Forum

Challenge "Akelarre Part 1"  

  By: admin on Nov. 24, 2010, 2:35 p.m.

Akelarre is a combination of IDEA and RC5. However, Akelarre is not as strong as those two ciphers. Perform a known plaintext attack on Akelarre.
Read more...

 Last edited by: admin on Oct. 31, 2021, 2:54 a.m., edited 1 time in total.

Re: Challenge  

  By: fmoraes on Dec. 5, 2013, 6:53 p.m.

I think I found the shift but I am having trouble validating my program. It solves the case of no shift but that wrinkle is causing me some grief.

Would one of the previous solvers be willing to confirm the shift I found via PM or email?

Francisco

Re: Challenge  

  By: Veselovský on Dec. 9, 2013, 5:20 p.m.

Hello Francisco,

you can send me your shift in PM and I will try to find the shift in my documents… but I am not making precise documentation of what I did when solving particular challenge, since I am lazy to do that… and after a week or so I have sometimes no idea how I solved some challenge… so I do not guarantee that my check will be 100% correct ;-)

Best regards
Viktor

Re: Challenge  

  By: Veselovský on Dec. 9, 2013, 5:29 p.m.

…if I recall correctly, there were two likely shifts after the first stage of attack. Only in the final stage it was possible to decide which one of the two was correct.

Re: Challenge "Akelarre Part 1"  

  By: madness on Aug. 8, 2023, 8:55 p.m.

I found a bug in the C code for this challenge. In the AR box, for the rotations that preserve the leftmost bit,

w[0] = (w[1] << t) | ((w[0] & 0x7fffffff) >> (31 - t)) | (w[0] & 0x80000000);

should be

w[0] = ((w[1] << t) & 0x7fffffff) | ((w[0] & 0x7fffffff) >> (31 - t)) | (w[0] & 0x80000000);

and similarly for w[0] [HTML_REMOVED] w[1]. There are a total of 6 affected lines.

Re: Challenge "Akelarre Part 1"  

  By: madness on Aug. 8, 2023, 9:29 p.m.

Also,

w[1] = ((w[1] & 0xfffffffe) << t) | (w[1] >> (31 - t)) | (w[1] & 0x1);

should be

w[1] = ((w[1] & 0xfffffffe) << t) | ((w[1] >> (31 - t)) & 0xfffffffe) | (w[1] & 0x1);

in four places, and similarly for 0,1 -> 1,0 in four more places in AR().

Without these changes, the unrotated bit is overwritten. That can not be what the authors intended.

Re: Challenge "Akelarre Part 1"  

  By: madness on Aug. 8, 2023, 9:35 p.m.

And finally, I would like to ask how the bits for generating the rotations in AR() are chosen. From Álvarez et al., they say bits 1..5 for the first rotation, whereas in Stamp's C code and his lecture slides online, the first rotation uses bits 27..31.

It probably doesn't matter, since no one uses this cipher, and I can't even find test vectors on the web.

Thanks / Cheers / Mahalo

Re: Challenge "Akelarre Part 1"  

  By: newton on Aug. 9, 2023, 3:48 a.m.

Thanks for the messages, I'll come back in a few days.

Re: Challenge "Akelarre Part 1"  

  By: newton on Aug. 19, 2023, 2:02 a.m.

Hi madness,

That is a very in-dept question I can't help you with. Do you think this should be handed to the author? This challenge was solved 10 times so it might work using a different approach than yours.

Best, newton

Re: Challenge "Akelarre Part 1"  

  By: madness on Aug. 19, 2023, 2:05 a.m.

Yes. No.

Yes, Mark Stamp should know about it. No, I haven't solved it. And the bug is irrelevant to Stamp's attack.

Thanks a lot.

Re: Challenge "Akelarre Part 1"  

  By: newton on Aug. 19, 2023, 2:09 a.m.

I've contacted him.


Currently 39 guests and 0 members are online.
Powered by the CrypTool project
Contact | Privacy | Imprint
© 2009-2024 MysteryTwister team