Impossible Differentials in Twofish

N. Ferguson

Twofish Technical Report #5, October 5, 1999.

ABSTRACT: We show how an impossible-differential attack, first applied to DEAL by Knudsen, can be applied to Twofish. This attack breaks six rounds of the 256-bit key version using 2256 steps; it cannot be extended to seven or more Twofish rounds.

[full text - PDF (Acrobat)] [full text - Postscript]

Categories: New Algorithms

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.