Cryptanalysis of SPEED

C. Hall, J. Kelsey, V. Rijmen, B. Schneier, and D. Wagner.

Fifth Annual Workshop on Selected Areas in Cryptography, Springer-Verlag, August 1998, pp. 319-338.

ABSTRACT: The cipher family SPEED (and an associated hashing mode) was recently proposed in Financial Cryptography '97. This paper cryptanalyzes that proposal, in two parts: First, we discuss several troubling potential weaknesses in the cipher. Next, we show how to efficiently break the SPEED hashing mode using differential related-key techniques, and propose a differential attack on 48-round SPEED. These results raise some significant questions about the security of the SPEED design.

[full text - PDF (Acrobat)] [full text - Postscript]

Extended Abstract

Categories: Algorithm Analyses

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.