[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Announcement: Cryptanalysis of Frog (an AES Candidate)



                                          Results Announcement:

D. Wagner, N. Ferguson, and B. Schneier, "Cryptanalysis of Frog," Counterpane Systems 
Report, Aug 1998.

                                                     Abstract:
We examine some attacks on the FROG cipher.  First we give a differential attack which 
uses about $2^{58}$ chosen plaintexts and very little time for the analysis; it works for 
about $2^{-33.0}$ of the keyspace.  Then we describe a linear attack which uses $2^{56}$ 
known texts and works for $2^{-31.8}$ of the keyspace.  The linear attack can also be 
converted to a ciphertext-only attack using $2^{64}$ known ciphertexts.  Also, the decryption 
function of FROG is a lot weaker than the encryption function.  We show a differential attack 
on the decryption function that requires $2^{36}$ chosen ciphertexts and works on $2^{-29.3}$ 
of the keyspace.  Using our best attack an attacker with a sufficient number of cryptanalytical 
targets can expect to recover his first key after $2^{56.7}$ work.   Taken together, these 
observations suggest that FROG is not a very strong candidate for the AES. 


This paper is available at http://www.counterpane.com/publish.html, and will be made available 
at the AES Workshop next week.

Cheers,
Bruce 
**********************************************************************
Bruce Schneier, President, Counterpane Systems     Phone: 612-823-1098
101 E Minnehaha Parkway, Minneapolis, MN  55419      Fax: 612-823-1590
           Free crypto newsletter.  See:  http://www.counterpane.com