Weak Keys for IDEA
Large classes of weak keys have been found for the block cipher algorithm IDEA, previously known as IPES . IDEA has a 128-bit key and encrypts blocks of 64 bits. For a class of 223 keys IDEA exhibits a linear factor. For a certain class of 235 keys the cipher has a global characteristic with probability 1. For another class of 251 keys only two encryptions and solving a set of 16 nonlinear boolean equations with 12 variables is sufficient to test if the used key belongs to this class. If it does, its particular value can be calculated efficiently. It is shown that the problem of weak keys can be eliminated by slightly modifying the key schedule of IDEA.
KeywordsBlock Cipher Linear Factor Round Function Differential Cryptanalysis Search Encryption
- X. Lai and J.L. Massey, A Proposal for a New Block Encryption Standard, Advances in Cryptology-Eurocrypt’ 90, Springer-Verlag, Berlin 1991, pp. 389–404.Google Scholar
- X. Lai, J.L. Massey and S. Murphy, Markov Ciphers and Differential Cryptanalysis, Advances in Cryptology-Eurocrypt’ 91, Springer-Verlag, Berlin 1991, pp. 17–38.Google Scholar
- D. Chaum, J.-H. Evertse, Cryptanalysis of DES with a Reduced Number of Rounds, Sequences of Linear Factors in Block Ciphers, Advances in Cryptology, Proceedings of Crypto 85, pp. 192–211, 1985.Google Scholar