A Key-schedule Weakness in SAFER K-64

A Key-schedule Weakness in SAFER K-64 (1995)

Cached

Download Links

[ftp.esat.kuleuven.ac.be]

Other Repositories/Bibliography

DBLP

by Lars R. Knudsen , To About

Venue:	Advances in Cryptology, Proceedings Crypto'95, LNCS 963
Citations:	19 - 8 self

BibTeX

@INPROCEEDINGS{Knudsen95akey-schedule,
    author = {Lars R. Knudsen and To About},
    title = {A Key-schedule Weakness in SAFER K-64},
    booktitle = {Advances in Cryptology, Proceedings Crypto'95, LNCS 963},
    year = {1995},
    pages = {274--286},
    publisher = {Springer-Verlag}
}

Bookmark

OpenURL

Abstract

. In this paper we analyse SAFER K-64 and show a weakness in the key schedule. It has the effect that for almost every key K, there exists at least one different key K , such that for many plaintexts the outputs after 6 rounds of encryption are equal. The output transformation causes the ciphertexts to differ in one of the 8 bytes. Also, the same types of keys encrypt even more pairs of plaintexts different in one byte to ciphertexts different only in the same byte. This enables us to do a related-key chosen plaintext attack on SAFER K-64, which finds 8 bits of the key requiring from 2 44 to about 2 47 chosen plaintexts. While our observations may have no greater impact on the security of SAFER K-64 when used for encryption in practice, it greatly reduces the security of the algorithm when used in hashing modes, which is illustrated. We give collisions for the well-known secure hash modes using a block cipher. Also we give a suggestion of how to improve the key schedule, such th...

Citations

130	New Types of Cryptanalytic Attacks Using Related Keys (Extended Abstract - Biham
114	On the Design and Security of Block Ciphers - Lai - 1992
93	Analysis and Design of Cryptographic Hash Functions - Preneel - 1993
42	K-64: A byte-oriented blockciphering algorithm - SAFER - 1994
41	A generalization of linear cryptanalysis and the applicability of Matsui’s piling-up lemma - Harpes, Kramer, et al.
30	On the Need for Multipermutations: Cryptanalysis of MD4 and SAFER - Vaudenay - 1994
26	Block Ciphers -- Analysis, Design and Applications - Knudsen - 1994
24	Cryptanalysis of LOKI91 - Knudsen
11	How easy is collision search? Application to DES - Quisquater, Delescaille - 1990
4	K-64: One year later - SAFER - 1995
4	Functions Based on Block Ciphers: A Synthetic Approach - Hash - 1993