New cryptanalytic results on IDEA

Abstract

IDEA is a 64-bit block cipher with 128-bit keys introduced by Lai and Massey in 1991. IDEA is one of the most widely used block ciphers, due to its inclusion in several cryptographic packages, such as PGP and SSH. The cryptographic strength of IDEA relies on a combination of three incompatible group operations - XOR, addition and modular multiplication. Since its introduction in 1991, IDEA has withstood extensive cryptanalytic effort, but no attack was found on the full variant of the cipher. In this paper we present the first known non-trivial relation that involves all the three operations of IDEA. Using this relation and other techniques, we devise a linear attack on 5-round IDEA that uses 219 known plaintexts and has a time complexity of 2103 encryptions. By transforming the relation into a related-key one, a similar attack on 7.5-round IDEA can be applied with data complexity of 243.5 known plaintexts and a time complexity equivalent to 2 115.1 encryptions. Both of the attacks are by far the best known attacks on IDEA © 2006 Springer-Verlag.