Paper 2012/707

Cryptanalysis of WIDEA

Gaëtan Leurent

Abstract

WIDEA is a family of block ciphers designed by Junod and Macchetti in 2009 as an extension of IDEA to larger block sizes (256 and 512 bits for the main instances WIDEA-4 and WIDEA-8) and key sizes (512 and 1024 bits), with a focus on using them to design a hash function. WIDEA is based on the trusted IDEA design, and was expected to inherit its good security properties. WIDEA-w is composed of w parallel copies of the IDEA block cipher, with an MDS matrix to provide diffusion between them. In this paper we present low complexity attacks on WIDEA based on truncated differentials. We show a distinguisher for the full WIDEA with complexity only 2^65, and we use the distinguisher in a key-recovery attack with complexity w·2^68. We also show a collision attack on WIDEA-8 if it is used to build a hash function using the Merkle-Damgård mode of operation. The attacks exploit the parallel structure of WIDEA and the limited diffusion between the IDEA instances, using differential trails where the MDS diffusion layer is never active. In addition, we use structures of plaintext to reduce the data complexity.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
cryptanalysisblock cipherhash functiontruncated differentialIDEAWIDEAHIDEA
Contact author(s)
gaetan leurent @ normalesup org
History
2012-12-18: received
Short URL
https://ia.cr/2012/707
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2012/707,
      author = {Gaëtan Leurent},
      title = {Cryptanalysis of WIDEA},
      howpublished = {Cryptology ePrint Archive, Paper 2012/707},
      year = {2012},
      note = {\url{https://eprint.iacr.org/2012/707}},
      url = {https://eprint.iacr.org/2012/707}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.