zbMATH — the first resource for mathematics

Analysis of involutional ciphers: Khazad and Anubis. (English) Zbl 1254.94026
Johansson, Thomas (ed.), Fast software encryption. 10th international workshop, FSE 2003, Lund, Sweden, February 24–26, 2003. Revised papers. Berlin: Springer (ISBN 3-540-20449-0/pbk). Lect. Notes Comput. Sci. 2887, 45-53 (2003).
Summary: In this paper we study structural properties of SPN ciphers in which both the S-boxes and the affine layers are involutions. We apply our observations to the recently designed Rijndael-like ciphers Khazad and Anubis, and show several interesting properties of these ciphers. We also show that 5-round Khazad has \(2^{64}\) weak keys under a “slide-with-a-twist” attack distinguisher. This is the first cryptanalytic result which is better than exhaustive search for 5-round Khazad. Analysis presented in this paper is generic and applies to a large class of ciphers built from involutional components.
For the entire collection see [Zbl 1029.00054].

94A60 Cryptography
Full Text: DOI