This thesis analyzes the security of some variants of block ciphers RC5
and RC6. RC6 was proposed by Rivest et al. in 1998. It has high-level
security and can be implemented efficiently by software with high-speed
and small-memory. RC6 is designed based on the block cipher RC5 proposed
by Rivest in 1995. We focus our mind on correlation attacks (X^2
attacks) proposed by Knudsen and Meier in 2000, and assess the
strength of RC5 and RC6 with respect to the correlation attacks.
In consequence, we present that RC5-32 with 10 rounds and RC5-64 with
full rounds (16 rounds) are not secure against a known plaintext
attack. Furthermore, we propose a known plaintext correlation attack
against RC6 without whitening (round-function of RC6). We show that
two-register RC6-64 is much weaker than RC6-32. Finally, we evaluate the
correlation attack on RC6-32 from a statistical point of view and
draw a conclusion that RC6-32 for 16 bytes key with 12 rounds, and
RC6-32 for 24 or 32 bytes key with 16 rounds can break faster than
exhaustive key search on a known plaintext attack.
|