International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 18 December 2012

Gaëtan Leurent
ePrint Report ePrint Report
WIDEA is a family of block ciphers designed by Junod and Macchetti in

2009 as an extension of IDEA to larger block sizes (256 and 512 bits for

the main instances WIDEA-4 and WIDEA-8) and key sizes (512 and 1024

bits), with a focus on using them to design a hash function. WIDEA is

based on the trusted IDEA design, and was expected to inherit its good

security properties. WIDEA-w is composed of w parallel copies of the

IDEA block cipher, with an MDS matrix to provide diffusion between them.

In this paper we present low complexity attacks on WIDEA based on

truncated differentials. We show a distinguisher for the full WIDEA

with complexity only 2^65, and we use the distinguisher in a

key-recovery attack with complexity w·2^68. We also show a collision

attack on WIDEA-8 if it is used to build a hash function using the

Merkle-Damgård mode of operation.

The attacks exploit the parallel structure of WIDEA and the limited

diffusion between the IDEA instances, using differential trails where

the MDS diffusion layer is never active. In addition, we use structures

of plaintext to reduce the data complexity.

Expand

Additional news items may be found on the IACR news page.