AuthorsH. Raddum and L. Knudsen
TitleOn Noekeon
Afilliation, Communication Systems
Project(s)Simula UiB
Publication TypeProceedings, refereed
Year of Publication2001
Conference NameSecond Open NESSIE workshop
Date Published09/2001
PublisherRoyal Holloway Univerity of London
Place PublishedLondon

In this note we analyse Noekeon, a 128-bit block cipher submitted to the NESSIE project. It is shown that for six of seven S-boxes which satisfy the design criteria of the Noekeon designers the resulting block ciphers are vulnerable to either a differential attack, a linear attack or both. One conclusion is that Noekeon is not designed according to the wide trail strategy. Also, it is shown that there exist many related keys for which plaintexts of certain differences result in ciphertexts of certain differences with high probabilities. Noekeon has two key-schedules, one for applications where related-key attacks are not considered dangerous and one for applications where related-key attacks can be mounted. In this paper it is shown that for any given user-selected keys there are many related keys independently of which key-schedule is used.

Citation Key24064

Contact person