Lecture Notes in Computer Science vol:1556 pages:319-338
SAC 1998 date:August 17-18, 1998
The cipher family SPEED (and an associated hashing mode) was recently proposed in Financial Cryptography '97. This paper crypt-analyzes that proposal, in two parts: First, we discuss several troubling potential weaknesses in the cipher. Next, we show how to efficiently break the SPEED hashing mode using differential related-key techniques, and propose a differential attack on 48-round SPEED. These results raise some significant questions about the security of the SPEED design.