On the Design of IDEA-128

  • Jorge Nakahara Jr UNISANTOS


This paper describes five hypothetical realizations of IDEA-128, a 128-bit block cipher, using a 256-bit key, iterating 16.5 rounds, and operating on 32-bit words. These parameters are exactly double the size of the IDEA block cipher’s. These IDEA-128 variants differ only in the multiplicative group structure: Z232 , Z232+1, GF(232), Z232−1, or GF(232 + 15). All of these designs have weaknesses related to the structure of these multiplicative groups, which lead to decryption failures or cryptanalytic attacks. The overall conclusion is that none of these variants constitute a secure cipher, and thus, help corroborate the design of the MESH ciphers, which operate on 16-bit words and use the same operations of IDEA, but allows text blocks larger than 64 bits, without compromising security. 

Palavras-chave: IDEA block cipher, cryptanalysis, weak keys, algebraic groups


AES: The Advanced Encryption Standard Development Process, 1997, http://csrc.nist.gov/encryption/aes/.

álvarez,G., de la Guia,D., Montoya,F., Peinado,A.: Akelarre: a new Block Cipher Algorithm, 3rd Selected Areas in Cryptography (SAC) Workshop, 1996, 1-14.

Biham,E.: New Types of Cryptanalytic Attacks using Related Keys, Adv. in Cryptology, Eurocrypt'93, T. Helleseth, Ed., Springer-Verlag, LNCS 765, 1994, 398-409.

Biham,E., Biryukov,A., Shamir,A.: Cryptanalysis of Skipjack Reduced to 31 Rounds using Impossible Differentials, Technion, CS Dept., 1998, Tech Report CS0947 revised.

Biryukov,A., Nakahara Jr,J., Preneel,B., Vandewalle,J.: New Weak-Key Classes of IDEA, ICICS 2002, R. Deng, S. Qing, F. Bao, J. Zhou,Eds., Springer-Verlag, LNCS 2513, Dec, 2002, 315-326.

Burwick,C., Coppersmith,D., D'Avignon,E., Genario,R., Halevi,S., Jutla,C., Matyas Jr,S.M., O'Connor,L., Peyravian,M., Safford,D., Zunic,N.: MARS - a Candidate Cipher for AES, 1st AES Conference, California, USA, Jun, 1998, http://csrc.nist.gov/encryption/aes/.

Daemen,J.: Cipher and Hash Function Design - Strategies based on Linear and Differential Cryptanalysis, COSIC group, Dept. Elektrotechniek, Katholieke Universiteit Leuven, Belgium, Mar. 1995.

Fermat Primes website, http://www.prothsearch.net/fermat.html

Gilbert,H., Girault,M., Hoogvorst,P., Noilhan,F., Pornin,T., Poupard,G., Stern,J., Vaudenay,S.: Decorrelated Fast Cipher: an AES candidate, 1st AES Conference, California, USA, 1998, Aug, http://csrc.nist.gov/encryption/aes/

Hawkes,P.M.: Asymptotic Bounds on Differential Probabilities and an Analysis of the Block Cipher IDEA, The University of Queensland, St. Lucia, Australia, Dec, 1998.

Howgrave-Graham,N., Nguyen,P., Pointcheval,D., Proos,J.A., Silverman,J.H., Singer,A., Whyte,W.: The Impact of Decryption Failures on the Security of NTRU Encryption, Adv. in Cryptology, Crypto'2003, D. Boneh, Ed., Springer-Verlag, LNCS 2729, 226-246.

Kelsey,J., Schneier.B., Wagner,D.: Related-Key Cryptanalysis of 3-Way, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA, ICICS 1997, Springer-Verlag, Nov.1997, 233-246.

Knudsen,L.R.: Block Ciphers - A Survey, State of the Art in Applied Cryptography, B. Preneel, V. Rijmen, Eds., Springer-Verlag, LNCS 1528, 1998, 18-48.

Knudsen,L.R., Rijmen,V.: Ciphertext-Only Attack on Akelarre, Cryptologia, vol.XXIV, n.2, Apr, 2000, 135-147.

Kocher,P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems, Adv. in Cryptology, Crypto'96, N. Koblitz,Ed., Springer-Verlag, LNCS 1109, 1996, 104-113.

Lai,X.: On the Design and Security of Block Ciphers, ETH Series in Information Processing, J.L. Massey,Ed., vol. 1, 1995, Hartung-Gorre Verlag, Konstanz.

Matsui,M.: Linear Cryptanalysis Method for DES Cipher, Adv. in Cryptology, Eurocrypt'93, T. Helleseth, Ed., Springer-Verlag, LNCS 765, 1994, 386-397.

McEliece, R.J.,: Finite Fields for Computer Scientists and Engineers, Kluwer Academic Publishers, 1987.

Menezes,A.J., van Oorschot,P.C., Vanstone,S.: Handbook of Applied Cryptography, CRC Press, 1997.

Nakahara Jr,J., Rijmen,V., Preneel,B., Vandewalle,J.: The MESH Block Ciphers, The 4th International Workshop on Info. Security Applications, WISA 2003, K. Chae, M. Yung, Eds., Springer-Verlag, LNCS 2908, 2003, 458-473.

NESSIE: New European Schemes for Signatures, Integrity and Encryption, Jan, 2000, http://cryptonessie.org

Rijmen,V., Daemen,J., Preneel,B., Bosselaers,A., De Win,E.: The Cipher SHARK, 3rd Fast Software Encryption Workshop, D. Gollmann,Ed., Springer-Verlag, LNCS 1039, 1996, 99-112.

Rijmen,V., Preneel,B., De Win,E.: On Weaknesses of Non-Surjective Round Functions, Design, Codes and Cryptography, vol. 12, no. 3, Nov, 1997, 253-266.

Shamir,A.: RSA for Paranoids, RSA Laboratories CryptoBytes (1):3, 1995, 1-4.

Vaudenay,S.: Provable Security for Block Ciphers by Decorrelation, STACS'98, Paris, France, LNCS 1373, Springer-Verlag, 1998, 249-275.
NAKAHARA JR, Jorge. On the Design of IDEA-128. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 5. , 2005, Florianópolis. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2005 . p. 1-13. DOI: https://doi.org/10.5753/sbseg.2005.21520.