Meet-in-the-Middle Attacks on Reduced-Round XTEA

Gautham Sekar, Nicky Mouha, Vesselin Velichkov, Bart Preneel

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract / Description of output

The block cipher XTEA, designed by Needham and Wheeler, was published as a technical report in 1997. The cipher was a result of fixing some weaknesses in the cipher TEA (also designed by Wheeler and Needham), which was used in Microsoft's Xbox gaming console. XTEA is a 64-round Feistel cipher with a block size of 64 bits and a key size of 128 bits. In this paper, we present meet-in-the-middle attacks on twelve variants of the XTEA block cipher, where each variant consists of 23 rounds. Two of these require only 18 known plaintexts and a computational effort equivalent to testing about 2117 keys, with a success probability of 1thinspace−thinspace2−thinspace1025. Under the standard (single-key) setting, there is no attack reported on 23 or more rounds of XTEA, that requires less time and fewer data than the above. This paper also discusses a variant of the classical meet-in-the-middle approach. All attacks in this paper are applicable to XETA as well, a block cipher that has not undergone public analysis yet. TEA, XTEA and XETA are implemented in the Linux kernel.
Original languageEnglish
Title of host publicationTopics in Cryptology -- CT-RSA 2011
EditorsAggelos Kiayias
Place of PublicationBerlin, Heidelberg
PublisherSpringer Berlin Heidelberg
Number of pages18
ISBN (Print)978-3-642-19074-2
Publication statusPublished - 2011
EventRSA 2018 -
Duration: 4 Jun 20186 Jun 2018


ConferenceRSA 2018


Dive into the research topics of 'Meet-in-the-Middle Attacks on Reduced-Round XTEA'. Together they form a unique fingerprint.

Cite this