Cryptanalysis of the Full 8.5-Round REESSE3+ Block Cipher

  • Jorge NakaharaJr.
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9230)


This paper describes the first independent cryptanalysis of the full 8.5-round REESSE3+ block cipher, a large-block variant of the IDEA cipher. We show that large classes of weak keys exist in REESSE3+, just like in IDEA, under differential and linear attacks. Moreover, doubling the number of rounds is not enough to avoid weak keys. The existence of weak keys jeopardizes the use of REESSE3+ as a building block in the construction of other cryptographic primitives such as hash functions in modes such as Davies-Meyer’s. We also describe square and impossible differential attacks on reduced-round versions.


Cryptanalysis IDEA Weak keys Block cipher design 



I would like to thank the anonymous reviewers who provided detailed and valuable comments, which improved the readability and helped correct several mistakes in this paper.


  1. 1.
    Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of skipjack reduced to 31 rounds using impossible differentials. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 12–23. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  2. 2.
    Biham, E., Biryukov, A., Shamir, A.: Miss in the middle attacks on IDEA and Khufu. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, p. 124. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  3. 3.
    Biham, E., Dunkelman, O., Keller, N.: A new attack on 6-round IDEA. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 211–224. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  4. 4.
    Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer, New York (1993) CrossRefzbMATHGoogle Scholar
  5. 5.
    Biryukov, A., Nakahara Jr., J., Preneel, B., Vandewalle, J.: New weak-key classes of IDEA. In: Deng, R.H., Qing, S., Bao, F., Zhou, J. (eds.) ICICS 2002. LNCS, vol. 2513, pp. 315–326. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  6. 6.
    Biryukov, A., Wagner, D.: Slide attacks. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 245–259. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  7. 7.
    Borst, J.: Differential-linear cryptanalysis of IDEA. Technical report, ESAT Department, COSIC group, pp. 96–102 (1996)Google Scholar
  8. 8.
    Chen, S., Lampe, R., Lee, J., Seurin, Y., Steinberger, J.: Minimizing the two-round even-mansour cipher. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 39–56. Springer, Heidelberg (2014) Google Scholar
  9. 9.
    Daemen, J.: Limitations of the even-mansour construction. In: Matsumoto, T., Imai, H., Rivest, R.L. (eds.) ASIACRYPT 1991. LNCS, vol. 739, pp. 495–498. Springer, Heidelberg (1993) CrossRefGoogle Scholar
  10. 10.
    Daemen, J., Govaerts, R., Vandewalle, J.: Weak keys for IDEA. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 224–231. Springer, Heidelberg (1994) CrossRefGoogle Scholar
  11. 11.
    Daemen, J., Knudsen, L.R., Rijmen, V.: The block cipher SQUARE. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 149–165. Springer, Heidelberg (1997) CrossRefGoogle Scholar
  12. 12.
    Daemen, J., Rijmen, V.: AES Proposal: Rijndael. In: 1st AES Conference, California, USA (1998)Google Scholar
  13. 13.
    Demirci, H.: Square-like attacks on reduced rounds of IDEA. In: Nyberg, K., Heys, H. (eds.) SAC 2002. LNCS, vol. 2595, pp. 147–159. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  14. 14.
    Demirci, H., Ture, E., Selçuk, A.A.: A new meet-in-the-middle attack on the IDEA block cipher. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 117–129. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  15. 15.
    Even, S., Mansour, Y.: A construction of a cipher from a single pseudorandom permutation. J. Cryptol. 10(3), 151–162 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Garfinkel, S.: PGP: Pretty Good Privacy. O’Reilly and Associates, Sebastopol (1994)Google Scholar
  17. 17.
    Hawkes, P.M.: Asymptotic bounds on differential probabilities and an analysis of the block cipher IDEA. The University of Queensland, St. Lucia, Australia (1998)Google Scholar
  18. 18.
    Khovratovich, D., Leurent, G., Rechberger, C.: Narrow-bicliques: cryptanalysis of full IDEA. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 392–410. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  19. 19.
    Knudsen, L.R.: DEAL - a 128-bit block cipher. Technical report #151, University of Bergen, Department of Informatics, Norway (1998)Google Scholar
  20. 20.
    Lai, X.: On the design and security of block ciphers. In: Massey, J.L. (ed.) ETH Series in Information Processing, vol. 1. Hartung-Gorre Verlag, Konstanz (1995)Google Scholar
  21. 21.
    Lai, X., Massey, J.L.: Markov ciphers and differential cryptanalysis. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 17–38. Springer, Heidelberg (1991) CrossRefGoogle Scholar
  22. 22.
    Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994) CrossRefGoogle Scholar
  23. 23.
    Meier, W.: On the security of the IDEA block cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 371–385. Springer, Heidelberg (1994) CrossRefGoogle Scholar
  24. 24.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Gary (1997)zbMATHGoogle Scholar
  25. 25.
    Nakahara Jr., J., Preneel, B., Vandewalle, J.: A note on weak keys of PES, IDEA, and some extended variants. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 267–279. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  26. 26.
    Nakahara Jr., J., Preneel, B., Vandewalle, J.: The Biryukov-Demirci attack on reduced-round versions of IDEA and MESH ciphers. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 98–109. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  27. 27.
    Nakahara Jr., J., Rijmen, V., Preneel, B., Vandewalle, J.: The MESH block ciphers. In: Chae, K.-J., Yung, M. (eds.) WISA 2003. LNCS, vol. 2908, pp. 458–473. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  28. 28.
    Su, S., Lu, S.: A 128-bit block cipher based on three group arithmetics. IACR ePrint archive, 2014/704 (2014)Google Scholar
  29. 29.
    Yıldırım, H.M.: Some linear relations for block cipher IDEA. The Middle East Technical University (2002)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Jose Benedito de Moraes LemeSao PauloBrazil

Personalised recommendations