In this paper we present low complexity attacks on WIDEA based on truncated differentials. We show a distinguisher for the full WIDEA with complexity only 2^65, and we use the distinguisher in a key-recovery attack with complexity w·2^68. We also show a collision attack on WIDEA-8 if it is used to build a hash function using the Merkle-Damgård mode of operation.
The attacks exploit the parallel structure of WIDEA and the limited diffusion between the IDEA instances, using differential trails where the MDS diffusion layer is never active. In addition, we use structures of plaintext to reduce the data complexity.Category / Keywords: secret-key cryptography / cryptanalysis, block cipher, hash function, truncated differential, IDEA, WIDEA, HIDEA Date: received 17 Dec 2012 Contact author: gaetan leurent at normalesup org Available format(s): PDF | BibTeX Citation Version: 20121218:130820 (All versions of this report) Short URL: ia.cr/2012/707 Discussion forum: Show discussion | Start new discussion