Cryptanalysis of the Full 8.5-Round REESSE3+ Block Cipher
This paper describes the first independent cryptanalysis of the full 8.5-round REESSE3+ block cipher, a large-block variant of the IDEA cipher. We show that large classes of weak keys exist in REESSE3+, just like in IDEA, under differential and linear attacks. Moreover, doubling the number of rounds is not enough to avoid weak keys. The existence of weak keys jeopardizes the use of REESSE3+ as a building block in the construction of other cryptographic primitives such as hash functions in modes such as Davies-Meyer’s. We also describe square and impossible differential attacks on reduced-round versions.
KeywordsCryptanalysis IDEA Weak keys Block cipher design
I would like to thank the anonymous reviewers who provided detailed and valuable comments, which improved the readability and helped correct several mistakes in this paper.
- 7.Borst, J.: Differential-linear cryptanalysis of IDEA. Technical report, ESAT Department, COSIC group, pp. 96–102 (1996)Google Scholar
- 8.Chen, S., Lampe, R., Lee, J., Seurin, Y., Steinberger, J.: Minimizing the two-round even-mansour cipher. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 39–56. Springer, Heidelberg (2014) Google Scholar
- 12.Daemen, J., Rijmen, V.: AES Proposal: Rijndael. In: 1st AES Conference, California, USA (1998)Google Scholar
- 16.Garfinkel, S.: PGP: Pretty Good Privacy. O’Reilly and Associates, Sebastopol (1994)Google Scholar
- 17.Hawkes, P.M.: Asymptotic bounds on differential probabilities and an analysis of the block cipher IDEA. The University of Queensland, St. Lucia, Australia (1998)Google Scholar
- 19.Knudsen, L.R.: DEAL - a 128-bit block cipher. Technical report #151, University of Bergen, Department of Informatics, Norway (1998)Google Scholar
- 20.Lai, X.: On the design and security of block ciphers. In: Massey, J.L. (ed.) ETH Series in Information Processing, vol. 1. Hartung-Gorre Verlag, Konstanz (1995)Google Scholar
- 28.Su, S., Lu, S.: A 128-bit block cipher based on three group arithmetics. IACR ePrint archive, 2014/704 (2014)Google Scholar
- 29.Yıldırım, H.M.: Some linear relations for block cipher IDEA. The Middle East Technical University (2002)Google Scholar