Abstract
The block cipher XTEA, designed by Needham and Wheeler, was published as a technical report in 1997. The cipher was a result of fixing some weaknesses in the cipher TEA (also designed by Wheeler and Needham), which was used in Microsoft's Xbox gaming console. XTEA is a 64-round Feistel cipher with a block size of 64 bits and a key size of 128 bits. In this paper, we present meet-in-the-middle attacks on twelve variants of the XTEA block cipher, where each variant consists of 23 rounds. Two of these require only 18 known plaintexts and a computational effort equivalent to testing about 2117 keys, with a success probability of 1thinspace−thinspace2−thinspace1025. Under the standard (single-key) setting, there is no attack reported on 23 or more rounds of XTEA, that requires less time and fewer data than the above. This paper also discusses a variant of the classical meet-in-the-middle approach. All attacks in this paper are applicable to XETA as well, a block cipher that has not undergone public analysis yet. TEA, XTEA and XETA are implemented in the Linux kernel.
| Original language | English |
|---|---|
| Title of host publication | Topics in Cryptology -- CT-RSA 2011 |
| Editors | Aggelos Kiayias |
| Place of Publication | Berlin, Heidelberg |
| Publisher | Springer |
| Pages | 250-267 |
| Number of pages | 18 |
| ISBN (Print) | 978-3-642-19074-2 |
| DOIs | |
| Publication status | Published - 2011 |
| Event | RSA 2018 - Duration: 4 Jun 2018 → 6 Jun 2018 |
Conference
| Conference | RSA 2018 |
|---|---|
| Period | 4/06/18 → 6/06/18 |