D. A. Burov, B. A. Pogorelov, “An attack on <nobr>$\mathrm{6}$</nobr> rounds of Khazad”, Mat. Vopr. Kriptogr., 2016, Volume 7, Issue 2,Pages <nobr>35

This article is cited in 11 papers

An attack on $\mathrm{6}$ rounds of Khazad

D. A. Burov^a, B. A. Pogorelov^b

^a TVP Laboratories, Moscow
^b Academy of Cryptography of the Russian Federation, Moscow

Abstract: We suggest new attacks on the $64$-bit block cipher Khazad. These attacks use some structural properties of its round function. As a result we find $14$ new classes of weak keys for $5$ and $6$ rounds of Khazad. Particularly we show that Khazad has $7$ classes of weak keys for $5$ and $6$ rounds such that the cardinality of each class is $2^{64}$. The time complexity of weak keys recovering is $2^{35}$ $\mathrm{S}$-box lookups for $5$ rounds and $2^{43}$ $\mathrm{S}$-box lookups for $6$ rounds. The corresponding data complexity is $2^{32}$ chosen plaintexts.

Key words: block cipher, Khazad, invariant subspaces, reducible linear transformation.

UDC: 519.719.2

Received 02.III.2015

Language: English

DOI: 10.4213/mvk181