Re: TEA

New Message Reply About this list Date view Thread view Subject view Author view

David Wagner (daw@CS.Berkeley.EDU)
Thu, 25 Jun 1998 10:50:33 -0700 (PDT)


> At 05:56 PM 6/24/98 +0000, you wrote:
> >[TEA]
> >> It has also been broken, hasn't it?
> >
> >Do you have any reference?.
>
> Check the extended version of TEA
> <http://www.cl.cam.ac.uk/ftp/users/djw3/xtea.ps>
>
> three related-key attacks
> http://www.cs.berkeley.edu/~daw/keysched-crypto96.ps
> three other equivalent keys
> http://www.cs.berkeley.edu/~daw/keysched-icics97.ps
>

The existence of related-key attacks only means you have to
take care in how keys are chosen to ensure that related-key
situations can't arise.

Ditto for equivalent keys, when the keylength is long enough.

One important exception: if you want to use it to build a hash
function (e.g. via the Davies-Meyer construction), then you
have to be very careful about the existence of related-key attacks.

I certainly wouldn't consider any cipher "broken" just because
it is susceptible to related-key cryptanalysis.

Just my opinion. -- David Wagner


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:19:05 ADT