Knudsen and Meier applied the χ2-attack to RC6. The χ2-attack recovers a key by using high correlations measured by χ2-value. Up to the present, the success probability of any χ2-attack has not been evaluated theoretically without using experimental results. In this paper, we discuss the success probability of χ2-attack and give the theorem that evaluates the success probability without using any experimental result, for the first time. We make sure the accuracy of our theorem by demonstrating it on both 4-round RC6 without post-whitening and 4-round RC6-8. We also evaluate the security of RC6 theoretically and show that a variant of the χ2-attack is faster than an exhaustive key search for the 192-bit-key and 256-bit-key RC6 with up to 16 rounds. As a result, we succeed in answering such an open question that a variant of the χ2-attack can be used to attack RC6 with 16 or more rounds.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Atsuko MIYAJI, Yuuki TAKANO, "Evaluation of the Security of RC6 against the χ2-Attack" in IEICE TRANSACTIONS on Fundamentals,
vol. E90-A, no. 1, pp. 22-28, January 2007, doi: 10.1093/ietfec/e90-a.1.22.
Abstract: Knudsen and Meier applied the χ2-attack to RC6. The χ2-attack recovers a key by using high correlations measured by χ2-value. Up to the present, the success probability of any χ2-attack has not been evaluated theoretically without using experimental results. In this paper, we discuss the success probability of χ2-attack and give the theorem that evaluates the success probability without using any experimental result, for the first time. We make sure the accuracy of our theorem by demonstrating it on both 4-round RC6 without post-whitening and 4-round RC6-8. We also evaluate the security of RC6 theoretically and show that a variant of the χ2-attack is faster than an exhaustive key search for the 192-bit-key and 256-bit-key RC6 with up to 16 rounds. As a result, we succeed in answering such an open question that a variant of the χ2-attack can be used to attack RC6 with 16 or more rounds.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1093/ietfec/e90-a.1.22/_p
Copy
@ARTICLE{e90-a_1_22,
author={Atsuko MIYAJI, Yuuki TAKANO, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Evaluation of the Security of RC6 against the χ2-Attack},
year={2007},
volume={E90-A},
number={1},
pages={22-28},
abstract={Knudsen and Meier applied the χ2-attack to RC6. The χ2-attack recovers a key by using high correlations measured by χ2-value. Up to the present, the success probability of any χ2-attack has not been evaluated theoretically without using experimental results. In this paper, we discuss the success probability of χ2-attack and give the theorem that evaluates the success probability without using any experimental result, for the first time. We make sure the accuracy of our theorem by demonstrating it on both 4-round RC6 without post-whitening and 4-round RC6-8. We also evaluate the security of RC6 theoretically and show that a variant of the χ2-attack is faster than an exhaustive key search for the 192-bit-key and 256-bit-key RC6 with up to 16 rounds. As a result, we succeed in answering such an open question that a variant of the χ2-attack can be used to attack RC6 with 16 or more rounds.},
keywords={},
doi={10.1093/ietfec/e90-a.1.22},
ISSN={1745-1337},
month={January},}
Copy
TY - JOUR
TI - Evaluation of the Security of RC6 against the χ2-Attack
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 22
EP - 28
AU - Atsuko MIYAJI
AU - Yuuki TAKANO
PY - 2007
DO - 10.1093/ietfec/e90-a.1.22
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E90-A
IS - 1
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - January 2007
AB - Knudsen and Meier applied the χ2-attack to RC6. The χ2-attack recovers a key by using high correlations measured by χ2-value. Up to the present, the success probability of any χ2-attack has not been evaluated theoretically without using experimental results. In this paper, we discuss the success probability of χ2-attack and give the theorem that evaluates the success probability without using any experimental result, for the first time. We make sure the accuracy of our theorem by demonstrating it on both 4-round RC6 without post-whitening and 4-round RC6-8. We also evaluate the security of RC6 theoretically and show that a variant of the χ2-attack is faster than an exhaustive key search for the 192-bit-key and 256-bit-key RC6 with up to 16 rounds. As a result, we succeed in answering such an open question that a variant of the χ2-attack can be used to attack RC6 with 16 or more rounds.
ER -