[Resource Topic] 2000/046: The Saturation Attack - a Bait for Twofish

Welcome to the resource topic for 2000/046

The Saturation Attack - a Bait for Twofish

Authors: Stefan Lucks


We introduce the notion of a saturation attack and present attacks on
reduced-round versions of the Twofish block cipher. Our attack for all
generic key sizes of Twofish (i.e., for 128-bit, 192-bit and 256-bit
keys) improves on exhaustive key search for seven rounds of Twofish
with full whitening, and for eight rounds of Twofish without whitening
at the end. The core of the attack is a a key-independent
distinguisher for six rounds of Twofish. The distinguisher is used to
attack up to 7 rounds of Twofish with full whitening and and 8 rounds
of Twofish with prewhitening only - half of the cipher. The attacks
take up to 2^127 chosen plaintexts (half of the codebook!) and are 2-4
times faster than exhaustive search.

ePrint: https://eprint.iacr.org/2000/046

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .