Paper 2000/046

The Saturation Attack - a Bait for Twofish

Stefan Lucks

Abstract

We introduce the notion of a saturation attack and present attacks on reduced-round versions of the Twofish block cipher. Our attack for all generic key sizes of Twofish (i.e., for 128-bit, 192-bit and 256-bit keys) improves on exhaustive key search for seven rounds of Twofish with full whitening, and for eight rounds of Twofish without whitening at the end. The core of the attack is a a key-independent distinguisher for six rounds of Twofish. The distinguisher is used to attack up to 7 rounds of Twofish with full whitening and and 8 rounds of Twofish with prewhitening only - half of the cipher. The attacks take up to 2^127 chosen plaintexts (half of the codebook!) and are 2-4 times faster than exhaustive search.

Metadata
Available format(s)
PDF PS
Category
Secret-key cryptography
Publication info
Published elsewhere. preprint
Keywords
AESblock cipherscryptanalysis
Contact author(s)
lucks @ th informatik uni-mannheim de
History
2000-09-14: received
Short URL
https://ia.cr/2000/046
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2000/046,
      author = {Stefan Lucks},
      title = {The Saturation Attack - a Bait for Twofish},
      howpublished = {Cryptology {ePrint} Archive, Paper 2000/046},
      year = {2000},
      url = {https://eprint.iacr.org/2000/046}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.