Paper 2012/677

What is the Effective Key Length for a Block Cipher: an Attack on Every Block Cipher

Jialin Huang and Xuejia Lai

Abstract

Recently, several important block ciphers are considered to be broken by the bruteforce-like cryptanalysis, with a time complexity faster than exhaustive key search by going over the entire key space but performing less than a full encryption for each possible key. Motivated by this observation, we describe a meet-in-the-middle attack that can always be successfully mounted against any practical block ciphers with success probability one. The data complexity of this attack is the smallest according to the unicity distance. The time complexity can be written as $2^k(1-\epsilon)$ where $\epsilon > 0$ for all block ciphers. Previously, the security bound that is commonly accepted is the length k of the given master key. From our result we point out that actually this k-bit security is always overestimated and can never be reached due to the inevitable key bits loss. No amount of clever design can prevent it, but increments of the number of rounds can reduce this key loss as much as possible. We give more insight in the problem of the upper bound of eective key bits in block ciphers, and show a more accurate bound. A suggestion about the relation between the key size and block size is given. That is, when the number of rounds is xed, it is better to take a key size equal to the block size. Moreover, eective key bits of many well-known block ciphers are calculated and analyzed, which also conrm their lower security margin than thought before.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Contact author(s)
jlhuang cn @ gmail com
lai-xj @ cs sjtu edu cn
History
2012-11-30: received
Short URL
https://ia.cr/2012/677
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/677,
      author = {Jialin Huang and Xuejia Lai},
      title = {What is the Effective Key Length for a Block Cipher: an Attack on Every Block Cipher},
      howpublished = {Cryptology ePrint Archive, Paper 2012/677},
      year = {2012},
      note = {\url{https://eprint.iacr.org/2012/677}},
      url = {https://eprint.iacr.org/2012/677}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.