This preview shows page 1. Sign up to view the full content.
Unformatted text preview: thor(s): Bruce Schneier ISBN: 0471128457 Publication Date: 01/01/96 Search this book:
Go! Previous Table of Contents Next
----------- The number at the positions of “x” can be any number. If this key is used, the bit-wise XOR of certain plaintext pairs guarantees the bit-wise XOR of the resultant ciphertext pairs. In any case, the chance of accidentally generating one of these weak keys is very small: one in 296. There is no danger if you choose keys at random. And it is easy to modify IDEA so that it doesn’t have any weak keys: XOR every subkey with the value 0x0dae . I know of no other cryptanalytic results against IDEA, although many people have tried. IDEA Modes of Operation and Variants
IDEA can work within any block cipher mode discussed in Chapter 9. Any double-IDEA implementation would be susceptible to the same meet-in-the-middle attack as DES (see Section 15.1). However, because IDEA’s key length is more than double DES’s, the attack is impractical. It would require a storage space of 64*2128 bits, or 1039 bytes. Maybe there’s enough matter in the universe to create a memory device that large, but I doubt it. Figure 13.10 PES. If you’re worried about parallel universes as well, use a triple-IDEA implementation (see Section 15.2): C = EK3(DK2(EK1(P))) It is immune to the meet-in-the-middle attack. There’s also no reason why you can’t implement IDEA with independent subkeys, especially if you have key-management tools to handle the longer key. IDEA needs a total of 52 16-bit keys, for a total key length of 832 bits. This variant is definitely more secure, but no one knows by how much. A naïve variation might double the block size. The algorithm would work just as well with 32-bit sub-blocks instead of 16-bit sub-blocks, and a 256-bit key. Encryption would be quicker and security would increase 232 times. Or would it? The theory behind the algorithm hinges on the fact that 216 + 1 is prime; 232 + 1 is not. Perhaps the algorithm could be modified to work, but it would have very diff...
View Full Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
- Fall '10