Abstract
Q is a block cipher based on Rijndael and Serpent, which was submitted as a candidate to the NESSIE project by Leslie McBride. The submission document of Q describes 12 one-round iterative characteristics with probability 2-18 each. On 7 rounds these characteristics have probability 2-126, and the author of Q claims that these are the best 7-round characteristics. We find additional one-round characteristics that can be extended to more rounds. We also combine the characteristics into differentials. We present several differential attacks on the full cipher. Our best attack on the full Q with 128-bit keys (8 rounds) uses 2105 chosen plaintexts and has a complexity of 277 encryptions. Our best attack on the full Q with larger key sizes (9 rounds) uses 2125 chosen ciphertexts, and has a complexity of 296 for 192-bit keys, and 2128 for 256-bit keys.
The work described in this paper has been supported by the European Commission through the IST Programme under Contract IST-1999-12324 and by the fund for the promotion of research at the Technion.
FWO research assistant, sponsored by the Fund for Scientific Research - Flanders (Belgium). This research was sponsored in part by GOA project Mefisto 2000/06.
Chapter PDF
References
Ross Anderson, Eli Biham, Lars Knudsen, Serpent: A proposal for Advanced Encryption Standard, submitted to AES, 1998.
Eli Biham, Adi Shamir, Differential cryptanalysis of the Data Encryption Standard, Springer Verlag, 1993.
Joan Daemen, Vincent Rijmen, The block cipher Rijndael, Smart Card Research and Applications, LNCS 1820, J.-J. Quisquater and B. Schneier, Eds., Springer-Verlag, 2000, pp. 288–296.
Xuejia Lai, James L. Massey, Markov Ciphers and Differential Cryptanalysis, proceedings of EUROCRYPT’91, LNCS 547, pp. 17–38, 1991.
Leslie ‘Mack’ McBride, Q: A Proposal for NESSIE v2.00, submitted to NESSIE, 2000.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Biham, E., Furman, V., Misztal, M., Rijmen, V. (2002). Differential Cryptanalysis of Q. In: Matsui, M. (eds) Fast Software Encryption. FSE 2001. Lecture Notes in Computer Science, vol 2355. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45473-X_15
Download citation
DOI: https://doi.org/10.1007/3-540-45473-X_15
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43869-4
Online ISBN: 978-3-540-45473-1
eBook Packages: Springer Book Archive