Cryptology ePrint Archive: Report 2000/046
The Saturation Attack - a Bait for Twofish
Stefan Lucks
Abstract: We introduce the notion of a saturation attack and present attacks on
reduced-round versions of the Twofish block cipher. Our attack for all
generic key sizes of Twofish (i.e., for 128-bit, 192-bit and 256-bit
keys) improves on exhaustive key search for seven rounds of Twofish
with full whitening, and for eight rounds of Twofish without whitening
at the end. The core of the attack is a a key-independent
distinguisher for six rounds of Twofish. The distinguisher is used to
attack up to 7 rounds of Twofish with full whitening and and 8 rounds
of Twofish with prewhitening only - half of the cipher. The attacks
take up to 2^127 chosen plaintexts (half of the codebook!) and are 2-4
times faster than exhaustive search.
Category / Keywords: secret-key cryptography / AES, block ciphers, cryptanalysis
Publication Info: preprint
Date: received 14 Sep 2000
Contact author: lucks at th informatik uni-mannheim de
Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation
Version: 20000914:182150 (All versions of this report)
Short URL: ia.cr/2000/046
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]