Cryptanalysis of Akelarre
N. Ferguson and B. Schneier
Fourth Annual Workshop on Selected Areas in Cryptography, August 1997, pp. 201-212.
ABSTRACT: We show two practical attacks against the Akelarre block cipher. The best attack retrieves the 128-bit key using fewer than 100 chosen plaintexts and 242 off-line trial encryptions. Our attacks use a weakness in the round function that preserves the parity of the input, a set of 1-round differential characteristics with probability 1, and the lack of avalanche and one-way properties in the key schedule. We suggest some ways of fixing these immediate weaknesses, but conclude that the algorithm should be abandoned in favor of better-studied alternatives.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.