par Nakahara, Jorge 
Référence Lecture notes in computer science, 7712 LNCS, page (56-71)
Publication Publié, 2012
Référence Lecture notes in computer science, 7712 LNCS, page (56-71)
Publication Publié, 2012
Article révisé par les pairs
| Résumé : | We report on differential and linear analysis of the full 8.5-round WIDEA-n ciphers for n ∈ {4, 8}, under weak-key assumptions. The novelty in our attacks include the use of differential and linear relation patterns that allow to bypass the diffusion provided by MDS codes altogether. Therefore, we can attack only a single IDEA instance out of n copies, effectively using a narrow trail for the propagation of differences andmasks acrossWIDEA-n. In fact, the higher the value of n, the better the attacks become. Our analyses apply both to particular MDS matrices, such as the one used in AES, as well as general MDS matrices. Our attacks exploit fixed points of MDS matrices. We also observed a curious interaction between certain differential/linear patterns and the coefficients of MDS matrices for non-trivial fixed points. This interaction may serve as an instructive design criterion for block cipher designs such as WIDEA-n. The authors of WIDEA-n suggested a compression function construction using WIDEA-8 in Davies-Meyer mode. In this setting, the weaknesses identified in this paper can lead to free-start collisions and even actual collisions depending on the output transformation of the hash function. © Springer-Verlag 2012. |
