Blowfish is a sixteen-rounds Feistel cipher in which the F function is a part of the private key. In this paper, we show that the disclosure of F allows to perform a differential cryptanalysis which can recover all the rest of the key with 248 chosen plaintexts against a number of rounds reduced to eight. Moreover, for some weak F function, this attack only needs 223 chosen plaintexts against eight rounds, and 3 x 251chosen plaintexts against sixteen-rounds. When the F function is safely kept private, one can detect whether it is weak or not with a differential attack using 222 plaintexts against eight rounds.
CITATION STYLE
Vaudenay, S. (1996). On the weak keys of blowfish. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 1039, pp. 27–32). Springer Verlag. https://doi.org/10.1007/3-540-60865-6_39
Mendeley helps you to discover research relevant for your work.