New Cryptanalytic Results on IDEA

摘要

IDEA is a 64-bit block cipher with 128-bit keys introduced by Lai and Massey in 1991. IDEA is one of the most widely used block ciphers, due to its inclusion in several cryptographic packages, such as PGP and SSH. The cryptographic strength of IDEA relies on a combination of three incompatible group operations - XOR, addition and modular multiplication. Since its introduction in 1991, IDEA has withstood extensive cryptanalytic effort, but no attack was found on the full variant of the cipher. In this paper we present the first known non-trivial relation that involves all the three operations of IDEA. Using this relation and other techniques, we devise a linear attack on 5-round IDEA that uses 2~(19) known plaintexts and has a time complexity of 2~(103) encryptions. By transforming the relation into a related-key one, a similar attack on 7.5-round IDEA can be applied with data complexity of 2~(43.5) known plaintexts and a time complexity equivalent to 2~(115.1) encryptions. Both of the attacks are by far the best known attacks on IDEA.