[2873] in cryptography@c2.net mail archive
Attacks on Skipjack?
daemon@ATHENA.MIT.EDU (Marcus Leech)
Thu Jun 25 23:12:23 1998
Date: Thu, 25 Jun 1998 16:01:38 -0400
From: "Marcus Leech" <Marcus.Leech.mleech@nt.com>
To: cryptography@c2.net
Intellectual exercise:
An attack on the last round of Skipjack requires a guess at the subkey, and
a guess at input to the final XOR that produces G6. We know the values for
G5 and G6, we need to guess at CV(4K+3), and the input value that XORs
with the output of F to produce G6. These are both byte values, so a given
random guess has a probability of being correct of approximately 1/65536.
A successful attack produces the correct value used in CV(4K+3) mod 10, which
may allow cracking open of other rounds. The attack would require some known
ciphertext, enough to determine that you've made a correct guess at the keying
material, and the input to the final XOR in G().
In reality, this probably doesn't work very well, since unreasonable amounts of
ciphertext might be required to converge on the correct guess, and it only yields
you 1/10th of the key space.
--
----------------------------------------------------------------------
Marcus Leech Mail: Dept 8M70, MS 012, FITZ
Systems Security Architect Phone: (ESN) 393-9145 +1 613 763 9145
Security and Internet Solutions Fax: (ESN) 395-1407 +1 613 765 1407
Nortel Technology mleech@nortel.ca
-----------------Expressed opinions are my own, not my employer's------
