Cryptanalysis of Akelarre

N. Ferguson and B. Schneier

Fourth Annual Workshop on Selected Areas in Cryptography, August 1997, pp. 201-212.

ABSTRACT: We show two practical attacks against the Akelarre block cipher. The best attack retrieves the 128-bit key using fewer than 100 chosen plaintexts and 242 off-line trial encryptions. Our attacks use a weakness in the round function that preserves the parity of the input, a set of 1-round differential characteristics with probability 1, and the lack of avalanche and one-way properties in the key schedule. We suggest some ways of fixing these immediate weaknesses, but conclude that the algorithm should be abandoned in favor of better-studied alternatives.

[full text - postscript] [full text - PDF (Acrobat)]

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..