Akelarre (cipher)

Last updated
Akelarre
General
DesignersG. Álvarez, D. de la Guía, F. Montoya, A. Peinado
First published1996
Derived from IDEA, RC5
Cipher detail
Key sizes 128 bits
Block sizes 128 bits
Structure Lai–Massey scheme
Rounds 4
Best public cryptanalysis
Susceptible to ciphertext-only attack

Akelarre is a block cipher proposed in 1996, combining the basic design of IDEA with ideas from RC5. It was shown to be susceptible to a ciphertext-only attack in 1997.

Akelarre is a 128-bit block cipher with a variable key-length which must be some multiple of 64 bits. The number of rounds is variable, but four are suggested. The round function of Akelarre is similar to IDEA in structure.

After the successful cryptanalysis of Akelarre, its designers responded with an updated variant called Ake98. This cipher differs from the original Akelarre in the new AR-box (addition–rotation box), the swapping of words at the end of a round, and the addition of subkeys at the beginning of each round. In 2004, Jorge Nakahara, Jr. and Daniel Santana de Freitas found large classes of weak keys for Ake98. These weak keys allow a cryptanalysis faster than exhaustive search using only 71 known plaintexts, for up to 11.5 rounds of Ake98.

Related Research Articles

In cryptography, a block cipher is a deterministic algorithm that operates on fixed-length groups of bits, called blocks. Block ciphers are the elementary building blocks of many cryptographic protocols. They are ubiquitous in the storage and exchange of data, where such data is secured and authenticated via encryption.

<span class="mw-page-title-main">Cryptanalysis</span> Study of analyzing information systems in order to discover their hidden aspects

Cryptanalysis refers to the process of analyzing information systems in order to understand hidden aspects of the systems. Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of encrypted messages, even if the cryptographic key is unknown.

Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash functions. In the broadest sense, it is the study of how differences in information input can affect the resultant difference at the output. In the case of a block cipher, it refers to a set of techniques for tracing differences through the network of transformation, discovering where the cipher exhibits non-random behavior, and exploiting such properties to recover the secret key.

In cryptography, an S-box (substitution-box) is a basic component of symmetric key algorithms which performs substitution. In block ciphers, they are typically used to obscure the relationship between the key and the ciphertext, thus ensuring Shannon's property of confusion. Mathematically, an S-box is a nonlinear vectorial Boolean function.

In cryptography, Square is a block cipher invented by Joan Daemen and Vincent Rijmen. The design, published in 1997, is a forerunner to Rijndael, which has been adopted as the Advanced Encryption Standard. Square was introduced together with a new form of cryptanalysis discovered by Lars Knudsen, called the "Square attack".

<span class="mw-page-title-main">RC2</span> Block cipher

In cryptography, RC2 is a symmetric-key block cipher designed by Ron Rivest in 1987. "RC" stands for "Ron's Code" or "Rivest Cipher"; other ciphers designed by Rivest include RC4, RC5, and RC6.

In cryptography, the eXtended Sparse Linearization (XSL) attack is a method of cryptanalysis for block ciphers. The attack was first published in 2002 by researchers Nicolas Courtois and Josef Pieprzyk. It has caused some controversy as it was claimed to have the potential to break the Advanced Encryption Standard (AES) cipher, also known as Rijndael, faster than an exhaustive search. Since AES is already widely used in commerce and government for the transmission of secret information, finding a technique that can shorten the amount of time it takes to retrieve the secret message without having the key could have wide implications.

<span class="mw-page-title-main">DEAL</span> Block cipher

In cryptography, DEAL is a symmetric block cipher derived from the Data Encryption Standard (DES). Its design was presented Lars Knudsen at the SAC conference in 1997, and submitted as a proposal to the AES contest in 1998 by Richard Outerbridge.

<span class="mw-page-title-main">MacGuffin (cipher)</span> Block cipher

In cryptography, MacGuffin is a block cipher created in 1994 by Bruce Schneier and Matt Blaze at a Fast Software Encryption workshop. It was intended as a catalyst for analysis of a new cipher structure, known as Generalized Unbalanced Feistel Networks (GUFNs). The cryptanalysis proceeded very quickly, so quickly that the cipher was broken at the same workshop by Vincent Rijmen and Bart Preneel.

In cryptography, an interpolation attack is a type of cryptanalytic attack against block ciphers.

In cryptography, integral cryptanalysis is a cryptanalytic attack that is particularly applicable to block ciphers based on substitution–permutation networks. It was originally designed by Lars Knudsen as a dedicated attack against Square, so it is commonly known as the Square attack. It was also extended to a few other ciphers related to Square: CRYPTON, Rijndael, and SHARK. Stefan Lucks generalized the attack to what he called a saturation attack and used it to attack Twofish, which is not at all similar to Square, having a radically different Feistel network structure. Forms of integral cryptanalysis have since been applied to a variety of ciphers, including Hierocrypt, IDEA, Camellia, Skipjack, MISTY1, MISTY2, SAFER++, KHAZAD, and FOX.

In cryptography, SC2000 is a block cipher invented by a research group at Fujitsu Labs. It was submitted to the NESSIE project, but was not selected. It was among the cryptographic techniques recommended for Japanese government use by CRYPTREC in 2003, however, has been dropped to "candidate" by CRYPTREC revision in 2013.

In cryptography, DFC is a symmetric block cipher which was created in 1998 by a group of researchers from École Normale Supérieure, CNRS, and France Télécom and submitted to the AES competition.

In cryptography, Hierocrypt-L1 and Hierocrypt-3 are block ciphers created by Toshiba in 2000. They were submitted to the NESSIE project, but were not selected. Both algorithms were among the cryptographic techniques recommended for Japanese government use by CRYPTREC in 2003, however, both have been dropped to "candidate" by CRYPTREC revision in 2013.

In cryptography, COCONUT98 is a block cipher designed by Serge Vaudenay in 1998. It was one of the first concrete applications of Vaudenay's decorrelation theory, designed to be provably secure against differential cryptanalysis, linear cryptanalysis, and even certain types of undiscovered cryptanalytic attacks.

In cryptography, truncated differential cryptanalysis is a generalization of differential cryptanalysis, an attack against block ciphers. Lars Knudsen developed the technique in 1994. Whereas ordinary differential cryptanalysis analyzes the full difference between two texts, the truncated variant considers differences that are only partially determined. That is, the attack makes predictions of only some of the bits instead of the full block. This technique has been applied to SAFER, IDEA, Skipjack, E2, Twofish, Camellia, CRYPTON, and even the stream cipher Salsa20.

In cryptography, decorrelation theory is a system developed by Serge Vaudenay in 1998 for designing block ciphers to be provably secure against differential cryptanalysis, linear cryptanalysis, and even undiscovered cryptanalytic attacks meeting certain broad criteria. Ciphers designed using these principles include COCONUT98 and the AES candidate DFC, both of which have been shown to be vulnerable to some forms of cryptanalysis not covered by the theory.

The following outline is provided as an overview of and topical guide to cryptography:

In cryptography, a known-key distinguishing attack is an attack model against symmetric ciphers, whereby an attacker who knows the key can find a structural property in cipher, where the transformation from plaintext to ciphertext is not random. There is no common formal definition for what such a transformation may be. The chosen-key distinguishing attack is strongly related, where the attacker can choose a key to introduce such transformations.

In cryptography, a round or round function is a basic transformation that is repeated (iterated) multiple times inside the algorithm. Splitting a large algorithmic function into rounds simplifies both implementation and cryptanalysis.

References