The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
RC6 ialah sifir blok kunci biasa yang dicadangkan sebagai salah satu calon AES. Walaupun sebarang kelemahan RC6 dalam penggunaan kerahsiaan tidak diketahui, Saarinen menegaskan kewujudan kunci hampir setara dalam RC6 dengan kekunci 176-bait. Ini bermakna fungsi cincang Davies-Meyer berdasarkan RC6 dengan kekunci 176-bait bukanlah fungsi rintangan perlanggaran yang baik. Bagaimanapun, Saarinen tidak dapat mencari perlanggaran tepat mengenainya. Dalam kertas ini, kami mencadangkan kaedah praktikal untuk mendapatkan perlanggaran fungsi cincang Davies-Meyer berdasarkan RC6-32/20/176. Dalam erti kata lain, terdapat kunci setara yang dibekalkan oleh pengguna dalam RC6-32/20/176, dan adalah mungkin untuk mendapatkannya secara praktikal. Ini bermakna ruang kunci penting RC6-32/20/176 adalah lebih kecil daripada ruang yang disediakan oleh kekunci 176 bait. Simulasi komputer kami menunjukkan bahawa perlanggaran boleh ditemui dalam masa kira-kira 100 minit. Kita harus perhatikan bahawa keputusan kertas ini tidak menjejaskan keselamatan versi AES RC6 kerana RC6-32/20/176 yang dibincangkan dalam kertas ini adalah berbeza daripada parameter versi AES.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Salinan
Hiroshi MIZUNO, Hidenori KUWAKADO, Hatsukazu TANAKA, "Equivalent Keys in RC6-32/20/176" in IEICE TRANSACTIONS on Fundamentals,
vol. E84-A, no. 10, pp. 2474-2481, October 2001, doi: .
Abstract: RC6 is a common-key block cipher that was proposed as one of the AES candidates. Although any weakness of RC6 in the use of the confidentiality is not known, Saarinen pointed out the existence of almost equivalent keys in RC6 with 176-byte keys. This means that the Davies-Meyer hash function based on RC6 with 176-byte keys is not a good collision-resistance function. However, Saarinen could not find a precise collision of it. In this paper, we propose a practical method for obtaining a collision of the Davies-Meyer hash function based on RC6-32/20/176. In other words, there exist equivalent user supplied keys in RC6-32/20/176, and it is possible to obtain them practically. This means that the essential key space of RC6-32/20/176 is smaller than the space provided by 176-byte keys. Our computer simulation shows that a collision can be found in about 100 minutes. We should notice that the result of this paper does not affect the security of the AES version of RC6 because RC6-32/20/176 discussed in this paper is different from the parameter of the AES version.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/e84-a_10_2474/_p
Salinan
@ARTICLE{e84-a_10_2474,
author={Hiroshi MIZUNO, Hidenori KUWAKADO, Hatsukazu TANAKA, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Equivalent Keys in RC6-32/20/176},
year={2001},
volume={E84-A},
number={10},
pages={2474-2481},
abstract={RC6 is a common-key block cipher that was proposed as one of the AES candidates. Although any weakness of RC6 in the use of the confidentiality is not known, Saarinen pointed out the existence of almost equivalent keys in RC6 with 176-byte keys. This means that the Davies-Meyer hash function based on RC6 with 176-byte keys is not a good collision-resistance function. However, Saarinen could not find a precise collision of it. In this paper, we propose a practical method for obtaining a collision of the Davies-Meyer hash function based on RC6-32/20/176. In other words, there exist equivalent user supplied keys in RC6-32/20/176, and it is possible to obtain them practically. This means that the essential key space of RC6-32/20/176 is smaller than the space provided by 176-byte keys. Our computer simulation shows that a collision can be found in about 100 minutes. We should notice that the result of this paper does not affect the security of the AES version of RC6 because RC6-32/20/176 discussed in this paper is different from the parameter of the AES version.},
keywords={},
doi={},
ISSN={},
month={October},}
Salinan
TY - JOUR
TI - Equivalent Keys in RC6-32/20/176
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 2474
EP - 2481
AU - Hiroshi MIZUNO
AU - Hidenori KUWAKADO
AU - Hatsukazu TANAKA
PY - 2001
DO -
JO - IEICE TRANSACTIONS on Fundamentals
SN -
VL - E84-A
IS - 10
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - October 2001
AB - RC6 is a common-key block cipher that was proposed as one of the AES candidates. Although any weakness of RC6 in the use of the confidentiality is not known, Saarinen pointed out the existence of almost equivalent keys in RC6 with 176-byte keys. This means that the Davies-Meyer hash function based on RC6 with 176-byte keys is not a good collision-resistance function. However, Saarinen could not find a precise collision of it. In this paper, we propose a practical method for obtaining a collision of the Davies-Meyer hash function based on RC6-32/20/176. In other words, there exist equivalent user supplied keys in RC6-32/20/176, and it is possible to obtain them practically. This means that the essential key space of RC6-32/20/176 is smaller than the space provided by 176-byte keys. Our computer simulation shows that a collision can be found in about 100 minutes. We should notice that the result of this paper does not affect the security of the AES version of RC6 because RC6-32/20/176 discussed in this paper is different from the parameter of the AES version.
ER -