Abstract
In this paper we evaluate the resistance of the block cipher RC5 against linear cryptanalysis. We describe a known plaintext attack that can break RC5-32 (blocksize 64) with 10 rounds and RC5-64 (blocksize 128) with 15 rounds. In order to do this we use techniques related to the use of multiple linear approximations. Furthermore the success of the attack is largely based on the linear hull-effect. To our knowledge, at this moment these are the best known plaintext attacks on RC5, which have negligible storage requirements and do not make any assumption on the plaintext distribution. Furthermore we discuss the impact of our attacking method on the AES-candidate RC6, whose design was based on RC5.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
A. Biryukov, E. Kushilevitz, “Improved Cryptanalysis of RC5, ” Proc. Eurocrypt’ 98, LNCS 1403, Springer-Verlag, 1998, pp. 85–99.
E. Biham, A. Shamir, Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, 1993.
C. Harpes, J.L. Massey, “Partitioning Cryptanalysis, ” Fast Software Encryption, LNCS 1267, Springer-Verlag, 1997, pp. 13–27.
L.R. Knudsen, W. Meier, “Improved Differential Attacks on RC5,” Proc. Crypto’96, LNCS 1109, Springer-Verlag, 1996, pp. 216–228.
B.S. Kaliski, M.J.B. Robshaw, “Linear Cryptanalysis Using Multiple Approximations,” Proc. Eurocrypt’94, LNCS 950, Springer-Verlag, 1995, pp. 26–39.
B.S. Kaliski, Y.L. Yin, “On Differential and Linear Cryptanalysis of the RC5 Encryption Algorithm,” Proc. Crypto’95, LNCS 963, Springer-Verlag, 1995, pp. 171–184.
B.S. Kaliski, Y.L. Yin, “On the Security of the RC5 Encryption Algorithm,” RSA Laboratories Technical Report TR-602, Version 1.0, September 1998, available via http://www.rsa.com/rsalabs/aes.
M. Matsui, “Linear cryptanalysis method for DES cipher,” Proc. Eurocrypt’93, LNCS 765, Springer-Verlag, 1994, pp. 386–397.
M. Matsui, “The first experimental cryptanalysis of the Data Encryption Standard,” Proc. Crypto’94, LNCS 839, Springer-Verlag, 1994, pp. 1–11.
K. Nyberg, “Linear Approximations of Block Ciphers,” Proc. Eurocrypt’94, LNCS 950, Springer-Verlag, 1995, pp. 439–444.
R.L. Rivest, “The RC5 Encryption Algorithm,” Fast Software Encryption, LNCS 1008, Springer-Verlag, 1995, pp. 86–96.
R.L. Rivest, M.J.B. Robshaw, R. Sidney, Y.L. Yin, “The RC6 Block Cipher. v1.1,” AES Proposal, 1998, available via http://www.rsa.com/rsalabs/aes.
S. Contini, R.L. Rivest, M.J.B. Robshaw, Y.L. Yin, “The Security of the RC6 Block Cipher. v1.0,” 1998, available via http://www.rsa.com/rsalabs/aes.
S. Contini, R.L. Rivest, M.J.B. Robshaw, Y.L. Yin, “Linear Hulls and RC6 (DRAFT),” September, 1998.
A.A. Selçcuk, “New Results in Linear Cryptanalysis of RC5,” Fast Software Encryption, LNCS 1372, Springer-Verlag, 1998, pp. 1–16.
S. Vaudenay, “An Experiment on DES-Statistical Cryptanalysis,” Proc. 3rd ACM Conference on Computer Security, ACM Press, 1996, pp. 139–147.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Borst, J., Preneel, B., Vandewalle, J. (1999). Linear Cryptanalysis of RC5 and RC6. In: Knudsen, L. (eds) Fast Software Encryption. FSE 1999. Lecture Notes in Computer Science, vol 1636. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48519-8_2
Download citation
DOI: https://doi.org/10.1007/3-540-48519-8_2
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66226-6
Online ISBN: 978-3-540-48519-3
eBook Packages: Springer Book Archive