International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 04 July 2015

Forum Post Forum Post
I have had a brief look into that "new cipher", and it seems to me that it is weak. The reason is that for each 8-bit word x of the state/input plaintext there is a mapping (although secret) to another word y of the ciphertext, independently from the adjacent words. This is true if we remove the very first and the very last arithmetic addition modulo 2^64, and it is true for the full version with a very high probability (probability of the carry bit). The mapping x->y of each word can be seen as an S-box for that individual mapping, and it is constant for the same key/iv setup. After roughly 256+ known pairs plaintext-ciphertext the mapping is then revealed (even without having to derive the secret key, although this might also be possible with a little more thinking). From: 2015-05-07 00:27:07 (UTC)
Expand

Additional news items may be found on the IACR news page.