Paper 2012/677
What is the Effective Key Length for a Block Cipher: an Attack on Every Block Cipher
Jialin Huang and Xuejia Lai
Abstract
Recently, several important block ciphers are considered to be broken by the bruteforce-like cryptanalysis, with a time complexity faster than exhaustive key search by going over the entire key space but performing less than a full encryption for each possible key. Motivated by this observation, we describe a meet-in-the-middle attack that can always be successfully mounted against any practical block ciphers with success probability one. The data complexity of this attack is the smallest according to the unicity distance. The time complexity can be written as $2^k(1-\epsilon)$ where $\epsilon > 0$ for all block ciphers. Previously, the security bound that is commonly accepted is the length k of the given master key. From our result we point out that actually this k-bit security is always overestimated and can never be reached due to the inevitable key bits loss. No amount of clever design can prevent it, but increments of the number of rounds can reduce this key loss as much as possible. We give more insight in the problem of the upper bound of eective key bits in block ciphers, and show a more accurate bound. A suggestion about the relation between the key size and block size is given. That is, when the number of rounds is xed, it is better to take a key size equal to the block size. Moreover, eective key bits of many well-known block ciphers are calculated and analyzed, which also conrm their lower security margin than thought before.
Metadata
- Available format(s)
- Category
- Secret-key cryptography
- Publication info
- Published elsewhere. Unknown where it was published
- Contact author(s)
-
jlhuang cn @ gmail com
lai-xj @ cs sjtu edu cn - History
- 2012-11-30: received
- Short URL
- https://ia.cr/2012/677
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2012/677, author = {Jialin Huang and Xuejia Lai}, title = {What is the Effective Key Length for a Block Cipher: an Attack on Every Block Cipher}, howpublished = {Cryptology {ePrint} Archive, Paper 2012/677}, year = {2012}, url = {https://eprint.iacr.org/2012/677} }