Cryptanalysis of Akelarre

Niels Ferguson and Bruce Schneier

In Proc. Fourth Annual Workshop on Selected Areas in Cryptography, pp. 201-212, 1997

Abstract

We show two practical attacks against the Akelarre block cipher. The best attack retrieves the 128-bit key using fewer than 100 chosen plaintexts and 2⁴² off-line trial encryptions. Our attacks use a weakness in the round function that preserves the parity of the input, a set of 1-round differential characteristics with probability 1, and the lack of avalanche and one-way properties in the key schedule. We suggest some ways of fixing these immediate weaknesses, but conclude that the algorithm should be abandoned in favor of better-studied alternatives.

Download

Zipped PostScript (107 kB)
PDF (474 kB)

Home

About

Publications

Practical Cryptography