Skip to main content
Conference ProceedingsOPEN ACCESS

Improved differential attacks on RC5

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1996) 1109 216-228
DOI: 10.1007/3-540-68697-5_17
34Citations
Citations of this article
42Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

In this paper we investigate the strength of the secret-key algorithm RC5 newly proposed by Ron Rivest. The target version of RC5 works on words of 32 bits, has 12 rounds and a user-selected key of 128 bits. At Crypto’95 Kaliski and Yin estimated the strength of RC5 by differential and linear cryptanalysis. They conjectured that their linear analysis is optimal and that the use of 12 rounds for RC5 is sufficient to make both differential and linear cryptanalysis impractical. In this paper we show that the differential analysis made by Kaliski and Yin is not optimal. We give differential attacks better by up to a factor of 512. Also we show that RC5 has many weak keys with respect to differential attacks. This weakness relies on the structure of the cipher and not on the key schedule.

Author supplied keywords

Cite

CITATION STYLE

APA

Knudsen, L. R., & Meier, W. (1996). Improved differential attacks on RC5. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 1109, pp. 216–228). Springer Verlag. https://doi.org/10.1007/3-540-68697-5_17

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free