A Related-Key Attack on Block Ciphers with Weak Recurrent Key Schedules

  • Marina Pudovkina
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6888)


An important component of an iterated block cipher is the key schedule. In this paper, we consider iterated block ciphers with a key schedule algorithm described by a recurrence relation. We present an efficient related-key attack on those ciphers. With regard to similar techniques, such as the slide attack, our proposal considerably reduces the number of necessary plaintexts from O(2 n/4) plaintexts to 2r, where r is the number of recovered round keys. The complexity of our attack is, moreover, almost equal to the complexity of guessing just one round key.


Block Cipher Encryption Function Round Function Plaintext Attack Boomerang Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Swenson, C.: Modern Cryptanalysis. Techniques for Advanced Code Breaking. Wiley Publishing (2008)Google Scholar
  2. 2.
    Knudsen, L.R., Mathiassen, J.E.: On the Role of Key Schedules in Attacks on Iterated Ciphers. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 322–334. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Biham, E.: New Types of Cryptanalytic Attacks Using Related Keys. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 398–409. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  4. 4.
    Knudsen, L.R.: Cryptanalysis of LOKI91. In: Zheng, Y., Seberry, J. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 196–208. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  5. 5.
    Biryukov, A., Dunkelman, O., Keller, N., Khovratovich, D., Shamir, A.: Key Recovery Attacks of Practical Complexity on AES-256 Variants with up to 10 Rounds. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 299–319. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  6. 6.
    Dunkelman, O., Keller, N., Shamir, A.: A Practical-Time Related-Key Attack on the KASUMI Cryptosystem Used in GSM and 3G Telephony. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 393–410. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  7. 7.
    Koo, B., Yeom, Y., Song, J.: Related-Key Boomerang Attack on Block Cipher SQUARE. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences 94(1), 3–9 (2011)CrossRefGoogle Scholar
  8. 8.
    Wang, G., Keller, N., Dunkelman, O.: The Delicate Issues of Addition with Respect to XOR Differences. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 212–231. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Fleischmann, E., Gorski, M., Lucks, S.: Memoryless Related-Key Boomerang Attack on 39-Round SHACAL-2. In: Bao, F., Li, H., Wang, G. (eds.) ISPEC 2009. LNCS, vol. 5451, pp. 310–323. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    Kelsey, J., Schneier, B., Wagner, D.: Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 237–251. Springer, Heidelberg (1996)Google Scholar
  11. 11.
    Kelsey, J., Schneier, B., Wagner, D.: Related-Key Cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 233–246. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  12. 12.
    Ciet, M., Piret, G., Quisquater, J.-J.: Related-Key and Slide Attacks: Analysis, Connections, and Improvements (1999),
  13. 13.
    Ciet, M., Piret, G., Quisquater, J.-J.: A Survey of Key Schedule Cryptanalysis. Technical Report CG-2002/1, Universite catholique de Louvain, Crypto Group (2002),
  14. 14.
    Courtois, N.T., Bard, G.V.: Algebraic and Slide Attacks on KeeLoq. Cryptology ePrint Archive, Report 2007/062 (2007)Google Scholar
  15. 15.
    Schneier, B.: Applied Cryptography, Protocols, Algorithms, and Source Code in C, 2nd edn. John WileySons, Inc., New York (1995)zbMATHGoogle Scholar
  16. 16.
    Biryukov, A., Wagner, D.: Slide Attacks. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 245–259. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  17. 17.
    Seki, H., Kaneko, T.: Differential Cryptanalysis of Reduced Rounds of GOST. In: Stinson, D.R., Tavares, S. (eds.) SAC 2000. LNCS, vol. 2012, pp. 315–323. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  18. 18.
    Biham, E., Dunkelman, O., Keller, N.: Improved Slide Attacks. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 153–166. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  19. 19.
    Kara, O.: Reflection Cryptanalysis of Some Ciphers. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 294–307. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  20. 20.
    Ko, Y., Hong, S., Lee, W., Lee, S., Kang, J.-S.: Related Key Differential Attacks on 27 Rounds of Xtea and Full-Round Gost. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 299–316. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  21. 21.
    Rudskoy, V.: On Zero Practical Significance of ”Key Recovery Attack on Full GOST Block Cipher with Zero Time and Memory” (2010),
  22. 22.
    Isobe, T.: A Single-Key Attack on the Full GOST Block Cipher. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 290–305. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  23. 23.
    Courtois, N.: Security Evaluation of GOST 28147-89 in view of international standardisation (2011),
  24. 24.
    Pudovkina, M., Khoruzhenko, G.: Related-key attacks on the full GOST block cipher with 2 or 4 related keys. In: Western European Workshop on Research in Cryptology (2011),

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Marina Pudovkina
    • 1
  1. 1.Moscow Engineering-Physics InstituteNational Nuclear Research UniversityMoscowRussian Federation

Personalised recommendations