Abstract. Many attacks on iterated block ciphers rely on statistical considerations using plaintext/ciphertext pairs to distinguish some part of the cipher from a random permutation. We provide here a simple formula for estimating the amount of plaintext/ciphertext pairs which is needed for such distinguishers and which applies to a lot of different scenarios (linear cryptanalysis, differentiallinear cryptanalysis, differential/truncated differential/impossible differential cryptanalysis). The asymptotic data complexities of all these attacks are then derived. Moreover, we give an efficient algorithm for computing the data complexity accurately.

Abstract — Symmetric-key block ciphers are often used to provide data confidentiality with low complexity, especially in the case of dedicated hardware implementations. IDEA NXT is a novel block cipher family, which has many interesting features and is targeted to multimedia streaming encryption. Different values can be assigned to the hardware architecture parameters in order to scale the security and the performance of the cipher. In this paper we implement the IDEA NXT algorithm in custom silicon, using a commercial technology library; different optimizations are applied in order to satisfy different constraints in terms of latency and area occupation, maintaining a high level of security. After giving an overview of the IDEA NXT design, a discussion of the implementation choices and trade offs is given, highlighting the similarities and the main differences with regards to other block ciphers. To the authors ’ knowledge this is the first paper describing such work. I.