Top | Introduction | Members | Activities | Call for Paper | Link | Japanese

    "A study on the Security of Block Chipers RC5 and RC6"

    This thesis analyzes the security of some variants of block ciphers RC5 and RC6. RC6 was proposed by Rivest et al. in 1998. It has high-level security and can be implemented efficiently by software with high-speed and small-memory. RC6 is designed based on the block cipher RC5 proposed by Rivest in 1995. We focus our mind on correlation attacks (X^2 attacks) proposed by Knudsen and Meier in 2000, and assess the strength of RC5 and RC6 with respect to the correlation attacks. In consequence, we present that RC5-32 with 10 rounds and RC5-64 with full rounds (16 rounds) are not secure against a known plaintext attack. Furthermore, we propose a known plaintext correlation attack against RC6 without whitening (round-function of RC6). We show that two-register RC6-64 is much weaker than RC6-32. Finally, we evaluate the correlation attack on RC6-32 from a statistical point of view and draw a conclusion that RC6-32 for 16 bytes key with 12 rounds, and RC6-32 for 24 or 32 bytes key with 16 rounds can break faster than exhaustive key search on a known plaintext attack.

    [ back ]