A Statistical Attack on RC6
نویسندگان
چکیده
This paper details the attack on RC6 which was announced in a report published in the proceedings of the second AES candidate conference (March 1999). Based on an observation on the RC6 statistics, we show how to distinguish RC6 from a random permutation and to recover the secret extended key for a fair number of rounds.
منابع مشابه
On the Success Probability of χ2-attack on RC6
Knudsen and Meier applied the χ2-attack to RC6. The χ2-attack can be used for both distinguishing attacks and key recovery attacks. Up to the present, the success probability of key recovery attack in any χ2attack has not been evaluated theoretically without any assumption of experimental results. In this paper, we discuss the success probability of key recovery attack in χ2-attack and give the...
متن کاملMIYAJI and NONAKA : CRYPTANALYSIS OF REDUCED - ROUND RC 6 WITHOUT WHITENING
We investigate the cryptanalysis of reducedround RC6 without whitening. Up to now, key recovery algorithms against the reduced-round RC6 itself, the reduced-round RC6 without whitening, and even the simplified variants have been infeasible on a modern computer. In this paper, we propose an efficient and feasible key recovery algorithm against reducedround RC6 without whitening. Our algorithm is...
متن کاملTheoretical Analysis of "Correlations in RC6"
In this paper, we give the theoretical analysis of χ attack proposed by Knudsen and Meier on the RC6 block cipher. To this end, we propose the novel method of security evaluation against χ attack precisely including key dependency by introducing a technique “Transition Matrix Computing.” On the other hand, the way of security evaluation against χ attack has not been known except the computer ex...
متن کاملSuccess probability in chi - square attacks
Knudsen and Meier applied the χ-attack to RC6. This attack is one of the most effective attacks for RC6. The χ-attack can be used for both distinguishing attacks and for key recovery attacks. Up to the present, theoretical analysis of χ-attacks, especially the relation between a distinguishing attack and a key recovery attack, has not been discussed. In this paper, we investigate the theoretica...
متن کاملCorrelations in RC 6 on 256 - bit blocks ∗
Earlier it has been reported that there exist correlation attacks on RC6 with 128-bit blocks with a reduced number of rounds. In this note it is investigated how well RC6 with 256-bit blocks resists such attacks.
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2000