Title: A Note on Weak Keys of PES, IDEA, and Some Extended Variants
Authors: Nakahara, Jorge
Preneel, Bart
Vandewalle, Joos
Issue Date: 2003
Publisher: Springer
Host Document: Lecture Notes in Computer Science vol:2851 pages:267-279
Conference: ISC 2003 date:October 01-03, 2003
Abstract: This paper presents an analysis of the PES cipher in a similar setting as done by Daemen et al. at Crypto'93 for IDEA. The following results were obtained for 8.5-round PES: a linear weak-key class of size 248, two differential weak-key classes of size 241, and two differential-linear weak-key classes of size 2(62). For 17-round PES (double PES): a linear weak-key class of size 27, and a differential weak-key class of size 27 were found. These attacks demonstrate that doubling the number of rounds in PES is not enough to avoid weak keys. These findings were possible because the cipher structure from PES to IDEA was changed but the key schedule algorithm remained the same. Daemen suggested a modified key schedule for IDEA in order to avoid weak keys. We found a differential weak-key class of size 2(83) for 2.5-round IDEA under his redesigned key schedule, and a differential-linear weak-key class of size 2(68) for 3.5-round IDEA. The presence of weak keys has some consequences. Recall that without weak-key assumptions there are no known attacks on more than 4.5 rounds of IDEA. Furthermore, the existence of weak keys may imply that the block cipher becomes unsuitable in stream cipher and hash function constructions.
ISSN: 0302-9743
Publication status: published
KU Leuven publication type: IC
Appears in Collections:ESAT - STADIUS, Stadius Centre for Dynamical Systems, Signal Processing and Data Analytics
Electrical Engineering - miscellaneous

Files in This Item:
File Status SizeFormat
article-172.pdf Published 150KbAdobe PDFView/Open Request a copy

These files are only available to some KU Leuven Association staff members


All items in Lirias are protected by copyright, with all rights reserved.

© Web of science