# Related Key Differential Attacks on 27 Rounds of XTEA and Full-Round GOST

@inproceedings{Ko2004RelatedKD, title={Related Key Differential Attacks on 27 Rounds of XTEA and Full-Round GOST}, author={Youngdai Ko and Seokhie Hong and Wonil Lee and Sangjin Lee and Ju-Sung Kang}, booktitle={FSE}, year={2004} }

In this paper, we present a related key truncated differential attack on 27 rounds of XTEA which is the best known attack so far. [... ] Key Method First, we present a distinguishing attack on full-round GOST, which can distinguish it from a random permutation with probability 1 - 2 -64 using a related key differential characteristic. We also show that H. Seki et al.'s idea combined with our related key differential characteristic can be applied to attack 31 rounds of GOST . Expand

## 104 Citations

### Reflection Cryptanalysis of Some Ciphers

- Computer Science, Mathematics
- 2008

The attack method exploits certain similarities among round functions which have not been utilized in the previous self-similarity attacks to mount the reflection attack on some ciphers such as GOST, DEAL and a variant of DES.

### Reflection Cryptanalysis of Some Ciphers

- Computer Science, MathematicsINDOCRYPT
- 2008

The attack method exploits certain similarities among round functions which have not been utilized in the previous self-similarity attacks to mount the reflection attack on some ciphers such as GOST, DEAL and a variant of DES.

### A Single-Key Attack on the Full GOST Block Cipher

- Computer Science, MathematicsJournal of Cryptology
- 2012

This paper shows the first single-key attack, which works for all key classes, on the full GOST block cipher, using a new attack framework called Reflection-Meet-in-the-Middle Attack and uses additional novel techniques which are the effective MITM techniques using equivalent keys on a small number of rounds.

### Related-Key Rectangle Attack on 43-Round SHACAL-2

- Computer Science, MathematicsISPEC
- 2007

A related-key rectangle attack on 43-round out of the 64-round of SHACAL-2, which requires 2240.38 chosen plaintexts and has time complexity of 2480.4 43- round SHACal-2 encryptions is presented.

### Three-Subset Meet-in-the-Middle Attack on Reduced XTEA

- Computer Science, MathematicsAFRICACRYPT
- 2012

This paper presents an improved single-key attack on a block-cipher XTEA by using the three-subset meet-in-the-middle (MitM) attack, and gives a corrected procedure to keep the data complexity small.

### The Delicate Issues of Addition with Respect to XOR Differences

- Mathematics, Computer ScienceSelected Areas in Cryptography
- 2007

This paper analyzes the previous attacks on the block cipher SHACAL-1 and shows that all the differential-based attacks fail due to mistreatment of XOR differences through addition, and presents possible fixes to these attacks.

### Combined Differential, Linear and Related-Key Attacks on Block Ciphers and MAC Algorithms

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2006

This thesis provides several new combined differential, linear and related-key attacks, and shows their applications to block ciphers, hash functions in encryption mode and message authentication code (MAC) algorithms.

### Improved Slide Attacks

- Computer Science, MathematicsFSE
- 2007

This paper extends the slide attack by examining the cycle structures of the entire cipher and of the underlying keyed permutation, and allows to find slid pairs much faster than was previously known, and hence reduces the time complexity of the whole slide attack significantly.

### Related-Key Rectangle Attacks on Reduced AES-192 and AES-256

- Computer Science, MathematicsFSE
- 2007

These attacks reduce the complexity of earlier attacks presented at FSE 2005 and Eurocrypt 2005: for reduced AES-192 with 8 rounds, the required number of related keys are decreased from 4 to 2 at the cost of a higher data and time complexity and the first shortcut attack on AES- 192 reduced to 10 rounds is presented.

### Cryptanalysis of Block Ciphers

- Computer Science, Mathematics
- 2008

This thesis proposes a new extension of differential cryptanalysis, which is called the impossible boomerang attack, and describes the early abort technique for (related-key) impossible differential crypt analysis and rectangle attacks.

## References

SHOWING 1-10 OF 20 REFERENCES

### Key-Schedule Cryptanalysis of DEAL

- Computer Science, MathematicsSelected Areas in Cryptography
- 1999

Two new results on the DEAL key schedule are discussed; the existence of equivalent keys for all three key lengths, and a new related-key attack on DEAL-192 andDEAL-256.

### Impossible Differential Cryptanalysis of Reduced Round XTEA and TEA

- Computer Science, MathematicsFSE
- 2002

The impossible differential cryptanalysis of reduced-round versions of XTEA and TEA is presented, and it is shown how to construct a 12-round impossible characteristic of X TEA and how to derive 128-bit user key of the 11-round TEA.

### New types of cryptanalytic attacks using related keys

- Computer Science, MathematicsJournal of Cryptology
- 2004

It is shown that the key-scheduling algorithms of many blockciphers inherit obvious relationships between keys, and use these key relations to attack the blockcips, and that DES is not vulnerable to the related keys attacks.

### Differential Cryptanalysis of Reduced Rounds of GOST

- Computer Science, MathematicsSelected Areas in Cryptography
- 2000

This paper presents the first result of differential cryptanalysis of GOST with reduced number of rounds with the idea of using a set of differential characteristics, which is a partitioning type, to reduce the influence of the key value upon the probability as well as get high differential probability.

### Differential Cryptanalysis of TEA and XTEA

- Mathematics, Computer ScienceICISC
- 2003

This work suggests differential and truncated differential attacks on TEA and XTEA better than them, and suggests attacks on 17-round TEa and 23-round XTEa are the best results.

### Differential-Linear Type Attacks on Reduced Rounds of SHACAL-2

- Computer Science, MathematicsACISP
- 2004

This paper presents differential-linear type attacks on SHACAL-2 with 512-bit keys up to 32 out of its 64 rounds, and concludes that the 32-round attack on the 512- bit keys variants is the best published attack on this cipher.

### Related-Key Rectangle Attack on 42-Round SHACAL-2

- Computer Science, MathematicsISC
- 2006

This paper presents a related-key rectangle attack on 42-round SHACAL-2, which requires 2 243.38related-key chosen plaintexts and has a running time of 2 488.37, which is the best currently known attack on SHACal-2.

### The Boomerang Attack

- Computer Science, MathematicsFSE
- 1999

This paper disprove the of t-repeated claim that eliminating all high-probability differentials for the whole cipher is sufficient to guarantee security against differential attacks, and shows how to break COCONUT98, a cipher designed using decorrelation techniques to ensure provable securityagainst differential attacks.

### On Probability of Success in Linear and Differential Cryptanalysis

- Mathematics, Computer ScienceSCN
- 2002

An analytical calculation of the success probability of differential and linear cryptanalytic attacks is presented, applying to an extended sense of the term "success" where the correct key is found not necessarily as the highest- ranking candidate but within a set of highest-ranking candidates.

### Differential cryptanalysis of DES-like cryptosystems

- Computer Science, MathematicsJournal of Cryptology
- 2004

A new type of cryptanalytic attack is developed which can break the reduced variant of DES with eight rounds in a few minutes on a personal computer and can break any reduced variantof DES (with up to 15 rounds) using less than 256 operations and chosen plaintexts.