Life After DES: New Methods, New Attacks - Cryptology Unlocked

Cryptography Reference

In-Depth Information

However, the IDEA algorithm has one big drawback: it is not scalable, which

means that it cannot benefit from the growing processing width of modern

computers (32 bits, 64 bits, ... ) and is particularly fixed on 64-bit blocks. We

know from the discussion of the CBC mode in Section 5.1.1 that too small

a block size theoretically represents a vulnerability for birthday attacks. In

fact, its small block size and its fixed key length were the only reasons IDEA

disqualified as a candidate for the AES algorithm, the successor of DES (see

Section 5.5).

Of course, IDEA has not been studied long enough to convince even the last

doubter of its security. Even the theoretically underpinned design, over which

one could go into raptures, doesn't exclude potential vulnerabilities. Crypt-

analysts traditionally look for sore points and don't normally let themselves

get carried away by the esthetic inner life of an algorithm. Anyhow, no suc-

cessful attack has become publicly known, although cryptologists have busied

themselves increasingly with IDEA.

5.3.6 Speed, Outlook

IDEA is about twice as fast in software as DES. Schneier [SchnCr, Section 13.9]

mentions 300 Kbytes/s on a 66-MHz PC-486 (compare this with RC5 in Sec-

tion 5.4). In hardware, however, IDEA is much harder to implement than DES,

which is mainly due to the '

' operation. An IDEA chip developed at the ETH

Zurich achieved about 22 Mbytes/s, but it is not produced in series. The major

obstacle appears to be reservations by the industry on account of the license

fees for the algorithm. Security has not yet reached the importance for an orga-

nization with 100 employees to pay 1000 dollars for encryption within their

internal networks. For example, a software vendor would have to pay 2 % of

their sales to Ascom Systec AG just for using IDEA in their products. This

is obviously too much even for an attractive name like IDEA. In addition to

its use in free software (for example, PGP and SSH; see Chapter 7) I know

that it is commercially used in the Brokat software package, which has been

deployed by at least four German banks since early 1997. Deutsche Telekom

presumably purchased a large number of IDEA licenses for their own products.

5.4 RC5: Yet Another Hope for DES Replacement

This section discusses perhaps the simplest and most flexible of modern algo-

rithms. RC5 is a symmetric block algorithm introduced by Ron Rivest [RivRC5]

Search WWH ::

Custom Search

Home