Cryptanalysis of the reduced-round RC6

概要

論文の詳細を見る
Information and communications security : 4th International Conference, ICICS 2002, Singapore, December 9-12, 2002 : proceedings / Robert Deng ... [et al.] (eds.).We investigate the cryptanalysis of the reduced-round RC6 without whitening. Up to the present, previous key recovery algorithm against the reduced-round RC6 itself, the reduced-round RC6 without whitening, and even the simplified variants are infeasible on a modern computer. In this paper, we propose the efficient and feasible key recovery algorithm against the reduced-round RC6 without whitening. Our algorithm is very useful to analysis the security of the round-function of RC6. Our attack applies to a rather large number of rounds. RC6 without whitening r rounds can be broken in a success probability of 90% by using 2^<8.1r-13.8> plaintexts. Therefore, our attack can break RC6 without whitening with 17 rounds by using 2^<123.9> plaintexts in a probability of 90%.