HyRAL is a blockcipher whose block size is 128bits, and it supports the key lengths of 128, 129, ..., 256bits. The cipher was proposed for the CRYPTREC project, and previous analyses did not identify any security weaknesses. In this paper, we first consider the longest key version, 256-bit key HyRAL, and present the analysis in terms of equivalent keys. We first show that there are 251.0 equivalent keys (or 250.0 pairs of equivalent keys). Next, we propose an algorithm that derives an instance of equivalent keys with the expected time complexity of 248.8 encryptions and a limited amount of memory. Finally, we implement the proposed algorithm and fully verify its correctness by showing several instances of equivalent keys. We then consider shorter key lengths, and show that there are equivalent keys in 249-, 250-, ..., 255-bit key HyRAL. For each of these key lengths, we present the expected time complexity to derive an instance of equivalent keys.

RC6 is a common-key block cipher that was proposed as one of the AES candidates. Although any weakness of RC6 in the use of the confidentiality is not known, Saarinen pointed out the existence of almost equivalent keys in RC6 with 176-byte keys. This means that the Davies-Meyer hash function based on RC6 with 176-byte keys is not a good collision-resistance function. However, Saarinen could not find a precise collision of it. In this paper, we propose a practical method for obtaining a collision of the Davies-Meyer hash function based on RC6-32/20/176. In other words, there exist equivalent user supplied keys in RC6-32/20/176, and it is possible to obtain them practically. This means that the essential key space of RC6-32/20/176 is smaller than the space provided by 176-byte keys. Our computer simulation shows that a collision can be found in about 100 minutes. We should notice that the result of this paper does not affect the security of the AES version of RC6 because RC6-32/20/176 discussed in this paper is different from the parameter of the AES version.