This preview shows page 1. Sign up to view the full content.
Unformatted text preview: thor(s): Bruce Schneier ISBN: 0471128457 Publication Date: 01/01/96 Search this book:
Go! Previous Table of Contents Next
 The number at the positions of “x” can be any number. If this key is used, the bitwise XOR of certain plaintext pairs guarantees the bitwise XOR of the resultant ciphertext pairs. In any case, the chance of accidentally generating one of these weak keys is very small: one in 296. There is no danger if you choose keys at random. And it is easy to modify IDEA so that it doesn’t have any weak keys: XOR every subkey with the value 0x0dae [409]. I know of no other cryptanalytic results against IDEA, although many people have tried. IDEA Modes of Operation and Variants
IDEA can work within any block cipher mode discussed in Chapter 9. Any doubleIDEA implementation would be susceptible to the same meetinthemiddle attack as DES (see Section 15.1). However, because IDEA’s key length is more than double DES’s, the attack is impractical. It would require a storage space of 64*2128 bits, or 1039 bytes. Maybe there’s enough matter in the universe to create a memory device that large, but I doubt it. Figure 13.10 PES. If you’re worried about parallel universes as well, use a tripleIDEA implementation (see Section 15.2): C = EK3(DK2(EK1(P))) It is immune to the meetinthemiddle attack. There’s also no reason why you can’t implement IDEA with independent subkeys, especially if you have keymanagement tools to handle the longer key. IDEA needs a total of 52 16bit keys, for a total key length of 832 bits. This variant is definitely more secure, but no one knows by how much. A naïve variation might double the block size. The algorithm would work just as well with 32bit subblocks instead of 16bit subblocks, and a 256bit key. Encryption would be quicker and security would increase 232 times. Or would it? The theory behind the algorithm hinges on the fact that 216 + 1 is prime; 232 + 1 is not. Perhaps the algorithm could be modified to work, but it would have very diff...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details