rounds; for some weak keys up to 17 rounds. Moreover, with an increased effort key-recovery attacks faster than exhaustive key search can be mounted on RC6 with up to 12 rounds for 128 bit keys, on 14 rounds for 192 bit keys and on 15 rounds for 256 bit keys.
Keywords
Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
O. Baudron, H. Gilbert, L. Granboulan, H. Handschuh, A. Joux, P. Nguyen, F. Noilhan, D. Pointcheval, T. Pornin, G. Poupard, J. Stern, and S. Vaudenay Report on the AES candidates. Available at http://csrc.nist.gov/encryption/aes/round1/conf2/papers/baudron1.pdf.
H. Gilbert, H. Handschuh, A. Joux, and S. Vaudenay. A Statistical Attack on RC6.These proceedings.
A. Biryukov and E. Kushilevitz. Improved cryptanalysis of RC5. In K. Nyberg, editor, Advances in Cryptology-EUROCRYPT’98, LNCS 1403, pages 85–99. Springer Verlag, 1998.
S. Contini, R.L. Rivest, M.J.B. Robshaw and Y.L. Yin. The Security of the RC6 Block Cipher. v.1.0, August 20, 1998. Available at http//:www.rsa.com/rsalabs/aes/.
S. Contini, R.L. Rivest, M.J.B. Robshaw, and Y.L. Yin. Improved analysis of some simplified variants of RC6. In L. Knudsen, editor, Fast Software Encryption, Sixth International Workshop, Rome, Italy, March 1999, LNCS1636, pages 1–15. Springer Verlag, 1999.
S. Contini, R.L. Rivest, M.J.B. Robshaw, and Y.L. Yin. Some Comments on the First Round AES Evaluation of RC6. Available at http://csrc.nist.gov/encryption/aes/round1/pubcmnts.htm.
J. Kelsey, B. Schneier, and D. Wagner. Mod n cryptanalysis, with applications against RC5P and M6. In L. Knudsen, editor, Fast Software Encryption, Sixth International Workshop, Rome, Italy, March 1999, LNCS1636, pages 139–155. Springer Verlag, 1999.
A.G. Konheim. Cryptography: A Primer. John Wiley & Sons, 1981.
L.R. Knudsen, and W. Meier. Correlations in RC6. Technical Report 177, Department of Informatics,University of Bergen, Norway, July 29, 1999.
D.E. Knuth. The Art of Computer Programming, Vol. 2. Addison-Wesley, 1981.
M. Matsui. Linear cryptanalysis method for DES cipher. In T. Helleseth, editor, Advances in Cryptology-EUROCRYPT’93, LNCS 765, pages 386–397. Springer Verlag, 1993.
R.L. Rivest, M.J.B. Robshaw, R. Sidney and Y.L. Yin. The RC6 Block Cipher. v1.1, August 20, 1998. Available at http//:www.rsa.com/rsalabs/aes/.
S. Vaudenay. An Experiment on DES Statistical Cryptanalysis. 3rd ACM Conference on Computer and Communications Security, ACM Press, 1996, pp. 139–147.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Knudsen, L.R., Meier, W. (2001). Correlations in RC6 with a Reduced Number of Rounds. In: Goos, G., Hartmanis, J., van Leeuwen, J., Schneier, B. (eds) Fast Software Encryption. FSE 2000. Lecture Notes in Computer Science, vol 1978. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44706-7_7
Download citation
DOI: https://doi.org/10.1007/3-540-44706-7_7
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41728-6
Online ISBN: 978-3-540-44706-1
eBook Packages: Springer Book Archive