Cryptology ePrint Archive: Report 2000/046

The Saturation Attack - a Bait for Twofish

Stefan Lucks

Abstract: We introduce the notion of a saturation attack and present attacks on reduced-round versions of the Twofish block cipher. Our attack for all generic key sizes of Twofish (i.e., for 128-bit, 192-bit and 256-bit keys) improves on exhaustive key search for seven rounds of Twofish with full whitening, and for eight rounds of Twofish without whitening at the end. The core of the attack is a a key-independent distinguisher for six rounds of Twofish. The distinguisher is used to attack up to 7 rounds of Twofish with full whitening and and 8 rounds of Twofish with prewhitening only - half of the cipher. The attacks take up to 2^127 chosen plaintexts (half of the codebook!) and are 2-4 times faster than exhaustive search.

Category / Keywords: secret-key cryptography / AES, block ciphers, cryptanalysis

Publication Info: preprint

Date: received 14 Sep 2000

Contact author: lucks at th informatik uni-mannheim de

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20000914:182150 (All versions of this report)

Short URL: ia.cr/2000/046

Discussion forum: Show discussion | Start new discussion