- Cipher security summary
-
This article summarizes publicly known attacks against ciphers. Note that not all entries may be up to date.
Table color key No known successful attacks Theoretical break Attack demonstrated in practice The Best attack column lists the complexity of the attack:
- If the attack doesn't break the full cipher, "rounds" refers to how many rounds were broken
- "time" — time complexity, number of cipher evaluations for the attacker
- "data" — required known plaintext-ciphertext pairs (if applicable)
- "memory" — how many blocks worth of data needs to be stored (if applicable)
- "related keys" — for related-key attacks, how many related key queries are needed
Contents
Common ciphers
Key recovery attacks
Attacks that lead to disclosure of the key.
Cipher Security claim Best attack Attack date Comment AES128 2128 2126.1 time, 288 data, 28 memory 2011-08-17[1] Independent biclique attacks AES192 2192 2189.7 time, 280 data, 28 memory AES256 2256 2254.4 time, 240 data, 28 memory Blowfish 2448 4 of 16 rounds 1997[2] DES 256 256 time 1998-07-17[3] Broken by brute force, see EFF DES cracker. Off-the-shelf hardware is available for $10,000.[4] Triple DES 2168 2113 time, 232 data, 288 memory 1998-03-23[5] KASUMI 2128 232 time, 226 data, 230 memory, 4 related keys 2010-01-10[6] The cipher used in 3G cell phone networks. This attack takes less than two hours on a single PC, but isn't applicable to 3G due to known plaintext and related key requirements. Serpent-128 2128 10 of 32 rounds (289 time, 2118 data) 2002-02-04[7] Linear cryptanalysis Serpent-192 2192 11 of 32 rounds (2187 time, 2118 data) Serpent-256 2256 Twofish 2128..2256 6 of 16 rounds (2256 time) 1999-10-05[8] Less common ciphers
Key recovery attacks
Attacks that lead to disclosure of the key.
Cipher Security claim Best attack Attack date Comment CAST-128 2128 248 time, 217 chosen plaintexts 1997-11-11[9] Related-key attack IDEA 2128 6 of 8.5 rounds (2126.8 time, 264 data) 2007-03-26[10] Differential-linear attack RC2 264..2128 2?? time, 234 chosen plaintexts 1997-11-11[9] Related-key attack RC5 2128 ? SEED 2128 ? Skipjack 280 31 of 32 rounds (275 time, 241 chosen plaintexts) 1999-05-02[11] Chosen plaintext impossible differential cryptanalysis TEA 2128 232 time, 223 chosen plaintexts 1997-11-11[9] Related-key attack XTEA 2128 ? XXTEA 2128 259 chosen plaintexts 2010-05-04[12] Chosen-plaintext, differential cryptanalysis See also
- Block cipher
- Hash function security summary
References
- ^ Vincent Rijmen (1997). "Cryptanalysis and Design of Iterated Block Ciphers". Ph.D thesis. http://www.cosic.esat.kuleuven.be/publications/thesis-4.ps.
- ^ "DES Cracker Project". EFF. http://w2.eff.org/Privacy/Crypto/Crypto_misc/DESCracker/HTML/19980716_eff_des_faq.html. "On Wednesday, July 17, 1998 the EFF DES Cracker, which was built for less than $250,000, easily won RSA Laboratory's "DES Challenge II" contest and a $10,000 cash prize."
- ^ "COPACOBANA – Special-Purpose Hardware for Code-Breaking". http://www.sciengines.com/copacobana.
- ^ Stefan Lucks (1998-03-23). Attacking Triple Encryption. http://th.informatik.uni-mannheim.de/People/Lucks/papers/pdf/3des.pdf.gz.
- ^ Orr Dunkelman, Nathan Keller, Adi Shamir (2010-01-10). A Practical-Time Attack on the A5/3 Cryptosystem Used in Third Generation GSM Telephony. http://eprint.iacr.org/2010/013.
- ^ Eli Biham, Orr Dunkelman, Nathan Keller (2002-02-04). Linear Cryptanalysis of Reduced Round Serpent. FSE 2002. http://www.springerlink.com/content/7k272cau7jaqfvrp/.
- ^ Niels Ferguson (1999-10-05). Impossible Differentials in Twofish. http://www.schneier.com/paper-twofish-impossible.html.
- ^ a b c John Kelsey, Bruce Schneier, David Wagner (1997-11-11). "Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X NewDES, RC2, and TEA". Lecture Notes in Computer Science 1334: 233–246. doi:10.1007/BFb0028479. http://www.schneier.com/paper-relatedkey.html.
- ^ Eli Biham, Orr Dunkelman, Nathan Keller (2007-03-26). A New Attack on 6-Round IDEA. FSE 2007. http://www.cosic.esat.kuleuven.be/publications/article-920.ps.
- ^ Eli Biham, Adi Shamir, Alex Biryukov (1999-05-02). "Cryptanalysis of Skipjack reduced to 31 rounds using impossible differentials.". EUROCRYPT: 12–23. http://www.iacr.org/cryptodb/archive/1999/EUROCRYPT/15920012.pdf.
- ^ Elias Yarrkov (2010-05-04). Cryptanalysis of XXTEA. http://eprint.iacr.org/2010/254.
Categories:- Block ciphers
- Cryptography lists and comparisons
Wikimedia Foundation. 2010.